Skip to main content

Home/ Socialism and the End of the American Dream/ Group items matching "hacked" in title, tags, annotations or url

Group items matching
in title, tags, annotations or url

Sort By: Relevance | Date Filter: All | Bookmarks | Topics Simple Middle
4More

NSA Spied on World Bank, IMF, UN, Pope, World Leaders, and American Politicians and Mil... - 0 views

www.zerohedge.com/...and-american-politicians-and-m surveillance state NSA NSA-targets
shared by Paul Merrell on 02 Nov 13 - No Cached
  • He says the NSA started spying on President Obama when he was a candidate for Senate: 
  • Another very high-level NSA whistleblower – the head of the NSA’s global intelligence gathering operation – says that the NSA targeted CIA chief Petraeus. Of course, the NSA also spied on the leaders of Germany, Brazil and Mexico, and at least 35 world leaders total. The NSA also spies on the European Union, the European Parliament, the G20 summit and other allies.
  • The NSA conducts widespread industrial espionage on our allies. That has nothing to do with terrorism, either.  And the  NSA’s industrial espionage has been going on for many decades.
  • Paul Merrell on 02 Nov 13
     
    Nice collection of links in a list of targets of NSA surveillance. 
5More

Lavabit To Release Code As Open Source, As It Creates Dark Mail Alliance To Create Even... - 0 views

www.techdirt.com/...surveillance-proof-email.shtml surveillance state NSA Dark Mail Alliance NSA-blowback
shared by Paul Merrell on 31 Oct 13 - No Cached
  • This whole morning, while all these stories of the NSA hacking directly into Google and Yahoo's network have been popping up, I've been at the Inbox Love conference, all about the future of email. The "keynote" that just concluded, was Ladar Levison from Lavabit (with an assist from Mike Janke from Silent Circle), talking about the just announced Dark Mail Alliance, between Lavabit and Silent Circle -- the other "security" focused communications company who shut down its email offering after Lavabit was forced to shut down. Levison joked that they went with "Dark Mail" because "Black Mail" might have negative connotations. Perhaps just as interesting, Levison is going to be releasing the Lavabit source code (and doing a Kickstarter project to support this), with the hope that many others can set up their own secure email using Lavabit's code, combined with the new Dark Mail Alliance secure technology which will be available next year. As noted, the Alliance is working on trying to create truly secure and surveillance-proof email. Of course, nothing is ever 100% surveillance proof -- and both members of the alliance have previously claimed that it was almost impossible to do surveillance-proof email. However, they're claiming they've had a "breakthrough" that will help.
  • The newly developed technology has been designed to look just like ordinary email, with an interface that includes all the usual folders—inbox, sent mail, and drafts. But where it differs is that it will automatically deploy peer-to-peer encryption, so that users of the Dark Mail technology will be able to communicate securely. The encryption, based on a Silent Circle instant messaging protocol called SCIMP, will apply to both content and metadata of the message and attachments. And the secret keys generated to encrypt the communications will be ephemeral, meaning they are deleted after each exchange of messages. For the NSA and similar surveillance agencies across the world, it will sound like a nightmare. The technology will thwart attempts to sift emails directly from Internet cables as part of so-called “upstream” collection programs and limit the ability to collect messages directly from Internet companies through court orders. Covertly monitoring encrypted Dark Mail emails would likely have to be done by deploying Trojan spyware on a targeted user. If every email provider in the world adopted this technology for all their users, it would render dragnet interception of email messages and email metadata virtually impossible.
  • Importantly, they're not asking everyone to just trust them to be secure -- even though both companies have the right pedigree to deserve some level of trust. Instead, they're going to release the source code for public scrutiny and audits, and they're hoping that other email providers will join the alliance. At the conference, Levison recounted much of what's happened over the last few months (with quite a bit of humor), joking about how he tried to be "nice" in giving the feds Lavabit's private keys printed out, by noting that he included line numbers to help (leaving unsaid that this would make OCR'ing the keys even more difficult). He also admitted that giving them the paper version was really just a way to buy time to shut down Lavabit.
  • ...1 more annotation...
  • Janke came up on stage to talk about the importance of changing the 40-year-old architecture of email, because it's just not designed for secure communications. The hope is that as many other email providers as possible will join the Alliance and that this new setup becomes the de facto standard for end-to-end secure email, which is where Levison's open sourcing of his code gets more interesting. In theory, if it all works out, it could be a lot easier for lots of companies to set up their own "dark mail" email providers. Either way, I would imagine that this development can't make the NSA all that happy.
  • Paul Merrell on 31 Oct 13
     
    Oh, Goody!
4More

Will Hillary Clinton's Emails Burn the White House? - The Daily Beast - 0 views

www.thedailybeast.com/...ails-burn-the-white-house.html Auction 2016 Hillary email-scandal Obama
shared by Paul Merrell on 03 Sep 15 - No Cached
  • Hillary Clinton’s email problems are already causing headaches for her presidential campaign. But within American counterintelligence circles, there’s a mounting sense that the former secretary of state may not be the only Obama administration official in trouble. This is a scandal that has the potential to spread to the White House, as well. The Federal Bureau of Investigation can be expected to be tight-lipped, especially because this highly sensitive case is being handled by counterintelligence experts from Bureau headquarters a few blocks down Pennsylvania Avenue from the White House, not by the FBI’s Washington Field Office. That will ensure this investigation gets the needed “big picture” view, since even senior FBI agents at any given field office may only have a partial look at complex counterintelligence cases.
  • And this most certainly is a counterintelligence matter. There’s a widely held belief among American counterspies that foreign intelligence agencies had to be reading the emails on Hillary’s private server, particularly since it was wholly unencrypted for months. “I’d fire my staff if they weren’t getting all this,” explained one veteran Department of Defense counterintelligence official, adding: “I’d hate to be the guy in Moscow or Beijing right now who had to explain why they didn’t have all of Hillary’s email.” Given the widespread hacking that has plagued the State Department, the Pentagon, and even the White House during Obama’s presidency, senior counterintelligence officials are assuming the worst about what the Russians and Chinese know.
  • EmailGate has barely touched the White House directly, although it’s clear that some senior administration officials beyond the State Department were aware of Hillary’s unorthodox email and server habits, given how widely some of the emails from Clinton and her staff were forwarded around the Beltway. Obama’s inner circle may not be off-limits to the FBI for long, however, particularly since the slipshod security practices of certain senior White House officials have been a topic of discussion in the Intelligence Community for years. Hillary Clinton was far from the only senior Obama appointee to play fast and loose with classified materials, according to Intelligence Community insiders. While most counterspies agree that Hillary’s practices—especially using her own server and having her staffers place classified information into unclassified emails, in violation of federal law—were especially egregious, any broad-brush investigation into security matters are likely to turn up other suspects, they maintain. “The whole administration is filled with people who can’t shoot straight when it comes to classified,” an Intelligence Community official explained to me this week. Three U.S. officials suggested that Susan Rice, the National Security Adviser, might be at particular risk if a classified information probe goes wide. But it should be noted that Rice has made all sorts of enemies on the security establishment for her prickly demeanor, use of coarse language, and strategic missteps.
  • Paul Merrell on 03 Sep 15
     
    Sounds to me like some CIA officials of the "Cowboy" branch are trying to use the Clinton email scandal to tar the Obama Administration.  
6More

