Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged software

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

Popular Security Software Came Under Relentless NSA and GCHQ Attacks - The Intercept - 0 views

firstlook.org/...nsa-gchq-targeted-kaspersky

surveillance state NSA GCHQ anti-virus-software

shared by Paul Merrell on 23 Jun 15 - No Cached
  • The National Security Agency and its British counterpart, Government Communications Headquarters, have worked to subvert anti-virus and other security software in order to track users and infiltrate networks, according to documents from NSA whistleblower Edward Snowden. The spy agencies have reverse engineered software products, sometimes under questionable legal authority, and monitored web and email traffic in order to discreetly thwart anti-virus software and obtain intelligence from companies about security software and users of such software. One security software maker repeatedly singled out in the documents is Moscow-based Kaspersky Lab, which has a holding registered in the U.K., claims more than 270,000 corporate clients, and says it protects more than 400 million people with its products. British spies aimed to thwart Kaspersky software in part through a technique known as software reverse engineering, or SRE, according to a top-secret warrant renewal request. The NSA has also studied Kaspersky Lab’s software for weaknesses, obtaining sensitive customer information by monitoring communications between the software and Kaspersky servers, according to a draft top-secret report. The U.S. spy agency also appears to have examined emails inbound to security software companies flagging new viruses and vulnerabilities.
  • The efforts to compromise security software were of particular importance because such software is relied upon to defend against an array of digital threats and is typically more trusted by the operating system than other applications, running with elevated privileges that allow more vectors for surveillance and attack. Spy agencies seem to be engaged in a digital game of cat and mouse with anti-virus software companies; the U.S. and U.K. have aggressively probed for weaknesses in software deployed by the companies, which have themselves exposed sophisticated state-sponsored malware.
  • The requested warrant, provided under Section 5 of the U.K.’s 1994 Intelligence Services Act, must be renewed by a government minister every six months. The document published today is a renewal request for a warrant valid from July 7, 2008 until January 7, 2009. The request seeks authorization for GCHQ activities that “involve modifying commercially available software to enable interception, decryption and other related tasks, or ‘reverse engineering’ software.”
  • ...9 more annotations...
  • The NSA, like GCHQ, has studied Kaspersky Lab’s software for weaknesses. In 2008, an NSA research team discovered that Kaspersky software was transmitting sensitive user information back to the company’s servers, which could easily be intercepted and employed to track users, according to a draft of a top-secret report. The information was embedded in “User-Agent” strings included in the headers of Hypertext Transfer Protocol, or HTTP, requests. Such headers are typically sent at the beginning of a web request to identify the type of software and computer issuing the request.
  • According to the draft report, NSA researchers found that the strings could be used to uniquely identify the computing devices belonging to Kaspersky customers. They determined that “Kaspersky User-Agent strings contain encoded versions of the Kaspersky serial numbers and that part of the User-Agent string can be used as a machine identifier.” They also noted that the “User-Agent” strings may contain “information about services contracted for or configurations.” Such data could be used to passively track a computer to determine if a target is running Kaspersky software and thus potentially susceptible to a particular attack without risking detection.
  • Another way the NSA targets foreign anti-virus companies appears to be to monitor their email traffic for reports of new vulnerabilities and malware. A 2010 presentation on “Project CAMBERDADA” shows the content of an email flagging a malware file, which was sent to various anti-virus companies by François Picard of the Montréal-based consulting and web hosting company NewRoma. The presentation of the email suggests that the NSA is reading such messages to discover new flaws in anti-virus software. Picard, contacted by The Intercept, was unaware his email had fallen into the hands of the NSA. He said that he regularly sends out notification of new viruses and malware to anti-virus companies, and that he likely sent the email in question to at least two dozen such outfits. He also said he never sends such notifications to government agencies. “It is strange the NSA would show an email like mine in a presentation,” he added.
  • The NSA presentation goes on to state that its signals intelligence yields about 10 new “potentially malicious files per day for malware triage.” This is a tiny fraction of the hostile software that is processed. Kaspersky says it detects 325,000 new malicious files every day, and an internal GCHQ document indicates that its own system “collect[s] around 100,000,000 malware events per day.” After obtaining the files, the NSA analysts “[c]heck Kaspersky AV to see if they continue to let any of these virus files through their Anti-Virus product.” The NSA’s Tailored Access Operations unit “can repurpose the malware,” presumably before the anti-virus software has been updated to defend against the threat.
  • The Project CAMBERDADA presentation lists 23 additional AV companies from all over the world under “More Targets!” Those companies include Check Point software, a pioneering maker of corporate firewalls based Israel, whose government is a U.S. ally. Notably omitted are the American anti-virus brands McAfee and Symantec and the British company Sophos.
  • As government spies have sought to evade anti-virus software, the anti-virus firms themselves have exposed malware created by government spies. Among them, Kaspersky appears to be the sharpest thorn in the side of government hackers. In the past few years, the company has proven to be a prolific hunter of state-sponsored malware, playing a role in the discovery and/or analysis of various pieces of malware reportedly linked to government hackers, including the superviruses Flame, which Kaspersky flagged in 2012; Gauss, also detected in 2012; Stuxnet, discovered by another company in 2010; and Regin, revealed by Symantec. In February, the Russian firm announced its biggest find yet: the “Equation Group,” an organization that has deployed espionage tools widely believed to have been created by the NSA and hidden on hard drives from leading brands, according to Kaspersky. In a report, the company called it “the most advanced threat actor we have seen” and “probably one of the most sophisticated cyber attack groups in the world.”
  • Hacks deployed by the Equation Group operated undetected for as long as 14 to 19 years, burrowing into the hard drive firmware of sensitive computer systems around the world, according to Kaspersky. Governments, militaries, technology companies, nuclear research centers, media outlets and financial institutions in 30 countries were among those reportedly infected. Kaspersky estimates that the Equation Group could have implants in tens of thousands of computers, but documents published last year by The Intercept suggest the NSA was scaling up their implant capabilities to potentially infect millions of computers with malware. Kaspersky’s adversarial relationship with Western intelligence services is sometimes framed in more sinister terms; the firm has been accused of working too closely with the Russian intelligence service FSB. That accusation is partly due to the company’s apparent success in uncovering NSA malware, and partly due to the fact that its founder, Eugene Kaspersky, was educated by a KGB-backed school in the 1980s before working for the Russian military.
  • Kaspersky has repeatedly denied the insinuations and accusations. In a recent blog post, responding to a Bloomberg article, he complained that his company was being subjected to “sensationalist … conspiracy theories,” sarcastically noting that “for some reason they forgot our reports” on an array of malware that trace back to Russian developers. He continued, “It’s very hard for a company with Russian roots to become successful in the U.S., European and other markets. Nobody trusts us — by default.”
  • Documents published with this article: Kaspersky User-Agent Strings — NSA Project CAMBERDADA — NSA NDIST — GCHQ’s Developing Cyber Defence Mission GCHQ Application for Renewal of Warrant GPW/1160 Software Reverse Engineering — GCHQ Reverse Engineering — GCHQ Wiki Malware Analysis & Reverse Engineering — ACNO Skill Levels — GCHQ
Paul Merrell

