Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged hacked

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

Edward Snowden: US government has been hacking Hong Kong and China for years | South Ch... - 0 views

www.scmp.com/...en-hacking-hong-kong-and-china

surveillance state Snowden China Obama

shared by Paul Merrell on 13 Jun 13 - No Cached
  • US whistle-blower Edward Snowden yesterday emerged from hiding in Hong Kong and revealed to the South China Morning Post that he will stay in the city to fight likely attempts by his government to have him extradited for leaking state secrets. In an exclusive interview carried out from a secret location in the city, the former Central Intelligence Agency analyst also made explosive claims that the US government had been hacking into computers in Hong Kong and on the mainland for years.
  • Snowden believed there had been more than 61,000 NSA hacking operations globally, with hundreds of targets in Hong Kong and on the mainland. “We hack network backbones – like huge internet routers, basically – that give us access to the communications of hundreds of thousands of computers without having to hack every single one,” he said.
  • Snowden's revelations threaten to test new attempts to build US-Sino bridges after a weekend summit in California between the nations' presidents, Barack Obama and Xi Jinping. If true, Snowden's allegations lend credence to China's longstanding position that it is as much a victim of hacking as a perpetrator, after Obama pressed Xi to rein in cyber-espionage by the Chinese military.
Paul Merrell

EXCLUSIVE: Snowden reveals more US cyberspying details | South China Morning Post - 0 views

www.scmp.com/...s-cyberspying-details-revealed

surveillance state NSA China Hong Kong Pacnet

shared by Paul Merrell on 30 Jun 13 - No Cached
  • US spies are hacking into Chinese mobile phone companies to steal text messages and attacking the servers at Tsinghua University, Edward Snowden has told the Sunday Morning Post. The latest explosive revelations about US National Security Agency cybersnooping in Hong Kong and on the mainland are based on further scrutiny and clarification of information Snowden provided on June 12. The former technician for the US Central Intelligence Agency and contractor for the National Security Agency provided documents revealing attacks on computers over a four-year period.
  • The documents listed operational details of specific attacks on computers, including internet protocol (IP) addresses, dates of attacks and whether a computer was still being monitored remotely. The Sunday Morning Post can now reveal Snowden's claims that the NSA is: Extensive hacking of major telecommunication companies in China to access text messages   Sustained attacks on network backbones at Tsinghua University, China’s premier seat of learning   Hacking of computers at the Hong Kong headquarters of Pacnet, which owns one of the most extensive fibre optic submarine cable networks in the region
  • Pacnet, which recently signed major deals with the mainland's top mobile phone companies, owns more than 46,000 kilometres of fibre-optic cables. The cables connect its regional data centres across the Asia-Pacific region, including Hong Kong, the mainland, Japan, South Korea, Singapore and Taiwan. It also has offices in the US. Snowden claims that data from Chinese mobile phone companies has been compromised, with millions of private text messages mined by the NSA. Cybersecurity experts on the mainland have long feared mobile phone companies had fallen victim to back-door attacks because they were forced to go overseas to buy core technology for their networks. In recent years, those security concerns became more vocal and as a result domestic network equipment suppliers such as Huawai, Datang and ZTE started to close the technology gap, enabling the phone companies to reduce their reliance on foreign suppliers.
  • ...1 more annotation...
  • As for the attacks at Tsinghua University, the leaked information points to the NSA hacking into the institute's servers as recently as January. Tsinghua is widely regarded as China's top education and research institute and carries out extensive work on next-generation web technologies. It is home to one of the mainland's six major network backbones, the China Education and Research Network.
Paul Merrell

FBI demands new powers to hack into computers and carry out surveillance | US news | Th... - 0 views

www.theguardian.com/...hacking-computers-surveillance

surveillance state FBI Fed.R.Crim.P.-41 roving-warrants

shared by Paul Merrell on 01 Nov 14 - No Cached
  • The FBI is attempting to persuade an obscure regulatory body in Washington to change its rules of engagement in order to seize significant new powers to hack into and carry out surveillance of computers throughout the US and around the world. Civil liberties groups warn that the proposed rule change amounts to a power grab by the agency that would ride roughshod over strict limits to searches and seizures laid out under the fourth amendment of the US constitution, as well as violate first amendment privacy rights. They have protested that the FBI is seeking to transform its cyber capabilities with minimal public debate and with no congressional oversight. The regulatory body to which the Department of Justice has applied to make the rule change, the advisory committee on criminal rules, will meet for the first time on November 5 to discuss the issue. The panel will be addressed by a slew of technology experts and privacy advocates concerned about the possible ramifications were the proposals allowed to go into effect next year.
  • “This is a giant step forward for the FBI’s operational capabilities, without any consideration of the policy implications. To be seeking these powers at a time of heightened international concern about US surveillance is an especially brazen and potentially dangerous move,” said Ahmed Ghappour, an expert in computer law at University of California, Hastings college of the law, who will be addressing next week’s hearing. The proposed operating changes related to rule 41 of the federal rules of criminal procedure, the terms under which the FBI is allowed to conduct searches under court-approved warrants. Under existing wording, warrants have to be highly focused on specific locations where suspected criminal activity is occurring and approved by judges located in that same district. But under the proposed amendment, a judge can issue a warrant that would allow the FBI to hack into any computer, no matter where it is located. The change is designed specifically to help federal investigators carry out surveillance on computers that have been “anonymized” – that is, their location has been hidden using tools such as Tor.
  • Were the amendment to be granted by the regulatory committee, the FBI would have the green light to unleash its capabilities – known as “network investigative techniques” – on computers across America and beyond. The techniques involve clandestinely installing malicious software, or malware, onto a computer that in turn allows federal agents effectively to control the machine, downloading all its digital contents, switching its camera or microphone on or off, and even taking over other computers in its network.
  • ...2 more annotations...
  • Civil liberties and privacy groups are particularly alarmed that the FBI is seeking such a huge step up in its capabilities through such an apparently backdoor route. Soghoian said of next week’s meeting: “This should not be the first public forum for discussion of an issue of this magnitude.” Jennifer Granick, director of civil liberties at the Stanford center for internet and society, said that “this is an investigative technique that we haven’t seen before and we haven’t thrashed out the implications. It absolutely should not be done through a rule change – it has to be fully debated publicly, and Congress must be involved.” Ghappour has also highlighted the potential fall-out internationally were the amendment to be approved. Under current rules, there are no fourth amendment restrictions to US government surveillance activities in other countries as the US constitution only applies to domestic territory.
  • Another insight into the expansive thrust of US government thinking in terms of its cyber ambitions was gleaned recently in the prosecution of Ross Ulbricht, the alleged founder of the billion-dollar drug site the Silk Road. Experts suspect that the FBI hacked into the Silk Road server, that was located in Reykjavik, Iceland, though the agency denies that. In recent legal argument, US prosecutors claimed that even if they had hacked into the server without a warrant, it would have been justified as “a search of foreign property known to contain criminal evidence, for which a warrant was not necessary”.
  • Paul Merrell on 01 Nov 14
     
    This rule change has been in the works during the last year.  "The change is designed specifically to help federal investigators carry out surveillance on computers that have been "anonymized" - that is, their location has been hidden using tools such as Tor."  Are we dizzy yet? The State Department is pushing the use of TOR by dissidents in nations whose governments State and the CIA intends to overthrow. Meanwhile, Feed Bag, Inc. wants use of TOR to be sufficient grounds for installing malware on anyone using it to make their systems and all their systems can see or hear be an open book. Let's see. There's the First Amendment right to anonymous speech just to begin with. McIntyre v. Ohio Elections Comm'n, 514 US 334 (1995). ("Under our Constitution, anonymous pamphleteering is not a pernicious, fraudulent practice, but an honorable tradition of advocacy and of dissent. Anonymity is a shield from the tyranny of the majority. It thus exemplifies the purpose behind the Bill of Rights, and of the First Amendment in particular: to protect unpopular individuals from retaliation-and their ideas from suppression-at the hand of an intolerant society. The right to remain anonymous may be abused when it shields fraudulent conduct. But political speech by its nature will sometimes have unpalatable consequences, and, in general, our society accords greater weight to the value of free speech than to the dangers of its misuse.") (Internal citation omitted.) And of course there's the Natural Law liberty to whisper, to utter words in a way that none but the intended recipient can hear. So throw on the violation of the Fifth Amendment's Liberty clause. Then there's the plain language of the Fourth Amendment warrant clause, "particularly describing the *place* to be searched." Not to mention the major reason for the Fourth Amendment, to abolish the "general warrant" that had enabled the Crown to search wherever the warrant's executor's little heart desired.  And th
Paul Merrell

