Group items tagged

New Defense Department guidelines allow commanders to punish journalists and treat them as "unprivileged belligerents" if they believe journalists are sympathizing or cooperating with the enemy. The Law of War manual, updated to apply for the first time to all branches of the military, contains a vaguely worded provision that military commanders could interpret broadly, experts in military law and journalism say. Commanders could ask journalists to leave military bases or detain journalists for any number of perceived offenses. "In general, journalists are civilians," the 1,180 page manual says, but it adds that "journalists may be members of the armed forces, persons authorized to accompany the armed forces, or unprivileged belligerents." A person deemed to be an "unprivileged belligerent" is not entitled to the rights afforded by the Geneva Convention. A commander could restrict from certain coverage areas or even hold indefinitely without charges any reporter considered an "unprivileged belligerent." The manual adds, "Reporting on military operations can be very similar to collecting intelligence or even spying. A journalist who acts as a spy may be subject to security measures and punished if captured." It is not specific as to the punishment or under what circumstances a commander can decide to "punish" a journalist.

Defense Department officials said the reference to "unprivileged belligerents" was intended to point out that armed group members or spies could be masquerading as reporters. The designation was also made to warn against someone who works publications like Al-Qaeda's "Inspire" magazine that can be used to encourage or recruit adherents. Another provision says that "relaying of information" could be construed as "taking a direct part in hostilities." Officials said that is intended to refer to passing information about ongoing operations, locations of troops or other classified data to an enemy. Army Lt. Col. Joe Sowers, a Pentagon spokesman, said it was not the Defense Department's intent to allow an overzealous commander to block journalists or take action against those who write critical stories.

But Ken Lee, an ex-Marine and military lawyer who specializes in "law of war" issues and is now in private practice, said it was worrisome that the detention of a journalist could come down to a commander's interpretation of the law.  If a reporter writes an unflattering story, "does this give a commander the impetus to say, now you're an unprivileged belligerent? I would hope not," Lee said. Defense officials said the manual describes the law for informational purposes and is not an authorization for anyone to take any particular action regarding journalists. The manual also notes that journalists captured by the enemy are supposed to be given the rights of prisoners of war under the Geneva Convention.

Last night’s episode of 60 Minutes on CBS included what basically amounted to an uncritical commercial for the embattled National Security Agency, led by a journalist who used to be a government colleague. While the show — which has faced recent problems of its own, from the Benghazi debacle to the Amazon drone PR stunt — celebrated its own “unprecedented access to NSA headquarters,” it’s clear the meeting was on the NSA’s terms. In fact, NSA Director General Keith Alexander “made the call to invite us in,” a 60 Minutes producer admitted. They pretty much let him say his piece, nodding along excitedly. “Full disclosure, I once worked in the office of the director of National Intelligence where I saw firsthand how secretly the NSA operates,” said the reporter John Miller at the start of the segment.

While no critics of the NSA programs were given a chance to make the case against the potentially extralegal spying, which has resulted in international outrage, CBS did assist in the discrediting of master leaker Edward Snowden. Take, for example, this galling exchange with the head of the Snowden task force within the NSA, following Miller’s dismissive description of Snowden as a “twentysomething-year-old, high-school-dropout contractor”: John Miller: Did you sit in his chair?Rick Ledgett: I did not. I couldn’t bring myself to do that. […] At home, they discovered Snowden had some strange habits. Rick Ledgett: He would work on the computer with a hood that covered the computer screen and covered his head and shoulders, so that he could work and his girlfriend couldn't see what he was doing.John Miller: That's pretty strange, sitting at your computer kind of covered by a sheet over your head and the screen?Rick Ledgett: Agreed.

Media observers, some less personally involved in the Snowden leaks than others, could not believe what they were watching: 60 Minutes forgot to ask about how James Clapper & Keith Alexander routinely lied to Congress & FISA courts - just ran out of time.— Glenn Greenwald (@ggreenwald) December 16, 2013 Wow, the 60 Minutes piece about the NSA was just embarrassing. Kudos to the NSA communications staff. You guys should get a raise.— Ryan Lizza (@RyanLizza) December 16, 2013

When Apple and Google unveiled new encryption schemes last month, law enforcement officials complained that they wouldn’t be able to unlock evidence on criminals’ digital devices. What they didn’t say is that there are already methods to bypass encryption, thanks to off-the-shelf digital implants readily available to the smallest national agencies and the largest city police forces — easy-to-use software that takes over and monitors digital devices in real time, according to documents obtained by The Intercept. We’re publishing in full, for the first time, manuals explaining the prominent commercial implant software “Remote Control System,” manufactured by the Italian company Hacking Team. Despite FBI director James Comey’s dire warnings about the impact of widespread data scrambling — “criminals and terrorists would like nothing more,” he declared — Hacking Team explicitly promises on its website that its software can “defeat encryption.”