The All Writs Act, Software Licenses, and Why Judges Should Ask More Questions | Just S... - 0 views

www.justsecurity.org/...ware-licenses-judges-questions

surveillance state iPhone EULA warrant encryption-bypass

shared by Paul Merrell on 02 Nov 15 - No Cached
  • Pending before federal magistrate judge James Orenstein is the government’s request for an order obligating Apple, Inc. to unlock an iPhone and thereby assist prosecutors in decrypting data the government has seized and is authorized to search pursuant to a warrant. In an order questioning the government’s purported legal basis for this request, the All Writs Act of 1789 (AWA), Judge Orenstein asked Apple for a brief informing the court whether the request would be technically feasible and/or burdensome. After Apple filed, the court asked it to file a brief discussing whether the government had legal grounds under the AWA to compel Apple’s assistance. Apple filed that brief and the government filed a reply brief last week in the lead-up to a hearing this morning.
  • We’ve long been concerned about whether end users own software under the law. Software owners have rights of adaptation and first sale enshrined in copyright law. But software publishers have claimed that end users are merely licensees, and our rights under copyright law can be waived by mass-market end user license agreements, or EULAs. Over the years, Granick has argued that users should retain their rights even if mass-market licenses purport to take them away. The government’s brief takes advantage of Apple’s EULA for iOS to argue that Apple, the software publisher, is responsible for iPhones around the world. Apple’s EULA states that when you buy an iPhone, you’re not buying the iOS software it runs, you’re just licensing it from Apple. The government argues that having designed a passcode feature into a copy of software which it owns and licenses rather than sells, Apple can be compelled under the All Writs Act to bypass the passcode on a defendant’s iPhone pursuant to a search warrant and thereby access the software owned by Apple. Apple’s supplemental brief argues that in defining its users’ contractual rights vis-à-vis Apple with regard to Apple’s intellectual property, Apple in no way waived its own due process rights vis-à-vis the government with regard to users’ devices. Apple’s brief compares this argument to forcing a car manufacturer to “provide law enforcement with access to the vehicle or to alter its functionality at the government’s request” merely because the car contains licensed software. 
  • This is an interesting twist on the decades-long EULA versus users’ rights fight. As far as we know, this is the first time that the government has piggybacked on EULAs to try to compel software companies to provide assistance to law enforcement. Under the government’s interpretation of the All Writs Act, anyone who makes software could be dragooned into assisting the government in investigating users of the software. If the court adopts this view, it would give investigators immense power. The quotidian aspects of our lives increasingly involve software (from our cars to our TVs to our health to our home appliances), and most of that software is arguably licensed, not bought. Conscripting software makers to collect information on us would afford the government access to the most intimate information about us, on the strength of some words in some license agreements that people never read. (And no wonder: The iPhone’s EULA came to over 300 pages when the government filed it as an exhibit to its brief.)
  • ...1 more annotation...
  • The government’s brief does not acknowledge the sweeping implications of its arguments. It tries to portray its requested unlocking order as narrow and modest, because it “would not require Apple to make any changes to its software or hardware, … [or] to introduce any new ability to access data on its phones. It would simply require Apple to use its existing capability to bypass the passcode on a passcode-locked iOS 7 phone[.]” But that undersells the implications of the legal argument the government is making: that anything a company already can do, it could be compelled to do under the All Writs Act in order to assist law enforcement. Were that the law, the blow to users’ trust in their encrypted devices, services, and products would be little different than if Apple and other companies were legally required to design backdoors into their encryption mechanisms (an idea the government just can’t seem to drop, its assurances in this brief notwithstanding). Entities around the world won’t buy security software if its makers cannot be trusted not to hand over their users’ secrets to the US government. That’s what makes the encryption in iOS 8 and later versions, which Apple has told the court it “would not have the technical ability” to bypass, so powerful — and so despised by the government: Because no matter how broadly the All Writs Act extends, no court can compel Apple to do the impossible.
Gary Edwards

BriteSnow - The Five Software Architecture Generations: From Mainframe to Mobile Apps t... - 0 views

britesnow.com/...evolution-mobile-apps-to-html5

jeremy-chone productivity HTML5

shared by Gary Edwards on 22 Mar 13 - No Cached
  • Gary Edwards on 22 Mar 13
     
    "The software technology industry is like an ants' nest. From up close, everything seems random, chaotic, and purposeless, but as we zoom out, pattern, order, and purpose begin to emerge. At least, this is the way I see it. While I love to get very close to the smallest details, once in a while, I like to step back and see how we, the software industry, came to where we are in order to better understand where we are going. From the beginning of software, the two main characteristics of an application that are often opposed to each other are richness (i.e., application function and experience) and reach (i.e., application distribution and access). A model in which both of these characteristics are maximized has always been seen as the Holy Grail of software development. If we step back and look at the evolution of the software application architecture over the last 20 years, based on these two core characteristics, we can plot the journey of the quest for this Holy Grail on a decreasing sinusoid depicting five generations, as shown here."
Paul Merrell

Leaked docs show spyware used to snoop on US computers | Ars Technica - 0 views

arstechnica.com/...-used-to-snoop-on-us-computers

surveillance state Gamma-Group FinFisher zero-day-exploits Vupen-Security MSOffice MSIE Acrobat

shared by Paul Merrell on 10 Aug 14 - No Cached
  • Software created by the controversial UK-based Gamma Group International was used to spy on computers that appear to be located in the United States, the UK, Germany, Russia, Iran, and Bahrain, according to a leaked trove of documents analyzed by ProPublica. It's not clear whether the surveillance was conducted by governments or private entities. Customer e-mail addresses in the collection appeared to belong to a German surveillance company, an independent consultant in Dubai, the Bosnian and Hungarian Intelligence services, a Dutch law enforcement officer, and the Qatari government.
  • The leaked files—which were posted online by hackers—are the latest in a series of revelations about how state actors including repressive regimes have used Gamma's software to spy on dissidents, journalists, and activist groups. The documents, leaked last Saturday, could not be readily verified, but experts told ProPublica they believed them to be genuine. "I think it's highly unlikely that it's a fake," said Morgan Marquis-Bore, a security researcher who while at The Citizen Lab at the University of Toronto had analyzed Gamma Group's software and who authored an article about the leak on Thursday. The documents confirm many details that have already been reported about Gamma, such as that its tools were used to spy on Bahraini activists. Some documents in the trove contain metadata tied to e-mail addresses of several Gamma employees. Bill Marczak, another Gamma Group expert at the Citizen Lab, said that several dates in the documents correspond to publicly known events—such as the day that a particular Bahraini activist was hacked.
  • The leaked files contain more than 40 gigabytes of confidential technical material, including software code, internal memos, strategy reports, and user guides on how to use Gamma Group software suite called FinFisher. FinFisher enables customers to monitor secure Web traffic, Skype calls, webcams, and personal files. It is installed as malware on targets' computers and cell phones. A price list included in the trove lists a license of the software at almost $4 million. The documents reveal that Gamma uses technology from a French company called Vupen Security that sells so-called computer "exploits." Exploits include techniques called "zero days" for "popular software like Microsoft Office, Internet Explorer, Adobe Acrobat Reader, and many more." Zero days are exploits that have not yet been detected by the software maker and therefore are not blocked.
  • ...2 more annotations...
  • Many of Gamma's product brochures have previously been published by the Wall Street Journal and Wikileaks, but the latest trove shows how the products are getting more sophisticated. In one document, engineers at Gamma tested a product called FinSpy, which inserts malware onto a user's machine, and found that it could not be blocked by most antivirus software. Documents also reveal that Gamma had been working to bypass encryption tools including a mobile phone encryption app, Silent Circle, and were able to bypass the protection given by hard-drive encryption products TrueCrypt and Microsoft's Bitlocker.
  • The documents also describe a "country-wide" surveillance product called FinFly ISP which promises customers the ability to intercept Internet traffic and masquerade as ordinary websites in order to install malware on a target's computer. The most recent date-stamp found in the documents is August 2, coincidung with the first tweet by a parody Twitter account, @GammaGroupPR, which first announced the hack and may be run by the hacker or hackers responsible for the leak. On Reddit, a user called PhineasFisher claimed responsibility for the leak. "Two years ago their software was found being widely used by governments in the middle east, especially Bahrain, to hack and spy on the computers and phones of journalists and dissidents," the user wrote. The name on the @GammaGroupPR Twitter account is also "Phineas Fisher." GammaGroup, the surveillance company whose documents were released, is no stranger to the spotlight. The security firm F-Secure first reported the purchase of FinFisher software by the Egyptian State Security agency in 2011. In 2012, Bloomberg News and The Citizen Lab showed how the company's malware was used to target activists in Bahrain. In 2013, the software company Mozilla sent a cease-and-desist letter to the company after a report by The Citizen Lab showed that a spyware-infected version of the Firefox browser manufactured by Gamma was being used to spy on Malaysian activists.
Paul Merrell