These experts still don't buy the FBI claim that North Korea hacked Sony - LA Times - 0 views

www.latimes.com/...-dont-buy-20141221-column.html

war & peace North-Korea U.S.-foreign-policy cyberwarfare

shared by Paul Merrell on 22 Dec 14 - No Cached
  • resident Obama has done his best to tamp down fury at North Korea for hacking Sony--"I don't think it was an act of war," he said Sunday on CNN, but "cybervandalism"--but to find true skepticism about North Korea's role in the attack, you have to turn to the professional hacking and anti-hacking community.
  • Many hackers, anti-hackers and cybersecurity experts still don't share the FBI's conclusion that "the North Korean government is responsible for these actions," as the agency declared last week. They've picked apart the FBI's evidence, which was set forth in a public memo Friday and a much more detailed alert circulated to corporation security departments early in December, and found it wanting. 
  • As we explained earlier, that's important for two main reasons: You don't want to stoke anger at a government that may be either innocent or peripherally involved (North Korea has denied responsibility for the Sony attack), and you don't want the real perpetrators to evade the law-enforcement net.Let's take a look at what the experts are saying.
Paul Merrell

Washington Hits Back at Putin's Humiliation - 0 views

www.strategic-culture.org/...ts-back-putin-humiliation.html

Auction 2016 U.S.-foreign-policy Russia election-hacking Hillary emails Syria gun-running perjury

shared by Paul Merrell on 11 Oct 16 - No Cached
  • The Obama administration is now accusing Russia of cyber-crime and trying to disrupt the US presidential election. The claim is so far-fetched, it is hardly credible. More credible is that the US is reeling from Putin’s stunning humiliation earlier this week. Since June, US media and supporters of Democrat presidential contender Hillary Clinton have been blaming Russian state-sponsored hackers for breaking into the Democratic party’s database. It is further alleged that Moscow is stealthily trying to influence the outcome of the election, by releasing damaging information on Clinton, which might favor Republican candidate Donald Trump. Russia has vehemently denied any connection to the cyber-crime charges, or trying to disrupt the November poll. Now the Obama administration has stepped into the fray by openly accusing Russia. «US government officially accuses Russia of hacking campaign to interfere with elections», reported the Washington Post. This takes the row to a whole new level. No longer are the insinuations a matter of private, partisan opinion. The US government is officially labelling the Russian state for cyber-crime and political subversion.
  • Predictably, following the latest allegations, there are calls among American lawmakers for ramping up more economic sanctions against Russia. While US intelligence figures are urging for retaliatory cyber-attacks on Russian government facilities. Vladimir Putin’s spokesman Dmitry Peskov derided the US claims as «rubbish». He noted that the Kremlin’s computer system incurs hundreds of hacking attempts every day, many of which can be traced to American origin, but Moscow doesn’t turn around and blame the US government for such cyber-attacks. There are several signs that the latest brouhaha out of Washington is a bogus diversion. As with previous Russian-hacker claims by the Democrats and US media, there is no evidence presented by the Obama administration to support its grave allegations against the Russian government. Assertion without facts does not meet a minimal standard of proof. When reports emerged in June – again through the Washington Post – that the Democrat National Committee (DNC) was hacked by Russian agents, the allegation relied on investigations by a private cyber security firm by the name of CrowdStrike. The firm is linked by personnel to the NATO-affiliated, anti-Russian think tank Atlantic Council. Again no verifiable evidence was presented then, just the word of a dubious partisan source.
  • Back then the Russian scare story, for that’s what it was, served as a useful diversion from far more important issues. Such as the 19,000 emails released from the DNC database showing that the party chiefs had preordained Clinton’s presidential nomination over her Democrat rival Bernie Sanders. Much-vaunted «US democracy» was exposed as a fraud, and so the Washington establishment quickly went into damage-limitation mode by smearing Russia. It was the whistleblower site Wikileaks, run by Australian journalist Julian Assange, that released the embarrassing emails. It had nothing to do with Russia. Assange has since hinted that his source was within the Democrat party itself. This is where it gets really explosive. Assange has vowed to release more emails that will prove that Clinton as Secretary of State back in 2011-2012 masterminded the supply of weapons and money to Islamist terror networks in Libya and Syria for the objective of regime change. Furthermore, Assange says that the emails prove that Clinton lied under oath to Congress when she denied in 2013 that she was had any involvement in facilitating arms to the jihadists. Assange has said that Wikileaks is going to publish the incriminating emails on Clinton’s alleged gun-running to terrorists this month. If the evidence stands up, Clinton could be prosecuted for perjury as well as treason in aiding and abetting official terrorist enemies of the US.
  • ...4 more annotations...
  • The exposure of an American presidential candidate as being involved in state sponsorship of terrorism while serving as a top government official is a powerful incentive for the Obama administration to find a lurid diversion. Hence, the latest charges by the US government against Russia as perpetrating cyber-crime and of trying to subvert American democracy. This is just one more illustration of how irrational and unhinged the US government has become. Day by day, it seems, leads to more damning revelations of Washington’s complicity in illegal wars, covert subversion of foreign states, and systematic collusion with terrorist networks which have inflicted thousands of deaths on American citizens, among many more thousands of other innocent civilians around the world. In addition to exposure by sources like Wikileaks, much of revelation about US criminality and state-sponsored banditry has emerged from Russia’s principled military intervention in Syria. Russia’s intervention has not only helped salvage the Syrian nation from a foreign conspiracy of covert war for regime change. Russia’s intervention has also brought into clear focus the systematic links between Washington and its terrorist proxy army working on its behalf in Syria.
  • Washington’s mask of moral and legal superiority has been ripped from its face. And what the world is seeing is the vile ugliness beneath. Such is Washington’s ignominious fall from pretend-grace to its grim, odious reality that Vladimir Putin this week was empowered to speak from the moral high ground. In announcing Russia’s unilateral suspension of a 2002 accord with the US for the disposal of nuclear-weapon-grade plutonium, Putin went much, much further. He gave Washington a list of ultimatums that included the US ending its trumped-up sanctions against Russia, with financial compensation, as well as the scaling back of NATO forces from Russia’s border. In other words, the Russian leader was talking truth to American power in a way that megalomaniac Washington, with all its ridiculous delusions of «exceptionalism», has never ever heard before.
  • American pretensions of greatness are eroding like a castle built on sand. Washington’s criminal enterprises and specifically the complicity in terrorism for the supreme crime of foreign aggression are being glaringly exposed. And now with due contempt, Russia is putting manners on Washington. It must be excruciating the humiliation for the narcissistic American tyrant to be treated with the disrespect that it deserves and which is long overdue. Moreover, the humiliation is not just in the eyes of the world. The American people can see the true ugly nature of their rulers too. When a giant banner declaring «Putin a peacemaker» was unfurled off Manhattan bridge in New York City this weekend, the popular enthusiasm went viral. Washington is reeling from Putin’s righteous courage to call it out for what it is. The truth-telling is hard to take for this unipolar unicorn. Its deluded myth-making about its own virtues are being stripped bare. What’s going on here is a world-class, historic exposure of American power as a nefarious excrescence on humanity.
  • he reaction is understandable: foaming-at-the-mouth, desperate, hysterical and panicked. Accusing Russia of hacking into the American «democratic process» is a wild attempt to divert from the paramount issues: Washington’s exposed descent into a vile morass of its own making; the emperor is a criminal; the people know it; and a genuine world leader like Vladimir Putin has the temerity to lay it on the line to this has-been.
Gary Edwards

Take A Break From The Snowden Drama For A Reminder Of What He's Revealed So Far - Forbes - 0 views