The manuals describe Hacking Team’s software for government technicians and analysts, showing how it can activate cameras, exfiltrate emails, record Skype calls, log typing, and collect passwords on targeted devices. They also catalog a range of pre-bottled techniques for infecting those devices using wifi networks, USB sticks, streaming video, and email attachments to deliver viral installers. With a few clicks of a mouse, even a lightly trained technician can build a software agent that can infect and monitor a device, then upload captured data at unobtrusive times using a stealthy network of proxy servers, all without leaving a trace. That, at least, is what Hacking Team’s manuals claim as the company tries to distinguish its offerings in the global marketplace for government hacking software. Hacking Team’s efforts include a visible push into the U.S. Though Remote Control System is sold around the world — suspected clients include small governments in dozens of countries, from Ethiopia to Kazakhstan to Saudi Arabia to Mexico to Oman — the company keeps one of its three listed worldwide offices in Annapolis, Maryland, on the edge of the federal intelligence and law-enforcement cluster around the nation’s capital; has sent representatives to American homeland security trade shows and conferences, where it has led training seminars like “Cyber Intelligence Solutions to Data Encryption” for police; and has even taken an investment from a firm headed by America’s former ambassador to Italy. The United States is also, according to two separate research teams, far and away Hacking Team’s top nexus for servers, hosting upwards of 100 such systems, roughly a fifth of all its servers globally.

When the Sheriff seizes property from a Citizen under the non-authority of the IRS agent, the Sheriff has committed a Second Degree Felony, Conversion of Property.

The latest leaks from WikiLeaks' Vault 7 is titled “Dark Matter” and claims that the CIA has been bugging “factory fresh” iPhones since at least 2008 through suppliers.

And here is the full press release from WikiLeaks: Today, March 23rd 2017, WikiLeaks releases Vault 7 "Dark Matter", which contains documentation for several CIA projects that infect Apple Mac Computer firmware (meaning the infection persists even if the operating system is re-installed) developed by the CIA's Embedded Development Branch (EDB). These documents explain the techniques used by CIA to gain 'persistence' on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware.   Among others, these documents reveal the "Sonic Screwdriver" project which, as explained by the CIA, is a "mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting" allowing an attacker to boot its attack software for example from a USB stick "even when a firmware password is enabled". The CIA's "Sonic Screwdriver" infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter.   "DarkSeaSkies" is "an implant that persists in the EFI firmware of an Apple MacBook Air computer" and consists of "DarkMatter", "SeaPea" and "NightSkies", respectively EFI, kernel-space and user-space implants.   Documents on the "Triton" MacOSX malware, its infector "Dark Mallet" and its EFI-persistent version "DerStake" are also included in this release. While the DerStake1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0.   Also included in this release is the manual for the CIA's "NightSkies 1.2" a "beacon/loader/implant tool" for the Apple iPhone. Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008.   While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise.

The scientists at DARPA say the current methods of searching the Internet for all manner of information just won't cut it in the future. Today the agency announced a program that would aim to totally revamp Internet search and "revolutionize the discovery, organization and presentation of search results." Specifically, the goal of DARPA's Memex program is to develop software that will enable domain-specific indexing of public web content and domain-specific search capabilities. According to the agency the technologies developed in the program will also provide the mechanisms for content discovery, information extraction, information retrieval, user collaboration, and other areas needed to address distributed aggregation, analysis, and presentation of web content.

Memex also aims to produce search results that are more immediately useful to specific domains and tasks, and to improve the ability of military, government and commercial enterprises to find and organize mission-critical publically available information on the Internet. "The current one-size-fits-all approach to indexing and search of web content limits use to the business case of web-scale commercial providers," the agency stated. 

