Group items tagged

More than six months after the US government finally dropped all charges against Dr. Sami Al-Arian, the stateless Palestinian academic and activist was deported yesterday to Turkey. During his appearance on Democracy Now! today, Dr. Al-Arian expressed relief that his twelve-year-long persecution in the US, where he lived for forty years, had finally come to an end. “It feels like I’m free, finally really feeling freedom for the first time in twelve years,” Dr. Al-Arian said.

During the half-hour segment, Dr. Al-Arian revealed how he campaigned for George W. Bush, helping him win crucial votes from the Muslim community that would clinch his 2000 presidential election victory in the decisive state of Florida. Dr. Al-Arian was very active politically, and had visited the White House several times during both the Bush and Clinton administrations. Regarding his role in Bush’s election, Dr. Al-Arian said that he received a call “from someone who was very close to [Bush advisor] Karl Rove” asking how the campaign could win the endorsement of the Muslim American community. Dr. Al-Arian told this contact that Bush needed to declare his support for proposed legislation against secret evidence being used against Arab and Muslim Americans. During the second presidential candidate debate, Dr. Al-Arian told Democracy Now!, Bush did just that, securing the support of Muslim and Arab American leaders.

His administration had invited these leaders to the White House after Bush took office for a big announcement of good news regarding the legislation. “Unfortunately, it was on 9/11,” Dr. Al-Arian said, referring to the 11 September 2001 attacks in the US. “So that meeting never happened.” Instead, the country went in a very different direction. “At the time, we were protesting secret evidence,” Dr. Al-Arian added. “What happened after 9/11 is that they were arresting people with no evidence.”

In a question and answer session on Reddit earlier today, Edward Snowden wrote:

FSB source to "Komsomolskaya Pravda": "the customer of Nemtsov's murder was preparing an assassination of Vladimir Putin" The main suspect in the organization of the high-profile crime - is a commander of the Ukrainian battalion in the name of Dzhokhar Dudayev, Adam Osmayev. The correspondent of "Komsomolskaya Pravda" met with the FSB agent, who is part of the team investigating the murder of Boris Nemtsov. In an exclusive interview he spoke about the new details of the crime and named the most likely customer of the murder.

Today the investigators have irrefutable proof that all persons detained on suspicion of murder of the politician are the perpetrators, - said our source in the FSB. First of all, billing (data about calls and movements of the subscriber. - Ed.) from their mobile phones showed that they conducted surveillance of Nemtsov before the murder, following him closely. The suspects were tracked with their phones at the location where Nemtsov was present with his phone. During the murder all the detainees "were in the area": some under the bridge, some in a car, some nearby. Zaur Dadaev pulled the trigger. He first made a confession, and then, on the advice of his lawyers, took it back. But it changes nothing, the investigation has already collected compelling evidence of his guilt. I will not give details of how this was done. The pistol was thrown into the river after the crime, it was later recovered by divers. That Zaur Dadaev immediately said to the TV cameras: "I love prophet Muhammad" - is just a cover. There was no religious motive for the killings. They cynically carried out an order. They are far from devout Muslims. In fact, just real gangsters. And the most important thing. The executor of the murder was in close contact with Adam Osmaev, who recently became the commander of the Ukrainian battalion in the name of Dzhokhar Dudayev. They met, talked a lot on the phone. Zaur Dadaev and his cronies worked with Osmaev on Ukrainian affairs. And also with Chechens, who fought on the territory of Ukraine for the new regime. Zaur Dadaev was listed in the battalion "North" ("Sever") of the Chechen Interior Ministry, but while serving in it, in fact, was engaged in activities against Russia. He was associated with Osmaev by a certain relationship and mutual obligations.

The evidence is still being gathered. But I can say that today the main suspected customer of Nemtsov's murder is Adam Osmayev.

Using the broad powers granted under the USA PATRIOT Act, the FBI demanded that 4 librarians produce private information about library patrons’ reading habits, then used an endless gag order to force them to remain silent about the request for the rest of their lives under penalty of prison time.

