Third rule of the internet

June 2, 2012

in Bombs and rockets, Canada, Geek stuff, Internet matters, Law, Politics, Rants, Security

Following up on rules one and two, it seems appropriate to add a third: “You should probably worry more about being attacked online by your own government than by any other organization”.

This is really an extension of the point about how governments are more dangerous than terrorists and how institutions of armed power need oversight.

Based on the open source intelligence available, we have to assume that governments all over the world are constantly monitoring the activity of their citizens online, for reasons both reasonably benign and exceedingly nefarious. It is worth remembering that even if the official purpose of a surveillance program is acceptable, it can be abused by anyone who gains access to it for purposes that may be very dubious. Hackers and rogue government agents are well positioned to use internet surveillance to rob or blackmail people, for instance. It is also worth remembering that data is not only being monitored in real time; it is also being archived for unknown future purposes.

Tools for privacy

Thankfully, we do have some tools to make this ubiquitous surveillance more difficult to carry out. You probably cannot encrypt your hard drive well enough to protect the contents if government agents grab it, but you can encrypt your online communications sufficiently well to make it at least challenging to decrypt them. The more people streaming gigabytes of data via encrypted HTTPS connections, the less feasible it is to archive and crack internet traffic taken all in all.

You can also use tools like Tor. People should be willing to assert their right to anonymous communication.

Report a typo or inaccuracy

{ 81 comments… read them below or add one }

. June 2, 2012 at 5:52 pm

Backdoor Found In Hacked Version of Anti-Censorship Tool Simurgh

“Simurgh, a privacy tool used in Iran and Syria to bypass Internet censorship and governmental monitoring, is being circulated with a backdoor. The compromised version has been offered on P2P networks and via web searches. Research conducted by has shown that the malicious version isn’t available from the original software source, only through third-party access, so it appears that Simurgh has been repackaged. The troubling aspect of the malicious version is that while it does install the proxy as expected, it then adds a keylogging component, and ships the recorded information off to a server hosted in the U.S. and registered to a person in Saudi Arabia. In response to this attack, the team that develops Simurgh has instituted a check that will warn the user if they are running a compromised version of the software. At present, it is unknown who developed the hijacked version of Simurgh, or why they did so.”

. June 2, 2012 at 6:29 pm

A new and fast spreading malware tipped to already dwarf the notorious Stuxnet has been identified, codenamed Flame and believed to be state-run cyberespionage affecting PCs in Iran and nearby countries. Spotted by Kaspersky Lab, “Worm.Win32.Flame” blends features from backdoor, trojan and worm malware, and once surreptitiously loaded onto a target machine can monitor network traffic, local use, grab screenshots and record audio, sending all that data back to its home servers. Believed to be active from at least March 2010, Flame is tipped to be 20x more prevalent than Stuxnet.

Iran is the most common place Kaspersky have discovered Flame, but it’s also been discovered in Israel, Palestine, the Sudan, Syria, Lebanon, Saudi Arabia and Egypt; there are “probably thousands of victims worldwide” the researchers estimate. Interestingly, there’s a broad spread of targeted computers, across academia, private companies, specific individuals and others; the operators appear to be cleaning up after themselves, too, only leaving Flame active on the most interesting machines, and deleting it from those with little worth.

What has researchers particularly concerned is the scale of Flame’s monitoring abilities. Rather than merely recording VoIP calls, the malware can turn on the PC’s microphone and surreptitiously begin its own recordings, for instance, while screenshots are taken when “interesting” apps, such as instant messaging clients, are on-screen. Meanwhile, if the computer has Bluetooth, it can scan for nearby devices and then use the short-range wireless technology to create secret peer-to-peer connections while embedding details on Flame’s status in the “discoverable device” information.

. June 2, 2012 at 6:30 pm
. June 19, 2012 at 10:26 am

Google: government requests to censor content “alarming”

RUSSELS (Reuters) – Google has received more than 1,000 requests from authorities to take down content from its search results or YouTube video in the last six months of 2011, the company said on Monday, denouncing what it said was an alarming trend.

In its twice-yearly Transparency Report, the world’s largest web search engine said the requests were aimed at having some 12,000 items overall removed, about a quarter more than during the first half of last year.

