Group items matching

in title, tags, annotations or url

Complex malware known as Regin is the suspected technology behind sophisticated cyberattacks conducted by U.S. and British intelligence agencies on the European Union and a Belgian telecommunications company, according to security industry sources and technical analysis conducted by The Intercept. Regin was found on infected internal computer systems and email servers at Belgacom, a partly state-owned Belgian phone and internet provider, following reports last year that the company was targeted in a top-secret surveillance operation carried out by British spy agency Government Communications Headquarters, industry sources told The Intercept. The malware, which steals data from infected systems and disguises itself as legitimate Microsoft software, has also been identified on the same European Union computer systems that were targeted for surveillance by the National Security Agency.

The hacking operations against Belgacom and the European Union were first revealed last year through documents leaked by NSA whistleblower Edward Snowden. The specific malware used in the attacks has never been disclosed, however.

Micah Lee: What are some operational security practices you think everyone should adopt? Just useful stuff for average people. Edward Snowden: [Opsec] is important even if you’re not worried about the NSA. Because when you think about who the victims of surveillance are, on a day-to-day basis, you’re thinking about people who are in abusive spousal relationships, you’re thinking about people who are concerned about stalkers, you’re thinking about children who are concerned about their parents overhearing things. It’s to reclaim a level of privacy. The first step that anyone could take is to encrypt their phone calls and their text messages. You can do that through the smartphone app Signal, by Open Whisper Systems. It’s free, and you can just download it immediately. And anybody you’re talking to now, their communications, if it’s intercepted, can’t be read by adversaries. [Signal is available for iOS and Android, and, unlike a lot of security tools, is very easy to use.] You should encrypt your hard disk, so that if your computer is stolen the information isn’t obtainable to an adversary — pictures, where you live, where you work, where your kids are, where you go to school. [I’ve written a guide to encrypting your disk on Windows, Mac, and Linux.] Use a password manager. One of the main things that gets people’s private information exposed, not necessarily to the most powerful adversaries, but to the most common ones, are data dumps. Your credentials may be revealed because some service you stopped using in 2007 gets hacked, and your password that you were using for that one site also works for your Gmail account. A password manager allows you to create unique passwords for every site that are unbreakable, but you don’t have the burden of memorizing them. [The password manager KeePassX is free, open source, cross-platform, and never stores anything in the cloud.]

The other thing there is two-factor authentication. The value of this is if someone does steal your password, or it’s left or exposed somewhere … [two-factor authentication] allows the provider to send you a secondary means of authentication — a text message or something like that. [If you enable two-factor authentication, an attacker needs both your password as the first factor and a physical device, like your phone, as your second factor, to login to your account. Gmail, Facebook, Twitter, Dropbox, GitHub, Battle.net, and tons of other services all support two-factor authentication.]

We should armor ourselves using systems we can rely on every day. This doesn’t need to be an extraordinary lifestyle change. It doesn’t have to be something that is disruptive. It should be invisible, it should be atmospheric, it should be something that happens painlessly, effortlessly. This is why I like apps like Signal, because they’re low friction. It doesn’t require you to re-order your life. It doesn’t require you to change your method of communications. You can use it right now to talk to your friends.

Less than a week after the attacks in Paris — while the public and policymakers were still reeling, and the investigation had barely gotten off the ground — Cy Vance, Manhattan’s District Attorney, released a policy paper calling for legislation requiring companies to provide the government with backdoor access to their smartphones and other mobile devices. This is the first concrete proposal of this type since September 2014, when FBI Director James Comey reignited the “Crypto Wars” in response to Apple’s and Google’s decisions to use default encryption on their smartphones. Though Comey seized on Apple’s and Google’s decisions to encrypt their devices by default, his concerns are primarily related to end-to-end encryption, which protects communications that are in transit. Vance’s proposal, on the other hand, is only concerned with device encryption, which protects data stored on phones. It is still unclear whether encryption played any role in the Paris attacks, though we do know that the attackers were using unencrypted SMS text messages on the night of the attack, and that some of them were even known to intelligence agencies and had previously been under surveillance. But regardless of whether encryption was used at some point during the planning of the attacks, as I lay out below, prohibiting companies from selling encrypted devices would not prevent criminals or terrorists from being able to access unbreakable encryption. Vance’s primary complaint is that Apple’s and Google’s decisions to provide their customers with more secure devices through encryption interferes with criminal investigations. He claims encryption prevents law enforcement from accessing stored data like iMessages, photos and videos, Internet search histories, and third party app data. He makes several arguments to justify his proposal to build backdoors into encrypted smartphones, but none of them hold water.