The FBI was demanding that the library hand over private data on library patrons en masse “to protect against international terrorism.” The document that Mr. Christian was given was a so-called National Security Letter (NSL), a type of administrative subpoena for personal information — self-written by the FBI without any probable cause or judicial oversight.  The legal framework for these powerful NSLs was established by Section 505 of the USA PATRIOT Act in 2001. What’s more, Mr. Christian was placed under a perpetual gag order.  The NSL prohibited the recipient “from disclosing to any person that the F.B.I. has sought or obtained access to information or records under these provisions.”  The gag order was broad enough that it was a crime to discuss the matter to any other person — for life.  The USA PATRIOT Act allows for this suppression of speech, and issues a punishment of up to 5 years in prison for anyone caught violating the endless gag order.

The only reason we know about this case today is because Mr. Christian and 3 other library board members fought back in court.  

The Senate Intelligence Committee recently introduced the Cybersecurity Information Sharing Act of 2014. It’s the fourth time in four years that Congress has tried to pass "cybersecurity" legislation. Unfortunately, the newest Senate bill is one of the worst yet. Cybersecurity bills aim to facilitate information sharing between companies and the government, but they always seem to come with broad immunity clauses for companies, vague definitions, and aggressive spying powers. Given such calculated violence to users' privacy rights, it’s no surprise that these bills fail every year. What is a surprise is that the bills keep coming back from the dead. Last year, President Obama signed Executive Order 13636 (EO 13636) directing the Department of Homeland Security (DHS) to expand current information sharing programs that are far more privacy protective than anything seen in recent cybersecurity bills. Despite this, members of Congress like Rep. Mike Rogers and Senator Dianne Feinstein keep on introducing bills that would destroy these privacy protections and grant new spying powers to companies.

Aside from its redundancy, the Senate's bill grants two new authorities to companies. First, the bill authorizes companies to launch countermeasures for a "cybersecurity purpose" against a "cybersecurity threat." "Cybersecurity purpose" is so broadly defined that it means almost anything related to protecting (including physically protecting) an information system, which can be a computer or software. The same goes for a "cybersecurity threat," which includes anything that "may result" in an unauthorized effort to impact the availability of the information system. Combined, the two definitions could be read by companies to permit attacks on machines that unwittingly contribute to network congestion. The countermeasures clause will increasingly militarize the Internet—a prospect that may appeal to some "active defense" (aka offensive) cybersecurity companies, but does not favor the everyday user. Second, the bill adds a new authority for companies to monitor information systems to protect an entity's rights or property. Here again, the broad definitions could be used in conjunction with the monitoring clause to spy on users engaged in potentially innocuous activity. Once collected, companies can then share the information, which is also called “cyber threat indicators,” freely with government agencies like the NSA.

Such sharing will occur because under this bill, DHS would no longer be the lead agency making decisions about the cybersecurity information received, retained, or shared to companies or within the government. Its new role in the bill mandates DHS send information to agencies like the NSA—"in real-time and simultaneous[ly]." DHS is even barred from "delay[ing]" or "interfer[ing]" with the information, which ensures that DHS's current privacy protections won’t be applied to the information. The provision is ripe for improper and over-expansive information sharing. This leads to a question: What stops your sensitive personal information from being shared by companies to the government? Almost nothing. Companies must only remove personally identifiable information if the information is known to be US person information and not directly related to the threat. Such a willful blindness approach is inappropriate. Further, the bill does not even impose this weak minimization requirement on information shared by, and within, the government (including federal, state, local, and tribal governments) thereby allowing the government to share information containing personally identifiable information. The bill should require deletion of all information not directly related to a threat.

