Group items tagged

Beyond the technical issues, trying to legislate ideas out of existence is a fool’s game: those sufficiently determined will always find ways to make themselves heard. Indeed, as U.S. pop star Barbra Streisand famously learned, attempts to suppress ideas usually result in the greatest publicity possible for their advocates and/or elevate them by turning fringe ideas into martyrs for free speech (I have zero doubt that all five of the targeted sites enjoyed among their highest traffic dates ever today as a result of the French targeting). But the comical futility of these efforts is exceeded by their profound dangers. Who wants governments to be able to unilaterally block websites? Isn’t the exercise of this website-blocking power what has long been cited as reasons we should regard the Bad Countries — such as China and Iran — as tyrannies (which also usually cite “counterterrorism” to justify their censorship efforts)?

s those and countless other examples prove, the concepts of “extremism” and “radicalizing” (like “terrorism” itself) are incredibly vague and elastic, and in the hands of those who wield power, almost always expand far beyond what you think it should mean (plotting to blow up innocent people) to mean: anyone who disseminates ideas that are threatening to the exercise of our power. That’s why powers justified in the name of combating “radicalism” or “extremism” are invariably — not often or usually, but invariably — applied to activists, dissidents, protesters and those who challenge prevailing orthodoxies and power centers. My arguments for distrusting governments to exercise powers of censorship are set forth here (in the context of a prior attempt by a different French minister to control the content of Twitter). In sum, far more damage has been inflicted historically by efforts to censor and criminalize political ideas than by the kind of “terrorism” these governments are invoking to justify these censorship powers. And whatever else may be true, few things are more inimical to, or threatening of, Internet freedom than allowing functionaries inside governments to unilaterally block websites from functioning on the ground that the ideas those sites advocate are objectionable or “dangerous.” That’s every bit as true when the censors are in Paris, London, and Ottawa, and Washington as when they are in Tehran, Moscow or Beijing.

The American Civil Liberties Union (ACLU) also came out in opposition the Senate GOP proposal on Tuesday, warning it would urge lawmakers to vote against it. 

In an emailed statement, Defense Department spokeswoman Lt. Col. Valerie Henderson said that she had not been able to establish whether the DoD had been the source of “any guidance related to your website.” Henderson added, however, that “DoD personnel have an obligation to safeguard classified information. Classified information, whether made public by unauthorized disclosure, remains classified until declassified by an appropriate government authority. DoD is committed to preventing classified information from being introduced onto DoD’s unclassified networks.” Earlier this month, after the publication of two Intercept stories revealing classified details about the vast scope of the government’s watchlisting program, Reuters reported that “intelligence officials were preparing a criminal referral” over the leaks.

The ban on The Intercept appears to have come in the aftermath of those stories, representing the latest in a string of U.S. military crackdowns on news websites that have published classified material. Last year, the Army admitted that it was blocking parts of The Guardian’s website after it published secret documents from former National Security Agency contractor Edward Snowden. In 2010, WikiLeaks and several major news organizations were subject to similar measures after the publication of leaked State Department diplomatic files. Flanagan, the Marine Corps spokesman, told The Intercept that The Washington Post was also blocked by some military agencies last year after it published documents from Snowden revealing covert NSA surveillance operations. “Just because classified information is published on a public website, that doesn’t mean military people with security clearance have the ability to download it,” Flanagan said.

Yet marketing documents obtained by The Washington Post show that companies are offering powerful systems that are designed to evade detection while plotting movements of surveillance targets on computerized maps. The documents claim system success rates of more than 70 percent. A 24-page marketing brochure for SkyLock, a cellular tracking system sold by Verint, a maker of analytics systems based in Melville, N.Y., carries the subtitle “Locate. Track. Manipulate.” The document, dated January 2013 and labeled “Commercially Confidential,” says the system offers government agencies “a cost-effective, new approach to obtaining global location information concerning known targets.”

tracking systems that access carrier location databases are unusual in their ability to allow virtually any government to track people across borders, with any type of cellular phone, across a wide range of carriers — without the carriers even knowing. These systems also can be used in tandem with other technologies that, when the general location of a person is already known, can intercept calls and Internet traffic, activate microphones, and access contact lists, photos and other documents. Companies that make and sell surveillance technology seek to limit public information about their systems’ capabilities and client lists, typically marketing their technology directly to law enforcement and intelligence services through international conferences that are closed to journalists and other members of the public.