www.forbes.com/...er-of-what-hes-revealed-so-far

NSA-Patriot-Act-NDAA NSA-Whistleblower Edward-Snowden

shared by Gary Edwards on 26 Jun 13 - No Cached
  • Here’s a recap of Snowden’s leaked documents published so far, in my own highly subjective order of importance.
  • The publication of Snowden’s leaks began with a top secret order from the Foreign Intelligence Surveillance Court (FISC) sent to Verizon on behalf of the NSA, demanding the cell phone records of all of Verizon Business Network Services’ American customers for the three month period ending in July. The order, obtained by the Guardian, sought only the metadata of those millions of users’ calls–who called whom when and from what locations–but specifically requested Americans’ records, disregarding foreigners despite the NSA’s legal restrictions that it may only surveil non-U.S. persons. Senators Saxby Chambliss and Diane Feinstein defended the program and said it was in fact a three-month renewal of surveillance practices that had gone for seven years.
  • A leaked executive order from President Obama shows the administration asked intelligence agencies to draw up a list of potential offensive cyberattack targets around the world. The order, which suggests targeting “systems, processes and infrastructure” states that such offensive hacking operations “can offer unique and unconventional capabilities to advance U.S. national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging.” The order followed repeated accusations by the U.S. government that China has engaged in state-sponsored hacking operations, and was timed just a day before President Obama’s summit with Chinese President Xi Jinping.
  • ...6 more annotations...
  • Another leaked slide deck revealed a software tool called Boundless Informant, which the NSA appears to use for tracking the origin of data it collects. The leaked materials included a map produced by the program showing the frequency of data collection in countries around the world. While Iran, Pakistan and Jordan appeared to be the most surveilled countries according to the map, it also pointed to significant data collection from the United States.
  • In a congressional hearing, NSA director Keith Alexander argued that the kind of surveillance of Americans’ data revealed in that Verizon order was necessary to for archiving purposes, but was rarely accessed and only with strict oversight from Foreign Intelligence Surveillance Court judges. But another secret document published by the Guardian revealed the NSA’s own rules for when it makes broad exceptions to its foreign vs. U.S. persons distinction, accessing Americans’ data and holding onto it indefinitely. Those exceptions include anytime Americans’ data is judged to be “significant foreign intelligence” information or information about a crime that has been or is about to be committed, any data “involved in the unauthorized disclosure of national security information,” or necessary to “assess a communications security vulnerability.” Any encrypted data that the NSA wants to crack can also be held indefinitely, regardless of whether its American or foreign origin.
  • Documents leaked to the Guardian revealed a five-year-old British intelligence scheme to tap transatlantic fiberoptic cables to gather data. A program known as Tempora, created by the U.K.’s NSA equivalent Government Communications Headquarters (GCHQ) has for the last 18 months been able to store huge amounts of that raw data for up to 30 days. Much of the data is shared with the NSA, which had assigned 250 analysts to sift through it as of May of last year.
  • Another GCHQ project revealed to the Guardian through leaked documents intercepted the communications of delegates to the G20 summit of world leaders in London in 2009. The scheme included monitoring the attendees’ phone calls and emails by accessing their Blackberrys, and even setting up fake Internet cafes that used keylogging software to surveil them.
  • Snowden showed the Hong Kong newspaper the South China Morning Post documents that it said outlined extensive hacking of Chinese and Hong Kong targets by the NSA since 2009, with 61,000 targets globally and “hundreds” in China. Other SCMP stories based on Snowden’s revelations stated that the NSA had gained access to the Chinese fiberoptic network operator Pacnet as well as Chinese mobile phone carriers, and had gathered large quantities of Chinese SMS messages.
  • The Guardian’s Glenn Greenwald has said that Snowden provided him “thousands” of documents, of which “dozens” are newsworthy. And Snowden himself has said he’d like to expose his trove of leaks to the global media so that each country’s reporters can decide whether “U.S. network operations against their people should be published.” So regardless of where Snowden ends up, expect more of his revelations to follow.
  • Gary Edwards on 26 Jun 13
     
    Nice tight summary
Paul Merrell

Google, ACLU call to delay government hacking rule | TheHill - 0 views

thehill.com/...-delay-government-hacking-rule

surveillance state Rule-41 oppostion Google ACLU

shared by Paul Merrell on 23 Nov 16 - No Cached
  • A coalition of 26 organizations, including the American Civil Liberties Union (ACLU) and Google, signed a letter Monday asking lawmakers to delay a measure that would expand the government’s hacking authority. The letter asks Senate Majority Leader Mitch McConnellMitch McConnellTrump voices confidence on infrastructure plan GOP leaders to Obama: Leave Iran policy to Trump GOP debates going big on tax reform MORE (R-Ky.) and Minority Leader Harry ReidHarry ReidNevada can’t trust Trump to protect public lands Sanders, Warren face tough decision on Trump Google, ACLU call to delay government hacking rule MORE (D-Nev.), plus House Speaker Paul RyanPaul RyanTrump voices confidence on infrastructure plan GOP leaders to Obama: Leave Iran policy to Trump GOP debates going big on tax reform MORE (R-Wis.), and House Minority Leader Nancy Pelosi (D-Calif.) to further review proposed changes to Rule 41 and delay its implementation until July 1, 2017. ADVERTISEMENTThe Department of Justice’s alterations to the rule would allow law enforcement to use a single warrant to hack multiple devices beyond the jurisdiction that the warrant was issued in. The FBI used such a tactic to apprehend users of the child pornography dark website, Playpen. It took control of the dark website for two weeks and after securing two warrants, installed malware on Playpen users computers to acquire their identities. But the signatories of the letter — which include advocacy groups, companies and trade associations — are raising questions about the effects of the change. 
  • Paul Merrell on 23 Nov 16
     
    ".. no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized." Fourth Amendment. The changes to Rule 41 ignore the particularity requirement by allowing the government to search computers that are not particularly identified in multiple locations not particularly identifed, in other words, a general warrant that is precisely the reason the particularity requirement was adopted to outlaw.
Paul Merrell

Jeremy Hammond Sentenced To 10 Years In Prison - 0 views

www.huffingtonpost.com/...mmond-sentenced_n_4280738.html

war & peace whistle-blowers Jeremy-Hammond Stratfor prosecution

shared by Paul Merrell on 17 Nov 13 - No Cached
  • NEW YORK -- Convicted hacker Jeremy Hammond was sentenced Friday to 10 years in prison for stealing internal emails from the global intelligence firm Stratfor.
  • Hammond, 28, has a lengthy criminal record for his protests both online and off against targets like the 2004 Republican National Convention and pro-Iraq War activists. But stealing Stratfor files as part of the online hacking collective Anonymous gave him a new level of notoriety. In May, he pleaded guilty to one conspiracy charge for hacking the Texas-based private intelligence firm Strategic Forecasting, or Stratfor. The security breach resulted in the theft of employee emails and account information for approximately 860,000 Stratfor subscribers and clients, including information from 60,000 credit cards. Although Hammond did not use the credit cards himself, he urged supporters to use them to make donations to charities. The resulting fraudulent charges led to headaches for nonprofits and for the private individuals who had their phone numbers and email addresses exposed. The government charges originally added up to 30 years in prison, but Hammond took a plea deal for violating the Computer Fraud and Abuse Act, a federal anti-hacking law also used to prosecute internet freedom activist Aaron Swartz. He admitted to hacking several other websites, including the Arizona Department of Public Safety, Special Forces Gear, the Boston Police Patrolmen's Association, and the sheriff's office in Jefferson County, Ala.
  • Nearly 5 million emails obtained in the Stratfor hack were turned over to WikiLeaks by Hammond and published as the “Global Intelligence Files.” They revealed domestic spying on activists, including Occupy Wall Street. The resulting media publicity led some, including 4,000 online petition backers and Pentagon Papers leaker Daniel Ellsberg, to hail him as a whistleblower. But to the federal government, he was little more than a common thief. “While he billed himself as fighting for an anarchist cause, in reality, Jeremy Hammond caused personal and financial chaos for individuals whose identities and money he took and for companies whose businesses he decided he didn’t like," United States Attorney Preet Bharara said in a May statement. On Friday, Hammond, who has been in detention for 20 months, struck back. While apologizing to the innocent people who had their personal information exposed as a result of his leaks, he lashed out at the FBI, and Hector Xavier Monsegur, an informant widely known by his online name "Sabu." For months, Hammond claimed, Sabu guided him as he hacked the Stratfor website and thousands more around the world.
  • ...1 more annotation...
  • Before being cut off by U.S. District Court Judge Loretta Preska, Hammond claimed that foreign government targets included Turkey, Brazil and Iran. Preska had already imposed a protective order preventing the release of the countries' names, which were in Hammond's statement as well as in sentencing paperwork. The government had disputed his claims involving the countries, and Preska responded by ordering that their names be redacted. She cut Hammond off in court Friday before he was able to list all of the countries in violation of the order.
  • Paul Merrell on 17 Nov 13
     
    Jeremy Hammond draws the maximum 10-year sentence. 
Paul Merrell

Dutch intelligence agency AIVD hacks internet forums - nrc.nl - 0 views

www.nrc.nl/...gency-aivd-hacks-internet-fora

surveillance state Dutch social media web-databases

shared by Paul Merrell on 01 Dec 13 - No Cached
  • The Dutch intelligence service - AIVD - hacks internet web forums to collect the data of all users. The majority of these people are unknown to the intelligence services and are not specified as targets when the hacking and data-collection process starts. A secret document of former NSA-contractor Edward Snowden shows that the AIVD use a technology called Computer Network Exploitation – CNE – to hack the web forums and collect the data.
  • Nico van Eijk, a Dutch professor in Information Law, is of the opinion that the Dutch intelligence service has crossed the boundaries of Dutch legislation. “They use sweeps to collect data from all users of web forums. The use of these techniques could easily lead to mass surveillance by the government.” IT specialist Matthijs Koot says that the exploitation of this technology can lead to a blurring of the lines between normal citizens and legitimate targets of the intelligence services. The document summarizes a meeting held on February 14, 2013 between officials of the NSA and the Dutch intelligence services - AIVD and MIVD. During this meeting Dutch officials briefed their American counterparts on the way they target web forums with the CNE technique. “They acquire MySQL databases via CNE access”, the document reads. MySQL is free open source software used to build databases for web forums. These databases contain all the posts of all the users of the forum and their personal data. During the meeting Dutch intelligence officers explained how they use the information in the database. In order to identify targets. According to the document the Dutch “are looking at marrying the forum data with other social network info, and trying to figure out good ways to mine the data that they have.”
  • A group of Dutch members of parliament have called for a parliamentary inquiry into the way the secret services are collecting and using data. The Dutch intelligence services have been previously criticised by an oversight committee for the way in which they have used legally intercepted data. According to this committee the search queries the intelligence services used to filter the data, were not specific enough. The use of generic queries, the committee concluded, was “not in accordance with Dutch law”. A spokesperson for the Dutch government refused to comment on the use of data from web forums by the AIVD, but stated that the intelligence services are allowed to hack computers. A spokesperson for the American government stated that the publication of classified information is a threat to US national security.
  • Paul Merrell on 01 Dec 13
     