Fresno Police Roll Out Dystopian 'Threat Ranking' System - 0 views

www.mintpressnews.com/...212684

surveillance state Fresno citizen-threat-ranking Intrado Beware trade-secrets

shared by Paul Merrell on 12 Jan 16 - No Cached
  • “On 57 monitors that cover the walls of the center, operators zoomed and panned an array of roughly 200 police cameras perched across the city. They could dial up 800 more feeds from the city’s schools and traffic cameras, and they soon hope to add 400 more streams from cameras worn on officers’ bodies and from thousands from local businesses that have surveillance systems.” Though the intricate surveillance apparatus described above seems straight from a dystopic novel, it is actually the Washington Post’s recent description of the the visual data collection system employed by a local California police department. The police department in Fresno, California, has taken extreme measures to combat high rates of crime in the city. As the Post reports, Fresno’s Real Time Crime Center, buried deep in the police station’s headquarters, has developed as a response to what many police call increasing threats. The system, according to police officials, can “provide critical information that can help uncover terrorists or thwart mass shootings, ensure the safety of officers and the public, find suspects, and crack open cases” — a feature they say is increasingly important in the wake of events like the November terror attack in Paris and the San Bernardino shooting last month.
  • “Our officers are expected to know the unknown and see the unseen,” Fresno Chief of Police Jerry Dyer said. “They are making split-second decisions based on limited facts. The more you can provide in terms of intelligence and video, the more safely you can respond to calls.” Programs similar to the Real Time Crime Center have launched in New York, Houston, and Seattle over the course of the last decade. Nationwide, the use of Stingrays, data fusion centers, and aerial drone surveillance have broadened the access local police have to private information. In another example, the FBI is continually developing a comprehensive biometric database that local police access every day. “This is something that’s been building since September 11,” says Jennifer Lynch, a senior attorney at the Electronic Frontier Foundation. Like the problem of police militarization, Lynch traces the trend back to the Pentagon: “First funding went to the military to develop this technology, and now it has come back to domestic law enforcement. It’s the perfect storm of cheaper and easier-to-use technologies and money from state and federal governments to purchase it.”
  • While many of these programs may fail to shock Americans, one new software program takes police scrutiny of private citizens to a new level. Beware, a software tool produced by tech firm Intrado, not only surveils the data of the citizens of Fresno, the first city to test it — it calculates threat levels based on what it discovers. The software scours arrest records, property records, Deep Web searches, commercial databases, and social media postings. By this method, it was able to designate a man with a firearm and gang convictions involved in a real-time domestic violence dispute as the highest of three threat levels: a bright red ranking. Fresno police say the intelligence from Beware aided them, as the man eventually surrendered and officers found he was armed with a gun. Beware scours billions of data points to develop rankings for citizens, and though few recoil at the thought of catching criminals and miscreants, the program provides particular cause for concern because of both its invasiveness and its fallibility.
  • ...3 more annotations...
  • These shortcomings have sparked concern among Fresno’s city council members, who discussed the issue at a meeting in November. At that meeting, one council member cited an incident where a girl who posted on social media about a card game called “Rage” was consequently given an elevated threat ranking — all because “rage” could be a triggering keyword for Beware. At that same meeting, libertarian-leaning Republican councilman Clinton J. Olivier asked Chief Dyer to use the technology to calculate his threat level. In real-time, Olivier was given a green, or non-threatening ranking, but his home received a yellow, or medium, threat ranking. It was likely due to the record of his home’s prior occupant. “Even though it’s not me that’s the yellow guy, your officers are going to treat whoever comes out of that house in his boxer shorts as the yellow guy,” Olivier told Dyer. “That may not be fair to me.” He added later, “[Beware] has failed right here with a council member as the example.” “It’s a very unrefined, gross technique,” Fresno civil rights attorney, Rob Nabarro, has said of Beware’s color-coded levels. “A police call is something that can be very dangerous for a citizen,” he noted, echoing Olivier’s worries.
  • Further, though Fresno police use Beware, they are left in the dark about how it determines rankings. Intrado designates the method a “trade secret,” and as such, will not share it with the officers who use it. This element of the software’s implementation has concerned civil rights advocates like Nabarro. He believes the secrecy surrounding the technology may result in unfair, unchecked threat rankings. Nabarro cautioned that between the software’s secrecy and room for error, Beware could accidentally rank a citizen as dangerous based on, for example, posts on social media criticizing police. This potential carries with it the ability for citizens to be punished not for actual crimes, but for exercising basic constitutional rights. Further, it compromises the rights of individuals who have been previously convicted of crimes, potentially using past behavior to assume guilt in unrelated future incidents. Chief Dyer insists concerns are exaggerated and that a particular score does not guarantee a particular police response. Police maintain the tools are necessary to fight crime. Nevertheless, following the heated November meeting, Dyer suggested he would work to turn off the color-coded threat ranking due to citizens’ concerns. “It’s a balancing act,” he admitted.
  • It remains to be seen if Fresno police and residents will move forward with the technology or shut it down over privacy concerns. City officials in Oakland, California, for example, recently scaled back plans to establish a Real Time Crime Center after outraged citizens protested. At the very least, as Northern California ACLU attorney Matt Cagle said, “[W]henever these surveillance technologies are on the table, there needs to be a meaningful debate. There needs to be safeguards and oversight.”
  • Paul Merrell on 12 Jan 16
     
    Claiming trade secrecy for the software's selection criteria for threat ranking actually constitutes policy policy, the trade secrecy claim would probably not survive judical review. It's at least arguably an unconstitutional delegation of a government function (ranking citizens as threats) to a private company. Police departments in Florida were sued to produce records of how a related surveillance device, the Stingray IMSI device that intercepts cell phone calls by mimicking a cell-phone tower, and only averted court-ordered disclosure of its trade secret workings by the FBI swooping in just before decision to remove all the software documentation from local police possession, custody, and control.    There is a long chain of case law holding that information that is legitimately trade secret and proprietary loses that protection if adopted by local or federal government as law. With a software program that classifies citizens as threats for governmental purposes if they meet the program's selection criteria, the software is performing a strictly governmental function that is in reality law. 
Paul Merrell

Own Your Own Devices You Will, Under Rep. Farenthold's YODA Bill | Bloomberg BNA - 0 views

www.bna.com/own-own-devices-n17179895381

U.S. copyright software first-sale-doctrine legislation

shared by Paul Merrell on 26 Sep 14 - No Cached
  • A bill introduced Sept. 18 would make clear that consumers actually owned the electronic devices, and any accompanying software on that device, that they purchased, according to sponsor Rep. Blake Farenthold's (R-Texas). The You Own Devices Act (H.R. 5586) would amend the Copyright Act “to provide that the first sale doctrine applies to any computer program that enables a machine or other product to operate.” The bill, which is unlikely to receive attention during Congress's lame-duck legislative session, was well-received by consumer's rights groups.
  • Section 109(a) of the Copyright Act, 17 U.S.C. §109(a), serves as the foundation for the first sale doctrine. H.R. 5586 would amend Section 109(a) by adding a provision covering “transfer of computer programs.” That provision would state:if a computer program enables any part of a machine or other product to operate, the owner of the machine or other product is entitled to transfer an authorized copy of the computer pro gram, or the right to obtain such copy, when the owner sells, leases, or otherwise transfers the machine or other product to another person. The right to transfer provided under this subsection may not be waived by any agreement.
  • ‘Things' Versus SoftwareFarenthold had expressed concern during a Sept. 17 hearing on Section 1201 of the Digital Millennium Copyright Act over what he perceived was a muddling between patents and copyrights when it comes to consumer products. “Traditionally patent law has protected things and copyright law has protected artistic-type works,” he said. “But now more and more things have software in them and you are licensing that software when you purchase a thing.” Farenthold asked the witnesses if there was a way to draw a distinction in copyright “between software that is an integral part of a thing as opposed to an add-on app that you would put on your telephone.”
  • ...1 more annotation...
  • H.R. 5586 seeks to draw that distinction. “YODA would simply state that if you want to sell, lease, or give away your device, the software that enables it to work is transferred along with it, and that any right you have to security and bug fixing of that software is transferred as well,” Farenthold said in a statement issued Sept. 19.
Paul Merrell