Before addressing the major privacy, security, and implementation concerns that his proposal raises, it is worth noting that while an increase in use of fully encrypted devices could interfere with some law enforcement investigations, it will help prevent far more crimes — especially smartphone theft, and the consequent potential for identity theft. According to Consumer Reports, in 2014 there were more than two million victims of smartphone theft, and nearly two-thirds of all smartphone users either took no steps to secure their phones or their data or failed to implement passcode access for their phones. Default encryption could reduce instances of theft because perpetrators would no longer be able to break into the phone to steal the data.

Vance argues that creating a weakness in encryption to allow law enforcement to access data stored on devices does not raise serious concerns for security and privacy, since in order to exploit the vulnerability one would need access to the actual device. He considers this an acceptable risk, claiming it would not be the same as creating a widespread vulnerability in encryption protecting communications in transit (like emails), and that it would be cheap and easy for companies to implement. But Vance seems to be underestimating the risks involved with his plan. It is increasingly important that smartphones and other devices are protected by the strongest encryption possible. Our devices and the apps on them contain astonishing amounts of personal information, so much that an unprecedented level of harm could be caused if a smartphone or device with an exploitable vulnerability is stolen, not least in the forms of identity fraud and credit card theft. We bank on our phones, and have access to credit card payments with services like Apple Pay. Our contact lists are stored on our phones, including phone numbers, emails, social media accounts, and addresses. Passwords are often stored on people’s phones. And phones and apps are often full of personal details about their lives, from food diaries to logs of favorite places to personal photographs. Symantec conducted a study, where the company spread 50 “lost” phones in public to see what people who picked up the phones would do with them. The company found that 95 percent of those people tried to access the phone, and while nearly 90 percent tried to access private information stored on the phone or in other private accounts such as banking services and email, only 50 percent attempted contacting the owner.

Venezuelan Oil Minister Eulogio del Pino indicated Saturday that the country’s state oil company PDVSA could open a lawsuit in US courts over new revelations of National Security Agency (NSA) spying on top company executives and internal communications.

The announcement comes after leaked documents released to TeleSUR last Wednesday by ex-NSA analyst Edward Snowden exposed that US intelligence officials posing as diplomats had hacked PDVSA’s internal network, monitoring the communications of at least 900 employees since 2010, including former company president Rafael Ramirez. “This is unacceptable and we are going to file a claim and seek redress for damages under US law,” stated Del Pino, who is also the current president of PDVSA. “We are evaluating legal actions, not moral ones. Delving into the personal information of our workers, our strategies, our plans, [and] our operations is a violation, that is unacceptable,” the oil minister added, speaking from the Third Summit of Gas-Exporting Nations in Tehran.

The comments follow an announcement by President Maduro last week calling for a meeting with the US charge d’affaires in Caracas to review bilateral ties in the wake of the scandal. Speaking on Thursday, US State Department spokesperson John Kirby did not deny the evidence contained in the leaked documents, though he did reject claims that US spy agencies engage in industrial espionage on behalf of US corporations.