    Oooh ... Entire social media SQL databases. Content, user security stuff, the works. Big, big, big haystacks.
Paul Merrell

From Radio to Porn, British Spies Track Web Users' Online Identities - 0 views

theintercept.com/...ck-web-users-online-identities

surveillance state GCHQ Black-Hole

shared by Paul Merrell on 27 Sep 15 - No Cached
  • HERE WAS A SIMPLE AIM at the heart of the top-secret program: Record the website browsing habits of “every visible user on the Internet.” Before long, billions of digital records about ordinary people’s online activities were being stored every day. Among them were details cataloging visits to porn, social media and news websites, search engines, chat forums, and blogs. The mass surveillance operation — code-named KARMA POLICE — was launched by British spies about seven years ago without any public debate or scrutiny. It was just one part of a giant global Internet spying apparatus built by the United Kingdom’s electronic eavesdropping agency, Government Communications Headquarters, or GCHQ. The revelations about the scope of the British agency’s surveillance are contained in documents obtained by The Intercept from National Security Agency whistleblower Edward Snowden. Previous reports based on the leaked files have exposed how GCHQ taps into Internet cables to monitor communications on a vast scale, but many details about what happens to the data after it has been vacuumed up have remained unclear.
  • Amid a renewed push from the U.K. government for more surveillance powers, more than two dozen documents being disclosed today by The Intercept reveal for the first time several major strands of GCHQ’s existing electronic eavesdropping capabilities.
  • The surveillance is underpinned by an opaque legal regime that has authorized GCHQ to sift through huge archives of metadata about the private phone calls, emails and Internet browsing logs of Brits, Americans, and any other citizens — all without a court order or judicial warrant
  • ...17 more annotations...
  • A huge volume of the Internet data GCHQ collects flows directly into a massive repository named Black Hole, which is at the core of the agency’s online spying operations, storing raw logs of intercepted material before it has been subject to analysis. Black Hole contains data collected by GCHQ as part of bulk “unselected” surveillance, meaning it is not focused on particular “selected” targets and instead includes troves of data indiscriminately swept up about ordinary people’s online activities. Between August 2007 and March 2009, GCHQ documents say that Black Hole was used to store more than 1.1 trillion “events” — a term the agency uses to refer to metadata records — with about 10 billion new entries added every day. As of March 2009, the largest slice of data Black Hole held — 41 percent — was about people’s Internet browsing histories. The rest included a combination of email and instant messenger records, details about search engine queries, information about social media activity, logs related to hacking operations, and data on people’s use of tools to browse the Internet anonymously.
  • Throughout this period, as smartphone sales started to boom, the frequency of people’s Internet use was steadily increasing. In tandem, British spies were working frantically to bolster their spying capabilities, with plans afoot to expand the size of Black Hole and other repositories to handle an avalanche of new data. By 2010, according to the documents, GCHQ was logging 30 billion metadata records per day. By 2012, collection had increased to 50 billion per day, and work was underway to double capacity to 100 billion. The agency was developing “unprecedented” techniques to perform what it called “population-scale” data mining, monitoring all communications across entire countries in an effort to detect patterns or behaviors deemed suspicious. It was creating what it said would be, by 2013, “the world’s biggest” surveillance engine “to run cyber operations and to access better, more valued data for customers to make a real world difference.”
  • A document from the GCHQ target analysis center (GTAC) shows the Black Hole repository’s structure.
  • The data is searched by GCHQ analysts in a hunt for behavior online that could be connected to terrorism or other criminal activity. But it has also served a broader and more controversial purpose — helping the agency hack into European companies’ computer networks. In the lead up to its secret mission targeting Netherlands-based Gemalto, the largest SIM card manufacturer in the world, GCHQ used MUTANT BROTH in an effort to identify the company’s employees so it could hack into their computers. The system helped the agency analyze intercepted Facebook cookies it believed were associated with Gemalto staff located at offices in France and Poland. GCHQ later successfully infiltrated Gemalto’s internal networks, stealing encryption keys produced by the company that protect the privacy of cell phone communications.
  • Similarly, MUTANT BROTH proved integral to GCHQ’s hack of Belgian telecommunications provider Belgacom. The agency entered IP addresses associated with Belgacom into MUTANT BROTH to uncover information about the company’s employees. Cookies associated with the IPs revealed the Google, Yahoo, and LinkedIn accounts of three Belgacom engineers, whose computers were then targeted by the agency and infected with malware. The hacking operation resulted in GCHQ gaining deep access into the most sensitive parts of Belgacom’s internal systems, granting British spies the ability to intercept communications passing through the company’s networks.
  • In March, a U.K. parliamentary committee published the findings of an 18-month review of GCHQ’s operations and called for an overhaul of the laws that regulate the spying. The committee raised concerns about the agency gathering what it described as “bulk personal datasets” being held about “a wide range of people.” However, it censored the section of the report describing what these “datasets” contained, despite acknowledging that they “may be highly intrusive.” The Snowden documents shine light on some of the core GCHQ bulk data-gathering programs that the committee was likely referring to — pulling back the veil of secrecy that has shielded some of the agency’s most controversial surveillance operations from public scrutiny. KARMA POLICE and MUTANT BROTH are among the key bulk collection systems. But they do not operate in isolation — and the scope of GCHQ’s spying extends far beyond them.
  • The agency operates a bewildering array of other eavesdropping systems, each serving its own specific purpose and designated a unique code name, such as: SOCIAL ANTHROPOID, which is used to analyze metadata on emails, instant messenger chats, social media connections and conversations, plus “telephony” metadata about phone calls, cell phone locations, text and multimedia messages; MEMORY HOLE, which logs queries entered into search engines and associates each search with an IP address; MARBLED GECKO, which sifts through details about searches people have entered into Google Maps and Google Earth; and INFINITE MONKEYS, which analyzes data about the usage of online bulletin boards and forums. GCHQ has other programs that it uses to analyze the content of intercepted communications, such as the full written body of emails and the audio of phone calls. One of the most important content collection capabilities is TEMPORA, which mines vast amounts of emails, instant messages, voice calls and other communications and makes them accessible through a Google-style search tool named XKEYSCORE.
  • As of September 2012, TEMPORA was collecting “more than 40 billion pieces of content a day” and it was being used to spy on people across Europe, the Middle East, and North Africa, according to a top-secret memo outlining the scope of the program. The existence of TEMPORA was first revealed by The Guardian in June 2013. To analyze all of the communications it intercepts and to build a profile of the individuals it is monitoring, GCHQ uses a variety of different tools that can pull together all of the relevant information and make it accessible through a single interface. SAMUEL PEPYS is one such tool, built by the British spies to analyze both the content and metadata of emails, browsing sessions, and instant messages as they are being intercepted in real time. One screenshot of SAMUEL PEPYS in action shows the agency using it to monitor an individual in Sweden who visited a page about GCHQ on the U.S.-based anti-secrecy website Cryptome.
  • Partly due to the U.K.’s geographic location — situated between the United States and the western edge of continental Europe — a large amount of the world’s Internet traffic passes through its territory across international data cables. In 2010, GCHQ noted that what amounted to “25 percent of all Internet traffic” was transiting the U.K. through some 1,600 different cables. The agency said that it could “survey the majority of the 1,600” and “select the most valuable to switch into our processing systems.”
  • According to Joss Wright, a research fellow at the University of Oxford’s Internet Institute, tapping into the cables allows GCHQ to monitor a large portion of foreign communications. But the cables also transport masses of wholly domestic British emails and online chats, because when anyone in the U.K. sends an email or visits a website, their computer will routinely send and receive data from servers that are located overseas. “I could send a message from my computer here [in England] to my wife’s computer in the next room and on its way it could go through the U.S., France, and other countries,” Wright says. “That’s just the way the Internet is designed.” In other words, Wright adds, that means “a lot” of British data and communications transit across international cables daily, and are liable to be swept into GCHQ’s databases.
  • A map from a classified GCHQ presentation about intercepting communications from undersea cables. GCHQ is authorized to conduct dragnet surveillance of the international data cables through so-called external warrants that are signed off by a government minister. The external warrants permit the agency to monitor communications in foreign countries as well as British citizens’ international calls and emails — for example, a call from Islamabad to London. They prohibit GCHQ from reading or listening to the content of “internal” U.K. to U.K. emails and phone calls, which are supposed to be filtered out from GCHQ’s systems if they are inadvertently intercepted unless additional authorization is granted to scrutinize them. However, the same rules do not apply to metadata. A little-known loophole in the law allows GCHQ to use external warrants to collect and analyze bulk metadata about the emails, phone calls, and Internet browsing activities of British people, citizens of closely allied countries, and others, regardless of whether the data is derived from domestic U.K. to U.K. communications and browsing sessions or otherwise. In March, the existence of this loophole was quietly acknowledged by the U.K. parliamentary committee’s surveillance review, which stated in a section of its report that “special protection and additional safeguards” did not apply to metadata swept up using external warrants and that domestic British metadata could therefore be lawfully “returned as a result of searches” conducted by GCHQ.
  • Perhaps unsurprisingly, GCHQ appears to have readily exploited this obscure legal technicality. Secret policy guidance papers issued to the agency’s analysts instruct them that they can sift through huge troves of indiscriminately collected metadata records to spy on anyone regardless of their nationality. The guidance makes clear that there is no exemption or extra privacy protection for British people or citizens from countries that are members of the Five Eyes, a surveillance alliance that the U.K. is part of alongside the U.S., Canada, Australia, and New Zealand. “If you are searching a purely Events only database such as MUTANT BROTH, the issue of location does not occur,” states one internal GCHQ policy document, which is marked with a “last modified” date of July 2012. The document adds that analysts are free to search the databases for British metadata “without further authorization” by inputing a U.K. “selector,” meaning a unique identifier such as a person’s email or IP address, username, or phone number. Authorization is “not needed for individuals in the U.K.,” another GCHQ document explains, because metadata has been judged “less intrusive than communications content.” All the spies are required to do to mine the metadata troves is write a short “justification” or “reason” for each search they conduct and then click a button on their computer screen.
  • Intelligence GCHQ collects on British persons of interest is shared with domestic security agency MI5, which usually takes the lead on spying operations within the U.K. MI5 conducts its own extensive domestic surveillance as part of a program called DIGINT (digital intelligence).
  • GCHQ’s documents suggest that it typically retains metadata for periods of between 30 days to six months. It stores the content of communications for a shorter period of time, varying between three to 30 days. The retention periods can be extended if deemed necessary for “cyber defense.” One secret policy paper dated from January 2010 lists the wide range of information the agency classes as metadata — including location data that could be used to track your movements, your email, instant messenger, and social networking “buddy lists,” logs showing who you have communicated with by phone or email, the passwords you use to access “communications services” (such as an email account), and information about websites you have viewed.
  • Records showing the full website addresses you have visited — for instance, www.gchq.gov.uk/what_we_do — are treated as content. But the first part of an address you have visited — for instance, www.gchq.gov.uk — is treated as metadata. In isolation, a single metadata record of a phone call, email, or website visit may not reveal much about a person’s private life, according to Ethan Zuckerman, director of Massachusetts Institute of Technology’s Center for Civic Media. But if accumulated and analyzed over a period of weeks or months, these details would be “extremely personal,” he told The Intercept, because they could reveal a person’s movements, habits, religious beliefs, political views, relationships, and even sexual preferences. For Zuckerman, who has studied the social and political ramifications of surveillance, the most concerning aspect of large-scale government data collection is that it can be “corrosive towards democracy” — leading to a chilling effect on freedom of expression and communication. “Once we know there’s a reasonable chance that we are being watched in one fashion or another it’s hard for that not to have a ‘panopticon effect,’” he said, “where we think and behave differently based on the assumption that people may be watching and paying attention to what we are doing.”
  • When compared to surveillance rules in place in the U.S., GCHQ notes in one document that the U.K. has “a light oversight regime.” The more lax British spying regulations are reflected in secret internal rules that highlight greater restrictions on how NSA databases can be accessed. The NSA’s troves can be searched for data on British citizens, one document states, but they cannot be mined for information about Americans or other citizens from countries in the Five Eyes alliance. No such constraints are placed on GCHQ’s own databases, which can be sifted for records on the phone calls, emails, and Internet usage of Brits, Americans, and citizens from any other country. The scope of GCHQ’s surveillance powers explain in part why Snowden told The Guardian in June 2013 that U.K. surveillance is “worse than the U.S.” In an interview with Der Spiegel in July 2013, Snowden added that British Internet cables were “radioactive” and joked: “Even the Queen’s selfies to the pool boy get logged.”
  • In recent years, the biggest barrier to GCHQ’s mass collection of data does not appear to have come in the form of legal or policy restrictions. Rather, it is the increased use of encryption technology that protects the privacy of communications that has posed the biggest potential hindrance to the agency’s activities. “The spread of encryption … threatens our ability to do effective target discovery/development,” says a top-secret report co-authored by an official from the British agency and an NSA employee in 2011. “Pertinent metadata events will be locked within the encrypted channels and difficult, if not impossible, to prise out,” the report says, adding that the agencies were working on a plan that would “(hopefully) allow our Internet Exploitation strategy to prevail.”
Paul Merrell