“Unfortunately, what we’ve seen over the past couple years has been troubling, and today is no different,” Dorothy Chou, the search engine’s senior policy analyst, said in a blogpost. “We hoped this was an aberration. But now we know it’s not.”

Many of those requests targeted political speech, keeping up a trend Google said it has noticed since it started releasing its Transparency Report in 2010.

. June 21, 2012 at 5:42 pm

The Failure of Anti-Virus Companies to Catch Military Malware

It isn’t just the military that tests their malware against commercial defense products; criminals do it, too. Virus and worm writers do it. Spam writers do it. This is the never-ending arms race between attacker and defender, and it’s been going on for decades. Probably the people who wrote Flame had a larger budget than a large-scale criminal organization, but their evasive techniques weren’t magically better. Note that F-Secure and others had samples of Flame; they just didn’t do anything about them.

I think the difference has more to do with the ways in which these military malware programs spread. That is, slowly and stealthily. It was never a priority to understand — and then write signatures to detect — the Flame samples because they were never considered a problem. Maybe they were classified as a one-off. Or as an anomaly. I don’t know, but it seems clear that conventional non-military malware writers that want to evade detection should adopt the propagation techniques of Flame, Stuxnet, and DuQu.

. July 20, 2012 at 4:00 pm
. August 22, 2012 at 12:18 pm

I spy

SIR – One thing to bear in mind about cybersecurity concerns posed by telecoms-equipment firms (“The company that spooked the world”, August 4th) is that most communications surveillance is carried out by governments eavesdropping on their own citizens. Authorities are increasingly insisting that telecoms gear (and services like Skype) should allow for the lawful interception of communications. Once these rules are in place they can be subverted for unauthorised spying.

Ericsson’s phone exchanges, used by Vodafone’s network in Greece, were accessed in 2004 to spy on the Greek prime minister and other top officials. The noise Western governments make about Chinese companies like Huawei and ZTE is more about control rather than a genuine concern about privacy.

Professor Diomidis Spinellis
Athens University of Economics and Business

. August 24, 2012 at 2:39 pm

A good general principle would be to afford data stored in a private e-mail account as much protection as letters stored in a locked desk drawer—that is, law-enforcement agencies wanting to get a look at them should need a warrant. Internet and mobile-phone companies, and the agencies that get data from them, must be subject to proper reporting requirements. Only if people know more clearly what information is being collected about whom, and to what uses it is being put, can they judge whether the benefits of greater safety the surveillance state has brought them are worth the huge loss of privacy they have suffered as a result.

. August 24, 2012 at 2:40 pm

Government surveillance
Little peepers everywhere
America’s laws governing digital and mobile surveillance are an unholy mess

Jul 21st 2012 | SAN FRANCISCO AND WASHINGTON, DC | from the print edition

. August 29, 2012 at 12:05 am

Big Brother on a budget: How Internet surveillance got so cheap

Deep packet inspection, petabyte-scale analytics create a “CCTV for networks.”

When Libyan rebels finally wrested control of the country last year away from its mercurial dictator, they discovered the Qaddafi regime had received an unusual gift from its allies: foreign firms had supplied technology that allowed security forces to track nearly all of the online activities of the country’s 100,000 Internet users. That technology, supplied by a subsidiary of the French IT firm Bull, used a technique called deep packet inspection (DPI) to capture e-mails, chat messages, and Web visits of Libyan citizens.

The fact that the Qaddafi regime was using deep packet inspection technology wasn’t surprising. Many governments have invested heavily in packet inspection and related technologies, which allow them to build a picture of what passes through their networks and what comes in from beyond their borders. The tools secure networks from attack—and help keep tabs on citizens.

Narus, a subsidiary of Boeing, supplies “cyber analytics” to a customer base largely made up of government agencies and network carriers. Neil Harrington, the company’s director of product management for cyber analytics, said that his company’s “enterprise” customers—agencies of the US government and large telecommunications companies—are ”more interested in what’s going on inside their networks” for security reasons. But some of Narus’ other customers, like Middle Eastern governments that own their nations’ connections to the global Internet or control the companies that provide them, “are more interested in what people are doing on Facebook and Twitter.”