ExposeFacts - For Whistleblowers, Journalism and Democracy - 0 views

exposefacts.org

transparency whistle-blowers resources Wikileaks Tail

shared by Paul Merrell on 06 Jun 14 - No Cached
  • Launched by the Institute for Public Accuracy in June 2014, ExposeFacts.org represents a new approach for encouraging whistleblowers to disclose information that citizens need to make truly informed decisions in a democracy. From the outset, our message is clear: “Whistleblowers Welcome at ExposeFacts.org.” ExposeFacts aims to shed light on concealed activities that are relevant to human rights, corporate malfeasance, the environment, civil liberties and war. At a time when key provisions of the First, Fourth and Fifth Amendments are under assault, we are standing up for a free press, privacy, transparency and due process as we seek to reveal official information—whether governmental or corporate—that the public has a right to know. While no software can provide an ironclad guarantee of confidentiality, ExposeFacts—assisted by the Freedom of the Press Foundation and its “SecureDrop” whistleblower submission system—is utilizing the latest technology on behalf of anonymity for anyone submitting materials via the ExposeFacts.org website. As journalists we are committed to the goal of protecting the identity of every source who wishes to remain anonymous.
  • The seasoned editorial board of ExposeFacts will be assessing all the submitted material and, when deemed appropriate, will arrange for journalistic release of information. In exercising its judgment, the editorial board is able to call on the expertise of the ExposeFacts advisory board, which includes more than 40 journalists, whistleblowers, former U.S. government officials and others with wide-ranging expertise. We are proud that Pentagon Papers whistleblower Daniel Ellsberg was the first person to become a member of the ExposeFacts advisory board. The icon below links to a SecureDrop implementation for ExposeFacts overseen by the Freedom of the Press Foundation and is only accessible using the Tor browser. As the Freedom of the Press Foundation notes, no one can guarantee 100 percent security, but this provides a “significantly more secure environment for sources to get information than exists through normal digital channels, but there are always risks.” ExposeFacts follows all guidelines as recommended by Freedom of the Press Foundation, and whistleblowers should too; the SecureDrop onion URL should only be accessed with the Tor browser — and, for added security, be running the Tails operating system. Whistleblowers should not log-in to SecureDrop from a home or office Internet connection, but rather from public wifi, preferably one you do not frequent. Whistleblowers should keep to a minimum interacting with whistleblowing-related websites unless they are using such secure software.
    • Gary Edwards
      Gary Edwards on 07 Jun 14
       
      Thanks Paul! Great article and I agree with you about switching. Rather than a USB, I would rather look into a SSD and try to isolate performance to an ISP bandwidth issue. FYI, I read your Diigo posts daily at this Web site: https://groups.diigo.com/group/socialism-and-the-end-of-the-american-dream/content/user/marbux Seems to be the best visual presentation of your research. I do however think Diigo could improve their hosting of this research by enabling more extensive comments. Notice that your comments are often clipped :( Still, I really do appreciate your sharing both your research and your commentary. Priceless stuff! Many thanks! ~ge~
  • Paul Merrell on 06 Jun 14
     
    A new resource site for whistle-blowers. somewhat in the tradition of Wikileaks, but designed for encrypted communications between whistleblowers and journalists.  This one has an impressive board of advisors that includes several names I know and tend to trust, among them former whistle-blowers Daniel Ellsberg, Ray McGovern, Thomas Drake, William Binney, and Ann Wright. Leaked records can only be dropped from a web browser running the Tor anonymizer software and uses the SecureDrop system originally developed by Aaron Schwartz. They strongly recommend using the Tails secure operating system that can be installed to a thumb drive and leaves no tracks on the host machine. https://tails.boum.org/index.en.html Curious, I downloaded Tails and installed it to a virtual machine. It's a heavily customized version of Debian. It has a very nice Gnome desktop and blocks any attempt to connect to an external network by means other than installed software that demands encrypted communications. For example, web sites can only be viewed via the Tor anonymizing proxy network. It does take longer for web pages to load because they are moving over a chain of proxies, but even so it's faster than pages loaded in the dial-up modem days, even for web pages that are loaded with graphics, javascript, and other cruft. E.g., about 2 seconds for New York Times pages. All cookies are treated by default as session cookies so disappear when you close the page or the browser. I love my Linux Mint desktop, but I am thinking hard about switching that box to Tails. I've been looking for methods to send a lot more encrypted stuff down the pipe for NSA to store. Tails looks to make that not only easy, but unavoidable. From what I've gathered so far, if you want to install more software on Tails, it takes about an hour to create a customized version and then update your Tails installation from a new ISO file. Tails has a wonderful odor of having been designed for secure computing. Current
Paul Merrell

NSA targets the privacy-conscious (Seite 1)| Das Erste - Panorama - Meldungen - 0 views

daserste.ndr.de/...nsa230_page-1.html

surveillance state NSA XKeyscore Tor Tails

shared by Paul Merrell on 04 Jul 14 - No Cached
  • The investigation discloses the following: Two servers in Germany - in Berlin and Nuremberg - are under surveillance by the NSA. Merely searching the web for the privacy-enhancing software tools outlined in the XKeyscore rules causes the NSA to mark and track the IP address of the person doing the search. Not only are German privacy software users tracked, but the source code shows that privacy software users worldwide are tracked by the NSA.Among the NSA's targets is the Tor network funded primarily by the US government to aid democracy advocates in authoritarian states.  The XKeyscore rules reveal that the NSA tracks all connections to a server that hosts part of an anonymous email service at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) in Cambridge, Massachusetts. It also records details about visits to a popular internet journal for Linux operating system users called "the Linux Journal - the Original Magazine of the Linux Community", and calls it an "extremist forum".
  • Three authors of this investigation have personal and professional ties to the Tor Project, an American company mentioned within the following investigation.
  • Teil 1: NSA targets the privacy-conscious Teil 2: The Tor Project - anathema to the NSA Teil 3: Servers in Germany targeted Teil 4: Simple web searches are suspicious Teil 5: NSA: In strict accordance with the rule of law
  • ...3 more annotations...
  • von J. Appelbaum, A. Gibson, J. Goetz, V. Kabisch, L. Kampf, L. Ryge The investigation discloses the following: Two servers in Germany - in Berlin and Nuremberg - are under surveillance by the NSA. Merely searching the web for the privacy-enhancing software tools outlined in the XKeyscore rules causes the NSA to mark and track the IP address of the person doing the search. Not only are German privacy software users tracked, but the source code shows that privacy software users worldwide are tracked by the NSA.Among the NSA's targets is the Tor network funded primarily by the US government to aid democracy advocates in authoritarian states.  The XKeyscore rules reveal that the NSA tracks all connections to a server that hosts part of an anonymous email service at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) in Cambridge, Massachusetts. It also records details about visits to a popular internet journal for Linux operating system users called "the Linux Journal - the Original Magazine of the Linux Community", and calls it an "extremist forum".
  • Downloads XKeyscore rules Read/download the XKeyscore rules here  | download
  • Yet despite these efforts, one of the servers is targeted by the NSA. The IP address 212.212.245.170 is explicitly specified in the rules of the powerful and invasive spy software program XKeyscore. The code is published here exclusively for the first time. After a year of NSA revelations based on documents that focus on program names and high-level Powerpoint presentations, NDR and WDR are revealing NSA source code that shows how these programs function and how they are implemented in Germany and around the world. Months of investigation by the German public television broadcasters NDR and WDR, drawing on exclusive access to top secret NSA source code, interviews with former NSA employees, and the review of secret documents of the German government reveal that not only is the server in Nuremberg under observation by the NSA, but so is virtually anyone who has taken an interest in several well-known privacy software systems.
ashkif as

All Money tips: Get Awesome make money idea in FREE - 0 views

www.portalmarkets.com/...44140.html

money tips make money idea free

shared by ashkif as on 16 Nov 18 - No Cached
  • ashkif as on 16 Nov 18
     
    Still not using any automatic ad posting software? Why not use an Automatic ad posting software from CYBER EXPO and Get Turbo Speed while doing ad posting jobs. Post 150 classified form in just 0.5 see. Amazing tech. to for ad posting works. Get a Full Ad Posting Money Making Package included Ad posting software, form filling software, 10,000 working classified website list and many more. CONTACT NAME : MADHU , CELL NUMBER 07569385888,08869255222 visit http://www.evurionlinejobs.com mail id : ev...
roshkhanna

Ecommerce Shopping Cart Software | Online Best Shopping Software - 0 views

web-cart.com

ecommerce shopping cart software online best shopping software

shared by roshkhanna on 03 Sep 18 - No Cached
  • roshkhanna on 03 Sep 18
     
    WebCart.com is one stop solution for ecommerce shopping cart software and multi store shopping cart. Get online best shopping cart software to build your online ecommerce store at competitive price.
Paul Merrell