Western Spy Agencies Secretly Rely on Hackers for Intel and Expertise - The Intercept - 0 views

firstlook.org/...-nsa-gchq-rely-intel-expertise

surveillance state NSA-targets hackers

shared by Paul Merrell on 05 Feb 15 - No Cached
  • The U.S., U.K. and Canadian governments characterize hackers as a criminal menace, warn of the threats they allegedly pose to critical infrastructure, and aggressively prosecute them, but they are also secretly exploiting their information and expertise, according to top secret documents. In some cases, the surveillance agencies are obtaining the content of emails by monitoring hackers as they breach email accounts, often without notifying the hacking victims of these breaches. “Hackers are stealing the emails of some of our targets… by collecting the hackers’ ‘take,’ we . . .  get access to the emails themselves,” reads one top secret 2010 National Security Agency document. These and other revelations about the intelligence agencies’ reliance on hackers are contained in documents provided by whistleblower Edward Snowden. The documents—which come from the U.K. Government Communications Headquarters agency and NSA—shed new light on the various means used by intelligence agencies to exploit hackers’ successes and learn from their skills, while also raising questions about whether governments have overstated the threat posed by some hackers.
  • By looking out for hacking conducted “both by state-sponsored and freelance hackers” and riding on the coattails of hackers, Western intelligence agencies have gathered what they regard as valuable content: Recently, Communications Security Establishment Canada (CSEC) and Menwith Hill Station (MHS) discovered and began exploiting a target-rich data set being stolen by hackers. The hackers’ sophisticated email-stealing intrusion set is known as INTOLERANT. Of the traffic observed, nearly half contains category hits because the attackers are targeting email accounts of interest to the Intelligence Community. Although a relatively new data source, [Target Offices of Primary Interest] have already written multiple reports based on INTOLERANT collect. The hackers targeted a wide range of diplomatic corps, human rights and democracy activists and even journalists: INTOLERANT traffic is very organized. Each event is labeled to identify and categorize victims. Cyber attacks commonly apply descriptors to each victim – it helps herd victims and track which attacks succeed and which fail. Victim categories make INTOLERANT interesting: A = Indian Diplomatic & Indian Navy B = Central Asian diplomatic C = Chinese Human Rights Defenders D = Tibetan Pro-Democracy Personalities E = Uighur Activists F = European Special Rep to Afghanistan and Indian photo-journalism G = Tibetan Government in Exile
  • In those cases, the NSA and its partner agencies in the United Kingdom and Canada were unable to determine the identity of the hackers who collected the data, but suspect a state sponsor “based on the level of sophistication and the victim set.” In instances where hacking may compromise data from the U.S. and U.K. governments, or their allies, notification was given to the “relevant parties.” In a separate document, GCHQ officials discuss plans to use open source discussions among hackers to improve their own knowledge. “Analysts are potentially missing out on valuable open source information relating to cyber defence because of an inability to easily keep up to date with specific blogs and Twitter sources,” according to one document. GCHQ created a program called LOVELY HORSE to monitor and index public discussion by hackers on Twitter and other social media. The Twitter accounts designated for collection in the 2012 document:
  • ...3 more annotations...
  • Documents published with this article: LOVELY HORSE – GCHQ Wiki Overview INTOLERANT – Who Else Is Targeting Your Target? Collecting Data Stolen by Hackers – SIDtoday  HAPPY TRIGGER/LOVELY HORSE/Zool/TWO FACE – Open Source for Cyber Defence/Progress NATO Civilian Intelligence Council – Cyber Panel – US Talking Points
  • These accounts represent a cross section of the hacker community and security scene. In addition to monitoring multiple accounts affiliated with Anonymous, GCHQ monitored the tweets of Kevin Mitnick, who was sent to prison in 1999 for various computer and fraud related offenses. The U.S. Government once characterized Mitnick as one of the world’s most villainous hackers, but he has since turned security consultant and exploit broker. Among others, GCHQ monitored the tweets of reverse-engineer and Google employee, Thomas Dullien. Fellow Googler Tavis Ormandy, from Google’s vulnerability research team Project Zero, is featured on the list, along with other well known offensive security researchers, including Metasploit’s HD Moore and James Lee (aka Egypt) together with Dino Dai Zovi and Alexander Sotirov, who at the time both worked for New York-based offensive security company, Trail of Bits (Dai Zovi has since taken up a position at payment company, Square). The list also includes notable anti-forensics and operational security expert “The Grugq.” GCHQ monitored the tweets of former NSA agents Dave Aitel and Charlie Miller, and former Air Force intelligence officer Richard Bejtlich as well as French exploit vendor, VUPEN (who sold a one year subscription for its binary analysis and exploits service to the NSA in 2012).
  • The U.S., U.K. and Canadian governments characterize hackers as a criminal menace, warn of the threats they allegedly pose to critical infrastructure, and aggressively prosecute them, but they are also secretly exploiting their information and expertise, according to top secret documents. In some cases, the surveillance agencies are obtaining the content of emails by monitoring hackers as they breach email accounts, often without notifying the hacking victims of these breaches. “Hackers are stealing the emails of some of our targets… by collecting the hackers’ ‘take,’ we . . .  get access to the emails themselves,” reads one top secret 2010 National Security Agency document. These and other revelations about the intelligence agencies’ reliance on hackers are contained in documents provided by whistleblower Edward Snowden. The documents—which come from the U.K. Government Communications Headquarters agency and NSA—shed new light on the various means used by intelligence agencies to exploit hackers’ successes and learn from their skills, while also raising questions about whether governments have overstated the threat posed by some hackers.
Paul Merrell