A few weeks before the last great international climate conference—2009, in Copenhagen—the e-mail accounts of a few climate scientists were hacked and reviewed for incriminating evidence suggesting that global warming was a charade. Eight separate investigations later concluded that there was literally nothing to “Climategate,” save a few sentences taken completely out of context—but by that time, endless, breathless media accounts about the “scandal” had damaged the prospects for any progress at the conference. Ad Policy Now, on the eve of the next global gathering in Paris this December, there’s a new scandal. But this one doesn’t come from an anonymous hacker taking a few sentences out of context. This one comes from months of careful reporting by two separate teams, one at the Pulitzer Prize–winning website Inside Climate News, and the other at the Los Angeles Times (with an assist from the Columbia Journalism School). Following separate lines of evidence and document trails, they’ve reached the same bombshell conclusion: ExxonMobil, the world’s largest and most powerful oil company, knew everything there was to know about climate change by the mid-1980s, and then spent the next few decades systematically funding climate denial and lying about the state of the science.

An anonymous hacker claims to have breached CIA Director John Brennan's personal email account and has posted documents online, including a list of email addresses purportedly from Brennan's contact file. The CIA said it referred the matter to the proper authorities, but would not comment further. The hacker spoke to the New York Post, which described him in an article published Sunday as "a stoner high school student," motivated by his opposition to U.S. foreign policy and support for Palestinians. His Twitter account, @phphax, includes links to files that he says are Brennan's contact list, a log of phone calls by then-CIA deputy director Avril Haines, and other documents.

The hacker also claimed to have breached a Comcast account belonging to Homeland Security Secretary Jeh Johnson, and released what appeared to be personal information. One document purporting to come from Brennan's AOL email account contains a spreadsheet of people, including senior intelligence officials, along with their Social Security numbers, although the hacker redacted the numbers in the version he posted on Twitter. It's unclear why Brennan would have stored such a document in his private email account. Based on the titles, the document appears to date from 2009 or before. When people visit the White House and other secure facilities, they are required to supply their Social Security numbers. Brennan could have been forwarding a list of invitees to the White House when he was President Barack Obama's counter terrorism adviser, the job he held before he became CIA director in 2013.

The hacker told the Post he had obtained a 47-page version of Brennan's application for a security clearance, known as an SF86. That document — millions of which were stolen from the federal personnel office last year by hackers linked to China — contains detailed information about past jobs, foreign contacts, finances and other sensitive personal details. No such document appears to be posted on the hacker's Twitter account, but it's not clear whether the hacker posted it elsewhere.

If the U.S. Department of Justice asks a New York court to force Apple Inc to unlock an iPhone, the technology company could push the government to reveal how it accessed the phone which belonged to a shooter in San Bernardino, a source familiar with the situation said.The Justice Department will disclose over the next two weeks whether it will continue with its bid to compel Apple to help access an iPhone in a Brooklyn drug case, according to a court filing on Tuesday.The Justice Department this week withdrew a similar request in California, saying it had succeeded in unlocking an iPhone used by one of the shooters involved in a rampage in San Bernardino in December without Apple's help.The legal dispute between the U.S. government and Apple has been a high-profile test of whether law enforcement should have access to encrypted phone data.

Apple, supported by most of the technology industry, says anything that helps authorities bypass security features will undermine security for all users. Government officials say that all kinds of criminal investigations will be crippled without access to phone data.Prosecutors have not said whether the San Bernardino technique would work for other seized iPhones, including the one at issue in Brooklyn. Should the Brooklyn case continue, Apple could pursue legal discovery that would potentially force the FBI to reveal what technique it used on the San Bernardino phone, the source said. A Justice Department representative did not have immediate comment.