The Memex program will address the need to move beyond a largely manual process of searching for exact text in a centralized index, including overcoming shortcomings such as: Limited scope and richness of indexed content, which may not include relevant components of the deep web such as temporary pages, pages behind forms, etc.; an impoverished index, which may not include shared content across pages, normalized content, automatic annotations, content aggregation, analysis, etc. Basic search interfaces, where every session is independent, there is no collaboration or history beyond the search term, and nearly exact text input is required; standard practice for interacting with the majority of web content, which remains one-at-a-time manual queries that return federated lists of results. Memex would ultimately apply to any public domain content; initially, DARPA  said it intends to develop Memex to address a key Defense Department mission: fighting human trafficking. Human trafficking is a factor in many types of military, law enforcement and intelligence investigations and has a significant web presence to attract customers. The use of forums, chats, advertisements, job postings, hidden services, etc., continues to enable a growing industry of modern slavery. An index curated for the counter-trafficking domain, along with configurable interfaces for search and analysis, would enable new opportunities to uncover and defeat trafficking enterprises.

The story of Fukushima should be on the front pages of every newspaper. Instead, it is rarely mentioned. The problems at Fukushima are unprecedented in human experience and involve a high risk of radiation events larger than any that the global community has ever experienced. It is going to take the best engineering minds in the world to solve these problems and to diminish their global impact. When we researched the realities of Fukushima in preparation for this article, words like apocalyptic, cataclysmic and Earth-threatening came to mind. But, when we say such things, people react as if we were the little red hen screaming "the sky is falling" and the reports are ignored. So, we’re going to present what is known in this article and you can decide whether we are facing a potentially cataclysmic event.

There are three major problems at Fukushima: (1) Three reactor cores are missing; (2) Radiated water has been leaking from the plant in mass quantities for 2.5 years; and (3) Eleven thousand spent nuclear fuel rods, perhaps the most dangerous things ever created by humans, are stored at the plant and need to be removed, 1,533 of those are in a very precarious and dangerous position. Each of these three could result in dramatic radiation events, unlike any radiation exposure humans have ever experienced.  We’ll discuss them in order, saving the most dangerous for last.

Missing reactor cores:  Since the accident at Fukushima on March 11, 2011, three reactor cores have gone missing.  There was an unprecedented three reactor ‘melt-down.’ These melted cores, called corium lavas, are thought to have passed through the basements of reactor buildings 1, 2 and 3, and to be somewhere in the ground underneath.  Harvey Wasserman, who has been working on nuclear energy issues for over 40 years, tells us that during those four decades no one ever talked about the possibility of a multiple meltdown, but that is what occurred at Fukushima.  It is an unprecedented situation to not know where these cores are. TEPCO is pouring water where they think the cores are, but they are not sure. There are occasional steam eruptions coming from the grounds of the reactors, so the cores are thought to still be hot. The concern is that the corium lavas will enter or may have already entered the aquifer below the plant. That would contaminate a much larger area with radioactive elements. Some suggest that it would require the area surrounding Tokyo, 40 million people, to be evacuated. Another concern is that if the corium lavas enter the aquifer, they could create a "super-heated pressurized steam reaction beneath a layer of caprock causing a major 'hydrovolcanic' explosion." A further concern is that a large reserve of groundwater which is coming in contact with the corium lavas is migrating towards the ocean at the rate of four meters per month. This could release greater amounts of radiation than were released in the early days of the disaster.

Security researcher Jacob Appelbaum dropped a bombshell of sorts earlier this week when he accused American tech companies of placing government-friendly backdoors in their devices. Now Texas-based Dell Computers is offering an apology. Or to put it more accurately, Dell told an irate customer on Monday that they “regret the inconvenience” caused by selling to the public for years a number of products that the intelligence community has been able to fully compromise in complete silence up until this week. Dell, Apple, Western Digital and an array of other Silicon Valley-firms were all name-checked during Appelbaum’s hour-long presentation Monday at the thirtieth annual Chaos Communication Congress in Hamburg, Germany. As RT reported then, the 30-year-old hacker-cum-activist unveiled before the audience at the annual expo a collection of never-before published National Security Agency documents detailing how the NSA goes to great lengths to compromise the computers and systems of groups on its long list of adversaries.

Spreading viruses and malware to infect targets and eavesdrop on their communications is just one of the ways the United States’ spy firm conducts surveillance, Appelbaum said. Along with those exploits, he added, the NSA has been manually inserting microscopic computer chips into commercially available products and using custom-made devices like hacked USB cables to silently collect intelligence. One of the most alarming methods of attack discussed during his address, however, comes as a result of all but certain collusion on the part of major United States tech companies. The NSA has information about vulnerabilities in products sold by the biggest names in the US computer industry, Appelbaum said, and at the drop off a hat the agency has the ability of launching any which type of attack to exploit the flaws in publically available products.