. September 4, 2012 at 4:27 pm

FinSpy Commercial Spyware Abused By Governments

“The NY Times has a story about FinSpy, a commercial spyware package sold ‘only for law enforcement purposes,’ being used by governments to spy on dissidents, journalists, and others. Two U.S. computer experts, Morgan Marquis-Boire from Google, and Bill Marczak, a PhD student in Computer Science, have been tracking it down around the world. ‘The software proved to be the stuff of a spy film: it can grab images of computer screens, record Skype chats, turn on cameras and microphones and log keystrokes. The two men said they discovered mobile versions of the spyware customized for all major mobile phones. But what made the software especially sophisticated was how well it avoided detection. Its creators specifically engineered it to elude antivirus software made by Kaspersky Lab, Symantec, F-Secure and others.'”

. September 7, 2012 at 5:12 pm

Sir Tim Berners-Lee Accuses UK Government of “Draconian Internet Snooping”

“According to British daily The Telegraph, Sir Tim Berners-Lee has warned that plans to monitor individuals’ use of the internet would result in Britain losing its reputation as an upholder of web freedom. The plans, by Home Secretary Theresa May, would force British ISPs and other service providers to keep records of every phone call, email and website visit in Britain. Sir Tim has told the Times: ‘In Britain, like in the US, there has been a series of Bills that would give government very strong powers to, for example, collect data. I am worried about that.’ Sir Tim has also warned that the UK may wind up slipping down the list of countries with the most Internet freedom, if the proposed data-snooping laws pass parliament. The draft bill extends the type of data that internet service providers must store for at least 12 months. Providers would also be required to keep details of a much wider set of data, including use of social network sites, webmail and voice calls over the internet.”

. September 15, 2012 at 7:39 pm

Cops might finally need a warrant to read your Gmail

Major surveillance law change arrives in the Senate—and it might well pass.

Right now, if the cops want to read my e-mail, it’s pretty trivial for them to do so. All they have to do is ask my online e-mail provider. But a new bill set to be introduced Thursday in the Senate Judiciary Committee by its chair, Sen. Patrick Leahy (D-VT), seems to stand the best chance of finally changing that situation and giving e-mail stored on remote servers the same privacy protections as e-mail stored on one’s home computer.

When Congress passed the 1986 Electronic Communications Privacy Act (ECPA), a time when massive online storage of e-mail was essentially unimaginable, it was presumed that if you hadn’t actually bothered to download your e-mail, it could be considered “abandoned” after 180 days. By that logic, law enforcement would not need a warrant to go to the e-mail provider or ISP to get the messages that are older than 180 days; police only need to show that they have “reasonable grounds to believe” the information gathered would be useful in an investigation. Many Americans and legal scholars have found this standard, in today’s world, problematic.

Leahy, who was one of ECPA’s original authors, proposed similar changes in May 2011, but that was never even brought to a vote in the committee. The new version, which keeps the most important element of the 2011 proposal, will be incorporated into a larger bill aimed at revising the 1988 Video Privacy Protection Act (VPPA).

anon September 19, 2012 at 10:40 pm

Stellar Wind (code name)
From Wikipedia, the free encyclopedia

Stellar Wind is the open secret code name for certain information collection activities performed by the United States’ National Security Agency and revealed by Thomas M. Tamm to New York Times reporters James Risen and Eric Lichtblau. The operation was approved by President George W. Bush shortly after the September 11 attacks in 2001.

The program’s activities involve data mining of a large database of the communications of American citizens, including e-mail communications, phone conversations, financial transactions, and Internet activity.

anon September 19, 2012 at 10:44 pm

Stratfor emails reveal secret, widespread TrapWire surveillance system

Published: 10 August, 2012, 11:23
Edited: 11 August, 2012, 01:35

Former senior intelligence officials have created a detailed surveillance system more accurate than modern facial recognition technology — and have installed it across the US under the radar of most Americans, according to emails hacked by Anonymous.

