Group items matching

in title, tags, annotations or url

Makers of surveillance systems are offering governments across the world the ability to track the movements of almost anybody who carries a cellphone, whether they are blocks away or on another continent. The technology works by exploiting an essential fact of all cellular networks: They must keep detailed, up-to-the-minute records on the locations of their customers to deliver calls and other services to them. Surveillance systems are secretly collecting these records to map people’s travels over days, weeks or longer, according to company marketing documents and experts in surveillance technology.

The world’s most powerful intelligence services, such as the National Security Agency and Britain’s GCHQ, long have used cellphone data to track targets around the globe. But experts say these new systems allow less technically advanced governments to track people in any nation — including the United States — with relative ease and precision.

It is unclear which governments have acquired these tracking systems, but one industry official, speaking on the condition of anonymity to share sensitive trade information, said that dozens of countries have bought or leased such technology in recent years. This rapid spread underscores how the burgeoning, multibillion-dollar surveillance industry makes advanced spying technology available worldwide. “Any tin-pot dictator with enough money to buy the system could spy on people anywhere in the world,” said Eric King, deputy director of Privacy International, a London-based activist group that warns about the abuse of surveillance technology. “This is a huge problem.”

Microsoft's new plan to keep the US government's hands off its customers' data: Germany will be a safe harbor in the digital privacy storm. Microsoft on Wednesday announced that beginning in the second half of 2016, it will give foreign customers the option of keeping data in new European facilities that, at least in theory, should shield customers from US government surveillance. It will cost more, according to the Financial Times, though pricing details weren't forthcoming. Microsoft Cloud - including Azure, Office 365 and Dynamics CRM Online - will be hosted from new datacenters in the German regions of Magdeburg and Frankfurt am Main. Access to data will be controlled by what the company called a German data trustee: T-Systems, a subsidiary of the independent German company Deutsche Telekom. Without the permission of Deutsche Telekom or customers, Microsoft won't be able to get its hands on the data. If it does get permission, the trustee will still control and oversee Microsoft's access.

Microsoft CEO Satya Nadella dropped the word "trust" into the company's statement: Microsoft’s mission is to empower every person and every individual on the planet to achieve more. Our new datacenter regions in Germany, operated in partnership with Deutsche Telekom, will not only spur local innovation and growth, but offer customers choice and trust in how their data is handled and where it is stored.

On Tuesday, at the Future Decoded conference in London, Nadella also announced that Microsoft would, for the first time, be opening two UK datacenters next year. The company's also expanding its existing operations in Ireland and the Netherlands. Officially, none of this has anything to do with the long-drawn-out squabbling over the transatlantic Safe Harbor agreement, which the EU's highest court struck down last month, calling the agreement "invalid" because it didn't protect data from US surveillance. No, Nadella said, the new datacenters and expansions are all about giving local businesses and organizations "transformative technology they need to seize new global growth." But as Diginomica reports, Microsoft EVP of Cloud and Enterprise Scott Guthrie followed up his boss’s comments by saying that yes, the driver behind the new datacenters is to let customers keep data close: We can guarantee customers that their data will always stay in the UK. Being able to very concretely tell that story is something that I think will accelerate cloud adoption further in the UK.

That was before Paris.  Well, in the wake of the attacks, Gabbard has apparently had just about enough of Washington vacillating in the fight against terror just so the US can ensure that ISIS continues to destabilize Assad and now, with bi-partisan support, the brazen Hawaii Democrat has introduced legislation to end the "illegal war" to overthrow Assad.  Gabbard, who fought in Iraq - twice - has partnered with Republican Adam Scott on the bill. Here's AP:  In an unusual alliance, a House Democrat and Republican have teamed up to urge the Obama administration to stop trying to overthrow Syrian President Bashar Assad and focus all its efforts on destroying Islamic State militants.   Reps. Tulsi Gabbard, a Democrat, and Austin Scott, a Republican, introduced legislation on Friday to end what they called an "illegal war" to overthrow Assad, the leader of Syria accused of killing tens of thousands of Syrian citizens in a more than four-year-old civil war entangled in a battle against IS extremists, also known as ISIS.   "The U.S. is waging two wars in Syria," Gabbard said. "The first is the war against ISIS and other Islamic extremists, which Congress authorized after the terrorist attack on 9/11. The second war is the illegal war to overthrow the Syrian government of Assad."