Senate majority whip: Cyber bill will have to wait until fall | TheHill - 0 views

thehill.com/...l-will-have-to-wait-until-fall surveillance state CISA legislation digital-privacy
shared by Paul Merrell on 30 Jul 15 - No Cached
  • Senate Majority Whip John Cornyn (R-Texas) on Tuesday said the upper chamber is unlikely to move on a stalled cybersecurity bill before the August recess.Senate Republican leaders, including Cornyn, had been angling to get the bill — known as the Cybersecurity Information Sharing Act (CISA) — to the floor this month.ADVERTISEMENTBut Cornyn said that there is simply too much of a time crunch in the remaining legislative days to get to the measure, intended to boost the public-private exchange of data on hackers.  “I’m sad to say I don’t think that’s going to happen,” he told reporters off the Senate floor. “The timing of this is unfortunate.”“I think we’re just running out time,” he added.An aide for Senate Majority Leader Mitch McConnell (R-Ky.) said he had not committed to a specific schedule after the upper chamber wraps up work in the coming days on a highway funding bill.Cornyn said Senate leadership will look to move on the bill sometime after the legislature returns in September from its month-long break.
  • The move would delay yet again what’s expected to be a bruising floor fight about government surveillance and digital privacy rights.“[CISA] needs a lot of work,” Sen. Patrick Leahy (D-Vt.), who currently opposes the bill, told The Hill on Tuesday. “And when it comes up, there’s going to have to be a lot of amendments otherwise it won’t pass.”Despite industry support, broad bipartisan backing, and potentially even White House support, CISA has been mired in the Senate for months over privacy concerns.Civil liberties advocates worry the bill would create another venue for the government’s intelligence wing to collect sensitive data on Americans only months after Congress voted to rein in surveillance powers.But industry groups and many lawmakers insist a bolstered data exchange is necessary to better understand and counter the growing cyber threat. Inaction will leave government and commercial networks exposed to increasingly dangerous hackers, they say.Sen. Ron Wyden (D-Ore.), who has been leading the chorus opposing the bill, rejoiced Tuesday after hearing of the likely delay.
  • “I really want to commend the advocates for the tremendous grassroots effort to highlight the fact that this bill was badly flawed from a privacy standpoint,” he told The Hill.Digital rights and privacy groups are blanketing senators’ offices this week with faxes and letters in an attempt to raise awareness of bill’s flaws.“Our side has picked up an enormous amount of support,” Wyden said.Wyden was the only senator to vote against CISA in the Senate Intelligence Committee. The panel approved the measure in March by a 14-1 vote and it looked like CISA was barrelling toward the Senate floor.After the House easily passed its companion pieces of legislation, CISA’s odds only seemed better.But the measure got tied up in the vicious debate over the National Security Agency's (NSA) spying powers that played out throughout April and May.“It’s like a number of these issues, in the committee the vote was 14-1, everyone says, ‘oh, Ron Wyden opposes another bipartisan bill,’” Wyden said Tuesday. “And I said, ‘People are going to see that this is a badly flawed bill.’”
  • ...2 more annotations...
  • CISA backers hoped that the ultimate vote to curb the NSA’s surveillance authority might quell some of the privacy fears surrounding CISA, clearing a path to passage. But numerous budget debates and the Iranian nuclear deal have chewed up much of the Senate’s floor time throughout June and July.  Following the devastating hacks at the Office of Personnel Management (OPM), Senate Republican leaders tried to jump CISA in the congressional queue by offering its language as an amendment to a defense authorization bill.Democrats — including the bill’s original co-sponsor Sen. Dianne Feinstein (D-Calif.) — revolted, angry they could not offer amendments to CISA’s language before it was attached to the defense bill.Cornyn on Tuesday chastised Democrats for stalling a bill that many of them favor.“As you know, Senate Democrats blocked that before on the defense authorization bill,” Cornyn said. “So we had an opportunity to do it then.”Now it’s unclear when the Senate will have another opportunity.When it does, however, CISA could have the votes to get through.
  • There will be vocal opposition from senators like Wyden and Leahy, and potentially from anti-surveillance advocates like Sens. Rand Paul (R-Ky.), Mike Lee (R-Utah) and Dean Heller (R-Nev.).But finding 40 votes to block the bill completely will be a difficult task.Wyden said he wouldn’t “get into speculation” about whether he could gather the support to stop CISA altogether.“I’m pleased about the progress that we’ve made,” he said.
  • Paul Merrell on 30 Jul 15
     
    NSA and crew decide to delay and try later with CISA. The Internet strikes back again.
2More

Watchdog: OPM ignored warnings about online background check system | TheHill - 0 views

thehill.com/...-about-background-check-system Dark-State security-breach OPM
shared by Paul Merrell on 10 Jul 15 - No Cached
  • The Office of Personnel Management (OPM) had known since 2012 about security flaws in its online submission system, roughly three years before the agency finally shut down the system to repair it.“OPM has known about vulnerabilities in the system for years, but has not corrected them,” Michael Esser, the assistant inspector general for audits at the OPM, told a House subcommittee on Wednesday.ADVERTISEMENTIn late June, the OPM said it was suspending the Web-based platform, known as e-QIP, after a security review conducted in the wake of massive hacks at the agency uncovered significant defects.The OPM data breach has likely exposed upwards of 18 million people’s sensitive information and is raising pointed questions about why the agency hasn't moved more expediently over the years to correct glaring problems with its networks.The agency’s inspector general has said OPM officials repeatedly failed to heed its warnings, even refusing to shut down several of its weakest computer systems as recommended.
  • On Wednesday, Esser accused the agency of also not responding to alerts about the e-QIP system, which is used to file the background checks for security clearances.  The agency’s oversight arm detailed 18 security vulnerabilities starting in 2012, he said.“I do not know if those vulnerabilities were related to the reason the system was shut down last week,” Esser added.OPM Director Katherine Archuleta has maintained she always takes into account the watchdog’s recommendations. The agency kept the deficient computer systems running, she said, in order to avoid gaps in delivering employee's paychecks and benefits.
6More

Security Experts Oppose Government Access to Encrypted Communication - The New York Times - 0 views

www.nytimes.com/...o-encrypted-communication.html encryption government-backdoors expert-report
shared by Paul Merrell on 08 Jul 15 - No Cached
  • An elite group of security technologists has concluded that the American and British governments cannot demand special access to encrypted communications without putting the world’s most confidential data and critical infrastructure in danger.A new paper from the group, made up of 14 of the world’s pre-eminent cryptographers and computer scientists, is a formidable salvo in a skirmish between intelligence and law enforcement leaders, and technologists and privacy advocates. After Edward J. Snowden’s revelations — with security breaches and awareness of nation-state surveillance at a record high and data moving online at breakneck speeds — encryption has emerged as a major issue in the debate over privacy rights.
  • That has put Silicon Valley at the center of a tug of war. Technology companies including Apple, Microsoft and Google have been moving to encrypt more of their corporate and customer data after learning that the National Security Agency and its counterparts were siphoning off digital communications and hacking into corporate data centers.
  • Yet law enforcement and intelligence agency leaders argue that such efforts thwart their ability to monitor kidnappers, terrorists and other adversaries. In Britain, Prime Minister David Cameron threatened to ban encrypted messages altogether. In the United States, Michael S. Rogers, the director of the N.S.A., proposed that technology companies be required to create a digital key to unlock encrypted data, but to divide the key into pieces and secure it so that no one person or government agency could use it alone.The encryption debate has left both sides bitterly divided and in fighting mode. The group of cryptographers deliberately issued its report a day before James B. Comey Jr., the director of the Federal Bureau of Investigation, and Sally Quillian Yates, the deputy attorney general at the Justice Department, are scheduled to testify before the Senate Judiciary Committee on the concerns that they and other government agencies have that encryption technologies will prevent them from effectively doing their jobs.
  • ...2 more annotations...
  • The new paper is the first in-depth technical analysis of government proposals by leading cryptographers and security thinkers, including Whitfield Diffie, a pioneer of public key cryptography, and Ronald L. Rivest, the “R” in the widely used RSA public cryptography algorithm. In the report, the group said any effort to give the government “exceptional access” to encrypted communications was technically unfeasible and would leave confidential data and critical infrastructure like banks and the power grid at risk. Handing governments a key to encrypted communications would also require an extraordinary degree of trust. With government agency breaches now the norm — most recently at the United States Office of Personnel Management, the State Department and the White House — the security specialists said authorities could not be trusted to keep such keys safe from hackers and criminals. They added that if the United States and Britain mandated backdoor keys to communications, China and other governments in foreign markets would be spurred to do the same.
  • “Such access will open doors through which criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend,” the report said. “The costs would be substantial, the damage to innovation severe and the consequences to economic growth hard to predict. The costs to the developed countries’ soft power and to our moral authority would also be considerable.”
  • Paul Merrell on 08 Jul 15
     