The NSA has knowledge pertaining to vulnerabilities in computer servers made by Dell and even Apple’s highly popular iPhone, among other devices, Appelbaum told his audience. “Hey Dell, why is that?” Appelbaum asked. “Love to hear your statement about that.”

And why did Islamic State, formerly ISIS, become winners? Because the "West" regimented, schooled, trained, logistically helped and weaponized most of IS's Takfiri goons with a mission at hand: to destroy Syria. The "West" lauded them as "Syrian rebels". Freedom fighters. Washington even promoted Jabhat al-Nusra (the official al-Qaeda franchise in Syria, and a "terrorist organization", according to the State Department) as "good" jihadis, as well as the preferred Saudi combo, the Islamic Front.

The House of Saud, directly and indirectly, and the proverbial wealthy Gulf Cooperation Council donors are the Mom and Dad of ISIS. All duly vetted/approved by the industrial-military-Orwellian-Panopticon complex. And yet "Assad must go" had other ideas for Syria. He didn't go. He and his army resisted and counter-attacked. So the original mission in Syria morphed across the (non-existent) desert border towards Iraq. ISIS kept expanding - via extortion, kidnapping, captured oil fields, tribal smuggling networks.

How convenient that IS strategy is totally divide and rule. Totally balkanization of Iraq. Totally mum on Israel's slow-motion ethnic cleansing of Gaza. Totally useful in wagging the (beheading) dog to make the world forget about Gaza. Moroever, IS/ISIS strategy, stripped to the bone, is Pentagon manual; clear, hold and build - then expand (to an area larger than Great Britain). It's even Pentagon manual redux - as in building "coalitions of the willing" (see the alliance with "remnants" - Rummy talk - of the Saddam regime propelling their northern Iraq summer offensive.) How convenient that the mighty Orwellian/Panopticon complex satellite maze could not identify a long convoy of gleaming white Toyotas crossing the desert towards their summer conquests. And how convenient that a Briton beheading an American - what a "special relationship" plot twist! - fully sanctions the Return of Iraq Bombing ("for months", in Obama's words); more strikes; more drones; perhaps more boots on the ground; perhaps, in the near future, a Syria extension. IS also took over Tikrit, the birthplace of Saddam, in their summer adventure. Now Baghdad's military are trying to take it back. IS welcomed them with minefields, booby-trapped buildings, an array of snipers and hardcore mortar fire. How convenient that Obama's "humanitarian" bombs are not involved in R2P ("responsibility to protect") Saddam's birthplace. What really matters is the US consulate in Erbil, scores of CIA operatives and vast Big Oil interests in Iraqi Kurdistan.

Even before a former U.S. intelligence contractor exposed the secret collection of Americans’ phone records, the Obama administration was pressing a government-wide crackdown on security threats that requires federal employees to keep closer tabs on their co-workers and exhorts managers to punish those who fail to report their suspicions. President Barack Obama’s unprecedented initiative, known as the Insider Threat Program, is sweeping in its reach. It has received scant public attention even though it extends beyond the U.S. national security bureaucracies to most federal departments and agencies nationwide, including the Peace Corps, the Social Security Administration and the Education and Agriculture departments. It emphasizes leaks of classified material, but catchall definitions of “insider threat” give agencies latitude to pursue and penalize a range of other conduct.

Government documents reviewed by McClatchy illustrate how some agencies are using that latitude to pursue unauthorized disclosures of any information, not just classified material. They also show how millions of federal employees and contractors must watch for “high-risk persons or behaviors” among co-workers and could face penalties, including criminal charges, for failing to report them. Leaks to the media are equated with espionage.

Employees must turn themselves and others in for failing to report breaches. “Penalize clearly identifiable failures to report security infractions and violations, including any lack of self-reporting,” the strategic plan says.The Obama administration already was pursuing an unprecedented number of leak prosecutions, and some in Congress – long one of the most prolific spillers of secrets – favor tightening restrictions on reporters’ access to federal agencies, making many U.S. officials reluctant to even disclose unclassified matters to the public. The policy, which partly relies on behavior profiles, also could discourage creative thinking and fuel conformist “group think” of the kind that was blamed for the CIA’s erroneous assessment that Iraq was hiding weapons of mass destruction, a judgment that underpinned the 2003 U.S. invasion. “The real danger is that you get a bland common denominator working in the government,” warned Ilana Greenstein, a former CIA case officer who says she quit the agency after being falsely accused of being a security risk. “You don’t get people speaking up when there’s wrongdoing. You don’t get people who look at things in a different way and who are willing to stand up for things. What you get are people who toe the party line, and that’s really dangerous for national security.”