NSA Director Finally Admits Encryption Is Needed to Protect Public's Privacy - 0 views

www.mintpressnews.com/...213028

surveillance state encryption NSA Comey

shared by Paul Merrell on 25 Jan 16 - No Cached
  • NSA Director Finally Admits Encryption Is Needed to Protect Public’s Privacy The new stance denotes a growing awareness within the government that Americans are not comfortable with the State’s grip on their data. By Carey Wedler | AntiMedia | January 22, 2016 Share this article! https://mail.google.com/mail/?view=cm&fs=1&to&su=NSA%20Director%20Finally%20Admits%20Encryption%20Is%20Needed%20to%20Protect%20Public%E2%80%99s%20Privacy&body=http%3A%2F%2Fwww.mintpress
  • At the same hearing, Comey and Attorney General Loretta Lynch declined to comment on whether they had proof the Paris attackers used encryption. Even so, Comey recently lobbied for tech companies to do away with end-to-end encryption. However, his crusade has fallen on unsympathetic ears, both from the private companies he seeks to control — and from the NSA. Prior to Rogers’ statements in support of encryption Thursday, former NSA chief Michael Hayden said, “I disagree with Jim Comey. I actually think end-to-end encryption is good for America.” Still another former NSA chair has criticized calls for backdoor access to information. In October, Mike McConnell told a panel at an encryption summit that the United States is “better served by stronger encryption, rather than baking in weaker encryption.” Former Department of Homeland Security chief, Michael Chertoff, has also spoken out against government being able to bypass encryption.
  • Rogers cited the recent Office of Personnel Management hack of over 20 million users as a reason to increase encryption rather than scale it back. “What you saw at OPM, you’re going to see a whole lot more of,” he said, referring to the massive hack that compromised the personal data about 20 million people who obtained background checks. Rogers’ comments, while forward-thinking, signify an about face in his stance on encryption. In February 2015, he said he “shares [FBI] Director [James] Comey’s concern” about cell phone companies’ decision to add encryption features to their products. Comey has been one loudest critics of encryption. However, Rogers’ comments on Thursday now directly conflict with Comey’s stated position. The FBI director has publicly chastised encryption, as well as the companies that provide it. In 2014, he claimed Apple’s then-new encryption feature could lead the world to “a very dark place.” At a Department of Justice hearing in November, Comey testified that “Increasingly, the shadow that is ‘going dark’ is falling across more and more of our work.” Though he claimed, “We support encryption,” he insisted “we have a problem that encryption is crashing into public safety and we have to figure out, as people who care about both, to resolve it. So, I think the conversation’s in a healthier place.”
  • ...2 more annotations...
  • Regardless of these individual defenses of encryption, the Intercept explained why these statements may be irrelevant: “Left unsaid is the fact that the FBI and NSA have the ability to circumvent encryption and get to the content too — by hacking. Hacking allows law enforcement to plant malicious code on someone’s computer in order to gain access to the photos, messages, and text before they were ever encrypted in the first place, and after they’ve been decrypted. The NSA has an entire team of advanced hackers, possibly as many as 600, camped out at Fort Meade.”
  • Rogers statements, of course, are not a full-fledged endorsement of privacy, nor can the NSA be expected to make it a priority. Even so, his new stance denotes a growing awareness within the government that Americans are not comfortable with the State’s grip on their data. “So spending time arguing about ‘hey, encryption is bad and we ought to do away with it’ … that’s a waste of time to me,” Rogers said Thursday. “So what we’ve got to ask ourselves is, with that foundation, what’s the best way for us to deal with it? And how do we meet those very legitimate concerns from multiple perspectives?”
Paul Merrell

Britain has passed the 'most extreme surveillance law ever passed in a democracy' | ZDNet - 0 views

www.zdnet.com/...-new-spying-powers-becomes-law

surveillance state GCHQ UK snoopers'-charter legislation

shared by Paul Merrell on 20 Nov 16 - No Cached
  • It's 2016 going on 1984. The UK has just passed a massive expansion in surveillance powers, which critics have called "terrifying" and "dangerous".
  • The new law, dubbed the "snoopers' charter", was introduced by then-home secretary Theresa May in 2012, and took two attempts to get passed into law following breakdowns in the previous coalition government. Four years and a general election later -- May is now prime minister -- the bill was finalized and passed on Wednesday by both parliamentary houses. But civil liberties groups have long criticized the bill, with some arguing that the law will let the UK government "document everything we do online". It's no wonder, because it basically does. The law will force internet providers to record every internet customer's top-level web history in real-time for up to a year, which can be accessed by numerous government departments; force companies to decrypt data on demand -- though the government has never been that clear on exactly how it forces foreign firms to do that that; and even disclose any new security features in products before they launch.
  • Not only that, the law also gives the intelligence agencies the power to hack into computers and devices of citizens (known as equipment interference), although some protected professions -- such as journalists and medical staff -- are layered with marginally better protections. In other words, it's the "most extreme surveillance law ever passed in a democracy," according to Jim Killock, director of the Open Rights Group. The bill was opposed by representatives of the United Nations, all major UK and many leading global privacy and rights groups, and a host of Silicon Valley tech companies alike. Even the parliamentary committee tasked with scrutinizing the bill called some of its provisions "vague".
  • ...1 more annotation...
  • And that doesn't even account for the three-quarters of people who think privacy, which this law almost entirely erodes, is a human right. There are some safeguards, however, such as a "double lock" system so that the secretary of state and an independent judicial commissioner must agree on a decision to carry out search warrants (though one member of the House of Lords disputed that claim). A new investigatory powers commissioner will also oversee the use of the powers. Despite the uproar, the government's opposition failed to scrutinize any significant amendments and abstained from the final vote. Killock said recently that the opposition Labour party spent its time "simply failing to hold the government to account". But the government has downplayed much of the controversy surrounding the bill. The government has consistently argued that the bill isn't drastically new, but instead reworks the old and outdated Regulation of Investigatory Powers Act (RIPA). This was brought into law in 2000, to "legitimize" new powers that were conducted or ruled on in secret, like collecting data in bulk and hacking into networks, which was revealed during the Edward Snowden affair. Much of those activities were only possible thanks to litigation by one advocacy group, Privacy International, which helped push these secret practices into the public domain while forcing the government to scramble to explain why these practices were legal. The law will be ratified by royal assent in the coming weeks.
Paul Merrell