    Our system of government does not expect that every criminal will be apprehended and convicted. There are numerous values our society believes are more important. Some examples: [i] a presumption of innocence unless guilt is established beyond any reasonable doubt; [ii] the requirement that government officials convince a neutral magistrate that they have probable cause to believe that a search or seizure will produce evidence of a crime; [iii] many communications cannot be compelled to be disclosed and used in evidence, such as attorney-client communications, spousal communications, and priest-penitent communications; and [iv] etc. Moral of my story: the government needs a much stronger reason to justify interception of communications than saying, "some crooks will escape prosecution if we can't do that." We have a right to whisper to each other, concealing our communicatons from all others. Why does the right to whisper privately disappear if our whisperings are done electronically? The Supreme Court took its first step on a very slippery slope when it permitted wiretapping in Olmstead v. United States, 277 U.S. 438, 48 S. Ct. 564, 72 L. Ed. 944 (1928). https://goo.gl/LaZGHt It's been a long slide ever since. It's past time to revisit Olmstead and recognize that American citizens have the absolute right to communicate privately. "The President … recognizes that U.S. citizens and institutions should have a reasonable expectation of privacy from foreign or domestic intercept when using the public telephone system." - Brent Scowcroft, U.S. National Security Advisor, National Security Decision Memorandum 338 (1 September 1976) (Nixon administration), http://www.fas.org/irp/offdocs/nsdm-ford/nsdm-338.pdf   
5More

Edward Snowden says Hillary Clinton 'ridiculous' to think emails were secure | US news ... - 0 views

www.theguardian.com/...n-hillary-clinton-email-server Auction 2016 Snowden Hillary-emails
shared by Paul Merrell on 05 Sep 15 - No Cached
  • Edward Snowden has branded as “completely ridiculous” the idea that Hillary Clinton’s personal email server was secure while she was secretary of state. The National Security Agency whistleblower was speaking in an interview with Al-Jazeera. In 2014, Clinton accused Snowden of inadvertently helping terrorists. Since then she has toned down such criticism and said the NSA needs to be more transparent. On Thursday, Snowden was asked what he would say to Clinton now that she is being investigated for sending emails containing classified information while using a private server. “This is a problem,” Snowden said, “because anyone who has the clearances that the secretary of state has, or the director of any top-level agency has, knows how classified information should be handled.”
  • He added: “If an ordinary worker at the State Department or the CIA … were sending details about the security of embassies, which is alleged to be in her email, meetings with private government officials, foreign government officials and the statements that were made to them in confidence over unclassified email systems, they would not only lose their jobs and lose their clearance, they would very likely face prosecution for it.”
  • He did comment on Clinton’s choice of email server, Platte River Networks. “When the unclassified systems of the United States government, which has a full-time information security staff, regularly gets hacked, the idea that someone keeping a private server in the renovated bathroom of a server farm in Colorado is more secure is completely ridiculous,” he said.
  • ...1 more annotation...
  • He went on to question the credibility of politicians like John Kerry, Clinton’s successor as secretary of state, and compared “the good that they’re doing for the country” to the work of people like Jimmy Wales, the co-founder of Wikipedia, who he said was “improving the world”.
  • Paul Merrell on 05 Sep 15
     
    Is that a wooden stake you're holding in your hand, Edward? And what's the sledge hammer for?
1More

US, China reach cyberespionage agreement | ITworld - 0 views

www.itworld.com/...-cyberespionage-agreement.html surveillance state China U.S.-foreign-policy cybercrime cyberespionage agreement
shared by Paul Merrell on 27 Sep 15 - No Cached
  • The U.S. and China have reached their first ever cybercrime and cyberespionage agreement, but the deal is quite general and how it will translate into actions is still unclear.Leaders of both countries announced the deal in Washington on Friday after two days of top-level talks, but both dodged questions on specific hacking incidents or the indictment last year by the U.S. of five Chinese military hackers for cybercrimes."We have agreed that neither the U.S. or the Chinese government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information for commercial advantage," President Obama said at a White House news conference.And that appears to be the main thrust of the agreement -- government-sponsored cyberespionage for the economic gain of companies. It doesn't cover government espionage and is pretty specific in its definition but, as President Obama indicated: It's a start.
12More

Popular Security Software Came Under Relentless NSA and GCHQ Attacks - The Intercept - 0 views

firstlook.org/...nsa-gchq-targeted-kaspersky surveillance state NSA GCHQ anti-virus-software
shared by Paul Merrell on 23 Jun 15 - No Cached
  • The National Security Agency and its British counterpart, Government Communications Headquarters, have worked to subvert anti-virus and other security software in order to track users and infiltrate networks, according to documents from NSA whistleblower Edward Snowden. The spy agencies have reverse engineered software products, sometimes under questionable legal authority, and monitored web and email traffic in order to discreetly thwart anti-virus software and obtain intelligence from companies about security software and users of such software. One security software maker repeatedly singled out in the documents is Moscow-based Kaspersky Lab, which has a holding registered in the U.K., claims more than 270,000 corporate clients, and says it protects more than 400 million people with its products. British spies aimed to thwart Kaspersky software in part through a technique known as software reverse engineering, or SRE, according to a top-secret warrant renewal request. The NSA has also studied Kaspersky Lab’s software for weaknesses, obtaining sensitive customer information by monitoring communications between the software and Kaspersky servers, according to a draft top-secret report. The U.S. spy agency also appears to have examined emails inbound to security software companies flagging new viruses and vulnerabilities.
  • The efforts to compromise security software were of particular importance because such software is relied upon to defend against an array of digital threats and is typically more trusted by the operating system than other applications, running with elevated privileges that allow more vectors for surveillance and attack. Spy agencies seem to be engaged in a digital game of cat and mouse with anti-virus software companies; the U.S. and U.K. have aggressively probed for weaknesses in software deployed by the companies, which have themselves exposed sophisticated state-sponsored malware.
  • The requested warrant, provided under Section 5 of the U.K.’s 1994 Intelligence Services Act, must be renewed by a government minister every six months. The document published today is a renewal request for a warrant valid from July 7, 2008 until January 7, 2009. The request seeks authorization for GCHQ activities that “involve modifying commercially available software to enable interception, decryption and other related tasks, or ‘reverse engineering’ software.”
  • ...9 more annotations...
  • The NSA, like GCHQ, has studied Kaspersky Lab’s software for weaknesses. In 2008, an NSA research team discovered that Kaspersky software was transmitting sensitive user information back to the company’s servers, which could easily be intercepted and employed to track users, according to a draft of a top-secret report. The information was embedded in “User-Agent” strings included in the headers of Hypertext Transfer Protocol, or HTTP, requests. Such headers are typically sent at the beginning of a web request to identify the type of software and computer issuing the request.
  • According to the draft report, NSA researchers found that the strings could be used to uniquely identify the computing devices belonging to Kaspersky customers. They determined that “Kaspersky User-Agent strings contain encoded versions of the Kaspersky serial numbers and that part of the User-Agent string can be used as a machine identifier.” They also noted that the “User-Agent” strings may contain “information about services contracted for or configurations.” Such data could be used to passively track a computer to determine if a target is running Kaspersky software and thus potentially susceptible to a particular attack without risking detection.
  • Another way the NSA targets foreign anti-virus companies appears to be to monitor their email traffic for reports of new vulnerabilities and malware. A 2010 presentation on “Project CAMBERDADA” shows the content of an email flagging a malware file, which was sent to various anti-virus companies by François Picard of the Montréal-based consulting and web hosting company NewRoma. The presentation of the email suggests that the NSA is reading such messages to discover new flaws in anti-virus software. Picard, contacted by The Intercept, was unaware his email had fallen into the hands of the NSA. He said that he regularly sends out notification of new viruses and malware to anti-virus companies, and that he likely sent the email in question to at least two dozen such outfits. He also said he never sends such notifications to government agencies. “It is strange the NSA would show an email like mine in a presentation,” he added.
  • The NSA presentation goes on to state that its signals intelligence yields about 10 new “potentially malicious files per day for malware triage.” This is a tiny fraction of the hostile software that is processed. Kaspersky says it detects 325,000 new malicious files every day, and an internal GCHQ document indicates that its own system “collect[s] around 100,000,000 malware events per day.” After obtaining the files, the NSA analysts “[c]heck Kaspersky AV to see if they continue to let any of these virus files through their Anti-Virus product.” The NSA’s Tailored Access Operations unit “can repurpose the malware,” presumably before the anti-virus software has been updated to defend against the threat.
  • The Project CAMBERDADA presentation lists 23 additional AV companies from all over the world under “More Targets!” Those companies include Check Point software, a pioneering maker of corporate firewalls based Israel, whose government is a U.S. ally. Notably omitted are the American anti-virus brands McAfee and Symantec and the British company Sophos.
  • As government spies have sought to evade anti-virus software, the anti-virus firms themselves have exposed malware created by government spies. Among them, Kaspersky appears to be the sharpest thorn in the side of government hackers. In the past few years, the company has proven to be a prolific hunter of state-sponsored malware, playing a role in the discovery and/or analysis of various pieces of malware reportedly linked to government hackers, including the superviruses Flame, which Kaspersky flagged in 2012; Gauss, also detected in 2012; Stuxnet, discovered by another company in 2010; and Regin, revealed by Symantec. In February, the Russian firm announced its biggest find yet: the “Equation Group,” an organization that has deployed espionage tools widely believed to have been created by the NSA and hidden on hard drives from leading brands, according to Kaspersky. In a report, the company called it “the most advanced threat actor we have seen” and “probably one of the most sophisticated cyber attack groups in the world.”
  • Hacks deployed by the Equation Group operated undetected for as long as 14 to 19 years, burrowing into the hard drive firmware of sensitive computer systems around the world, according to Kaspersky. Governments, militaries, technology companies, nuclear research centers, media outlets and financial institutions in 30 countries were among those reportedly infected. Kaspersky estimates that the Equation Group could have implants in tens of thousands of computers, but documents published last year by The Intercept suggest the NSA was scaling up their implant capabilities to potentially infect millions of computers with malware. Kaspersky’s adversarial relationship with Western intelligence services is sometimes framed in more sinister terms; the firm has been accused of working too closely with the Russian intelligence service FSB. That accusation is partly due to the company’s apparent success in uncovering NSA malware, and partly due to the fact that its founder, Eugene Kaspersky, was educated by a KGB-backed school in the 1980s before working for the Russian military.
  • Kaspersky has repeatedly denied the insinuations and accusations. In a recent blog post, responding to a Bloomberg article, he complained that his company was being subjected to “sensationalist … conspiracy theories,” sarcastically noting that “for some reason they forgot our reports” on an array of malware that trace back to Russian developers. He continued, “It’s very hard for a company with Russian roots to become successful in the U.S., European and other markets. Nobody trusts us — by default.”
  • Documents published with this article: Kaspersky User-Agent Strings — NSA Project CAMBERDADA — NSA NDIST — GCHQ’s Developing Cyber Defence Mission GCHQ Application for Renewal of Warrant GPW/1160 Software Reverse Engineering — GCHQ Reverse Engineering — GCHQ Wiki Malware Analysis & Reverse Engineering — ACNO Skill Levels — GCHQ
9More