US secret services have recruited more than a dozen officials in various German government ministries to work as spies, with some of them working for the CIA for many years, a German tabloid reported on Sunday. Following previous espionage scandals in Germany, with several suspected US agents exposed in July, a report of more spies infiltrating German ministries was published by Bild am Sonntag, Germany's largest-selling national Sunday paper. The alleged spies work within the country's defense, development, economic, and interior ministries, reported the paper, referring to unnamed sources in the US intelligence community. Due to the current diplomacy tensions between Washington and Berlin, caused by espionage concerns, the spies are reportedly not meeting with their US handlers at the moment, according to Bild. Several inquiries into the activities of American embassies in Prague and Warsaw have been initiated, as US intelligence agencies are reportedly considering basing their recruitment activities there.

Nearly half of the people on the U.S. government’s widely shared database of terrorist suspects are not connected to any known terrorist group, according to classified government documents obtained by The Intercept. Of the 680,000 people caught up in the government’s Terrorist Screening Database—a watchlist of “known or suspected terrorists” that is shared with local law enforcement agencies, private contractors, and foreign governments—more than 40 percent are described by the government as having “no recognized terrorist group affiliation.” That category—280,000 people—dwarfs the number of watchlisted people suspected of ties to al Qaeda, Hamas, and Hezbollah combined. The documents, obtained from a source in the intelligence community, also reveal that the Obama Administration has presided over an unprecedented expansion of the terrorist screening system. Since taking office, Obama has boosted the number of people on the no fly list more than ten-fold, to an all-time high of 47,000—surpassing the number of people barred from flying under George W. Bush. “If everything is terrorism, then nothing is terrorism,” says David Gomez, a former senior FBI special agent. The watchlisting system, he adds, is “revving out of control.”

Most people placed on the government’s watchlist begin in a larger, classified system known as the Terrorist Identities Datamart Environment (TIDE). The TIDE database actually allows for targeting people based on far less evidence than the already lax standards used for placing people on the watchlist. A more expansive—and invasive—database, TIDE’s information is shared across the U.S. intelligence community, as well as with commando units from the Special Operations Command and with domestic agencies such as the New York City Police Department. In the summer of 2013, officials celebrated what one classified document prepared by the National Counterterrorism Center refers to as “a milestone”—boosting the number of people in the TIDE database to a total of one million, up from half a million four years earlier.

SPIEGEL has learned from reliable sources that Israeli intelligence eavesdropped on US Secretary of State John Kerry during Middle East peace negotiations. In addition to the Israelis, at least one other intelligence service also listened in as Kerry mediated last year between Israel, the Palestinians and the Arab states, several intelligence service sources told SPIEGEL. Revelations of the eavesdropping could further damage already tense relations between the US government and Israel. During the peak stage of peace talks last year, Kerry spoke regularly with high-ranking negotiating partners in the Middle East. At the time, some of these calls were not made on encrypted equipment, but instead on normal telephones, with the conversations transmitted by satellite. Intelligence agencies intercepted some of those calls. The government in Jerusalem then used the information obtained in international negotiations aiming to reach a diplomatic solution in the Middle East.

One year ago the Obama administration was doing their very best to build up public support for U.S. military intervention in Syria. Even though that attempt failed, no one who has been following this crisis closely believed for a moment that this was the end. They would regroup and try again from another angle. The angle they chose was surprising. Iraq has been off the media radar for so long that almost no one was factoring it in as an important geopolitical variable. ISIS (or ISIL) changed that. In our video "The Fall of Iraq What You're Not Being Told" we covered the history of U.S. tinkering in Iraq dating back to 1963, and showed how the U.S. government's push to topple Assad by funding and arming extremists in Syria enabled ISIS to gain a foothold in the region. At the end of that video we pointed to how this latest crisis in Iraq was likely to be used as a pretext for U.S. strikes in Syria.