N.S.A. Devises Radio Pathway Into Computers - NYTimes.com - 1 views

www.nytimes.com/...not-connected-to-internet.html

surveillance state NSA NSA-capabilities air-gap-penetration must-read

shared by Paul Merrell on 16 Jan 14 - No Cached
  • The National Security Agency has implanted software in nearly 100,000 computers around the world that allows the United States to conduct surveillance on those machines and can also create a digital highway for launching cyberattacks.While most of the software is inserted by gaining access to computer networks, the N.S.A. has increasingly made use of a secret technology that enables it to enter and alter data in computers even if they are not connected to the Internet, according to N.S.A. documents, computer experts and American officials.The technology, which the agency has used since at least 2008, relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers. In some cases, they are sent to a briefcase-size relay station that intelligence agencies can set up miles away from the target.
  • The radio frequency technology has helped solve one of the biggest problems facing American intelligence agencies for years: getting into computers that adversaries, and some American partners, have tried to make impervious to spying or cyberattack. In most cases, the radio frequency hardware must be physically inserted by a spy, a manufacturer or an unwitting user.
  • The N.S.A. and the Pentagon’s Cyber Command have implanted nearly 100,000 “computer network exploits” around the world, but the hardest problem is getting inside machines isolated from outside communications.
  • ...8 more annotations...
  • the program, code-named Quantum, has also been successful in inserting software into Russian military networks and systems used by the Mexican police and drug cartels, trade institutions inside the European Union, and sometime partners against terrorism like Saudi Arabia, India and Pakistan, according to officials and an N.S.A. map that indicates sites of what the agency calls “computer network exploitation.”“What’s new here is the scale and the sophistication of the intelligence agency’s ability to get into computers and networks to which no one has ever had access before,” said James Andrew Lewis, the cybersecurity expert at the Center for Strategic and International Studies in Washington. “Some of these capabilities have been around for a while, but the combination of learning how to penetrate systems to insert software and learning how to do that using radio frequencies has given the U.S. a window it’s never had before.”
  • A program named Treasure Map tried to identify nearly every node and corner of the web, so that any computer or mobile device that touched it could be located.
  • Over the past two months, parts of the program have been disclosed in documents from the trove leaked by Edward J. Snowden, the former N.S.A. contractor. A Dutch newspaper published the map of areas where the United States has inserted spy software, sometimes in cooperation with local authorities, often covertly. Der Spiegel, a German newsmagazine, published the N.S.A.'s catalog of hardware products that can secretly transmit and receive digital signals from computers, a program called ANT. The New York Times withheld some of those details, at the request of American intelligence officials, when it reported, in the summer of 2012, on American cyberattacks on Iran.
  • A 2008 map, part of the Snowden trove, notes 20 programs to gain access to big fiber-optic cables — it calls them “covert, clandestine or cooperative large accesses” — not only in the United States but also in places like Hong Kong, Indonesia and the Middle East. The same map indicates that the United States had already conducted “more than 50,000 worldwide implants,” and a more recent budget document said that by the end of last year that figure would rise to about 85,000. A senior official, who spoke on the condition of anonymity, said the actual figure was most likely closer to 100,000.
  • The N.S.A.'s efforts to reach computers unconnected to a network have relied on a century-old technology updated for modern times: radio transmissions.In a catalog produced by the agency that was part of the Snowden documents released in Europe, there are page after page of devices using technology that would have brought a smile to Q, James Bond’s technology supplier.
  • One, called Cottonmouth I, looks like a normal USB plug but has a tiny transceiver buried in it. According to the catalog, it transmits information swept from the computer “through a covert channel” that allows “data infiltration and exfiltration.” Another variant of the technology involves tiny circuit boards that can be inserted in a laptop computer — either in the field or when they are shipped from manufacturers — so that the computer is broadcasting to the N.S.A. even while the computer’s user enjoys the false confidence that being walled off from the Internet constitutes real protection.The relay station it communicates with, called Nightstand, fits in an oversize briefcase, and the system can attack a computer “from as far away as eight miles under ideal environmental conditions.” It can also insert packets of data in milliseconds, meaning that a false message or piece of programming can outrace a real one to a target computer. Similar stations create a link between the target computers and the N.S.A., even if the machines are isolated from the Internet.
  • Computers are not the only targets. Dropoutjeep attacks iPhones. Other hardware and software are designed to infect large network servers, including those made by the Chinese.Most of those code names and products are now at least five years old, and they have been updated, some experts say, to make the United States less dependent on physically getting hardware into adversaries’ computer systems.
  • But the Stuxnet strike does not appear to be the last time the technology was used in Iran. In 2012, a unit of the Islamic Revolutionary Guards Corps moved a rock near the country’s underground Fordo nuclear enrichment plant. The rock exploded and spewed broken circuit boards that the Iranian news media described as “the remains of a device capable of intercepting data from computers at the plant.” The origins of that device have never been determined.
  • Paul Merrell on 16 Jan 14
     
    Even radio transceivers emplanted in USB jacks. So now to be truly secure, we need not only an air gap but also a Faraday cage protecting the air gap. 
Gary Edwards

The Ultimate Net Monitoring Tool: NARUS - 0 views

www.wired.com/...70914

NSA Domestic-Spying NARUS

shared by Gary Edwards on 06 Jun 13 - Cached
  • Gary Edwards on 06 Jun 13
     
    Chilling stuff.  Note that Mark Klien is an important whistleblower whose testimony has helped expose the  Federal Government - NSA domestic dragnet that has violated the constitutional rights of hundreds of thousands of law abiding American citizens.  The question I have concerns cooperation between NSA NARUS spying and the IRS. We know that the IRS used key words such as "TEA PARTY", "PATRIOT", "Constitution", and "Tenth Amendment" to target American citizens.  Does the NSA NARUS target Americans in the same way?  Are there political enemy lists with background surveillance information now circulating through different government agencies based on this targeted and illegal spying? The first thing we need to do is protect whistle blowers who are risking it all to protect the constitutional rights of American citizens and save our country.   "The equipment that technician Mark Klein learned was installed in the National Security Agency's "secret room" inside AT&T's San Francisco switching office isn't some sinister Big Brother box designed solely to help governments eavesdrop on citizens' internet communications. Rather, it's a powerful commercial network-analysis product with all sorts of valuable uses for network operators. It just happens to be capable of doing things that make it one of the best internet spy tools around. "Anything that comes through (an internet protocol network), we can record," says Steve Bannerman, marketing vice president of Narus, a Mountain View, California, company. "We can reconstruct all of their e-mails along with attachments, see what web pages they clicked on, we can reconstruct their (voice over internet protocol) calls."" Narus' product, the Semantic Traffic Analyzer, is a software application that runs on standard IBM or Dell servers using the Linux operating system. It's renowned within certain circles for its ability to inspect traffic in real time on high-bandwidth pipes, identifying packets of interest as they r
Paul Merrell

Hacking Team Asks Customers to Stop Using Its Software After Hack | Motherboard - 0 views

motherboard.vice.com/...-using-its-software-after-hack

surveillance state Hacking-Team hacked

shared by Paul Merrell on 07 Jul 15 - No Cached
  • But the hack hasn’t just ruined the day for Hacking Team’s employees. The company, which sells surveillance software to government customers all over the world, from Morocco and Ethiopia to the US Drug Enforcement Agency and the FBI, has told all its customers to shut down all operations and suspend all use of the company’s spyware, Motherboard has learned. “They’re in full on emergency mode,” a source who has inside knowledge of Hacking Team’s operations told Motherboard.
  • Hacking Team notified all its customers on Monday morning with a “blast email,” requesting them to shut down all deployments of its Remote Control System software, also known as Galileo, according to multiple sources. The company also doesn’t have access to its email system as of Monday afternoon, a source said. On Sunday night, an unnamed hacker, who claimed to be the same person who breached Hacking Team’s competitor FinFisher last year, hijacked its Twitter account and posted links to 400GB of internal data. Hacking Team woke up to a massive breach of its systems.
  • A source told Motherboard that the hackers appears to have gotten “everything,” likely more than what the hacker has posted online, perhaps more than one terabyte of data. “The hacker seems to have downloaded everything that there was in the company’s servers,” the source, who could only speak on condition of anonymity, told Motherboard. “There’s pretty much everything here.” It’s unclear how the hackers got their hands on the stash, but judging from the leaked files, they broke into the computers of Hacking Team’s two systems administrators, Christian Pozzi and Mauro Romeo, who had access to all the company’s files, according to the source. “I did not expect a breach to be this big, but I’m not surprised they got hacked because they don’t take security seriously,” the source told me. “You can see in the files how much they royally fucked up.”
  • ...2 more annotations...
  • For example, the source noted, none of the sensitive files in the data dump, from employees passports to list of customers, appear to be encrypted. “How can you give all the keys to your infrastructure to a 20-something who just joined the company?” he added, referring to Pozzi, whose LinkedIn shows he’s been at Hacking Team for just over a year. “Nobody noticed that someone stole a terabyte of data? You gotta be a fuckwad,” the source said. “It means nobody was taking care of security.”
  • The future of the company, at this point, it’s uncertain. Employees fear this might be the beginning of the end, according to sources. One current employee, for example, started working on his resume, a source told Motherboard. It’s also unclear how customers will react to this, but a source said that it’s likely that customers from countries such as the US will pull the plug on their contracts. Hacking Team asked its customers to shut down operations, but according to one of the leaked files, as part of Hacking Team’s “crisis procedure,” it could have killed their operations remotely. The company, in fact, has “a backdoor” into every customer’s software, giving it ability to suspend it or shut it down—something that even customers aren’t told about. To make matters worse, every copy of Hacking Team’s Galileo software is watermarked, according to the source, which means Hacking Team, and now everyone with access to this data dump, can find out who operates it and who they’re targeting with it.
Paul Merrell