Security experts say hackers, sophisticated criminal gangs and nations under sanctions also could use this tracking technology, which operates in a legal gray area. It is illegal in many countries to track people without their consent or a court order, but there is no clear international legal standard for secretly tracking people in other countries, nor is there a global entity with the authority to police potential abuses.

(Privacy International has collected several marketing brochures on cellular surveillance systems, including one that refers briefly to SkyLock, and posted them on its Web site. The 24-page SkyLock brochure and other material was independently provided to The Post by people concerned that such systems are being abused.)

Verint, which also has substantial operations in Israel, declined to comment for this story. It says in the marketing brochure that it does not use SkyLock against U.S. or Israeli phones, which could violate national laws. But several similar systems, marketed in recent years by companies based in Switzerland, Ukraine and elsewhere, likely are free of such limitations.

The tracking technology takes advantage of the lax security of SS7, a global network that cellular carriers use to communicate with one another when directing calls, texts and Internet data. The system was built decades ago, when only a few large carriers controlled the bulk of global phone traffic. Now thousands of companies use SS7 to provide services to billions of phones and other mobile devices, security experts say. All of these companies have access to the network and can send queries to other companies on the SS7 system, making the entire network more vulnerable to exploitation. Any one of these companies could share its access with others, including makers of surveillance systems.

Companies that market SS7 tracking systems recommend using them in tandem with “IMSI catchers,” increasingly common surveillance devices that use cellular signals collected directly from the air to intercept calls and Internet traffic, send fake texts, install spyware on a phone, and determine precise locations. IMSI catchers — also known by one popular trade name, StingRay — can home in on somebody a mile or two away but are useless if a target’s general location is not known. SS7 tracking systems solve that problem by locating the general area of a target so that IMSI catchers can be deployed effectively. (The term “IMSI” refers to a unique identifying code on a cellular phone.)

Verint can install SkyLock on the networks of cellular carriers if they are cooperative — something that telecommunications experts say is common in countries where carriers have close relationships with their national governments. Verint also has its own “worldwide SS7 hubs” that “are spread in various locations around the world,” says the brochure. It does not list prices for the services, though it says that Verint charges more for the ability to track targets in many far-flung countries, as opposed to only a few nearby ones. Among the most appealing features of the system, the brochure says, is its ability to sidestep the cellular operators that sometimes protect their users’ personal information by refusing government requests or insisting on formal court orders before releasing information.

Another company, Defentek, markets a similar system called Infiltrator Global Real-Time Tracking System on its Web site, claiming to “locate and track any phone number in the world.” The site adds: “It is a strategic solution that infiltrates and is undetected and unknown by the network, carrier, or the target.”

Perhaps the strongest evidence that the attack was a law enforcement or intelligence operation was the limited functionality of the malware. The heart of the malicious Javascript was a tiny Windows executable hidden in a variable named “Magneto.” A traditional virus would use that executable to download and install a full-featured backdoor, so the hacker could come in later and steal passwords, enlist the computer in a DDoS botnet, and generally do all the other nasty things that happen to a hacked Windows box. But the Magneto code didn’t download anything. It looked up the victim’s MAC address — a unique hardware identifier for the computer’s network or Wi-Fi card — and the victim’s Windows hostname. Then it sent it to a server in Northern Virginia server, bypassing Tor, to expose the user’s real IP address, coding the transmission as a standard HTTP web request.