The Obama administration confirmed this when questioned yesterday on whether the U.S. military intervention in Iraq would be extended to Syria. Their response: “We don't restrict potential U.S. action to a specific geographic space,” "The president's made clear time and again that we will take action as necessary, including direct U.S. military action, if it's necessary to defend the United States against an imminent threat," the official said. "Clearly we're focused on Iraq. That's where our ISR [intelligence, surveillance and reconnaissance] resources have surged. That's where we're working to develop additional intelligence," the official added. "But the group [ISIS], again, operates broadly and we would not restrict our ability to take action that is necessary to protect the United States." Oh, and this time Obama is not going to ask for permission from Congress. No one is talking about how the Syrian government (and the Washington's desire to topple it) fits into this, but once the U.S. is carrying out airstrikes in Syrian territory, it would be trivial to expand the scope of the mission to include Syrian military targets. That way there would be no need for debate on the topic. The public would just find out we were at war after the fact (and probably via youtube). It's a backdoor approach.

Another variable that has changed in the equation since last year is Russia's involvement. Due to the crisis in Ukraine, Russia has been placed on the defensive diplomatically, and as of yet it seems to be too tied up with disputes with Kiev to take an active role in the deliberations over ISIS. In the first round of the Syrian crisis both China and Russia warned the U.S. several times against military intervention, and Russia threatened that it could lead to a nuclear conflict. At this point, it's not clear whether Russia and China see where Washington is planning to take this, or if they will back up their previous threats when the time comes. It is also yet to be seen whether the relentless anti-Russia propaganda campaign that western media outlets have been pushing since the Ukraine crisis will affect Putin's ability to influence the outcome diplomatically. The annexation of Crimea will definitely be used to discredit Putin if he attempts to block airstrikes in Syria.

“Is this related to what we talked about before?” Bencsáth said, referring to a previous discussion they’d had about testing new services the company planned to offer customers. “No, something else,” Bartos said. “Can you come now? It’s important. But don’t tell anyone where you’re going.” Bencsáth wolfed down the rest of his lunch and told his colleagues in the lab that he had a “red alert” and had to go. “Don’t ask,” he said as he ran out the door. A while later, he was at Bartos’ office, where a triage team had been assembled to address the problem they wanted to discuss. “We think we’ve been hacked,” Bartos said.

They found a suspicious file on a developer’s machine that had been created late at night when no one was working. The file was encrypted and compressed so they had no idea what was inside, but they suspected it was data the attackers had copied from the machine and planned to retrieve later. A search of the company’s network found a few more machines that had been infected as well. The triage team felt confident they had contained the attack but wanted Bencsáth’s help determining how the intruders had broken in and what they were after. The company had all the right protections in place—firewalls, antivirus, intrusion-detection and -prevention systems—and still the attackers got in.

Bencsáth was a teacher, not a malware hunter, and had never done such forensic work before. At the CrySyS Lab, where he was one of four advisers working with a handful of grad students, he did academic research for the European Union and occasional hands-on consulting work for other clients, but the latter was mostly run-of-the-mill cleanup work—mopping up and restoring systems after random virus infections. He’d never investigated a targeted hack before, let alone one that was still live, and was thrilled to have the chance. The only catch was, he couldn’t tell anyone what he was doing. Bartos’ company depended on the trust of customers, and if word got out that the company had been hacked, they could lose clients. The triage team had taken mirror images of the infected hard drives, so they and Bencsáth spent the rest of the afternoon poring over the copies in search of anything suspicious. By the end of the day, they’d found what they were looking for—an “infostealer” string of code that was designed to record passwords and other keystrokes on infected machines, as well as steal documents and take screenshots. It also catalogued any devices or systems that were connected to the machines so the attackers could build a blueprint of the company’s network architecture. The malware didn’t immediately siphon the stolen data from infected machines but instead stored it in a temporary file, like the one the triage team had found. The file grew fatter each time the infostealer sucked up data, until at some point the attackers would reach out to the machine to retrieve it from a server in India that served as a command-and-control node for the malware.

In the fall of 2008, a 30-year-old computer expert named Zarrar Shah roamed from outposts in the northern mountains of Pakistan to safe houses near the Arabian Sea, plotting mayhem in Mumbai, India’s commercial gem.Mr. Shah, the technology chief of Lashkar-e-Taiba, the Pakistani terror group, and fellow conspirators used Google Earth to show militants the routes to their targets in the city. He set up an Internet phone system to disguise his location by routing his calls through New Jersey. Shortly before an assault that would kill 166 people, including six Americans, Mr. Shah searched online for a Jewish hostel and two luxury hotels, all sites of the eventual carnage.