Last month, US Congresswoman Tulsi Gabbard went on CNN and laid bare Washington’s Syria strategy.  In a remarkably candid interview with Wolf Blitzer, Gabbard calls Washington’s effort to oust Assad “counterproductive” and “illegal” before taking it a step further and accusing the CIA of arming the very same terrorists who The White House insists are "sworn enemies.”  In short, Gabbard all but tells the American public that the government is lying to them and may end up inadvertently starting “World War III.” For those who missed it, here’s the clip:

Last month, US Congresswoman Tulsi Gabbard went on CNN and laid bare Washington’s Syria strategy.  In a remarkably candid interview with Wolf Blitzer, Gabbard calls Washington’s effort to oust Assad “counterproductive” and “illegal” before taking it a step further and accusing the CIA of arming the very same terrorists who The White House insists are "sworn enemies.”  In short, Gabbard all but tells the American public that the government is lying to them and may end up inadvertently starting “World War III.” For those who missed it, here’s the clip:

Were Israeli companies Verint and Narus the ones that collected information from the U.S. communications network for the National Security Agency? The question arises amid controversy over revelations that the NSA has been collecting the phone records of hundreds of millions of Americans every day, creating a database through which it can learn whether terror suspects have been in contact with people in the United States. It also was disclosed this week that the NSA has been gathering all Internet usage - audio, video, photographs, emails and searches - from nine major U.S. Internet providers, including Microsoft and Google, in hopes of detecting suspicious behavior that begins overseas.

According to an article in the American technology magazine "Wired" from April 2012, two Israeli companies – which the magazine describes as having close connections to the Israeli security community – conduct bugging and wiretapping for the NSA. Verint, which took over its parent company Comverse Technology earlier this year, is responsible for tapping the communication lines of the American telephone giant Verizon, according to a past Verizon employee sited by James Bamford in Wired. Neither Verint nor Verizon commented on the matter.

Natus, which was acquired in 2010 by the American company Boeing, supplied the software and hardware used at AT&T wiretapping rooms, according to whistleblower Mark Klein, who revealed the information in 2004. Klein, a past technician at AT&T who filed a suit against the company for spying on its customers, revealed a "secret room" in the company's San Fransisco office, where the NSA collected data on American citizens' telephone calls and Internet surfing. Klein's claims were reinforced by former NSA employee Thomas Drake who testified that the agency uses a program produced by Narus to save the personal electrical communications of AT&T customers.  Both Verint and Narus have ties to the Israeli intelligence agency and the Israel Defense Forces intelligence-gathering unit 8200. Hanan Gefen, a former commander of the 8200 unit, told Forbes magazine in 2007 that Comverse's technology, which was formerly the parent company of Verint and merged with it this year, was directly influenced by the technology of 8200. Ori Cohen, one of the founders of Narus, told Fortune magazine in 2001 that his partners had done technology work for the Israeli intelligence.

But when it comes to how a 29-year old IT wizard with little formal education has been able to access a batch of ultra-sensitive secrets of the US intelligence-national security complex, that's a no-brainer; it's all about the gung-ho privatization of spying - referred to by a mountain of euphemisms of the "contractor reliance" kind. In fact the bulk of the hardware and software used by the dizzying network of 16 US intelligence agencies is privatized. A Washington Post investigation found out that US homeland security, counter-terror and spy agencies do business with over 1,900 companies. [2] An obvious consequence of this contractor tsunami - hordes of "knowledge" high-tech proletarians in taupe cubicles - is their indiscriminate access to ultra-sensitive security. A systems administrator like Snowden can have access to practically everything.

Since 1996, before the British handover to China, an extradition treaty applies between the tiger and the wolf. [4] The US Department of Justice is already surveying its options. It's important to remember that the Hong Kong judicial system is independent from China's - according to the Deng Xiaoping-conceptualized "one country, two systems". As much as Washington may go for extraditing Snowden, he may also apply for political asylum. In both cases he may stay in Hong Kong for months, in fact years. The Hong Kong government cannot extradite anyone claiming he will be persecuted in his country of origin. And crucially, article 6 of the treaty stipulates, "a fugitive offender shall not be surrendered if the offence of which that person is accused or was convicted is an offence of a political character." Another clause stipulates that a fugitive shall not be surrendered if that implicates "the defense, foreign affairs or essential public interest or policy" of - guess who - the People's Republic of China.