What is really behind the deep-state infighting over the U.S. elections and the "wire tapping" of the Trump campaign? Why was the CIA-Neocon axis vehemently lobbying against Trump? What foreign interests and what money is involved in this? Answers to these questions are now emerging. The former director of the CIA under Clinton, James Woolsey, went to the Wall Street Journal and offered some information (likely some true and some false) on the retired General Flynn and the lobbying businesses he was involved in. Woolsey is an arch-neoconservative. He had worked on the transition team of Trump but got fired over "growing tensions over Trump’s vision for intelligence agencies." Flynn is the former National Security Advisor of Trump who later also got fired. Woolsey was a board member of Flynn's former lobbying company FIG. Woolsey claims: In September 2016 he took part in a meeting between Flynn and high level Turkish officials, including the Turkish foreign minister and the energy minister who is the son-in-law of the Turkish president Erdogan. During the meeting, Woolsey claims, a brainstorming took place over how the Turkish cult leader Fethullah Gülen could -probably by illegal means- be removed from the U.S. and handed over to Turkey. Gülen is accused by the Erdogan mafia of initiating a coup attempt against it. The U.S. claims officially that there is no evidence for such an accusation and that Gülen can therefore not be rendered to Turkey. Gülen is an old CIA asset that helped the U.S. deep state to control Turkey.  Erdogan divorced from the Gülen organization after it became useless for his neo-Ottoman project. Here is the WSJ report on the Woolsey claims and a video clip with parts of his WSJ interview. Woolsey also went on CNN where he repeated his WSJ story. Flynn was accused by the anti-Trump campaign to have worked for Russia. He had taken several $10,000 for speeches he gave in Moscow. He also, at times, had argued for better U.S. relations with Russia. But Flynn's pro-Russia stand was probably honest. (Or the bribes involved were just smaller than the ones paid by others.) The money he got on the speaker circus was rather small for a man in his position. Flynn's real corruption was on another issue. After having been fired from the Trump administration, Flynn retroactively filed under the Foreign Agent Registration Act (FARA). His lobbying firm had a contract over $530,000 to work for a company near to the Turkish president Erdogan: In its filing, Mr. Flynn’s firm said its work from August to November “could be construed to have principally benefited the Republic of Turkey.” The filing said his firm’s fee, $530,000, wasn’t paid by the government but by Inovo BV, a Dutch firm owned by a Turkish businessman, Ekim Alptekin.

This lobbying, not the alleged Flynn-Putin relation, is the real scandal and part of the Trump/CIA/Clinton deep-state in-fighting. The meeting Woolsey described was under the "Turkish" Flynn contract. The Turkish business man, and owner of Inovo, Ekim Alptekin is a member of the Erdogan gang. But hidden at the very end of the WSJ story is the real key to understand the shady network: Inovo hired Mr. Flynn on behalf of an Israeli company seeking to export natural gas to Turkey, the filing said, and Mr. Alptekin wanted information on the U.S.-Turkey political climate to advise the gas company about its Turkish investments. It was the Israeli gas company, not the Alptekin outlet, that drove the issue. The Leviatan (and Tamar) gas fields in the Mediterranean along the Israeli coast are a huge energy and profit resource IF the gas from them can be exported to Europe. Several companies are involved in the exploration and all are looking for ways to connect the fields to the European gas network. There are (likely true) rumors that huge bribes have been payed in Israel, Jordan and elsewhere to win exploration contracts and to sell the gas. Negotiations between Israel and Turkey over the pipeline have been on and off. They depend on a positive climate towards Israel in the Turkish government which again depends on the often changing political position of the Erdogan gang.

The picture evolving here (lots of sleuthing and sources) is this: An Israeli company (or whoever is behind it) wants a gas pipeline to Turkey. It hires Flynn and Alptekin to arrange a positive climate for the Leviathan pipeline within the Turkish government. It offers Flynn more than half a million for a little (4-month long) influence work. His job is to create a "friendly atmosphere" for the deal by using his influence in the U.S. to accommodate Erdogan. A major point that is expected from Flynn is to arrange the handover of Gülen, by whatever means, from the U.S. to Erdogan. After accepting the (lobbying) bribe Flynn-the-whore suddenly changes his former anti-Turkish, pro-Russian, pro-Kurdish political position into a pro-Turkish, neutral-Russian and anti-Kurdish one. (His lobbying firm also makes some smaller payments related to the Clinton email-server scandal. This may be related to links between the Clinton family and the Gülen school empire.) He has a meeting with the Turkish government/Erdogan officials part of which is a discussion of a removal of Gülen to Turkey. He pens a pro Erdogan anti-Gülen op-ed which is published on the day of the election and he denigrates the Pentagon plan to work with the Kurds in Syria. The NSA, CIA and the FBI are listening to Flynn's conversations with Turkish and Israeli interests. (For the old and long history of such "wiretapping" of Turkish and Israeli connections and various dirty and criminal deals they revealed read and ask Sibel Edmonds.) The projects which Flynn is involved in, especially removing Gülen, are against the long term interests of the (neoconservative-driven) CIA. Selected tapes of his talks are transcribed and distributed within the anti-Trump campaign. This is the origin of the "wiretapping" of the Trump Tower the U.S. president lamented about. The stuff the CIA dug up about Flynn's dealing was and is used against Trump. Woolsey is caught up in this as he also worked for Flynn's lobbying firm. (His neocon-pro-Zionist history suggests that he is the senior Israeli watchdog over Flynn in all this.) He is now engaged in damage control and is "coming clean" and selectively leaking his anti-Flynn stuff to exculpate himself. (There is probably also some new, better deal involved that will pay off from him.) The Israeli-Turkish pipeline and the related deep-state fight are not the only issue involved in the campaign against Trump. There are also British interests and British intelligence involvement especially with the accusations against Russia of "hacking" of the DNC. If and how these fit in with above has not yet been revealed.