But he did not know that by September, the British were spying on many of his online activities, tracking his Internet searches and messages, according to former American and Indian officials and classified documents disclosed by Edward J. Snowden, the former National Security Agency contractor. They were not the only spies watching. Mr. Shah drew similar scrutiny from an Indian intelligence agency, according to a former official briefed on the operation. The United States was unaware of the two agencies’ efforts, American officials say, but had picked up signs of a plot through other electronic and human sources, and warned Indian security officials several times in the months before the attack.

Until just last week, the U.S. government kept up the charade that its use of a stockpile of security vulnerabilities for hacking was a closely held secret.1 In fact, in response to EFF’s FOIA suit to get access to the official U.S. policy on zero days, the government redacted every single reference to “offensive” use of vulnerabilities. To add insult to injury, the government’s claim was that even admitting to offensive use would cause damage to national security. Now, in the face of EFF’s brief marshaling overwhelming evidence to the contrary, the charade is over. In response to EFF’s motion for summary judgment, the government has disclosed a new version of the Vulnerabilities Equities Process, minus many of the worst redactions. First and foremost, it now admits that the “discovery of vulnerabilities in commercial information technology may present competing ‘equities’ for the [government’s] offensive and defensive mission.” That might seem painfully obvious—a flaw or backdoor in a Juniper router is dangerous for anyone running a network, whether that network is in the U.S. or Iran. But the government’s failure to adequately weigh these “competing equities” was so severe that in 2013 a group of experts appointed by President Obama recommended that the policy favor disclosure “in almost all instances for widely used code.” [.pdf].

The newly disclosed version of the Vulnerabilities Equities Process (VEP) also officially confirms what everyone already knew: the use of zero days isn’t confined to the spies. Rather, the policy states that the “law enforcement community may want to use information pertaining to a vulnerability for similar offensive or defensive purposes but for the ultimate end of law enforcement.” Similarly it explains that “counterintelligence equities can be defensive, offensive, and/or law enforcement-related” and may “also have prosecutorial responsibilities.” Given that the government is currently prosecuting users for committing crimes over Tor hidden services, and that it identified these individuals using vulnerabilities called a “Network Investigative Technique”, this too doesn’t exactly come as a shocker. Just a few weeks ago, the government swore that even acknowledging the mere fact that it uses vulnerabilities offensively “could be expected to cause serious damage to the national security.” That’s a standard move in FOIA cases involving classified information, even though the government unnecessarily classifies documents at an astounding rate. In this case, the government relented only after nearly a year and a half of litigation by EFF. The government would be well advised to stop relying on such weak secrecy claims—it only risks undermining its own credibility.

The new version of the VEP also reveals significantly more information about the general process the government follows when a vulnerability is identified. In a nutshell, an agency that discovers a zero day is responsible for invoking the VEP, which then provides for centralized coordination and weighing of equities among all affected agencies. Along with a declaration from an official at the Office of the Director of National Intelligence, this new information provides more background on the reasons why the government decided to develop an overarching zero day policy in the first place: it “recognized that not all organizations see the entire picture of vulnerabilities, and each organization may have its own equities and concerns regarding the prioritization of patches and fixes, as well as its own distinct mission obligations.” We now know the VEP was finalized in February 2010, but the government apparently failed to implement it in any substantial way, prompting the presidential review group’s recommendation to prioritize disclosure over offensive hacking. We’re glad to have forced a little more transparency on this important issue, but the government is still foolishly holding on to a few last redactions, including refusing to name which agencies participate in the VEP. That’s just not supportable, and we’ll be in court next month to argue that the names of these agencies must be disclosed. 