Every few seconds, data picked up at surveillance points in major cities and landmarks across the United States are recorded digitally on the spot, then encrypted and instantaneously delivered to a fortified central database center at an undisclosed location to be aggregated with other intelligence. It’s part of a program called TrapWire and it’s the brainchild of the Abraxas, a Northern Virginia company staffed with elite from America’s intelligence community. The employee roster at Arbaxas reads like a who’s who of agents once with the Pentagon, CIA and other government entities according to their public LinkedIn profiles, and the corporation’s ties are assumed to go deeper than even documented.

The details on Abraxas and, to an even greater extent TrapWire, are scarce, however, and not without reason. For a program touted as a tool to thwart terrorism and monitor activity meant to be under wraps, its understandable that Abraxas would want the program’s public presence to be relatively limited. But thanks to last year’s hack of the Strategic Forecasting intelligence agency, or Stratfor, all of that is quickly changing.

anon September 19, 2012 at 10:47 pm

Trailblazer Project
From Wikipedia, the free encyclopedia

Trailblazer was a United States National Security Agency (NSA) program intended to develop a capability to analyze data carried on communications networks like the Internet. It was intended to track entities using communication methods such as cell phones and e-mail. It ran over budget, failed to accomplish critical goals, and was cancelled.

NSA whistleblowers J. Kirk Wiebe, William Binney, Ed Loomis, and House Permanent Select Committee on Intelligence staffer Diane Roark complained to the Department of Defense’s Inspector General (IG) about waste, fraud, and abuse in the program, and the fact that a successful operating prototype existed, but was ignored when the Trailblazer program was launched. The complaint was accepted by the IG and an investigation began that lasted until mid-2005 when the final results were issued. The results were largely hidden, as the report given to the public was heavily (90%) redacted, while the original report was heavily classified, thus restricting the ability of most people to see it.

. September 22, 2012 at 8:56 pm

The Spies We Trust: Third Party Service Providers and Law Enforcement Surveillance
Christopher Soghoian
Ph.D. Dissertation, August 2012.

Can You See Me Now: Toward Reasonable Standards for Law Enforcement Access to Location Data that Congress Could Enact
Stephanie K. Pell and Christopher Soghoian
Berkeley Technology Law Journal, Vol. 27, 2012.

The Law Enforcement Surveillance Reporting Gap
Christopher Soghoian
Unpublished Draft

An End to Privacy Theater: Exposing and Discouraging Corporate Disclosure of User Data to the Government
Christopher Soghoian
Minnesota Journal of Law, Science & Technology Vol. 12, No. 1, 2011.

Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL
Christopher Soghoian and Sid Stamm
Financial Cryptography and Data Security ’11 March 2011.

Caught in the Cloud: Privacy, Encryption, and Government Back Doors in the Web 2.0 Era
Christopher Soghoian
Journal on Telecommunications and High Technology Law, Vol. 8, No. 2, 2010.

anon September 28, 2012 at 9:38 am

Pine Gap
From Wikipedia, the free encyclopedia

Pine Gap is the commonly used name for a satellite tracking station at 23.799°S 133.737°E, some 18 kilometres (11 mi) south-west of the town of Alice Springs in the centre of Australia which is operated by both Australia and the United States. The facility has become a key part of the local economy.

It consists of a large computer complex with eight radomes protecting antennas and has over 800 employees. It is officially called the Joint Defence Facility Pine Gap since 1988; previously, it was known as Joint Defence Space Research Facility.[2] It is believed to be one of the largest ECHELON ground stations and appears to be physically and operationally similar to the American signals intelligence facilities at Buckley Air Force Base, Colorado and RAF Menwith Hill, United Kingdom. United States government personnel at Pine Gap are believed to be mostly from the National Security Agency and subordinate service-associated agencies as well as the Central Intelligence Agency.

. October 10, 2012 at 4:13 pm

In July of this year, Morgan Marquis-Boire and Bill Marczak published analysis of what appeared to be FinSpy, a commercial trojan from the FinFisher suite of surveillance tools sold by Gamma Group International. Their report, From Bahrain with Love: FinFisher’s Spykit Exposed? ( , presented evidence consistent with the use of FinSpy to target Bahraini dissidents, both within Bahrain and abroad. A range of other companies sell surveillance backdoors and vulnerabilities for what they describe as “lawful intercept tools.”