US Intel Agencies Try to Strong-Arm Trump into War With Russia - 0 views

www.counterpunch.org/...arm-trump-into-war-with-russia

war & peace Russia-demonization Syria pivot-to-Asia U.S.-foreign-policy

shared by Paul Merrell on 12 Jan 17 - No Cached
  • Powerful elites are using the credibility of the US Intelligence agencies to demonize Russia and prepare the country for war. This is the real meaning of the “Russia hacking” story which, as yet, has not produced any hard evidence of Russian complicity. Last week’s 25-page report, that was released by the Director of National Intelligence James Clapper, illustrates to what extent intelligence is being “fixed around the policy”.  Just as the CIA generated false information related to Weapons of Mass Destruction to soften public resistance to war with Iraq, so too, the spurious allegations in the DNI’s politically-motivated report are designed to depict Russia as a growing threat to US national security. The timing of the report has less to do with the election of Donald Trump as President than it does with critical developments in Syria where the Russian military has defeated US-proxies in Syria’s industrial hub, Aleppo, rolling back Washington’s 15-year War of Terror and derailing the imperialist plan to control vital resources and pipeline corridors across the Middle East and Central Asia. Russia has become the main obstacle to Washington achieving its strategic vision of pivoting to Asia and maintaining its dominant role into the next century. The Intelligence Community has been coerced into compromising its credibility to incite fear of Russia and to advance the geopolitical ambitions of deep state powerbrokers.
  • The “Russia hacking” flap shows how far the Intel agencies have veered from their original mandate, which is to impartially gather and analyze information that may be vital to US national security. As we have seen in the last two weeks, the leaders of these organizations feel free to offer opinions on  issues that clearly conflict with those of the new President-elect. Trump has stated repeatedly that he wants to reduce tensions and reset relations with Russia, but that policy is being sabotaged by members of the intelligence community, particularly CIA Director John Brennan who appeared just last week on PBS Newshour with Judy Woodruff. Here’s an excerpt from the interview: “We see that there are still a lot of actions that Russia is undertaking that undermine the principles of democracy in so many countries. What has happened in our recent election is not new. The Russians have engaged in trying to manipulate elections in Europe for a number of years… the Russians tried to interfere in our electoral process recently, and were actively involved in that. And that is something that we can’t countenance.” (“Interview with CIA Director John Brennan”,  PBS Newshour)
  • Brennan, of course, provided no evidence for his claims nor did he mention the hundreds of CIA interventions around the world. But Brennan’s accusations are less important than the fact that his appearance on a nationwide broadcast identifies him as a political advocate for policies that conflict with those of the new president. Do we really want unelected intelligence officials — whose job it is to provide the president with sensitive information related to national security– to assume a partisan role in shaping policy? And why would Brennan –whose is supposed to “serve at the pleasure of the president”– accept an invitation to offer his views on Russia when he knew they would be damaging to the new administration? Powerful people behind the scenes are obviously pushing the heads of these intelligence agencies to stick to their ‘anti-Moscow’ narrative to force Trump to abandon his plan for peaceful relations with Moscow.  Brennan isn’t calling the shots and neither are Clapper or Comey. They’re all merely agents serving the interests of establishment plutocrats whose geopolitical agenda doesn’t jibe with that of the incoming administration. If that wasn’t the case, then why would the Intelligence Community stake its reputation on such thin gruel as this Russian hacking gibberish? It doesn’t make any sense. The people who launched this campaign are either supremely arrogant or extremely desperate. Which is it?
  • ...2 more annotations...
  • What’s really going on here?  Why have the Intelligence agencies savaged their credibility just to convince people that Russia is up to no good? The Russia hacking story has more to do with recent developments in Syria than it does with delegitimizing Donald Trump. Aleppo was a real wake up call for the US foreign policy establishment which is beginning to realize that their plans for the next century have been gravely undermined by Russia’s military involvement in Syria. Aleppo represents the first time that an armed coalition of allied states (Russia, Iran, Syria, Hezbollah) have actively engaged US jihadist-proxies and soundly beat them to a pulp. The stunning triumph in Aleppo has spurred hope among the vassal states that Washington’s bloody military juggernaut can be repelled, rolled back and defeated. And if Washington’s CIA-armed, trained and funded jihadists can be repelled, then the elitist plan to project US power into Central Asia to dominate the world’s most populous and prosperous region, will probably fail. In other words, the outcome in Aleppo has cast doubts on Uncle Sam’s ability to successfully execute its pivot to Asia. That’s why the Intel agencies have been employed to shape public perceptions on Russia.  Their job is to prepare the American people for an escalation of hostilities between the two nuclear-armed superpowers. US powerbrokers are determined to intensify the conflict and reverse facts on the ground. (Recent articles by elites at the Council on Foreign Relations and the Brookings Institute reveal that they are as committed to partitioning Syria as ever.)  Washington wants to  reassert its exceptional role as the uncontested steward of global security and the lone ‘unipolar’ world power.
  • That’s what this whole “hacking” fiasco is about. The big shots who run the country are trying to strong-arm ‘the Donald’ into carrying their water so the depredations can continue and Central Asia can be transformed into a gigantic Washington-dominated corporate free trade zone where the Big Money calls the shots and Capital reigns supreme. That’s their dreamstate, Capitalist Valhalla. They just need Trump to get-with-the-program so the bloodletting can continue apace.
Gary Edwards

Chris Hedges: The Real Purpose of the U.S. Government's Report on Alleged Hacking by Ru... - 0 views

www.truthdig.com/...rt_on_alleged_hacking_by_russi

poltics trump

shared by Gary Edwards on 12 Jan 17 - No Cached
  • Gary Edwards on 12 Jan 17
     
    "Some thoughts on "Russia's Influence Campaign Targeting the 2016 US Presidential Election," the newly released declassified report from the Office of the Director of National Intelligence. 1. The primary purpose of the declassified report, which offers no evidence to support its assertions that Russia hacked the U.S. presidential election campaign, is to discredit Donald Trump. I am not saying there was no Russian hack of John Podesta's emails. I am saying we have yet to see any tangible proof to back up the accusation. This charge-Sen. John McCain has likened the alleged effort by Russia to an act of war-is the first salvo in what will be a relentless campaign by the Republican and Democratic establishment, along with its corporatist allies and the mass media, to destroy the credibility of the president-elect and prepare the way for impeachment. The allegations in the report, amplified in breathtaking pronouncements by a compliant corporate media that operates in a non-fact-based universe every bit as pernicious as that inhabited by Trump, are designed to make Trump look like Vladimir Putin's useful idiot. An orchestrated and sustained campaign of innuendo and character assassination will be directed against Trump. When impeachment is finally proposed, Trump will have little public support and few allies and will have become a figure of open ridicule in the corporate media. 2. The second task of the report is to bolster the McCarthyist smear campaign against independent media, including Truthdig, as witting or unwitting agents of the Russian government. The demise of the English programming of Al-Jazeera and TeleSur, along with the collapse of the nation's public broadcasting, designed to give a voice to those not beholden to corporate or party interests, leaves RT America and Amy Goodman's Democracy Now! as the only two electronic outlets with a national reach that are willing to give a platform to critics of corporate power and imperialism s
Paul Merrell

FBI never examined hacked DNC servers itself: report | TheHill - 0 views

thehill.com/...ined-hacked-dnc-servers-report

Auction 2016 DNC-hack FBI forensics

shared by Paul Merrell on 06 Jan 17 - No Cached
  • The FBI never examined the Democratic National Committee’s (DNC) computer servers during its investigation into Russian attempts to interfere in the presidential election, BuzzFeed reports.“The DNC had several meetings with representatives of the FBI’s Cyber Division and its Washington (D.C.) Field Office, the Department of Justice’s National Security Division, and U.S. Attorney’s Offices, and it responded to a variety of requests for cooperation, but the FBI never requested access to the DNC’s computer servers,” DNC deputy communications director Eric Walker told BuzzFeed in an email.According to one intelligence official who spoke to the publication, no U.S. intelligence agency has performed its own forensics analysis on the hacked servers.ADVERTISEMENTInstead, the official said, the bureau and other agencies have relied on analysis done by the third-party security firm CrowdStrike, which investigated the breach for the DNC.“Crowdstrike is pretty good. There’s no reason to believe that anything that they have concluded is not accurate,” the intelligence official told BuzzFeed.
Paul Merrell

NSA uses Google cookies to pinpoint targets for hacking - 0 views

www.washingtonpost.com/...o-pinpoint-targets-for-hacking

surveillance state NSA NSA-targets tracking-cookies cookies

shared by Paul Merrell on 12 Dec 13 - No Cached
  • The National Security Agency is secretly piggybacking on the tools that enable Internet advertisers to track consumers, using "cookies" and location data to pinpoint targets for government hacking and to bolster surveillance. The agency's internal presentation slides, provided by former NSA contractor Edward Snowden, show that when companies follow consumers on the Internet to better serve them advertising, the technique opens the door for similar tracking by the government. The slides also suggest that the agency is using these tracking techniques to help identify targets for offensive hacking operations. For years, privacy advocates have raised concerns about the use of commercial tracking tools to identify and target consumers with advertisements. The online ad industry has said its practices are innocuous and benefit consumers by serving them ads that are more likely to be of interest to them. The revelation that the NSA is piggybacking on these commercial technologies could shift that debate, handing privacy advocates a new argument for reining in commercial surveillance.
  • According to the documents, the NSA and its British counterpart, GCHQ, are using the small tracking files or "cookies" that advertising networks place on computers to identify people browsing the Internet. The intelligence agencies have found particular use for a part of a Google-specific tracking mechanism known as the “PREF” cookie. These cookies typically don't contain personal information, such as someone's name or e-mail address, but they do contain numeric codes that enable Web sites to uniquely identify a person's browser. In addition to tracking Web visits, this cookie allows NSA to single out an individual's communications among the sea of Internet data in order to send out software that can hack that person's computer. The slides say the cookies are used to "enable remote exploitation," although the specific attacks used by the NSA against targets are not addressed in these documents.
  • These specific slides do not indicate how the NSA obtains Google PREF cookies or whether the company cooperates in these programs, but other documents reviewed by the Post indicate that cookie information is among the data NSA can obtain with a Foreign Intelligence Surveillance Act order. If the NSA gets the data that way, the companies know and are legally compelled to assist.
Paul Merrell