Land Destroyer: NATO's War on Syria Just Got Dirtier - 0 views

landdestroyer.blogspot.com/...on-syria-just-got-dirtier.html war & peace Syria WMD false-flag Brown-Moses emails Syrian-Electronic-Army
shared by Paul Merrell on 08 Jan 14 - No Cached
  • But even with the West's capitulation in Syria, and months passing without a shred of credible evidence produced, hacks among Western media continue to perpetuate the original narrative. Among these are of course corporate-financier funded think-tanks and propaganda fronts like the Brookings Institution, Foreign Policy Magazine, the Foundation for the Defense of Democracies (FDD), and establishment papers like the Guardian. In the middle of it all is couch-potato self-proclaimed weapons expert, Eliot Higgins, a representation of the West's propaganda 2.0 campaign.  UK-based Higgins lost his job and now spends his days combing social media sites for "evidence" he then analyzes and reports on. The Western media, with its propagandists expelled from Syria and many of its "sources" in Syria exposed in humiliating attempts to fabricate and manipulate evidence, quickly picked Higgins up and elevated his armchair blogging to "expert analysis." Since then, Higgins has joined the already discredited "Syrian Observatory for Human Rights" another UK-based individual, as the basis upon which the West's Syrian narrative spins. 
  • Whitaker is desperately attempting to keep the wheels on the establishment's new propaganda 2.0 vehicle - manipulating social media, much the way Hersh describes intelligence being manipulated, to create any outcome necessary to bolster a predetermined narrative.  What he doesn't address is the fact that Higgins' work almost entirely depends on videos posted online by people he does not know, who may be misrepresenting who they are, what they are posting, and their motivations for doing so - such is the nature of anonymity on the web and why this evidence alone is useless outside of a larger geopolitical context.  Both Whitaker and Higgins, who maintain that the Syrian government was behind the attacks, fail to address another glaring reality. A false flag attack is designed to look like the work of one's enemy. In other words, terrorists in Syria would use equipment, uniforms, weapons, and tactics that would pin the crime on the Syrian government. All Higgins has proved, thus far, is that the superficial details of the operation made for a convincing false flag attack. 
  • Toward the end of Higgin's piece, he, like his friends at the Guardian, attempt to claim Al Nusra, contrary to Hersh's report, are most likely not capable of producing sarin.
  • ...5 more annotations...
  • The e-mails illustrate prior knowledge of chemical weapons falling into the hands of terrorists who fully planned on using them in a false flag operation. Higgins and others had this information, and now, have Seymour Hersh's report as well, yet they still pose the argument that the militants had neither the ability nor the means to carry out the attacks. In fact, it appears that the Western media and underlings like Higgins went out of their way specifically to discredit the notion from even being considered.  In other words, a concerted cover-up.  The e-mails above, and others in the large cache also reveal the possible motivation for these lies. So-called journalists and researchers peddling the West's narrative appear to have a wide range of lucrative offers presented to them, as well as funding for them to continue doing the work they are already involved in. This of course is only the case so long as their narratives mesh with the institutions, corporations, and individuals cutting the checks. 
  • The e-mails reveal multiple correspondences regarding chemical weapons falling into the hands of terrorists aimed at using them in a false flag operation, Higgins' and Van Dyke's mutual "benefactor" located in Virginia, "near DC" (Langley, Virginia?), and job offers for Higgins from NGOs and a defense contractor involving "open source intelligence," the new buzzword used by Higgins and Whitaker in regards to the new form of propaganda they both participate in. 
  • While perhaps Higgins and company missed that CNN report, it is now revealed that at least Higgins, and several other journalists were told by an American contractor on the ground inside of Syria, that militants had gained access to chemical weapons and more importantly, were planning to use them in a false flag attack - this months before the August 21 attack in Damascus.   The Syrian Electronic Army (SEA) has released e-mails this week between American contractor Matthew Van Dyke and members of the Western media, including Higgins. The e-mails indicated that militants had chemical weapons and were planning to use them in an attack to frame the Syrian government - serving as impetus for wider foreign intervention. SEA's emails have been confirmed by Higgins himself in a series of self-incriminating tweets where he goes, point-by-point, attempting to provide explanations for the damning revelations. 
  • Why would Higgins even mention the possibility of a false flag attack, when all that would do is alienate him from the establishment he is so eagerly trying to be a part of? His recent piece in Foreign Policy and the Guardian's ceaseless promotion of his work are favors that demand reciprocation - in the form of toeing the line and selling a narrative Higgins and others know is deceitful.  That Higgins, the Guardian, and Foreign Policy are prepared to throw veteran journalist Seymour Hersh under the bus to protect their interests, gives us a look into the depths of depravity within which this "new" media Whitaker celebrates, operate.  Worst of all for the West, is that the transparency and accountability they claim to uphold, had to be kept in check by the SEA - an organization wanted by the FBI as "terrorists." We would be led to believe by the likes of Whitaker, Higgins, and Van Dyke that the Syrian government and their supporters are the villains, but in their own words and actions we see the truth. 
  • Note: The full extent of SEA's leaked e-mails exposes Van Dyke and the journalists he associates with as utterly depraved, deceitful, unprincipled individuals each driven by untethered greed and narcissism. The e-mails also reveal that "aid ships" are used to bring in weapons and foreign fighters, that the Syrians are almost entirely behind the government and that the so-called revolution was "fake." Van Dyke is exposed as having conspired to kill a man and his entire family over a trivial personal dispute and much, much more. Readers are encouraged to comb through the archives, and to follow SEA on Twitter  @Official_SEA16.
  • Paul Merrell on 08 Jan 14
     
    "Brown Moses" (Eliot Higgins) has been the principle source of "evidence" that the Assad government used chemical weapons, arguing strenuously that the "rebels" had no such capability. But the Syrian Electronic Army obtained a large number of emails between Higgins and an American mercenary working in Syria showing beyond doubt that Higgins had been put on notice in May 2013 -- months before the sarin gas attack near Damascus in late August -- that the "rebels" had sarin.   Oopsies!
3More