Recently, CSO magazine published an article reporting on claims by anti-virus company Dr Web that a backdoor known as “Crisis” or “DaVinci” was, in fact, the commercial surveillance tool “Remote Control System” sold by a Milan, Italy-based lawful intercept vendor known as Hacking Team. According to an article published by Slate magazine, the same backdoor was used to target the Moroccan citizen journalist group, Mamfakinch.

This report examines the targeting of Mamfakinch and evidence suggesting that the same commercial surveillance toolkit described in these articles appears to have also been used in a recent campaign targeting Ahmed Mansoor, a human rights activist based in the UAE. Additionally, it examines the possibility that a vulnerability linked to the French company, VUPEN, was used as the vector for intrusion into Ahmed Mansoor’s online presence.


Read the full research brief ( .

Read the Bloomberg news article ( .

. October 13, 2012 at 3:16 pm

Canada’s Spy Groups Divulge Secret Intelligence to Energy Companies

Documents raise fears that info on environmentalists, Indigenous groups and more shared with industry at biannual, secret-level, briefings.

by Tim Groves

TORONTO—The Canadian government has been orchestrating briefings that provide energy companies with classified intelligence from the Canadian Security Intelligence Service, the RCMP and other agencies, raising concerns that federal officials are spying on environmentalists and First Nations in order to provide information to the businesses they criticize.

The secret-level briefings have taken place twice a year since 2005, and are detailed in documents obtained under the Access to Information Act, and in publicly-available government files.

The draft agenda for one of the briefings, acquired by The Dominion, shows that the RCMP and CSIS assisted the department of Natural Resources in organizing a daylong event on November 25, 2010, at CSIS headquarters in Ottawa, and a networking reception the previous night at the Chateau Laurier.

. October 13, 2012 at 3:19 pm

UK surveillance bill: 19,000 letters opposing, 0 in favour

The Snooper’s Charter is Britain’s pending Internet surveillance law, which requires ISPs, online services and telcoms companies to retain enormous amounts of private online transactions, and to hand them over to government and law enforcement employees without a warrant. A public campaign on the bill had 19,000 responses, every one of which opposed the legislation. 19,000 against, 0 for. The question is, will the government (which ran in part by opposing similar legislation proposed by the previous Labour government) actually pay attention?

. October 22, 2012 at 1:56 pm

Privacy app puts the spooks on edge

Ryan Gallagher

Lately, Mike Janke has been getting what he calls the “hairy eyeball” from international government agencies. The 44-year-old former Navy SEAL commando, together with two of the world’s most renowned cryptographers, was always bound to ruffle some high-level feathers with his new project – a surveillance-resistant communications platform that makes complex encryption so simple your grandmother can use it.

This week, after more than two years of preparation, the finished product has hit the market. Named Silent Circle, it is in essence a series of applications that can be used on a mobile device to encrypt communications – text messages plus voice and video calls. Currently, apps for the iPhone and iPad are available, with versions for Windows, Galaxy, Nexus and Android in the works. An email service is also soon scheduled to launch.

The encryption is peer to peer, which means that Silent Circle doesn’t centrally hold a key that can be used to decrypt people’s messages or phone calls. Each phone generates a unique key every time a call is made, then deletes it straight after the call finishes. When sending text messages or images, there is even a “burn” function, which allows you to set a time limit on anything you send to another Silent Circle user – a bit like how “this tape will self-destruct” goes down in Mission: Impossible but without the smoke or fire.

. December 2, 2012 at 9:22 pm

I’ve been thinking a lot about how information technology, and the Internet in particular, is becoming a tool for oppressive governments. As Evgeny Morozov describes in his great book The Net Delusion: The Dark Side of Internet Freedom, repressive regimes all over the world are using the Internet to more efficiently implement surveillance, censorship, and propaganda. And they’re getting really good at it.

For a lot of us who imagined that the Internet would spark an inevitable wave of Internet freedom, this has come as a bit of a surprise. But it turns out that information technology is not just a tool for freedom-fighting rebels under oppressive governments, it’s also a tool for those oppressive governments. Basically, IT magnifies power; the more power you have, the more it can be magnified in IT.