Researcher who joked about hacking a jet plane barred from United flight | Ars Technica - 0 views

arstechnica.com/...lane-barred-from-united-flight

surveillance state FBI social-media-monitoring

shared by Paul Merrell on 15 May 15 - No Cached
  • A researcher who specializes in the security of commercial airplanes was barred from a United Airlines flight Saturday, three days after he tweeted a poorly advised joke mid-flight about hacking a key communications system of the plane he was in. Chris Roberts was detained by FBI agents on Wednesday as he was deplaning his United flight, which had just flown from Denver to Syracuse, New York. While on board the flight, he tweeted a joke about taking control of the plane's engine-indicating and crew-alerting system, which provides flight crews with information in real-time about an aircraft's functions, including temperatures of various equipment, fuel flow and quantity, and oil pressure. In the tweet, Roberts jested: "Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? 'PASS OXYGEN ON' Anyone ? :)" FBI agents questioned Roberts for four hours and confiscated his iPad, MacBook Pro, and storage devices.
  • Paul Merrell on 15 May 15
     
    Bruce Schneier's take on this: "But to me, the fascinating part of this story is that a computer was monitoring the Twitter feed and understood the obscure references, alerted a person who figured out who wrote them, researched what flight he was on, and sent an FBI team to the Syracuse airport within a couple of hours. There's some serious surveillance going on. Now, it is possible that Roberts was being specifically monitored. He is already known as a security researcher who is working on avionics hacking. But still..." Some serious surveillance, indeed. And does the FBI have its own social media monitoring program or is this the result of a tip from the NSA, which assuredly does have a social media surveillance capability?  Consider the short time between the post and interception by FBI agents at the airport and all of the steps it takes to accomplish that feat. I come up with a system that is directly harvesting tweets as they are transmitted, not a web crawler. A huge amount of automation to identify the tweet as a potential threat and get it to someone with the vocabulary to understand the message. And another round of automation to get the import of the post to an FBI dispatcher who sends the agents to the airport armed with the information needed to question the tweeter for four hours on an esoteric subject. That's astounding to me.  
Paul Merrell

U.S. to China: We Hacked Your Internet Gear We Told You Not to Hack | Wired Enterprise ... - 0 views

www.wired.com/...nsa-cisco-huawei-china

surveillance state U.S. China NSA-backdoors

shared by Paul Merrell on 01 Jan 14 - No Cached
  • The headline news is that the NSA has surreptitiously “burrowed its way into nearly all the security architecture” sold by the world’s largest computer networking companies, including everyone from U.S. mainstays Cisco and Juniper to Chinese giant Huawei. But beneath this bombshell of a story from Der Spiegel, you’ll find a rather healthy bit of irony. After all, the United States government has spent years complaining that Chinese intelligence operations could find ways of poking holes in Huawei networking gear, urging both American businesses and foreign allies to sidestep the company’s hardware. The complaints grew so loud that, at one point, Huawei indicated it may abandon the U.S. networking market all together. And, yet, Der Speigel now tells us that U.S. intelligence operations have been poking holes in Huawei networking gear — not to mention hardware sold by countless other vendors in both the States and abroad. “We read the media reports, and we’ve noted the references to Huawei and our peers,” says William Plummer, a Huawei vice president and the company’s point person in Washington, D.C. “As we have said, over and over again — and as now seems to be validated — threats to networks and data integrity can come from any and many sources.”
  • Plummer and Huawei have long complained that when the U.S. House Intelligence Committee released a report in October 2012 condemning the use of Huawei gear in telephone and data networks, it failed to provide any evidence that the Chinese government had compromised the company’s hardware. Adam Segal, a senior fellow for China Studies at the Center for Foreign Relations, makes the same point. And now we have evidence — Der Spiegel cites leaked NSA documents — that the U.S. government has compromised gear on a massive scale. “Do I see the irony? Certainly the Chinese will,” Segal says, noting that the Chinese government and the Chinese press have complained of U.S hypocrisy ever since former government contractor Edward Snowden first started to reveal NSA surveillance practices last summer. “The Chinese government has been hammering home what they call the U.S.’s ulterior motives for criticizing China, and there’s been a steady drumbeat of stories in the Chinese press about backdoors in the products of U.S. companies. They’ve been going after Cisco in particular.”
  • To be sure, the exploits discussed by Der Spiegel are a little different from the sort of attacks Congress envisioned during its long campaign against Huawei and ZTE, another Chinese manufacturer. As Segal and others note, Congress mostly complained that the Chinese government could collaborate with people inside the two companies to plant backdoors in their gear, with lawmakers pointing out that Huawei’s CEO was once an officer in China’s People’s Liberation Army, or PLA, the military arm of the country’s Communist party. Der Spiegel, by contrast, says the NSA is exploiting hardware without help from anyone inside the Ciscos and the Huaweis, focusing instead on compromising network gear with clever hacks or intercepting the hardware as it’s shipped to customers. “For the most part, the article discusses typical malware exploits used by hackers everywhere,” says JR Rivers, an engineer who has built networking hardware for Cisco as well as Google and now runs the networking startup Cumulus Networks. “It’s just pointing out that the NSA is engaged in the practice and has resources that are not available to most people.” But in the end, the two types of attack have the same result: Networking gear controlled by government spies. And over the last six months, Snowden’s revelations have indicated that the NSA is not only hacking into networks but also collaborating with large American companies in its hunt for data.
  • ...2 more annotations...
  • Jim Lewis, a director and senior fellow with the Center for Strategic and International Studies, adds that the Chinese view state-sponsored espionage a little differently than the U.S. does. Both countries believe in espionage for national security purposes, but the Chinese argue that such spying might include the theft of commercial secrets. “The Chinese will tell you that stealing technology and business secrets is a way of building their economy, and that this is important for national security,” says Lewis, who has helped oversee meetings between the U.S. and the Chinese, including officers in the PLA. “I’ve been in the room when they’ve said that. The last time was when a PLA colonel said: ‘In the U.S., military espionage is heroic and economic espionage is a crime. In China, the line is not that clear.’” But here in the United States, we now know, the NSA may blur other lines in the name of national security. Segal says that although he, as an American, believes the U.S. government is on stronger ethical ground than the Chinese, other nations are beginning to question its motives. “The U.S has to convince other countries that our type of intelligence gathering is different,” he says. “I don’t think that the Brazils and the Indias and the Indonesias and the South Africas are convinced. That’s a big problem for us.”
  • The thing to realize, as the revelations of NSA snooping continue to pour out, is that everyone deserves scrutiny — the U.S government and its allies, as well as the Chinese and others you may be more likely to view with skepticism. “All big countries,” Lewis says, “are going to try and do this.”
  • Paul Merrell on 01 Jan 14
     
    Of course, we now know that the U.S. conducts electronic surveillance for a multitude of purposes, including economic. Check this group's notes tagged "NSA-targets" and/or "NSA-goals".
Paul Merrell

Our South Korean Allies Also Hack the U.S.-and We Don't Seem to Care - The Daily Beast - 0 views

www.thedailybeast.com/...and-we-don-t-seem-to-care.html

surveillance state South-Korea cyberspying

shared by Paul Merrell on 22 Jan 15 - No Cached
  • Lost in the kerfuffle over North Korea’s hacking of Sony is this little irony: South Korea, the Hermit Kingdom’s main rival and a stalwart ally of the United States, has also been cyberspying on America. South Korea has an active online espionage program that is primarily aimed at the North but also has been “targeting us,” according to a newly disclosed internal National Security Agency document.
  • The NSA document, which was included in the trove of classified files leaked by ex-NSA contractor Edward Snowden and published last week by Der Spiegel, includes a first-person account from an unnamed NSA employee who says the agency was aware of South Korea’s hacking operations but not “super interested” in them until they were ramped up “a bit more” against the United States. The document is undated but makes reference to an NSA manual published in 2007. It gives no indication why South Korea stepped up its cyberspying on the United States.
‹ Previous 21 - 40 of 191 Next › Last »
Showing 20 items per page