Secret Manuals Show the Spyware Sold to Despots and Cops Worldwide - The Intercept - 0 views

firstlook.org/...hacking-team

surveillance state Hacking-Team Remote-Control-System FinFisher

shared by Paul Merrell on 31 Oct 14 - No Cached
  • When Apple and Google unveiled new encryption schemes last month, law enforcement officials complained that they wouldn’t be able to unlock evidence on criminals’ digital devices. What they didn’t say is that there are already methods to bypass encryption, thanks to off-the-shelf digital implants readily available to the smallest national agencies and the largest city police forces — easy-to-use software that takes over and monitors digital devices in real time, according to documents obtained by The Intercept. We’re publishing in full, for the first time, manuals explaining the prominent commercial implant software “Remote Control System,” manufactured by the Italian company Hacking Team. Despite FBI director James Comey’s dire warnings about the impact of widespread data scrambling — “criminals and terrorists would like nothing more,” he declared — Hacking Team explicitly promises on its website that its software can “defeat encryption.”
  • The manuals describe Hacking Team’s software for government technicians and analysts, showing how it can activate cameras, exfiltrate emails, record Skype calls, log typing, and collect passwords on targeted devices. They also catalog a range of pre-bottled techniques for infecting those devices using wifi networks, USB sticks, streaming video, and email attachments to deliver viral installers. With a few clicks of a mouse, even a lightly trained technician can build a software agent that can infect and monitor a device, then upload captured data at unobtrusive times using a stealthy network of proxy servers, all without leaving a trace. That, at least, is what Hacking Team’s manuals claim as the company tries to distinguish its offerings in the global marketplace for government hacking software. Hacking Team’s efforts include a visible push into the U.S. Though Remote Control System is sold around the world — suspected clients include small governments in dozens of countries, from Ethiopia to Kazakhstan to Saudi Arabia to Mexico to Oman — the company keeps one of its three listed worldwide offices in Annapolis, Maryland, on the edge of the federal intelligence and law-enforcement cluster around the nation’s capital; has sent representatives to American homeland security trade shows and conferences, where it has led training seminars like “Cyber Intelligence Solutions to Data Encryption” for police; and has even taken an investment from a firm headed by America’s former ambassador to Italy. The United States is also, according to two separate research teams, far and away Hacking Team’s top nexus for servers, hosting upwards of 100 such systems, roughly a fifth of all its servers globally.
Paul Merrell

Shady Companies With Ties to Israel Wiretap the U.S. for the NSA | Threat Level | Wired... - 0 views

www.wired.com/...2

surveillance state NSA Israel Narus Verint espionage

shared by Paul Merrell on 15 Jun 13 - No Cached
  • In addition to constructing the Stellar Wind center, and then running the operation, secretive contractors with questionable histories and little oversight were also used to do the actual bugging of the entire U.S. telecommunications network. According to a former Verizon employee briefed on the program, Verint, owned by Comverse Technology, taps the communication lines at Verizon, which I first reported in my book The Shadow Factory in 2008. Verint did not return a call seeking comment, while Verizon said it does not comment on such matters. At AT&T the wiretapping rooms are powered by software and hardware from Narus, now owned by Boeing, a discovery made by AT&T whistleblower Mark Klein in 2004. Narus did not return a call seeking comment. What is especially troubling is that both companies have had extensive ties to Israel, as well as links to that country’s intelligence service, a country with a long and aggressive history of spying on the U.S.
  • In fact, according to Binney, the advanced analytical and data mining software the NSA had developed for both its worldwide and international eavesdropping operations was secretly passed to Israel by a mid-level employee, apparently with close connections to the country. The employee, a technical director in the Operations Directorate, “who was a very strong supporter of Israel,” said Binney, “gave, unbeknownst to us, he gave the software that we had, doing these fast rates, to the Israelis.” Because of his position, it was something Binney should have been alerted to, but wasn’t. “In addition to being the technical director,” he said, “I was the chair of the TAP, it’s the Technical Advisory Panel, the foreign relations council. We’re supposed to know what all these foreign countries, technically what they’re doing…. They didn’t do this that way, it was under the table.” After discovering the secret transfer of the technology, Binney argued that the agency simply pass it to them officially, and in that way get something in return, such as access to communications terminals. “So we gave it to them for switches,” he said. “For access.”
  • But Binney now suspects that Israeli intelligence in turn passed the technology on to Israeli companies who operate in countries around the world, including the U.S. In return, the companies could act as extensions of Israeli intelligence and pass critical military, economic and diplomatic information back to them. “And then five years later, four or five years later, you see a Narus device,” he said. “I think there’s a connection there, we don’t know for sure.” Narus was formed in Israel in November 1997 by six Israelis with much of its money coming from Walden Israel, an Israeli venture capital company. Its founder and former chairman, Ori Cohen, once told Israel’s Fortune Magazine that his partners have done technology work for Israeli intelligence. And among the five founders was Stanislav Khirman, a husky, bearded Russian who had previously worked for Elta Systems, Inc. A division of Israel Aerospace Industries, Ltd., Elta specializes in developing advanced eavesdropping systems for Israeli defense and intelligence organizations. At Narus, Khirman became the chief technology officer.
  • ...4 more annotations...
  • A few years ago, Narus boasted that it is “known for its ability to capture and collect data from the largest networks around the world.” The company says its equipment is capable of “providing unparalleled monitoring and intercept capabilities to service providers and government organizations around the world” and that “Anything that comes through [an Internet protocol network], we can record. We can reconstruct all of their e-mails, along with attachments, see what Web pages they clicked on, we can reconstruct their [Voice over Internet Protocol] calls.” Like Narus, Verint was founded by in Israel by Israelis, including Jacob “Kobi” Alexander, a former Israeli intelligence officer. Some 800 employees work for Verint, including 350 who are based in Israel, primarily working in research and development and operations, according to the Jerusalem Post. Among its products is STAR-GATE, which according to the company’s sales literature, lets “service providers … access communications on virtually any type of network, retain communication data for as long as required, and query and deliver content and data …” and was “[d]esigned to manage vast numbers of targets, concurrent sessions, call data records, and communications.”
  • In a rare and candid admission to Forbes, Retired Brig. Gen. Hanan Gefen, a former commander of the highly secret Unit 8200, Israel’s NSA, noted his former organization’s influence on Comverse, which owns Verint, as well as other Israeli companies that dominate the U.S. eavesdropping and surveillance market. “Take NICE, Comverse and Check Point for example, three of the largest high-tech companies, which were all directly influenced by 8200 technology,” said Gefen. “Check Point was founded by Unit alumni. Comverse’s main product, the Logger, is based on the Unit’s technology.”
  • According to a former chief of Unit 8200, both the veterans of the group and much of the high-tech intelligence equipment they developed are now employed in high-tech firms around the world. “Cautious estimates indicate that in the past few years,” he told a reporter for the Israeli newspaper Ha’artez in 2000, “Unit 8200 veterans have set up some 30 to 40 high-tech companies, including 5 to 10 that were floated on Wall Street.” Referred to only as “Brigadier General B,” he added, “This correlation between serving in the intelligence Unit 8200 and starting successful high-tech companies is not coincidental: Many of the technologies in use around the world and developed in Israel were originally military technologies and were developed and improved by Unit veterans.
  • Equally troubling is the issue of corruption. Kobi Alexander, the founder and former chairman of Verint, is now a fugitive, wanted by the FBI on nearly three dozen charges of fraud, theft, lying, bribery, money laundering and other crimes. And two of his top associates at Comverse, Chief Financial Officer David Kreinberg and former General Counsel William F. Sorin, were also indicted in the scheme and later pleaded guilty, with both serving time in prison and paying millions of dollars in fines and penalties. When asked about these contractors, the NSA declined to “verify the allegations made.”
  • Paul Merrell on 15 Jun 13
     