So then we may have a case of Hong Kong and Beijing having to reach an agreement. Yet even if they decided to extradite Snowden, he could argue in court this was "an offence of a political character". The bottom line - this could drag on for years. And it's too early to tell how Beijing would play it for maximum leverage. A "win-win" situation from a Chinese point of view would be to balance its commitment to absolute non-interference in foreign domestic affairs, its desire not to rock the fragile bilateral relation boat, but also what non-pivoting move the US government would offer in return.

In addition to constructing the Stellar Wind center, and then running the operation, secretive contractors with questionable histories and little oversight were also used to do the actual bugging of the entire U.S. telecommunications network. According to a former Verizon employee briefed on the program, Verint, owned by Comverse Technology, taps the communication lines at Verizon, which I first reported in my book The Shadow Factory in 2008. Verint did not return a call seeking comment, while Verizon said it does not comment on such matters. At AT&T the wiretapping rooms are powered by software and hardware from Narus, now owned by Boeing, a discovery made by AT&T whistleblower Mark Klein in 2004. Narus did not return a call seeking comment. What is especially troubling is that both companies have had extensive ties to Israel, as well as links to that country’s intelligence service, a country with a long and aggressive history of spying on the U.S.

In fact, according to Binney, the advanced analytical and data mining software the NSA had developed for both its worldwide and international eavesdropping operations was secretly passed to Israel by a mid-level employee, apparently with close connections to the country. The employee, a technical director in the Operations Directorate, “who was a very strong supporter of Israel,” said Binney, “gave, unbeknownst to us, he gave the software that we had, doing these fast rates, to the Israelis.” Because of his position, it was something Binney should have been alerted to, but wasn’t. “In addition to being the technical director,” he said, “I was the chair of the TAP, it’s the Technical Advisory Panel, the foreign relations council. We’re supposed to know what all these foreign countries, technically what they’re doing…. They didn’t do this that way, it was under the table.” After discovering the secret transfer of the technology, Binney argued that the agency simply pass it to them officially, and in that way get something in return, such as access to communications terminals. “So we gave it to them for switches,” he said. “For access.”

But Binney now suspects that Israeli intelligence in turn passed the technology on to Israeli companies who operate in countries around the world, including the U.S. In return, the companies could act as extensions of Israeli intelligence and pass critical military, economic and diplomatic information back to them. “And then five years later, four or five years later, you see a Narus device,” he said. “I think there’s a connection there, we don’t know for sure.” Narus was formed in Israel in November 1997 by six Israelis with much of its money coming from Walden Israel, an Israeli venture capital company. Its founder and former chairman, Ori Cohen, once told Israel’s Fortune Magazine that his partners have done technology work for Israeli intelligence. And among the five founders was Stanislav Khirman, a husky, bearded Russian who had previously worked for Elta Systems, Inc. A division of Israel Aerospace Industries, Ltd., Elta specializes in developing advanced eavesdropping systems for Israeli defense and intelligence organizations. At Narus, Khirman became the chief technology officer.

A House Democrat said information revealed about the National Security Agency's secret surveillance programs are "the tip of the iceberg," Daniel Strauss of The Hill reports. "I think it's just broader than most people even realize, and I think that's, in one way, what astounded most of us, too," Rep. Loretta Sanchez (D-Calif.) told C-SPAN's "Washington Journal" after a classified briefing with national security officials. Rep. Joe Barton (R-Texas), who also attended the meeting, said that the NSA "violated the spirit of the law when it started collecting data from everyone in the country just because technology now makes that possible.” Barton added that "in America ... You don’t target everyone and violate their 4th Amendment rights just because of a handful of threats. But that is exactly what is happening at the NSA ... it is wrong and it needs to stop now.” More from Sanchez: "I don't know if there are other leaks, if there's more information somewhere, if somebody else is going to step up, but I will tell you that I believe it's the tip of the iceberg."

A House Democrat said information revealed about the National Security Agency's secret surveillance programs are "the tip of the iceberg," Daniel Strauss of The Hill reports. "I think it's just broader than most people even realize, and I think that's, in one way, what astounded most of us, too," Rep. Loretta Sanchez (D-Calif.) told C-SPAN's "Washington Journal" after a classified briefing with national security officials. Rep. Joe Barton (R-Texas), who also attended the meeting, said that the NSA "violated the spirit of the law when it started collecting data from everyone in the country just because technology now makes that possible.” Barton added that "in America ... You don’t target everyone and violate their 4th Amendment rights just because of a handful of threats. But that is exactly what is happening at the NSA ... it is wrong and it needs to stop now.”