This is quite the bombshell delivered by two CHP deputies in the Turkish parliament and reported by Today’s Zaman, one of the top dailies in Turkey. It supports Seymour Hersh’s reporting that the notorious sarin gas attack at Ghouta was a false flag orchestrated by Turkish intelligence in order to cross President Obama’s chemical weapons “red line” and draw the United States into the Syria war to topple Assad. If so, President Obama deserves credit for “holding the line” against the attack despite the grumbling and incitement of the Syria hawks at home and abroad. And it also presents the unsavory picture of an al-Qaeda operatives colluding with ISIL in a war crime that killed 1300 civilians.

I find the report credible, taking into full account the fact that the CHP (Erdogan’s center-left Kemalist rivals) and Today’s Zaman (whose editor-in-chief, Bulent Kenes was recently detained on live TV for insulting Erdogan in a tweet) are on the outs with Erdogan. Considering the furious reaction it can be expected to elicit from Erdogan and the Turkish government, the temerity of CHP and Today’s Zaman in running with this story is a sign of how desperate their struggle against Erdogan has become.  Note that the author is shown only as “Columnist: Today’s Zaman”. I expect the anti-Erodgan forces hope this will be a game changer in terms of U.S.and European support for Erdogan. It will be very interesting to see if and how the media in the U.S. covers this story.  In case it doesn’t acquire enough “legs” to make into US media, I attach the full Zaman piece below:

CHP deputies: Gov’t rejects probe into Turkey’s role in Syrian chemical attack Two deputies from the main opposition Republican People’s Party (CHP) have claimed that the government is against investigating Turkey’s role in sending toxic sarin gas which was used in an attack on civilians in Syria in 2013 and in which over 1,300 Syrians were killed. CHP deputies Eren Erdem and Ali Şeker held a press conference in İstanbul on Wednesday in which they claimed the investigation into allegations regarding Turkey’s involvement in the procurement of sarin gas which was used in the chemical attack on a civil population and delivered to the terrorist Islamic State in Iraq and the Levant (ISIL) to enable the attack was derailed. Taking the floor first, Erdem stated that the Adana Chief Prosecutor’s Office launched an investigation into allegations that sarin was sent to Syria from Turkey via several businessmen. An indictment followed regarding the accusations targeting the government.

Spy agencies in Britain will be given the explicit right to hack into smartphones and computers as part of a new law being introduced by the Conservative government. Security services MI5, MI6 and GCHQ can already access electronic devices by exploiting software security vulnerabilities, but the legal foundation for the practice is under scrutiny.New powers laid out in the Investigatory Powers Bill, due to be introduced in Parliament next month, will give spies a solid legal basis for hacking into computer systems, according to the Times.The revelation has sparked criticism from human rights group Liberty, which accuses the government of giving spy agencies “unlimited potential” to act against citizens.The bill, which was announced in the Queens’ Speech following the general election, is likely to include the new Snooper’s Charter, according to privacy campaigners at the Open Rights Group.

British spies will be able to hack into a person’s “property” through backdoors in the software. Once inside, intelligence agents can install software that allows them operate microphones to eavesdrop on conversations and even control the camera to take photographs of targets.The government admitted in February that MI5, MI6 and GCHQ were hacking into computers, servers, routers and mobile phones using the Intelligence Services Act 1994, which does not give explicit authorization for such practices.Independent reviewer of terrorism legislation Dave Anderson QC recommended in June that new legislation be introduced to clarify give intrusive hacking a firm legal basis.Anderson said that hacking presents a “dizzying array of possibilities to the security and intelligence agencies.”While some methods are appropriate, “many are of the view that there are others which are so intrusive that they would require exceptional safeguards for their use to be legal … A debate is clearly needed,” he said.

The investigatory powers bill will give agents explicit powers to interfere with “property” once they have obtained a warrant from the home secretary.Digital evidence expert Peter Sommer said the powers circumvented encryption technology.“Increasingly, [intelligence agents] can’t read communications sent over the internet because of encryption, so their ability to get information from interception is rapidly diminishing. The best way around this is to get inside someone’s computer. This is an increasingly important avenue for them,” he told the Times.