    So, allegedly a Zionist working in NSA passed NSA's telecommunications data mining software to Israel, was identified, but was never prosecuted. And the Verint CEO is now a fugitive from justice on charges of "fraud, theft, lying, money laundering, and other crimes." What's not to like in having this company processing all of our telephone metadata?
Paul Merrell

NSA infected 50,000 computer networks with malicious software - nrc.nl - 0 views

www.nrc.nl/...tworks-with-malicious-software

surveillance state NSA NSA-targets malware

shared by Paul Merrell on 25 Nov 13 - No Cached
  • The American intelligence service - NSA - infected more than 50,000 computer networks worldwide with malicious software designed to steal sensitive information. Documents provided by former NSA-employee Edward Snowden and seen by this newspaper, prove this. A management presentation dating from 2012 explains how the NSA collects information worldwide. In addition, the presentation shows that the intelligence service uses ‘Computer Network Exploitation’ (CNE) in more than 50,000 locations. CNE is the secret infiltration of computer systems achieved by installing malware, malicious software. One example of this type of hacking was discovered in September 2013 at the Belgium telecom provider Belgacom. For a number of years the British intelligence service - GCHQ – has been installing this malicious software in the Belgacom network in order to tap their customers’ telephone and data traffic. The Belgacom network was infiltrated by GCHQ through a process of luring employees to a false Linkedin page.
  • The NSA computer attacks are performed by a special department called TAO (Tailored Access Operations). Public sources show that this department employs more than a thousand hackers. As recently as August 2013, the Washington Post published articles about these NSA-TAO cyber operations. In these articles The Washington Post reported that the NSA installed an estimated 20,000 ‘implants’ as early as 2008. These articles were based on a secret budget report of the American intelligence services. By mid-2012 this number had more than doubled to 50,000, as is shown in the presentation NRC Handelsblad laid eyes on.
  • Cyber operations are increasingly important for the NSA. Computer hacks are relatively inexpensive and provide the NSA with opportunities to obtain information that they otherwise would not have access to. The NSA-presentation shows their CNE-operations in countries such as Venezuela and Brazil. The malware installed in these countries can remain active for years without being detected.
  • ...1 more annotation...
  • The malware can be controlled remotely and be turned on and off at will. The ‘implants’ act as digital ‘sleeper cells’ that can be activated with a single push of a button. According to the Washington Post, the NSA has been carrying out this type of cyber operation since 1998.
  • Paul Merrell on 25 Nov 13
     
    Nice interactive graphic too. 
Paul Merrell

Google Chrome Listening In To Your Room Shows The Importance Of Privacy Defense In Depth - 0 views

www.privateinternetaccess.com/...ce-of-privacy-defense-in-depth

surveillance state Google-Chrome Chromium audio-surveillance digital-surveillance

shared by Paul Merrell on 23 Jun 15 - No Cached
  • Yesterday, news broke that Google has been stealth downloading audio listeners onto every computer that runs Chrome, and transmits audio data back to Google. Effectively, this means that Google had taken itself the right to listen to every conversation in every room that runs Chrome somewhere, without any kind of consent from the people eavesdropped on. In official statements, Google shrugged off the practice with what amounts to “we can do that”.It looked like just another bug report. "When I start Chromium, it downloads something." Followed by strange status information that notably included the lines "Microphone: Yes" and "Audio Capture Allowed: Yes".
  • Without consent, Google’s code had downloaded a black box of code that – according to itself – had turned on the microphone and was actively listening to your room.A brief explanation of the Open-source / Free-software philosophy is needed here. When you’re installing a version of GNU/Linux like Debian or Ubuntu onto a fresh computer, thousands of really smart people have analyzed every line of human-readable source code before that operating system was built into computer-executable binary code, to make it common and open knowledge what the machine actually does instead of trusting corporate statements on what it’s supposed to be doing. Therefore, you don’t install black boxes onto a Debian or Ubuntu system; you use software repositories that have gone through this source-code audit-then-build process. Maintainers of operating systems like Debian and Ubuntu use many so-called “upstreams” of source code to build the final product.Chromium, the open-source version of Google Chrome, had abused its position as trusted upstream to insert lines of source code that bypassed this audit-then-build process, and which downloaded and installed a black box of unverifiable executable code directly onto computers, essentially rendering them compromised. We don’t know and can’t know what this black box does. But we see reports that the microphone has been activated, and that Chromium considers audio capture permitted.
  • This was supposedly to enable the “Ok, Google” behavior – that when you say certain words, a search function is activated. Certainly a useful feature. Certainly something that enables eavesdropping of every conversation in the entire room, too.Obviously, your own computer isn’t the one to analyze the actual search command. Google’s servers do. Which means that your computer had been stealth configured to send what was being said in your room to somebody else, to a private company in another country, without your consent or knowledge, an audio transmission triggered by… an unknown and unverifiable set of conditions.Google had two responses to this. The first was to introduce a practically-undocumented switch to opt out of this behavior, which is not a fix: the default install will still wiretap your room without your consent, unless you opt out, and more importantly, know that you need to opt out, which is nowhere a reasonable requirement. But the second was more of an official statement following technical discussions on Hacker News and other places. That official statement amounted to three parts (paraphrased, of course):
  • ...4 more annotations...
  • 1) Yes, we’re downloading and installing a wiretapping black-box to your computer. But we’re not actually activating it. We did take advantage of our position as trusted upstream to stealth-insert code into open-source software that installed this black box onto millions of computers, but we would never abuse the same trust in the same way to insert code that activates the eavesdropping-blackbox we already downloaded and installed onto your computer without your consent or knowledge. You can look at the code as it looks right now to see that the code doesn’t do this right now.2) Yes, Chromium is bypassing the entire source code auditing process by downloading a pre-built black box onto people’s computers. But that’s not something we care about, really. We’re concerned with building Google Chrome, the product from Google. As part of that, we provide the source code for others to package if they like. Anybody who uses our code for their own purpose takes responsibility for it. When this happens in a Debian installation, it is not Google Chrome’s behavior, this is Debian Chromium’s behavior. It’s Debian’s responsibility entirely.3) Yes, we deliberately hid this listening module from the users, but that’s because we consider this behavior to be part of the basic Google Chrome experience. We don’t want to show all modules that we install ourselves.
  • If you think this is an excusable and responsible statement, raise your hand now.Now, it should be noted that this was Chromium, the open-source version of Chrome. If somebody downloads the Google product Google Chrome, as in the prepackaged binary, you don’t even get a theoretical choice. You’re already downloading a black box from a vendor. In Google Chrome, this is all included from the start.This episode highlights the need for hard, not soft, switches to all devices – webcams, microphones – that can be used for surveillance. A software on/off switch for a webcam is no longer enough, a hard shield in front of the lens is required. A software on/off switch for a microphone is no longer enough, a physical switch that breaks its electrical connection is required. That’s how you defend against this in depth.
  • Of course, people were quick to downplay the alarm. “It only listens when you say ‘Ok, Google’.” (Ok, so how does it know to start listening just before I’m about to say ‘Ok, Google?’) “It’s no big deal.” (A company stealth installs an audio listener that listens to every room in the world it can, and transmits audio data to the mothership when it encounters an unknown, possibly individually tailored, list of keywords – and it’s no big deal!?) “You can opt out. It’s in the Terms of Service.” (No. Just no. This is not something that is the slightest amount of permissible just because it’s hidden in legalese.) “It’s opt-in. It won’t really listen unless you check that box.” (Perhaps. We don’t know, Google just downloaded a black box onto my computer. And it may not be the same black box as was downloaded onto yours. )Early last decade, privacy activists practically yelled and screamed that the NSA’s taps of various points of the Internet and telecom networks had the technical potential for enormous abuse against privacy. Everybody else dismissed those points as basically tinfoilhattery – until the Snowden files came out, and it was revealed that precisely everybody involved had abused their technical capability for invasion of privacy as far as was possible.Perhaps it would be wise to not repeat that exact mistake. Nobody, and I really mean nobody, is to be trusted with a technical capability to listen to every room in the world, with listening profiles customizable at the identified-individual level, on the mere basis of “trust us”.
  • Privacy remains your own responsibility.
  • Paul Merrell on 23 Jun 15
     