Glenn Greenwald of the Guardian, who has served as a conduit for Snowden's leaks, recently said that there will me many more "significant revelations that have not yet been heard." Greenwald told The New York Times that he received “thousands” of classified documents — “dozens” of which are newsworthy — from the the 29-year-old ex-Booz Allen employee who was contracted by the NSA. Sanchez said that what lawmakers learned "is significantly more than what is out in the media today," which is interesting when considering previous reports by journalists and whistleblowers.

Scientists have developed a means of ultimate privacy: glowing glasses that block photographs and facial recognition systems. Developed by Japan's National Institute of Informatics, these privacy goggles include eleven LEDs that blast a privacy curtain of near-infrared light into the wearer's face. The light thereby prevents facial-recognition systems from registering the wearer's face. According to Gizmodo, the light is undetectable to the human eye; unlike most glasses, the LEDs are placed to illuminate the eyes and nose, which facial recognition systems depend on to identify a face.

It is becoming clear that US influence – despite its “pivot toward Asia” – is waning across the Asia Pacific region. Washington has suffered geopolitical setbacks in virtually every nation in Asia Pacific, including those now led by regimes it has meticulously organized, funded, and backed for decades. It is also waning, however, among those nations considered long-time and crucial US allies. This includes Southeast Asia’s Thailand, whom the US repeatedly reminds the world has been Washington’s ally since the Cold War and America’s war in Vietnam, and allegedly, even before that. Washington’s Waning Influence is Based on Floundering Fundamentals   However, in reality, Thailand has incrementally dismantled American influence over it, and has diversified its trade and cooperation with a large variety of nations – including China – as a means of depending on ties with no single nation in particular. Thailand’s economic trade is focused primarily within Asia, with the majority of its imports and exports divided equally between China, Japan, and ASEAN, with the West collectively representing a smaller – though not insignificant – market. It is no coincidence that Thailand’s geopolitical ties thus reflect its economic ties around the world – revealing that economic and sociopolitical realities are driving intentional relations regardless of the vast array of “soft power” means at Washington’s disposal. A look at Thailand’s military inventories reveals a similar strategy of diversifying weapon acquisitions and partnerships as well as developing systems through indigenous industry. What used to be a military dominated by American hardware and military exercises, is transforming with the acquisition of Chinese tanks, European warplanes, Middle Eastern assault rifles, Russian helicopters, and Thai-made armored vehicles – as well as joint drills held with a variety of nations, including for the first time, China. A similar shift is occurring throughout the rest of Asia, with China naturally assuming a large share of regional cooperation due to its geographic, economic, and demographic size. http://journal-neo.org/2016/10/24/us-attempts-to-shame-asia-for-caving-to-china/

As the hysteria about Russia’s alleged interference in the U.S. election grows, a key mystery is why U.S. intelligence would rely on “circumstantial evidence” when it has the capability for hard evidence, say U.S. intelligence veterans. Veteran Intelligence Professionals for Sanity MEMORANDUM Allegations of Hacking Election Are Baseless A New York Times report on Monday alluding to “overwhelming circumstantial evidence” leading the CIA to believe that Russian President Vladimir Putin “deployed computer hackers with the goal of tipping the election to Donald J. Trump” is, sadly, evidence-free. This is no surprise, because harder evidence of a technical nature points to an inside leak, not hacking – by Russians or anyone else.

We have gone through the various claims about hacking. For us, it is child’s play to dismiss them. The email disclosures in question are the result of a leak, not a hack. Here’s the difference between leaking and hacking: Leak: When someone physically takes data out of an organization and gives it to some other person or organization, as Edward Snowden and Chelsea Manning did. Hack: When someone in a remote location electronically penetrates operating systems, firewalls or any other cyber-protection system and then extracts data. All signs point to leaking, not hacking. If hacking were involved, the National Security Agency would know it – and know both sender and recipient. In short, since leaking requires physically removing data – on a thumb drive, for example – the only way such data can be copied and removed, with no electronic trace of what has left the server, is via a physical storage device.