China summons US envoy over cyber-spying charges, vows retaliation - RT News - 0 views

rt.com/...60080-us-china-cyber-espionage surveillance state NSA China cyberwar
shared by Paul Merrell on 23 May 14 - No Cached
  • China has dismissed all US accusations of industrial cyber-espionage against five of its military officials and published proof that Washington is actually stealing data from China. Beijing also summoned the US ambassador for an explanation. Beijing reacted to Washington’s recent round of industrial espionage accusations by publishing its latest data on US cyber-attacks against China.
  • China’s National Computer Network Emergency Response Technical Team Coordination Center of China (NCNERTTCC) reported that during just two months, from March 19 to May 18, the US directly controlled 1.18 million host computers in China using 2,077 Trojan horse networks or botnet servers. According to the NCNERTTCC, over the last two months 135 host computers stationed in the US conducted 14,000 phishing operations against Chinese websites using for the attacks 563 phishing pages. The other hacking activities through the same period of time included 57,000 backdoor attacks, performed from 2,016 IP addresses in the US through backdoors implanted on 1,754 Chinese websites. The Chinese Foreign Ministry summoned the American ambassador to China for an explanation, urging him to drop all charges against China’s military officers. The meeting between Chinese Assistant Foreign Minister Zheng Zeguang and US Ambassador Max Baucus took place on Monday night, reported Xinhua.
  • Depending on further developments, China “will take further action on the so-called charges by the United States,” Zheng told Baucus. “The Chinese government and military and its associated personnel have never conducted or participated in the theft of trade secrets over the internet,” Zheng reportedly told Baucus as quoted by Xinhua.
2More

Wanted! Obama » CounterPunch: Tells the Facts, Names the Names - 0 views

www.counterpunch.org/...cyberwarfare-in-high-gear surveillance state Obama China U.S.-foreign-policy cyberwar
shared by Paul Merrell on 23 May 14 - No Cached
  • It is as though Edward Snowden’s disclosures had never been made, or the US practices in themselves perpetrated. Yet AG Holder with all the majesty of office declares China engaged in criminal economic espionage against America, even DOJ issuing “wanted” posters, pictures and names, of five army officers to stand trial in Pennsylvania for cyberattacks on US corporations and the Steelworkers’ Union. More like it would be, the International Criminal Court issuing an Obama “wanted” poster for war crimes that include intervention, regime change, and assassination, and the World Trade Organization (if it were not dominated already by the US) for the exact kind of espionage Holder charges against China. If we are to be symmetrical, how about a Beijing court issuing subpoenas, accompanied by “wanted” posters for five members of OTNS (Obama Team National Security), say, Clapper, Rice, Comey, Brennan, and Dempsey? The chance of US honoring the request for the extradition of its five, is about as slim as China honoring the request for extraditing, though at a lower functional level in policy making and execution, its five—perhaps selected at random, unless the US has hacked into the computers of, or placed informants in (or both)–the People’s Liberation Army (PLA Unit61398).
  • Paul Merrell on 23 May 14
     
    Interesting essay on the foolishness of the Obama Administrations criminal charges against five Chinese generals for cyber-espionage. 
4More

"Russian Invasion" - Screaming 'Wolf!' Strategy of Deception. Lies Repeated Umpteen Tim... - 0 views

www.globalresearch.ca/...5398403 war & peace U.S.-foreign-policy Ukraine propaganda lies
shared by Paul Merrell on 01 Sep 14 - No Cached
  • “The separatists are backed, trained, armed, financed by Russia. Russia determined that it had to be a little more overt in what it had already been doing, but it’s not really a shift.”Obama, 29 August 2014.  ”If you repeat a lie often enough, it becomes the truth.”  -  Joseph Goebbels (Hitler’s Propaganda Minister) Interestingly, most of us who are seeking the truth are primarily attempting to undo the lies – lies umpteen times repeated, lies about “Russian invasions”, first proclaimed by Poroshenko, Ukraine’s oligarch leader (sic), lies of Russia “not respecting Ukraine’s sovereignty”, demonization directed against President Putin, Malaysian airliners downed by Russia – and-so-on. The latest accusation is that JP Morgan and four other Wall Street banks have been hacked. And the culprit is…. Of, course Russia, according to the presstitute MSM.
  • It doesn’t matter whether what Poroshenko said and is repeated the world over was based on a translation error (according to the German Tagesschau, the German mainstream TV news) – or whether it is just a conventional lie continuously repeated until it becomes the truth à la Goebbels – the western bought propaganda machine takes full advantage of this hundreds of years old simple strategy of deception. The interesting part, however, is that hardly anyone on that very occasion is presenting the counter-weight, so to speak, namely to what extent Kiev is assisted by US paid mercenaries, CIA military and strategic advisers and their equipment, all paid for in one way or another by the State Department, CIA, or NATO. And these are facts. Not inventions for deception.
  • There is enough proof about who caused the 22 February 2014 coup (Maidan) – Madame Nuland, Kerry’s assistant, bragged about it at the Washington Press club – remember the US$ 5 billion “investment” in Ukraine’s regime change that cannot be let go down the drain because of the f….ing Europeans. She was caught hot-handed or hot-voiced on the phone with the US Ambassador in Kiev.  Ever since that infamous coup, the US / NATO and the EU have had their dirty hands in Kiev’s Nazi killer junta – otherwise the Kiev thugs would have never had either the courage or the military knowledge to advance to the Donbas area of Ukraine, where they were literally ordered to kill their brothers. Some of them with some conscience defected early on; then they were accompanied under threats of life by CIA ‘advisers’. Eventually they defected by the thousands because of lack of food and ammunition and the resulting low-low morale.
  • Paul Merrell on 01 Sep 14
     
    This article is mostly in line with what my ongoing monitoring of the actual situation in Ukraine and associated U.S. propaganda. Exception: there are signs during the last 24 hours that Germany's Angela Merkel is doing a big departure from the stance that the U.S. State Department wants her to take. That was predictable because Merkel has been lobbied strongly by German business, which emphatically does not want to participate in U.S. economic sanctions against Russia. Germany is already feeling a lot of economic pain from enforcing those sanctions. So Merkel is saying that peace in the Ukraine that does not harm Russia is necessary and that E.U. membership for Ukraine is unnecessary. I'm still watching for a U.S. response.
9More

Secret US cybersecurity report: encryption vital to protect private data | US news | Th... - 0 views