Last week, Fox News dropped a bombshell report officially confirming, via anonymous FBI sources, what many had suspected for quite some time, that murdered DNC staffer Seth Rich was the WikiLeaks source for leaks which proved that the DNC was intentionally undermining the campaign of Bernie Sanders. In addition to exposing the corruption of the DNC, the leaks cost Debbie Wasserman In addition to exposing the corruption of the DNC, the leaks cost Debbie Wasserman Schultz her job as Chairwoman. Of course, if it’s true that WikiLeaks’ emails came from a DNC insider it would end the “Russian hacking” narrative that has been perpetrated by Democrats and the mainstream media for the past several months.

Moreover, it would corroborate the one confirmation that Julian Assange has offered regarding his source, namely that it was “not a state actor.” Meanwhile, the plot thickened a little more over the weekend when Kim Dotcom confirmed via Twitter that he was working with Seth Rich to get leaked emails to WikiLeaks.

Meanwhile, Kim Dotcom has promised more information will be released on his interaction with Seth Rich by tomorrow.

President Donald Trump is being blocked from knowing he can pardon WikiLeaks founder Julian Assange in exchange for information vindicating Russia of hacking allegations, according to Republican California Rep. Dana Rohrabacher. Trump told reporters Sunday that he has “never heard” of a potential deal with Assange. “I think the president’s answer indicates that there is a wall around him that is being created by people who do not want to expose this fraud that there was collusion between our intelligence community and the leaders of the Democratic Party,” Rohrabacher told The Daily Caller Tuesday in a phone interview.

After repeated warnings over the past couple of years, Turkey and Russia have signed a pact to increase use of the ruble and lira in cross-border payments, with Turkey signing on to Russia's alternative to SWIFT, the international telecommunications protocol used by banks and central banks the world over. Though SWIFT is an international cooperative owned by its members, with more than 10,000 banks worldwide relying on its system for handling sizable inter-bank transactions, the safety of the network was brought into question after a series of cyberattacks in 2015 and 2016 resulted in the theft of $101 million from the Central Bank of Bangladesh. For the first time since SWIFT's laucnh, the hacks stoked doubts about the system's safety, and prompted many US rivals, including Russia, to ramp up work on their alternatives to SWIFT.

In addition to Turkey, China and Russia have signed agreements to bolster trade between the two countries, including settling a larger percentage of their bilateral trade in rubles and renminbi. For China, bilateral trade with Russia grew from $69.6 billion in 2016 to $107.1 billion last year. China is Russia's biggest partner for imports and exports. There has also been talk about India joining Russia's SWIFT alternative as Washington continues to threaten New Delhi with sanctions over its decision to purchase Russian-made missile-defense systems. According to Reuters, Russian Finance Minister Anton Siluanov signed the agreement with Ankara on Tuesday. The agreement, signed on Oct. 4, will encourage the two countries to start using Russia's system in mutual settlements.