On June 28th 2009, Honduran soldiers marched into the bedroom of Honduran President Manuel Zelaya while he was in his pajamas and forced him at gunpoint to walk into a waiting jet and exiled him to Costa Rica. Then-Secretary of State Hillary Clinton condemned the ouster of the Honduran President as a coup as she called for “the full restoration of democratic order in Honduras.” The “democratic order” Clinton was suggesting was not to restore Zelaya as the legitimate president but a president (or more like a U.S. Puppet) that Washington finds suitable for its interests. Roberto Micheletti replaced Zelaya as an interim president. Micheletti lived in the U.S. (Florida) early in his life. Hillary Clinton’s involvement in the overthrow of the democratically elected president of Honduras Manual Zelaya is clear while most of the main-stream media ignores Clinton’s involvement in destroying yet another democracy in Central America by the U.S. government. Central America has experienced U.S. orchestrated coups and civil wars in the past including Guatemala (1954), Costa Rica (mid 1950’’s and 1970-71) and civil wars in Nicaragua (1981-90) and El Salvador (1981-92).

Washington, DC, January 23, 2014 – Forty-six years ago today - well before Edward Snowden was born - the National Security Agency suffered what may still rank as the most significant compromise ever of its code secrets when the American spy ship USS Pueblo was captured by communist forces off the coast of North Korea on January 23, 1968. The U.S. Navy signals intelligence ship was on a mission to intercept radio and electronic transmissions, and apparently sailing in international waters, when North Korean naval units opened fire, then boarded the vessel and took its crew hostage for almost a year, sparking a major international crisis. Beyond the dramatic political ramifications of the seizure and hostage-taking for the Lyndon Johnson administration and U.S. world standing, the incident resulted in the capture of a dozen top secret encryption devices, maintenance manuals, and other code materials. Because it involved actual encryption equipment rather than just papers and briefing materials, the Pueblo affair may have produced a much greater loss than the recent disclosures of former NSA contract employee Edward Snowden.

Recently declassified documents posted today by the National Security Archive describe tense U.S. internal reactions to the Pueblo seizure, and include previously withheld high-level political and military deliberations over how to respond to the episode in an atmosphere fraught with the dangers of a superpower conflict. Military contingency plans, which President Lyndon Johnson eventually rejected, included a naval blockade, major air strikes and even use of nuclear weapons against North Korea.

Top-secret documents reveal that the National Security Agency is dramatically expanding its ability to covertly hack into computers on a mass scale by using automated systems that reduce the level of human oversight in the process. The classified files – provided previously by NSA whistleblower Edward Snowden – contain new details about groundbreaking surveillance technology the agency has developed to infect potentially millions of computers worldwide with malware “implants.” The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks. The covert infrastructure that supports the hacking efforts operates from the agency’s headquarters in Fort Meade, Maryland, and from eavesdropping bases in the United Kingdom and Japan. GCHQ, the British intelligence agency, appears to have played an integral role in helping to develop the implants tactic.

The NSA began rapidly escalating its hacking efforts a decade ago. In 2004, according to secret internal records, the agency was managing a small network of only 100 to 150 implants. But over the next six to eight years, as an elite unit called Tailored Access Operations (TAO) recruited new hackers and developed new malware tools, the number of implants soared to tens of thousands. To penetrate foreign computer networks and monitor communications that it did not have access to through other means, the NSA wanted to go beyond the limits of traditional signals intelligence, or SIGINT, the agency’s term for the interception of electronic communications. Instead, it sought to broaden “active” surveillance methods – tactics designed to directly infiltrate a target’s computers or network devices. In the documents, the agency describes such techniques as “a more aggressive approach to SIGINT” and says that the TAO unit’s mission is to “aggressively scale” these operations. But the NSA recognized that managing a massive network of implants is too big a job for humans alone.

“One of the greatest challenges for active SIGINT/attack is scale,” explains the top-secret presentation from 2009. “Human ‘drivers’ limit ability for large-scale exploitation (humans tend to operate within their own environment, not taking into account the bigger picture).” The agency’s solution was TURBINE. Developed as part of TAO unit, it is described in the leaked documents as an “intelligent command and control capability” that enables “industrial-scale exploitation.”