www.theguardian.com/...ect-data-cameron-paris-attacks surveillance-state NSA GCHQ encryption hypocrisy
shared by Paul Merrell on 17 Jan 15 - No Cached
  • A secret US cybersecurity report warned that government and private computers were being left vulnerable to online attacks from Russia, China and criminal gangs because encryption technologies were not being implemented fast enough. The advice, in a newly uncovered five-year forecast written in 2009, contrasts with the pledge made by David Cameron this week to crack down on encryption use by technology companies.
  • In the wake of the Paris terror attacks, the prime minister said there should be no “safe spaces for terrorists to communicate” or that British authorites could not access. Cameron, who landed in the US on Thursday night, is expected to urge Barack Obama to apply more pressure to tech giants, such as Apple, Google and Facebook, which have been expanding encrypted messaging for their millions of users since the revelations of mass NSA surveillance by the whistleblower Edward Snowden.
  • Cameron said the companies “need to work with us. They need also to demonstrate, which they do, that they have a social responsibility to fight the battle against terrorism. We shouldn’t allow safe spaces for terrorists to communicate. That’s a huge challenge but that’s certainly the right principle”. But the document from the US National Intelligence Council, which reports directly to the US director of national intelligence, made clear that encryption was the “best defence” for computer users to protect private data. Part of the cache given to the Guardian by Snowden was published in 2009 and gives a five-year forecast on the “global cyber threat to the US information infrastructure”. It covers communications, commercial and financial networks, and government and critical infrastructure systems. It was shared with GCHQ and made available to the agency’s staff through its intranet.
  • ...6 more annotations...
  • An unclassified table accompanying the report states that encryption is the “[b]est defense to protect data”, especially if made particularly strong through “multi-factor authentication” – similar to two-step verification used by Google and others for email – or biometrics. These measures remain all but impossible to crack, even for GCHQ and the NSA. The report warned: “Almost all current and potential adversaries – nations, criminal groups, terrorists, and individual hackers – now have the capability to exploit, and in some cases attack, unclassified access-controlled US and allied information systems.” It further noted that the “scale of detected compromises indicates organisations should assume that any controlled but unclassified networks of intelligence, operational or commercial value directly accessible from the internet are already potentially compromised by foreign adversaries”.
  • The report had some cause for optimism, especially in the light of Google and other US tech giants having in the months prior greatly increased their use of encryption efforts. “We assess with high confidence that security best practices applied to target networks would prevent the vast majority of intrusions,” it concluded. Official UK government security advice still recommends encryption among a range of other tools for effective network and information defence. However, end-to-end encryption – which means only the two people communicating with each other, and not the company carrying the message, can decode it – is problematic for intelligence agencies as it makes even warranted collection much more difficult.
  • The previous week, a day after the attack on the Charlie Hebdo office in Paris, the MI5 chief, Andrew Parker, called for new powers and warned that new technologies were making it harder to track extremists. In November, the head of GCHQ, Robert Hannigan, said US social media giants had become the “networks of choice” for terrorists. Chris Soghoian, principal senior policy analyst at the American Civil Liberties Union, said attempts by the British government to force US companies to weaken encryption faced many hurdles.
  • The Guardian, New York Times and ProPublica have previously reported the intelligence agencies’ broad efforts to undermine encryption and exploit rather than reveal vulnerabilities. This prompted Obama’s NSA review panel to warn that the agency’s conflicting missions caused problems, and so recommend that its cyber-security responsibilities be removed to prevent future issues.
  • The memo requested a renewal of the legal warrant allowing GCHQ to “modify” commercial software in violation of licensing agreements. The document cites examples of software the agency had hacked, including commonly used software to run web forums, and website administration tools. Such software are widely used by companies and individuals around the world. The document also said the agency had developed “capability against Cisco routers”, which would “allow us to re-route selected traffic across international links towards GCHQ’s passive collection systems”. GCHQ had also been working to “exploit” the anti-virus software Kaspersky, the document said. The report contained no information on the nature of the vulnerabilities found by the agency.
  • Michael Beckerman, president and CEO of the Internet Association, a lobby group that represents Facebook, Google, Reddit, Twitter, Yahoo and other tech companies, said: “Just as governments have a duty to protect to the public from threats, internet services have a duty to our users to ensure the security and privacy of their data. That’s why internet services have been increasing encryption security.”
8More

Obama to propose legislation to protect firms that share cyberthreat data - The Washing... - 0 views

www.washingtonpost.com/...4-bcfb-059ec7a93ddc_story.html surveillance state U.S. digital-privacy legislation
shared by Paul Merrell on 19 Jan 15 - No Cached
  • President Obama plans to announce legislation Tuesday that would shield companies from lawsuits for sharing computer threat data with the government in an effort to prevent cyber­attacks. On the heels of a destructive attack at Sony Pictures Entertainment and major breaches at JPMorgan Chase and retail chains, Obama is intent on capitalizing on the heightened sense of urgency to improve the security of the nation’s networks, officials said. “He’s been doing everything he can within his executive authority to move the ball on this,” said a senior administration official who spoke on the condition of anonymity to discuss legislation that has not yet been released. “We’ve got to get something in place that allows both industry and government to work more closely together.”
  • The legislation is part of a broader package, to be sent to Capitol Hill on Tuesday, that includes measures to help protect consumers and students against ­cyberattacks and to give law enforcement greater authority to combat cybercrime. The provision’s goal is to “enshrine in law liability protection for the private sector for them to share specific information — cyberthreat indicators — with the government,” the official said. Some analysts questioned the need for such legislation, saying there are adequate measures in place to enable sharing between companies and the government and among companies.
  • “We think the current information-sharing regime is adequate,” said Mark Jaycox, legislative analyst at the Electronic Frontier Foundation, a privacy group. “More companies need to use it, but the idea of broad legal immunity isn’t needed right now.” The administration official disagreed. The lack of such immunity is what prevents many companies from greater sharing of data with the government, the official said. “We have heard that time and time again,” the official said. The proposal, which builds on a 2011 administration bill, grants liability protection to companies that provide indicators of cyberattacks and threats to the Department of Homeland Security.
  • ...5 more annotations...
  • But in a provision likely to raise concerns from privacy advocates, the administration wants to require DHS to share that information “in as near real time as possible” with other government agencies that have a cybersecurity mission, the official said. Those include the National Security Agency, the Pentagon’s ­Cyber Command, the FBI and the Secret Service. “DHS needs to take an active lead role in ensuring that unnecessary personal information is not shared with intelligence authorities,” Jaycox said. The debates over government surveillance prompted by disclosures from former NSA contractor Edward Snowden have shown that “the agencies already have a tremendous amount of unnecessary information,” he said.
  • The administration official stressed that the legislation will require companies to remove unnecessary personal information before furnishing it to the government in order to qualify for liability protection. It also will impose limits on the use of the data for cybersecurity crimes and instances in which there is a threat of death or bodily harm, such as kidnapping, the official said. And it will require DHS and the attorney general to develop guidelines for the federal government’s use and retention of the data. It will not authorize a company to take offensive cyber-measures to defend itself, such as “hacking back” into a server or computer outside its own network to track a breach. The bill also will provide liability protection to companies that share data with private-sector-developed organizations set up specifically for that purpose. Called information sharing and analysis organizations, these groups often are set up by particular industries, such as banking, to facilitate the exchange of data and best practices.
  • Efforts to pass information-sharing legislation have stalled in the past five years, blocked primarily by privacy concerns. The package also contains provisions that would allow prosecution for the sale of botnets or access to armies of compromised computers that can be used to spread malware, would criminalize the overseas sale of stolen U.S. credit card and bank account numbers, would expand federal law enforcement authority to deter the sale of spyware used to stalk people or commit identity theft, and would give courts the authority to shut down botnets being used for criminal activity, such as denial-of-service attacks.
  • It would reaffirm that federal racketeering law applies to cybercrimes and amends the Computer Fraud and Abuse Act by ensuring that “insignificant conduct” does not fall within the scope of the statute. A third element of the package is legislation Obama proposed Monday to help protect consumers and students against cyberattacks. The theft of personal financial information “is a direct threat to the economic security of American families, and we’ve got to stop it,” Obama said. The plan, unveiled in a speech at the Federal Trade Commission, would require companies to notify customers within 30 days after the theft of personal information is discovered. Right now, data breaches are handled under a patchwork of state laws that the president said are confusing and costly to enforce. Obama’s plan would streamline those into one clear federal standard and bolster requirements for companies to notify customers. Obama is proposing closing loopholes to make it easier to track down cybercriminals overseas who steal and sell identities. “The more we do to protect consumer information and privacy, the harder it is for hackers to damage our businesses and hurt our economy,” he said.
  • In October, Obama signed an order to protect consumers from identity theft by strengthening security features in credit cards and the terminals that process them. Marc Rotenberg, executive director of the Electronic Privacy Information Center, said there is concern that a federal standard would “preempt stronger state laws” about how and when companies have to notify consumers. The Student Digital Privacy Act would ensure that data entered would be used only for educational purposes. It would prohibit companies from selling student data to third-party companies for purposes other than education. Obama also plans to introduce a Consumer Privacy Bill of Rights. And the White House will host a summit on cybersecurity and consumer protection on Feb. 13 at Stanford University.
6More