    And of course, Google would never succumb to a subpoena requiring it to turn over the audio stream to the NSA. The Tor Browser just keeps looking better and better. https://www.torproject.org/projects/torbrowser.html.en
Paul Merrell

Secret US cybersecurity report: encryption vital to protect private data | US news | Th... - 0 views

www.theguardian.com/...ect-data-cameron-paris-attacks

surveillance-state NSA GCHQ encryption hypocrisy

shared by Paul Merrell on 17 Jan 15 - No Cached
  • A secret US cybersecurity report warned that government and private computers were being left vulnerable to online attacks from Russia, China and criminal gangs because encryption technologies were not being implemented fast enough. The advice, in a newly uncovered five-year forecast written in 2009, contrasts with the pledge made by David Cameron this week to crack down on encryption use by technology companies.
  • In the wake of the Paris terror attacks, the prime minister said there should be no “safe spaces for terrorists to communicate” or that British authorites could not access. Cameron, who landed in the US on Thursday night, is expected to urge Barack Obama to apply more pressure to tech giants, such as Apple, Google and Facebook, which have been expanding encrypted messaging for their millions of users since the revelations of mass NSA surveillance by the whistleblower Edward Snowden.
  • Cameron said the companies “need to work with us. They need also to demonstrate, which they do, that they have a social responsibility to fight the battle against terrorism. We shouldn’t allow safe spaces for terrorists to communicate. That’s a huge challenge but that’s certainly the right principle”. But the document from the US National Intelligence Council, which reports directly to the US director of national intelligence, made clear that encryption was the “best defence” for computer users to protect private data. Part of the cache given to the Guardian by Snowden was published in 2009 and gives a five-year forecast on the “global cyber threat to the US information infrastructure”. It covers communications, commercial and financial networks, and government and critical infrastructure systems. It was shared with GCHQ and made available to the agency’s staff through its intranet.
  • ...6 more annotations...
  • An unclassified table accompanying the report states that encryption is the “[b]est defense to protect data”, especially if made particularly strong through “multi-factor authentication” – similar to two-step verification used by Google and others for email – or biometrics. These measures remain all but impossible to crack, even for GCHQ and the NSA. The report warned: “Almost all current and potential adversaries – nations, criminal groups, terrorists, and individual hackers – now have the capability to exploit, and in some cases attack, unclassified access-controlled US and allied information systems.” It further noted that the “scale of detected compromises indicates organisations should assume that any controlled but unclassified networks of intelligence, operational or commercial value directly accessible from the internet are already potentially compromised by foreign adversaries”.
  • The report had some cause for optimism, especially in the light of Google and other US tech giants having in the months prior greatly increased their use of encryption efforts. “We assess with high confidence that security best practices applied to target networks would prevent the vast majority of intrusions,” it concluded. Official UK government security advice still recommends encryption among a range of other tools for effective network and information defence. However, end-to-end encryption – which means only the two people communicating with each other, and not the company carrying the message, can decode it – is problematic for intelligence agencies as it makes even warranted collection much more difficult.
  • The previous week, a day after the attack on the Charlie Hebdo office in Paris, the MI5 chief, Andrew Parker, called for new powers and warned that new technologies were making it harder to track extremists. In November, the head of GCHQ, Robert Hannigan, said US social media giants had become the “networks of choice” for terrorists. Chris Soghoian, principal senior policy analyst at the American Civil Liberties Union, said attempts by the British government to force US companies to weaken encryption faced many hurdles.
  • The Guardian, New York Times and ProPublica have previously reported the intelligence agencies’ broad efforts to undermine encryption and exploit rather than reveal vulnerabilities. This prompted Obama’s NSA review panel to warn that the agency’s conflicting missions caused problems, and so recommend that its cyber-security responsibilities be removed to prevent future issues.
  • The memo requested a renewal of the legal warrant allowing GCHQ to “modify” commercial software in violation of licensing agreements. The document cites examples of software the agency had hacked, including commonly used software to run web forums, and website administration tools. Such software are widely used by companies and individuals around the world. The document also said the agency had developed “capability against Cisco routers”, which would “allow us to re-route selected traffic across international links towards GCHQ’s passive collection systems”. GCHQ had also been working to “exploit” the anti-virus software Kaspersky, the document said. The report contained no information on the nature of the vulnerabilities found by the agency.
  • Michael Beckerman, president and CEO of the Internet Association, a lobby group that represents Facebook, Google, Reddit, Twitter, Yahoo and other tech companies, said: “Just as governments have a duty to protect to the public from threats, internet services have a duty to our users to ensure the security and privacy of their data. That’s why internet services have been increasing encryption security.”
Gary Edwards

How to Install Remix OS on PC and Laptop as Dual Boot - Tutorial | TechGlobeX - 1 views

www.techglobex.net/...on-windows-os-x-pc-laptop.html

Remix Android Remix-OS

shared by Gary Edwards on 08 May 16 - No Cached
  • Gary Edwards on 08 May 16
     
    "Remix OS is an Android based portable mobile operating system works similar like Windows, OS X and Linux (Ubuntu) desktop operating systems. Remix user interface comes with user-friendly options, features and functions i.e. minimize, maximize and close buttons on every program or software screens, start menu button on desktop home screen, taskbar, windows with title bar, multitasking in multi-windows, notification center, regular software updates etc. Some pre-installed android apps and games such as; Google Play Store, Google Chrome, Microsoft Office, E-Mail App, Twitter, Pinterest, Facebook, Evernote, Keyboard, Advanced File Manager and lots more. Remix OS users can even use mouse similar to Windows, OS X and Linux (Ubuntu) to perform operations like; double-click, left-click or right-click. As currently, Android is officially available for Smartphones and Tablets devices only, being an open-source, Remix OS is very useful for developers, testers and general public users to experience latest Android platform on bigger display screens."
Gary Edwards

'Clinton death list': 33 spine-tingling cases - 0 views

www.wnd.com/...-list-33-most-intriguing-cases

Clinton-Body-Count

shared by Gary Edwards on 05 Feb 17 - No Cached
  • Gary Edwards on 05 Feb 17
     
    "(Editor's note: This list was originally published in August 2016 and has gone viral on the web. WND is running it again as American voters cast their ballots for the nation's next president on Election Day.) How many people do you personally know who have died mysteriously? How about in plane crashes or car wrecks? Bizarre suicides? People beaten to death or murdered in a hail of bullets? And what about violent freak accidents - like separate mountain biking and skiing collisions in Aspen, Colorado? Or barbells crushing a person's throat? Bill and Hillary Clinton attend a funeral Apparently, if you're Bill or Hillary Clinton, the answer to that question is at least 33 - and possibly many more. Talk-radio star Rush Limbaugh addressed the issue of the "Clinton body count" during an August show. "I swear, I could swear I saw these stories back in 1992, back in 1993, 1994," Limbaugh said. He cited a report from Rachel Alexander at Townhall.com titled, "Clinton body count or left-wing conspiracy? Three with ties to DNC mysteriously die." Limbaugh said he recalled Ted Koppel, then-anchor of ABC News' "Nightline," routinely having discussions on the issue following the July 20, 1993, death of White House Deputy Counsel Vince Foster. In fact, Limbaugh said, he appeared on Koppel's show. "One of the things I said was, 'Who knows what happened here? But let me ask you a question.' I said, 'Ted, how many people do you know in your life who've been murdered? Ted, how many people do you know in your life that have died under suspicious circumstances?' "Of course, the answer is zilch, zero, nada, none, very few," Limbaugh chuckled. "Ask the Clintons that question. And it's a significant number. It's a lot of people that they know who have died, who've been murdered. "And the same question here from Rachel Alexander. It's amazing the cycle that exists with the Clintons. [Citing Townhall]: 'What it
1 - 20 of 149 Next › Last »
Showing 20 items per page