The Guardian has released new documents from Edward Snowden showing how the U.S. National Security Agency targets internet anonymity tool Tor to gather intelligence. One of the documents, a presentation titled "Tor Stinks," bluntly acknowledges how effective the tool is: "We will never be able to de-anonymize all Tor users all the time. With manual analysis we can de-anonymize a very small fraction of Tor users, however, no success de-anonymizing a user in response to a TOPI request/on demand." (Other documents: presentation 1, presentation 2.) The NSA is able to extract information sometimes, though, and Bruce Schneier details what we know of that process in an article of his own. "The NSA creates 'fingerprints' that detect http requests from the Tor network to particular servers. These fingerprints are loaded into NSA database systems like XKeyscore, a bespoke collection and analysis tool which NSA boasts allows its analysts to see "almost everything" a target does on the internet. ... After identifying an individual Tor user on the internet, the NSA uses its network of secret internet servers to redirect those users to another set of secret internet servers, with the codename FoxAcid, to infect the user's computer. FoxAcid is an NSA system designed to act as a matchmaker between potential targets and attacks developed by the NSA, giving the agency opportunity to launch prepared attacks against their systems." Schneier explains in a related article why it's important that we figure out exactly what the NSA is doing. "Given how inept the NSA was at protecting its own secrets, it's extremely unlikely that Edward Snowden was the first sysadmin contractor to walk out the door with a boatload of them. And the previous leakers could have easily been working for a foreign government."

The Guardian has released new documents from Edward Snowden showing how the U.S. National Security Agency targets internet anonymity tool Tor to gather intelligence. One of the documents, a presentation titled "Tor Stinks," bluntly acknowledges how effective the tool is: "We will never be able to de-anonymize all Tor users all the time. With manual analysis we can de-anonymize a very small fraction of Tor users, however, no success de-anonymizing a user in response to a TOPI request/on demand." (Other documents: presentation 1, presentation 2.) The NSA is able to extract information sometimes, though, and Bruce Schneier details what we know of that process in an article of his own. "The NSA creates 'fingerprints' that detect http requests from the Tor network to particular servers. These fingerprints are loaded into NSA database systems like XKeyscore, a bespoke collection and analysis tool which NSA boasts allows its analysts to see "almost everything" a target does on the internet. ... After identifying an individual Tor user on the internet, the NSA uses its network of secret internet servers to redirect those users to another set of secret internet servers, with the codename FoxAcid, to infect the user's computer. FoxAcid is an NSA system designed to act as a matchmaker between potential targets and attacks developed by the NSA, giving the agency opportunity to launch prepared attacks against their systems." Schneier explains in a related article why it's important that we figure out exactly what the NSA is doing. "Given how inept the NSA was at protecting its own secrets, it's extremely unlikely that Edward Snowden was the first sysadmin contractor to walk out the door with a boatload of them. And the previous leakers could have easily been working for a foreign government."

It wasn’t ever seriously in doubt, but the FBI yesterday acknowledged that it secretly took control of Freedom Hosting last July, days before the servers of the largest provider of ultra-anonymous hosting were found to be serving custom malware designed to identify visitors. Freedom Hosting’s operator, Eric Eoin Marques, had rented the servers from an unnamed commercial hosting provider in France, and paid for them from a bank account in Las Vegas. It’s not clear how the FBI took over the servers in late July, but the bureau was temporarily thwarted when Marques somehow regained access and changed the passwords, briefly locking out the FBI until it gained back control. The new details emerged in local press reports from a Thursday bail hearing in Dublin, Ireland, where Marques, 28, is fighting extradition to America on charges that Freedom Hosting facilitated child pornography on a massive scale. He was denied bail today for the second time since his arrest in July. Freedom Hosting was a provider of turnkey “Tor hidden service” sites — special sites, with addresses ending in .onion, that hide their geographic location behind layers of routing, and can be reached only over the Tor anonymity network. Tor hidden services are used by sites that need to evade surveillance or protect users’ privacy to an extraordinary degree – including human rights groups and journalists. But they also appeal to serious criminal elements, child-pornography traders among them.