Proposed changes to US data collection fall short of NSA reformers' goals | US news | T... - 0 views

www.theguardian.com/...-data-collection-nsa-reformers surveillance state NSA-reform DNI Clapper voluntary-reforms
shared by Paul Merrell on 05 Feb 15 - No Cached
  • The US intelligence community has delivered a limited list of tweaks to how long it can hold information on ordinary citizens and hide secret trawls for data, responding to Barack Obama’s call for reform of its surveillance practices in the wake of revelations about NSA practices. Published by the office of the director of national intelligence, James Clapper, just six days before a recently announced visit to Washington by the German chancellor, Angela Merkel, the report is the culmination of a year-long effort to respond to revelations by whistleblower Edward Snowden.
  • But the report does not appear to address the role of telecommunications companies in collecting metadata and the use of encryption to prevent hacking, and privacy critics were quick to pounce on a year of promises with little reform to show. “It’s hard to see much ‘there’ there,” Senator Ron Wyden said in a statement. “When it comes to reforming intelligence programs and protecting Americans’ privacy, there is much, much more work to be done.” The outline from the intelligence community also appears to fall short of the legislative changes attempted by campaigners in Congress, focusing instead on measures to tighten internal guidelines and provide foreigners with some of the protections allowed for US citizens. These measures include:
  • Limiting how long personal data gathered from non-US citizens can be held to five years, so long as it is deemed not relevant to ongoing intelligence investigations. Asking Congress to provide some foreign nationals access to legal redress if their private information has been wilfully disclosed by US intelligence agencies. Limiting to three years how long the FBI can prevent disclosure of its surveillance activities using so-called national security letters, unless a special agent deems otherwise.
  • ...3 more annotations...
  • The official results of Obama’s call for surveillance reform also appear to have failed to address encryption. The FBI director, James Comey, and other officials have been highly critical of the use of encryption by tech companies such as Apple to protect their users’ information. Comey has argued that stronger encryption, baked in to some technology after the Snowden revelations, will aid criminals and terrorists and shut out law enforcement.
  • Other measures outlined in the new report include steps to clarify the protection given to whistleblowers if they follow internal rules and a requirement that “any significant compliance incident involving personal information, regardless of the person’s nationality” be reported to Clapper.
  • The intelligence report itself acknowledges that further reforms called for by the president, such as ending the collection of bulk data by the government, have not been implemented, possibly due to stalled legislative efforts in Congress.
3More

You Should Really Consider Installing Signal, an Encrypted Messaging App for iPhone - T... - 0 views

firstlook.org/...essaging-app-now-supports-text surveillance state encryption iPhone Android Open-Whisper
shared by Paul Merrell on 06 Mar 15 - No Cached
  • In the age of ubiquitous government surveillance, the only way citizens can protect their privacy online is through encryption. Historically, this has been extremely difficult for mere mortals; just watch the video Edward Snowden made to teach Glenn Greenwald how to encrypt his emails to see how confusing it gets. But all of this is quickly changing as high-quality, user-friendly encryption software becomes available. App maker Open Whisper Systems took an important step in this direction today with the release of a major new version of its Signal encrypted calling app for iPhones and iPads. The new version, Signal 2.0, folds in support for encrypted text messages using a protocol called TextSecure, meaning users can communicate using voice and text while remaining confident nothing can be intercepted in transit over the internet. That may not sound like a particularly big deal, given that other encrypted communication apps are available for iOS, but Signal 2.0 offers something tremendously useful: peace of mind. Unlike other text messaging products, Signal’s code is open source, meaning it can be inspected by experts, and the app also supports forward secrecy, so if an attacker steals your encryption key, they cannot go back and decrypt messages they may have collected in the past.
  • Signal is also one special place on the iPhone where users can be confident all their communications are always fully scrambled. Other apps with encryption tend to enter insecure modes at unpredictable times — unpredictable for many users, at least. Apple’s iMessage, for example, employs strong encryption, but only when communicating between two Apple devices and only when there is a proper data connection. Otherwise, iMessage falls back on insecure SMS messaging. iMessage also lacks forward secrecy and inspectable source code. Signal also offers the ability for power users to verify the identity of the people they’re talking to, confirming that the encryption isn’t under attack. With iMessage, you just have to take Apple’s word for it. Strong, reliable, predictably-applied encryption is especially important at a time when the world just found out, via a report by The Intercept, that American and British spies hacked into the world’s largest SIM card manufacturer and stole the encryption keys that are used to protect communication between handsets and cell phone towers. With these keys, spies can eavesdrop on phone calls and texts just by passively listening to the airwaves.
  • iPhone users can find Signal here. For Android users, the product is, at the moment, split into two apps: TextSecure for private texting and RedPhone for private voice calls. “We’re working towards a single unified Signal app for Android, iPhone and the desktop,” says Marlinspike. It’s important to keep in mind that no technology is 100 percent secure, and an encrypted messaging app can only be as secure as the device you install it on. Intelligence agencies and other hackers can still exploit security bugs that have not been fixed, known as zero day exploits, to take over smartphones and bypass the encryption that privacy apps employ. But apps like Signal go a long way to making mass surveillance of billions of innocent people infeasible.
4More

Maldives denies US kidnapped Russian credit card fraudster - The Rakyat Post - The Raky... - 0 views

www.therakyatpost.com/...-russian-credit-card-fraudster rendition Russia Maldives
shared by Paul Merrell on 10 Jul 14 - No Cached
  • The Maldives has said it acted alone to expel a Russian national suspected by the US of being one of the world’s most prolific traffickers of stolen credit cards. President Abdulla Yameen denied a claim by Moscow that the United States had abducted Roman Seleznev from the Maldives and taken him to the American territory of Guam. Yameen told reporters that Maldives police, acting on an Interpol arrest warrant, had moved against 30-year-old Seleznev during the weekend.
  • he US Justice Department said on Monday that Seleznev was arrested and taken to Guam, although the details of his seizure were not known. He is charged with hacking into retail computer systems and installing malicious software to steal credit card numbers in a scheme that operated between October 2009 and February 2011. Seleznev and his partners stole over 200,000 credit card numbers, with bank losses from the scheme estimated at over US$1.1 million, according to a 2011 indictment.
  • The Russian foreign ministry said Seleznev’s detention was a “hostile step”, adding that Russian diplomatic missions had not been notified of his arrest.
  • ...1 more annotation...
  • The Maldivian Home Ministry, in a brief statement, said the suspect was “sent from the Maldives” in response to an Interpol red notice for his arrest. “Since the Maldives is a member state of Interpol… the Maldives attaches the utmost importance to the ‘red notices’ issued by the organisation,” it said.
11More

WASHINGTON: CIA admits it broke into Senate computers; senators call for spy chief's ou... - 0 views