These collection resources are extensive [see attached NSA slides 1, 2, 3, 4, 5]; they include hundreds of trace route programs that trace the path of packets going across the network and tens of thousands of hardware and software implants in switches and servers that manage the network. Any emails being extracted from one server going to another would be, at least in part, recognizable and traceable by all these resources. The bottom line is that the NSA would know where and how any “hacked” emails from the DNC, HRC or any other servers were routed through the network. This process can sometimes require a closer look into the routing to sort out intermediate clients, but in the end sender and recipient can be traced across the network. The various ways in which usually anonymous spokespeople for U.S. intelligence agencies are equivocating – saying things like “our best guess” or “our opinion” or “our estimate” etc. – shows that the emails alleged to have been “hacked” cannot be traced across the network. Given NSA’s extensive trace capability, we conclude that DNC and HRC servers alleged to have been hacked were, in fact, not hacked. The evidence that should be there is absent; otherwise, it would surely be brought forward, since this could be done without any danger to sources and methods. Thus, we conclude that the emails were leaked by an insider – as was the case with Edward Snowden and Chelsea Manning. Such an insider could be anyone in a government department or agency with access to NSA databases, or perhaps someone within the DNC.

We refer to them as ‘rebels’ – as if they were the Maquis fighting in the French resistance or Partisans freeing Yugoslavia from the Nazis or, indeed, the insurgents of Warsaw struggling for freedom from the German SS. Which they clearly are not

No-one doubts that foreigners are fighting alongside Jabhat al-Nusra/Al-Qaida and the Salafist Ahrar al-Sham and other groups around the city. But, oddly, that’s not what we call them. We refer to them as ‘rebels’ – as if they were the Maquis fighting in the French resistance or Partisans freeing Yugoslavia from the Nazis or, indeed, the insurgents of Warsaw struggling for freedom from the German SS. Which they clearly are not. And while we know that the ‘rebels’ of eastern Aleppo have died fighting bravely, we also know that they have executed their internal enemies, slit the throats of their prisoners and that – well, since Jabhat al-Nusra is al-Qaida (and has since changed its name yet again) – they have flown passenger aircraft into very tall buildings in New York.

But back to the terrifying website and Facebook pictures that we still see from eastern Aleppo. Why do we not see the defending fighters, as we do on the Warsaw films? Why are we not told their political allegiance, as we most assuredly are on the Warsaw footage? Why do we not see ‘rebel’ military hardware – as well as civilian targets – being hit by artillery and air attack as we do on the Polish newsreels? Or civilians lining up for weapons to help the ‘rebels’ defend eastern Aleppo – as Polish civilians, prepared to defend their city, were filmed in Warsaw?

Google, which briefly considered moving all of its computer servers out of the United States last year after learning how they had been penetrated by the National Security Agency, was looking for a public assurance from President Obama that the government would no longer secretly suck data from the company’s corner of the Internet cloud.Microsoft was listening to see if Mr. Obama would adopt a recommendation from his advisers that the government stop routinely stockpiling flaws in its Windows operating system, then using them to penetrate some foreign computer systems and, in rare cases, launch cyberattacks.

Intel and computer security companies were eager to hear Mr. Obama embrace a commitment that the United States would never knowingly move to weaken encryption systems. They got none of that.

Perhaps the most striking element of Mr. Obama’s speech on Friday was what it omitted: While he bolstered some protections for citizens who fear the N.S.A. is downloading their every dial, tweet and text message, he did nothing, at least yet, to loosen the agency’s grip on the world’s digital pipelines. White House officials said that Mr. Obama was committed to studying the complaints by American industry that the revelations were costing them billions of dollars in business overseas, by giving everyone from the Germans to the Brazilians to the Chinese an excuse to avoid American hardware and cloud services. “The most interesting part of this speech was not how the president weighed individual privacy against the N.S.A.,” said Fred H. Cate, the director of the Center of Applied Cybersecurity Research at Indiana University, “but that he said little about what to do about the agency’s practice of vacuuming up everything it can get its hands on.”

(AP) — The U.S. government is looking at ways to prevent anyone from spying on its own surveillance of Americans' phone records. As the Obama administration considers shifting the collection of those records from the National Security Agency to requiring that they be stored at phone companies or elsewhere, it's quietly funding research to prevent phone company employees or eavesdroppers from seeing whom the U.S. is spying on, The Associated Press has learned. The Office of the Director of National Intelligence has paid at least five research teams across the country to develop a system for high-volume, encrypted searches of electronic records kept outside the government's possession. The project is among several ideas that would allow the government to discontinue storing Americans' phone records, but still search them as needed.