On August 4, all the sites hosted by Freedom Hosting — some with no connection to child porn — began serving an error message with hidden code embedded in the page. Security researchers dissected the code and found it exploited a security hole in Firefox to identify users of the Tor Browser Bundle, reporting back to a mysterious server in Northern Virginia. The FBI was the obvious suspect, but declined to comment on the incident. The FBI also didn’t respond to inquiries from WIRED today. But FBI Supervisory Special Agent J. Brooke Donahue was more forthcoming when he appeared in the Irish court yesterday to bolster the case for keeping Marques behind bars, according to local press reports. Among the many arguments Donahue and an Irish police inspector offered was that Marques might reestablish contact with co-conspirators, and further complicate the FBI probe. In addition to the wrestling match over Freedom Hosting’s servers, Marques allegedly dove for his laptop when the police raided him, in an effort to shut it down.

The apparent FBI-malware attack was first noticed on August 4, when all of the hidden service sites hosted by Freedom Hosting began displaying a “Down for Maintenance” message. That included at least some lawful websites, such as the secure email provider TorMail. Some visitors looking at the source code of the maintenance page realized that it included a hidden iframe tag that loaded a mysterious clump of Javascript code from a Verizon Business internet address. By midday, the code was being circulated and dissected all over the net. Mozilla confirmed the code exploited a critical memory management vulnerability in Firefox that was publicly reported on June 25, and is fixed in the latest version of the browser. Though many older revisions of Firefox were vulnerable to that bug, the malware only targeted Firefox 17 ESR, the version of Firefox that forms the basis of the Tor Browser Bundle – the easiest, most user-friendly package for using the Tor anonymity network. That made it clear early on that the attack was focused specifically on de-anonymizing Tor users. Tor Browser Bundle users who installed or manually updated after June 26 were safe from the exploit, according to the Tor Project’s security advisory on the hack.

While we've been disappointed that Senator Chuck Grassley appears to have a bit of a double standard with his staunch support for whistleblowers when it comes to Ed Snowden, it is true that he has fought for real whistleblower protections for quite some time. Lately, he's been quite concerned that the White House's "Insider Threat Program" (ITP) is really just a cover to crack down on whistleblowers. As we've noted, despite early promises from the Obama administration to support and protect whistleblowers, the administration has led the largest crackdown against whistleblowers, and the ITP suggests that the attack on whistleblowers is a calculated response. The program documentation argues that any leak can be seen as "aiding the enemy" and encourages government employees to snitch on each other if they appear too concerned about government wrong-doing. Despite all his high minded talk of supporting whistleblowers, President Obama has used the Espionage Act against whistleblowers twice as many times as all other Presidents combined. Also, he has never -- not once -- praised someone for blowing the whistle in the federal government.

Given all of that, Senator Grassley expressed some concern about this Insider Threat Program and how it distinguished whistleblowers from actual threats. He asked the FBI for copies of its training manual on the program, which it refused to give him. Instead, it said it could better answer any questions at a hearing. However, as Grassley explains, when questioned about this just 10 minutes into the hearing, the FBI abruptly got up and left: Meanwhile, the FBI fiercely resists any efforts at Congressional oversight, especially on whistleblower matters. For example, four months ago I sent a letter to the FBI requesting its training materials on the Insider Threat Program. This program was announced by the Obama Administration in October 2011. It was intended to train federal employees to watch out for insider threats among their colleagues. Public news reports indicated that this program might not do enough to distinguish between true insider threats and legitimate whistleblowers. I relayed these concerns in my letter. I also asked for copies of the training materials. I said I wanted to examine whether they adequately distinguished between insider threats and whistleblowers.

In response, an FBI legislative affairs official told my staff that a briefing might be the best way to answer my questions. It was scheduled for last week. Staff for both Chairman Leahy and I attended, and the FBI brought the head of their Insider Threat Program. Yet the FBI didn’t bring the Insider Threat training materials as we had requested. However, the head of the Insider Threat Program told the staff that there was no need to worry about whistleblower communications. He said whistleblowers had to register in order to be protected, and the Insider Threat Program would know to just avoid those people. Now I have never heard of whistleblowers being required to “register” in order to be protected. The idea of such a requirement should be pretty alarming to all Americans. Sometimes confidentiality is the best protection a whistleblower has. Unfortunately, neither my staff nor Chairman Leahy’s staff was able to learn more, because only about ten minutes into the briefing, the FBI abruptly walked out. FBI officials simply refused to discuss any whistleblower implications in its Insider Threat Program and left the room. These are clearly not the actions of an agency that is genuinely open to whistleblowers or whistleblower protection.