www.mcclatchydc.com/...-staffers-accessed-senate.html surveillance state CIA torture Senate-Intelligence_Committee-Report Brennan
shared by Paul Merrell on 01 Aug 14 - No Cached
  • An internal CIA investigation confirmed allegations that agency personnel improperly intruded into a protected database used by Senate Intelligence Committee staff to compile a scathing report on the agency’s detention and interrogation program, prompting bipartisan outrage and at least two calls for spy chief John Brennan to resign.“This is very, very serious, and I will tell you, as a member of the committee, someone who has great respect for the CIA, I am extremely disappointed in the actions of the agents of the CIA who carried out this breach of the committee’s computers,” said Sen. Saxby Chambliss, R-Ga., the committee’s vice chairman.
  • The rare display of bipartisan fury followed a three-hour private briefing by Inspector General David Buckley. His investigation revealed that five CIA employees, two lawyers and three information technology specialists improperly accessed or “caused access” to a database that only committee staff were permitted to use.Buckley’s inquiry also determined that a CIA crimes report to the Justice Department alleging that the panel staff removed classified documents from a top-secret facility without authorization was based on “inaccurate information,” according to a summary of the findings prepared for the Senate and House intelligence committees and released by the CIA.In other conclusions, Buckley found that CIA security officers conducted keyword searches of the emails of staffers of the committee’s Democratic majority _ and reviewed some of them _ and that the three CIA information technology specialists showed “a lack of candor” in interviews with Buckley’s office.
  • The inspector general’s summary did not say who may have ordered the intrusion or when senior CIA officials learned of it.Following the briefing, some senators struggled to maintain their composure over what they saw as a violation of the constitutional separation of powers between an executive branch agency and its congressional overseers.“We’re the only people watching these organizations, and if we can’t rely on the information that we’re given as being accurate, then it makes a mockery of the entire oversight function,” said Sen. Angus King, an independent from Maine who caucuses with the Democrats.The findings confirmed charges by the committee chairwoman, Sen. Dianne Feinstein, D-Calif., that the CIA intruded into the database that by agreement was to be used by her staffers compiling the report on the harsh interrogation methods used by the agency on suspected terrorists held in secret overseas prisons under the George W. Bush administration.The findings also contradicted Brennan’s denials of Feinstein’s allegations, prompting two panel members, Sens. Mark Udall, D-Colo., and Martin Heinrich, D-N.M., to demand that the spy chief resign.
  • ...7 more annotations...
  • Another committee member, Sen. Ron Wyden, D-Ore., and some civil rights groups called for a fuller investigation. The demands clashed with a desire by President Barack Obama, other lawmakers and the CIA to move beyond the controversy over the “enhanced interrogation program” after Feinstein releases her committee’s report, which could come as soon as next weekMany members demanded that Brennan explain his earlier denial that the CIA had accessed the Senate committee database.“Director Brennan should make a very public explanation and correction of what he said,” said Sen. Carl Levin, D-Mich. He all but accused the Justice Department of a coverup by deciding not to pursue a criminal investigation into the CIA’s intrusion.
  • “I thought there might have been information that was produced after the department reached their conclusion,” he said. “What I understand, they have all of the information which the IG has.”He hinted that the scandal goes further than the individuals cited in Buckley’s report.“I think it’s very clear that CIA people knew exactly what they were doing and either knew or should’ve known,” said Levin, adding that he thought that Buckley’s findings should be referred to the Justice Department.A person with knowledge of the issue insisted that the CIA personnel who improperly accessed the database “acted in good faith,” believing that they were empowered to do so because they believed there had been a security violation.“There was no malicious intent. They acted in good faith believing they had the legal standing to do so,” said the knowledgeable person, who asked not to be further identified because they weren’t authorized to discuss the issue publicly. “But it did not conform with the legal agreement reached with the Senate committee.”
  • Feinstein called Brennan’s apology and his decision to submit Buckley’s findings to the accountability board “positive first steps.”“This IG report corrects the record and it is my understanding that a declassified report will be made available to the public shortly,” she said in a statement.“The investigation confirmed what I said on the Senate floor in March _ CIA personnel inappropriately searched Senate Intelligence Committee computers in violation of an agreement we had reached, and I believe in violation of the constitutional separation of powers,” she said.It was not clear why Feinstein didn’t repeat her charges from March that the agency also may have broken the law and had sought to “thwart” her investigation into the CIA’s use of waterboarding, which simulates drowning, sleep deprivation and other harsh interrogation methods _ tactics denounced by many experts as torture.
  • Buckley’s findings clashed with denials by Brennan that he issued only hours after Feinstein’s blistering Senate speech.“As far as the allegations of, you know, CIA hacking into, you know, Senate computers, nothing could be further from the truth. I mean, we wouldn’t do that. I mean, that’s _ that’s just beyond the _ you know, the scope of reason in terms of what we would do,” he said in an appearance at the Council on Foreign Relations.White House Press Secretary Josh Earnest issued a strong defense of Brennan, crediting him with playing an “instrumental role” in the administration’s fight against terrorism, in launching Buckley’s investigation and in looking for ways to prevent such occurrences in the future.Earnest was asked at a news briefing whether there was a credibility issue for Brennan, given his forceful denial in March.“Not at all,” he replied, adding that Brennan had suggested the inspector general’s investigation in the first place. And, he added, Brennan had taken the further step of appointing the accountability board to review the situation and the conduct of those accused of acting improperly to “ensure that they are properly held accountable for that conduct.”
  • The allegations and the separate CIA charge that the committee staff removed classified documents from the secret CIA facility in Northern Virginia without authorization were referred to the Justice Department for investigation.The department earlier this month announced that it had found insufficient evidence on which to proceed with criminal probes into either matter “at this time.” Thursday, Justice Department officials declined comment.
  • In her speech, Feinstein asserted that her staff found the material _ known as the Panetta review, after former CIA Director Leon Panetta, who ordered it _ in the protected database and that the CIA discovered the staff had it by monitoring its computers in violation of the user agreement.The inspector general’s summary, which was prepared for the Senate and the House intelligence committees, didn’t identify the CIA personnel who had accessed the Senate’s protected database.Furthermore, it said, the CIA crimes report to the Justice Department alleging that panel staffers had removed classified materials without permission was grounded on inaccurate information. The report is believed to have been sent by the CIA’s then acting general counsel, Robert Eatinger, who was a legal adviser to the interrogation program.“The factual basis for the referral was not supported, as the author of the referral had been provided inaccurate information on which the letter was based,” said the summary, noting that the Justice Department decided not to pursue the issue.
  • Christopher Anders, senior legislative counsel with the American Civil Liberties Union, criticized the CIA announcement, saying that “an apology isn’t enough.”“The Justice Department must refer the (CIA) inspector general’s report to a federal prosecutor for a full investigation into any crimes by CIA personnel or contractors,” said Anders.
  • Paul Merrell on 01 Aug 14
     
    And no one but the lowest ranking staffer knew anything about it, not even the CIA lawyer who made the criminal referral to the Justice Dept., alleging that the Senate Intelligence Committee had accessed classified documents it wasn't authorized to access. So the Justice Dept. announces that there's insufficient evidence to warrant a criminal investigation. As though the CIA lawyer's allegations were not based on the unlawful surveillance of the Senate Intelligence Committee's network.  Can't we just get an official announcement that Attorney General Holder has decided that there shall be a cover-up? 
3More

Remaining Snowden docs will be released to avert 'unspecified US war' - ‪Cryp... - 0 views

www.theregister.co.uk/..._release_to_avert_war_cryptome surveillance state Snoden-docs bulk-release Cryptome
shared by Paul Merrell on 02 Jul 14 - No Cached
  • All the remaining Snowden documents will be released next month, according t‪o‬ whistle-blowing site ‪Cryptome, which said in a tweet that the release of the info by unnamed third parties would be necessary to head off an unnamed "war".‬‪Cryptome‬ said it would "aid and abet" the release of "57K to 1.7M" new documents that had been "withheld for national security-public debate [sic]". <a href="http://pubads.g.doubleclick.net/gampad/jump?iu=/6978/reg_security/front&sz=300x250%7C300x600&tile=3&c=33U7RchawQrMoAAHIac14AAAKH&t=ct%3Dns%26unitnum%3D3%26unitname%3Dwww_top_mpu%26pos%3Dtop%26test%3D0" target="_blank"> <img src="http://pubads.g.doubleclick.net/gampad/ad?iu=/6978/reg_security/front&sz=300x250%7C300x600&tile=3&c=33U7RchawQrMoAAHIac14AAAKH&t=ct%3Dns%26unitnum%3D3%26unitname%3Dwww_top_mpu%26pos%3Dtop%26test%3D0" alt=""></a> The site clarified that will not be publishing the documents itself.Transparency activists would welcome such a release but such a move would be heavily criticised by inteligence agencies and military officials, who argue that Snowden's dump of secret documents has set US and allied (especially British) intelligence efforts back by years.
  • As things stand, the flow of Snowden disclosures is controlled by those who have access to the Sn‪o‬wden archive, which might possibly include Snowden confidants such as Glenn Greenwald and Laura Poitras. In some cases, even when these people release information to mainstream media organisations, it is then suppressed by these organisations after negotiation with the authorities. (In one such case, some key facts were later revealed by the Register.)"July is when war begins unless headed off by Snowden full release of crippling intel. After war begins not a chance of release," Cryptome tweeted on its official feed."Warmongerers are on a rampage. So, yes, citizens holding Snowden docs will do the right thing," it said.
  • "For more on Snowden docs release in July watch for Ellsberg, special guest and others at HOPE, July 18-20: http://www.hope.net/schedule.html," it added.HOPE (Hackers On Planet Earth) is a well-regarded and long-running hacking conference organised by 2600 magazine. Previous speakers at the event have included Kevin Mitnick, Steve Wozniak and Jello Biafra.In other developments, ‪Cryptome‬ has started a Kickstarter fund to release its entire archive in the form of a USB stick archive. It wants t‪o‬ raise $100,000 to help it achieve its goal. More than $14,000 has already been raised.The funding drive follows a dispute between ‪Cryptome‬ and its host Network Solutions, which is owned by web.com. Access to the site was bl‪o‬cked f‪o‬ll‪o‬wing a malware infection last week. ‪Cryptome‬ f‪o‬under J‪o‬hn Y‪o‬ung criticised the host, claiming it had ‪o‬ver-reacted and had been sl‪o‬w t‪o‬ rest‪o‬re access t‪o‬ the site, which ‪Cryptome‬ criticised as a form of cens‪o‬rship.In resp‪o‬nse, ‪Cryptome‬ plans to more widely distribute its content across multiple sites as well as releasing the planned USB stick archive. ®
« First ‹ Previous 161 - 180 of 191 Next ›
Showing 20 items per page