The official IP allocation records maintained by the American Registry for Internet Numbers show the two Magneto-related IP addresses were part of a ghost block of eight addresses that have no organization listed. Those addresses trace no further than the Verizon Business data center in Ashburn, Virginia, 20 miles northwest of the Capital Beltway. The code’s behavior, and the command-and-control server’s Virginia placement, is also consistent with what’s known about the FBI’s “computer and internet protocol address verifier,” or CIPAV, the law enforcement spyware first reported by WIRED in 2007. Court documents and FBI files released under the FOIA have described the CIPAV as software the FBI can deliver through a browser exploit to gather information from the target’s machine and send it to an FBI server in Virginia. The FBI has been using the CIPAV since 2002 against hackers, online sexual predators, extortionists, and others, primarily to identify suspects who are disguising their location using proxy servers or anonymity services, like Tor. Prior to the Freedom Hosting attack, the code had been used sparingly, which kept it from leaking out and being analyzed.

The United Nations Institute for Training and Research (UNITAR) has published a series of satellite images showing areas of Gaza before and after the Israeli bombardment. Such maps are used by international agencies to make overall damage assessments. For instance, using satellite images, the UN estimated that as of 25 July, the Israeli bombardment had completely destroyed 700 structures and severely damaged 316 others in (a “structure” might be an individual house or an entire apartment block with a number of individual units) in the eastern Gaza City districts of Shujaiya, Tuffah and Shaaf (see the PDF below).

For instance, using satellite images, the UN estimated that as of 25 July, the Israeli bombardment had completely destroyed 700 structures and severely damaged 316 others in (a “structure” might be an individual house or an entire apartment block with a number of individual units) in the eastern Gaza City districts of Shujaiya, Tuffah and Shaaf (see the PDF below).

UN OCHA has published another invaluable resource, the Gaza Crisis Atlas. Viewable online, it contains numerous maps and satellite images with neighborhood-by-neighborhood information about the destruction in Gaza.

“We will pursue a new foreign policy that finally learns from the mistakes of the past…We will stop looking to topple regimes and overthrow governments…. Our goal is stability not chaos, because we want to rebuild our country [the United States] …In our dealings with other countries, we will seek shared interests wherever possible and pursue a new era of peace, understanding, and good will.” There won’t be any peace under Mattis or McMaster, that’s for sure. Both men are anti-Moscow hardliners who think Russia is an emerging rival that must be confronted and defeated. Even more worrisome is the fact that uber-hawk John McCain recently stated that he talks with both men “almost daily” (even though he has avoided talking to Trump since he was elected in November.) According to German Marshall Fund’s Derek Chollet, a former Obama Pentagon official. “(McCain) is trying to run U.S. defense policy through Mattis and effectively ignore Trump.” (Kimberly Dozier, Daily Beast contributing editor)  Chollet’s comments square with our belief that Trump has relinquished his control over foreign policy to placate his critics.

In response to Mattis’s comments, Syrian President Bashar al Assad said: “Any military operation in Syria without the approval of the Syrian government is illegal, and  any troops on the Syrian soil,  is an invasion, whether to liberate Raqqa or any other place. …The (US-led) coalition has never been serious about fighting ISIS or the terrorists.” Clearly, Washington is using the fight against ISIS as a pretext for capturing and holding territory in a critical, energy-rich area of the world. The plan to seize parts of East Syria for military bases and pipeline corridors fits neatly within this same basic strategy.   But it also throws a wrench in Moscow’s plan to restore the country’s borders and put an end to the six year-long conflict. And what does Tillerson mean when he talks about “interim zones of stability” a moniker that the Trump administration carefully crafted to avoid the more portentous-sounding “safe zones”. (Readers will recall that Hillary Clinton was the biggest proponent of safe zones in Syria, even though they would require a huge commitment of US troops as well as the costly imposition of a no-fly zone.) Tillerson’s comments suggest that the Trump administration is deepening its involvement in Syria despite the risks of a catastrophic clash with Moscow. Ever since General Michael Flynn was forced to step down from his position as National Security Advisor, (Flynn wanted to “normalize” relations with Russia), Trump has filled his foreign policy team with Russophobic hawks who see Moscow as “hostile revisionist power” that “annex(es) territory, intimidates our allies, develops nuclear weapons, and uses proxies under the cover of modernized conventional militaries.” Those are the words of  the man who replaced Flynn as NSA,  Lt. General HR McMaster. While the media applauded the McMaster appointment as an “outstanding choice”, his critics think it signals a departure from Trump’s campaign promise:

Washington’s Syria policy is now in the hands of a small group of right-wing extremists who think Russia is the biggest threat the nation has faced since WW2. That’s why there’s been a sharp uptick in the number of troops deployed to the region. 

Overall, we desperately need to nurture and propagate a steadfast culture of outspoken whistleblowing. A central motto of the AIDS activist movement dating back to the 1980s – Silence = Death – remains urgently relevant in a vast array of realms. Whether the problems involve perpetual war, corporate malfeasance, climate change, institutionalized racism, patterns of sexual assault, toxic pollution or countless other ills, none can be alleviated without bringing grim realities into the light. “All governments lie,” Ellsberg says in a video statement released for the launch of ExposeFacts, “and they all like to work in the dark as far as the public is concerned, in terms of their own decision-making, their planning — and to be able to allege, falsely, unanimity in addressing their problems, as if no one who had knowledge of the full facts inside could disagree with the policy the president or the leader of the state is announcing.” Ellsberg adds: “A country that wants to be a democracy has to be able to penetrate that secrecy, with the help of conscientious individuals who understand in this country that their duty to the Constitution and to the civil liberties and to the welfare of this country definitely surmount their obligation to their bosses, to a given administration, or in some cases to their promise of secrecy.”

Right now, our potential for democracy owes a lot to people like NSA whistleblowers William Binney and Kirk Wiebe, and EPA whistleblower Marsha Coleman-Adebayo. When they spoke at the June 4 news conference in Washington that launched ExposeFacts, their brave clarity was inspiring. Antidotes to the poisons of cynicism and passive despair can emerge from organizing to help create a better world. The process requires applying a single standard to the real actions of institutions and individuals, no matter how big their budgets or grand their power. What cannot withstand the light of day should not be suffered in silence. If you see something, say something.

The N.S.A. made use of four “zero day” vulnerabilities in its attack on Iran’s nuclear enrichment sites. That operation, code-named “Olympic Games,” managed to damage roughly 1,000 Iranian centrifuges, and by some accounts helped drive the country to the negotiating table.Not surprisingly, officials at the N.S.A. and at its military partner, the United States Cyber Command, warned that giving up the capability to exploit undisclosed vulnerabilities would amount to “unilateral disarmament” — a phrase taken from the battles over whether and how far to cut America’s nuclear arsenal.“We don’t eliminate nuclear weapons until the Russians do,” one senior intelligence official said recently. “You are not going to see the Chinese give up on ‘zero days’ just because we do.” Even a senior White House official who was sympathetic to broad reforms after the N.S.A. disclosures said last month, “I can’t imagine the president — any president — entirely giving up a technology that might enable him some day to take a covert action that could avoid a shooting war.”

But documents released by Edward J. Snowden, the former N.S.A. contractor, make it clear that two years before Heartbleed became known, the N.S.A. was looking at ways to accomplish exactly what the flaw did by accident. A program code-named Bullrun, apparently named for the site of two Civil War battles just outside Washington, was part of a decade-long effort to crack or circumvent encryption on the web. The documents do not make clear how well it succeeded, but it may well have been more effective than exploiting Heartbleed would be at enabling access to secret data.The government has become one of the biggest developers and purchasers of information identifying “zero days,” officials acknowledge. Those flaws are big business — Microsoft pays up to $150,000 to those who find them and bring them to the company to fix — and other countries are gathering them so avidly that something of a modern-day arms race has broken out. Chief among the nations seeking them are China and Russia, though Iran and North Korea are in the market as well.