Under the research, U.S. data mining would be shielded by secret coding that could conceal identifying details from outsiders and even the owners of the targeted databases, according to public documents obtained by The Associated Press and AP interviews with researchers, corporate executives and government officials.

Internal documents describing the Security and Privacy Assurance Research project do not cite the NSA or its phone surveillance program. But if the project were to prove successful, its encrypted search technology could pave the way for the government to shift storage of the records from NSA computers to either phone companies or a third-party organization. A DNI spokesman, Michael Birmingham, confirmed that the research was relevant to the NSA's phone records program. He cited "interest throughout the intelligence community" but cautioned that it may be some time before the technology is used. The intelligence director's office is by law exempt from disclosing detailed budget figures, so it's unclear how much money the government has spent on the SPAR project, which is overseen by the DNI's Intelligence Advanced Research Projects Activity office. Birmingham said the research is aimed for use in a "situation where a large sensitive data set is held by one party which another seeks to query, preserving privacy and enforcing access policies."

In the midst of the holiday season Congress decided to pass the National Defense Authorization Act of 2014 or NDAA.  The bill was later signed into law by President Obama with little if any fanfare.

 The NDAA contains a number of highly questionable sections that run contrary to the principles articulated in the United States Constitution.  Specifically, language contained in the bill appears to authorize cyber warfare operations against the American people.

All of this is even more concerning when one considers that the NDAA also has a lot of new cyber warfare initiatives.  Section 931 through Section 942 contains a bunch of crazy stuff dealing with the world of cyber warfare..Section 932 authorizes the creation of a position known as The Principal Cyber Advisor which will be responsible for supervising offensive and defensive cyber warfare activities.  Obviously this position would not be created unless the federal government is intending upon involving itself in both offensive and defensive cyber warfare well into the future.  Section 933 instructs the Secretary of Defense to conduct a broad mission analysis of the government’s cyber warfare capabilities.  The required analysis will focus primarily on how they will manage, increase and enhance their personnel assigned to cyber warfare operations.  It even disallows the reduction of cyber warfare personnel assigned to the Air National Guard.

"In a review of NSA surveillance last month, President Obama called for a new approach on telephony metadata that will 'establish a mechanism that preserves the capabilities we need without the government holding this bulk metadata.' Obama said that a third party holding all the data in a single, consolidated database would be essentially doing what is a government function, and may not increase public confidence that its privacy is being protected. Now, an RFI (request for information) has been posted to get information on U.S. industry's commercially available capabilities, so that the government can investigate alternative approaches."

What do you call it when you follow the same strategy for twelve years not only without success, but with negative results? What if time shows that that strategy actually helps the enemy you seek to defeat? Failure.

A group of cryptographers in the UK has published a letter that calls on authorities in that country and the United States to conduct an investigation to determine which security products, protocols and standards have been deliberately weakened by the countries’ intelligence services. The letter, signed by a number of researchers from the University of Bristol and other universities, said that the NSA and British GCHQ “have been acting against the interests of the public that they are meant to serve.” The appeal comes a couple of weeks after leaked documents from the NSA and its UK counterpart, Government Communications Headquarters, showed that the two agencies have been collaborating on projects that give them the ability to subvert encryption protocols and also have been working with unnamed security vendors to insert backdoors into hardware and software products. Security experts have been debating in recent weeks which products, standards and protocols may have been deliberately weakened, but so far no information has been forthcoming.

“By weakening cryptographic standards, in as yet undisclosed ways, and by inserting weaknesses into products which we all rely on to secure critical infrastructure, we believe that the agencies have been acting against the interests of the public that they are meant to serve. We find it shocking that agencies of both the US and UK governments now stand accused of undermining the systems which protect us. By weakening all our security so that they can listen in to the communications of our enemies, they also weaken our security against our potential enemies,” the letter says.

Published on Monday, the letter is signed by cryptographers from the University of Bristol, University of London, University of Birmingham, University of Luxembourg, University of Southampton, University of Surrey, University of Kent, Newcastle University and University College London. In it, the researchers call on the relevant authorities to publicly name the products and standards that have been weakened in order to inform users which systems they should avoid. “We call on the relevant parties to reveal what systems have been weakened so that they can be repaired, and to create a proper system of oversight with well-defined public rules that clearly forbid weakening the security of civilian systems and infrastructures. The statutory Intelligence and Security Committee of the House of Commons needs to investigate this issue as a matter of urgency. In the modern information age we all need to have complete trust in the basic infrastructure that we all use,” the letter says.