. December 26, 2012 at 7:49 pm

There is, finally, a powerful political reason to introduce strong end-to-end encryption now, beyond the obvious benefits for individual users. The FBI, which fears that its digital wiretaps will “go dark” as encrypted communications become more popular, has been quietly but vigorously promoting an update to the Communications Assistance for Law Enforcement Act to cover providers of online communication services like Google and Skype. Just as phone companies have to build wiretap capability into their networks, they want Skype and Google to build in centralized backdoors for law enforcement: Strong end-to-end encryption would be out, as companies would be required to hold copies of the keys to all “secure” communications for police convenience. This myopic move would drastically reduce the security of everyone’s communications in the name of making it a bit easier to spy on a tiny handful of criminals. It’s also unlikely to do much good: If criminals know that Google can’t offer truly secure communications, there’s no way to stop them from simply employing their own unbreakable encryption.

. December 28, 2012 at 3:28 pm

On Friday morning, the Senate renewed the FISA Amendments Act (PDF), which allows for warrantless electronic eavesdropping, for an additional five years. The act, which was originally passed by Congress in 2008, allows law enforcement agencies to access private communications as long as one participant in the communications could reasonably be believed to be outside the United States. This law has been the subject of a federal lawsuit, and was argued before the Supreme Court recently. ‘The legislation does not require the government to identify the target or facility to be monitored. It can begin surveillance a week before making the request, and the surveillance can continue during the appeals process if, in a rare case, the secret FISA court rejects the surveillance application. The court’s rulings are not public.

. April 6, 2013 at 12:22 pm

Hype and fear

America is leading the way in developing doctrines for cyber-warfare. Other countries may follow, but the value of offensive capabilities is overrated

. April 12, 2013 at 5:33 pm

While the original analog phreaker playground may be long gone, its digital descendants have evolved into playgrounds for insiders, whose activities we only hear about in whispers and leaks. In 2006, former AT&T technician Mark Klein exposed the National Security Agency’s illegal wiretapping program, which housed equipment in AT&T’s own buildings. In 2008, 50 years after retroactively legalizing the Greenstar wiretapping, Congress retroactively immunized telecom carriers for their national security wiretapping. In 2011, former NSA code breaker William Binney revealed that the NSA was working with AT&T and other telecom companies to store phone records for “everyone in the country.” (In the vaguely New Age-y sci-fi spirit of Greenstar, they even code named the program “Stellar Wind.”) The NSA is building a $4 billion data center to store this unprecedented trove of data, sifting it for interesting patterns, finding novel, unexpected things to do with it.

anon April 18, 2013 at 11:30 am

Secrets of FBI Smartphone Surveillance Tool Revealed in Court Fight

. April 23, 2013 at 6:39 pm

Government data breached thousands of times in last decade, documents say

OTTAWA — The federal government has seen more than 3,000 data and privacy breaches over the past 10 years, breaches that have affected more than 725,350 Canadians, according to documents tabled in Parliament on Tuesday.

The responses from departments, given to the New Democrats in response to an order paper question, also show that less than 13 per cent of all breaches have been reported, including a handful from the Department of Fisheries and Oceans that affected more than 4,400 individuals.

. May 12, 2013 at 7:10 pm
. June 20, 2013 at 10:03 pm
. June 23, 2013 at 12:33 pm

On Ars Technica, Dan Goodin goes further into the documents, showing how people who use encryption and proxies, such as Tor and PGP mail, are especially targeted for spying and data-retention, even when it is clear that the communications originate with, and are destined for, US persons

And as Goodin notes, some of the heaviest users of PGP-encrypted email are lawyers handling confidential, privileged attorney-client communications, meaning that the US Attorney General is deliberately targeting privileged communications between US persons for extra surveillance and retention, an act of galling lawlessness.

. July 1, 2013 at 11:32 pm

Feds demand porn suspect decrypt hard drives now before he forgets passwords

. August 8, 2013 at 4:40 pm

My Fellow Users,

I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on–the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests.