It wasn’t ever seriously in doubt, but the FBI yesterday acknowledged that it secretly took control of Freedom Hosting last July, days before the servers of the largest provider of ultra-anonymous hosting were found to be serving custom malware designed to identify visitors. Freedom Hosting’s operator, Eric Eoin Marques, had rented the servers from an unnamed commercial hosting provider in France, and paid for them from a bank account in Las Vegas. It’s not clear how the FBI took over the servers in late July, but the bureau was temporarily thwarted when Marques somehow regained access and changed the passwords, briefly locking out the FBI until it gained back control. The new details emerged in local press reports from a Thursday bail hearing in Dublin, Ireland, where Marques, 28, is fighting extradition to America on charges that Freedom Hosting facilitated child pornography on a massive scale. He was denied bail today for the second time since his arrest in July. Freedom Hosting was a provider of turnkey “Tor hidden service” sites — special sites, with addresses ending in .onion, that hide their geographic location behind layers of routing, and can be reached only over the Tor anonymity network. Tor hidden services are used by sites that need to evade surveillance or protect users’ privacy to an extraordinary degree – including human rights groups and journalists. But they also appeal to serious criminal elements, child-pornography traders among them.

On August 4, all the sites hosted by Freedom Hosting — some with no connection to child porn — began serving an error message with hidden code embedded in the page. Security researchers dissected the code and found it exploited a security hole in Firefox to identify users of the Tor Browser Bundle, reporting back to a mysterious server in Northern Virginia. The FBI was the obvious suspect, but declined to comment on the incident. The FBI also didn’t respond to inquiries from WIRED today. But FBI Supervisory Special Agent J. Brooke Donahue was more forthcoming when he appeared in the Irish court yesterday to bolster the case for keeping Marques behind bars, according to local press reports. Among the many arguments Donahue and an Irish police inspector offered was that Marques might reestablish contact with co-conspirators, and further complicate the FBI probe. In addition to the wrestling match over Freedom Hosting’s servers, Marques allegedly dove for his laptop when the police raided him, in an effort to shut it down.

The apparent FBI-malware attack was first noticed on August 4, when all of the hidden service sites hosted by Freedom Hosting began displaying a “Down for Maintenance” message. That included at least some lawful websites, such as the secure email provider TorMail. Some visitors looking at the source code of the maintenance page realized that it included a hidden iframe tag that loaded a mysterious clump of Javascript code from a Verizon Business internet address. By midday, the code was being circulated and dissected all over the net. Mozilla confirmed the code exploited a critical memory management vulnerability in Firefox that was publicly reported on June 25, and is fixed in the latest version of the browser. Though many older revisions of Firefox were vulnerable to that bug, the malware only targeted Firefox 17 ESR, the version of Firefox that forms the basis of the Tor Browser Bundle – the easiest, most user-friendly package for using the Tor anonymity network. That made it clear early on that the attack was focused specifically on de-anonymizing Tor users. Tor Browser Bundle users who installed or manually updated after June 26 were safe from the exploit, according to the Tor Project’s security advisory on the hack.

A top secret document retrieved by American whistleblower Edward Snowden reveals Canada has set up covert spying posts around the world and conducted espionage against trading partners at the request of the U.S. National Security Agency. The leaked NSA document being reported exclusively by CBC News reveals Canada is involved with the huge American intelligence agency in clandestine surveillance activities in “approximately 20 high-priority countries."

Sections of the document with the highest classification make it clear in some instances why American spymasters are particularly keen about enlisting their Canadian counterparts, the Communications Security Establishment Canada. "CSEC shares with the NSA their unique geographic access to areas unavailable to the U.S," the document says. The briefing paper describes a "close co-operative relationship" between the NSA and its Canadian counterpart, the Communications Security Establishment Canada, or CSEC — a relationship "both sides would like to see expanded and strengthened. "The intelligence exchange with CSEC covers worldwide national and transnational targets."

The briefing notes make it clear that Canada plays a very robust role in intelligence-gathering around the world in a way that has won respect from its American equivalents.