What’s going to happen now? We’ve already started preparing the paperwork needed to continue to fight for the Constitution in the Fourth Circuit Court of Appeals. A favorable decision would allow me resurrect Lavabit as an American company.

This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States.

Ladar Levison
Owner and Operator, Lavabit

. August 9, 2013 at 6:45 pm

Lavabit competitor Silent Circle shuts down its secure email service, destroys servers

Silent Circle, a secure communications company founded by PGP creator Phil Zimmerman, has pre-emptively shut down its secure, encrypted email service and destroyed the servers so that it cannot be forced to reveal its customers’ secrets to NSA spooks.

“We’ve been thinking about this for some time, whether it was a good idea at all. Today, another secure email provider, Lavabit, shut down their system lest they “be complicit in crimes against the American people.” We see the writing the wall, and we have decided that it is best for us to shut down Silent Mail now. We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now. “

. August 9, 2013 at 6:49 pm

NSA leak: US can spy on Americans, despite direct statements of President, Congress, top spooks

The Guardian has the latest of the Snowden/NSA leaks, detailing the semantic loophole exploited by the Agency in order to spy on the communications of Americans and people in the USA, something it is otherwise forbidden from doing. Since the initial Snowden leaks, President Obama, ranking Democrats (including Diane Feinstein), and NSA officials have made categorical statements denying that the NSA spies on Americans. These statements appear to be outright lies, as revealed by these revelations, and make me wonder if there are Hill rats looking up the procedures for impeachment at this very moment.

. August 10, 2013 at 12:54 pm
. August 12, 2013 at 9:01 pm

The Economist explains
How does “secured” e-mail work?

anon September 6, 2013 at 4:45 pm

NSA surveillance: A guide to staying secure

The NSA has huge capabilities – and if it wants in to your computer, it’s in. With that in mind, here are five ways to stay safe

Bruce Schneier, Friday 6 September 2013 14.09 BST

The primary way the NSA eavesdrops on internet communications is in the network. That’s where their capabilities best scale. They have invested in enormous programs to automatically collect and analyze network traffic. Anything that requires them to attack individual endpoint computers is significantly more costly and risky for them, and they will do those things carefully and sparingly.

Leveraging its secret agreements with telecommunications companies – all the US and UK ones, and many other “partners” around the world – the NSA gets access to the communications trunks that move internet traffic. In cases where it doesn’t have that sort of friendly access, it does its best to surreptitiously monitor communications channels: tapping undersea cables, intercepting satellite communications, and so on.

The NSA also attacks network devices directly: routers, switches, firewalls, etc. Most of these devices have surveillance capabilities already built in; the trick is to surreptitiously turn them on. This is an especially fruitful avenue of attack; routers are updated less frequently, tend not to have security software installed on them, and are generally ignored as a vulnerability.

The NSA also devotes considerable resources to attacking endpoint computers. This kind of thing is done by its TAO – Tailored Access Operations – group. TAO has a menu of exploits it can serve up against your computer – whether you’re running Windows, Mac OS, Linux, iOS, or something else – and a variety of tricks to get them on to your computer. Your anti-virus software won’t detect them, and you’d have trouble finding them even if you knew where to look. These are hacker tools designed by hackers with an essentially unlimited budget. What I took away from reading the Snowden documents was that if the NSA wants in to your computer, it’s in. Period.

The NSA deals with any encrypted data it encounters more by subverting the underlying cryptography than by leveraging any secret mathematical breakthroughs.

As was revealed today, the NSA also works with security product vendors to ensure that commercial encryption products are broken in secret ways that only it knows about.

Basically, the NSA asks companies to subtly change their products in undetectable ways: making the random number generator less random, leaking the key somehow, adding a common exponent to a public-key exchange protocol, and so on. If the back door is discovered, it’s explained away as a mistake.

If the NSA can modify the encryption algorithm or drop a Trojan on your computer, all the cryptography in the world doesn’t matter at all.

anon September 6, 2013 at 4:48 pm

With all this in mind, I have five pieces of advice:

1) Hide in the network.

2) Encrypt your communications.

3) Assume that while your computer can be compromised, it would take work and risk on the part of the NSA – so it probably isn’t.

4) Be suspicious of commercial encryption software, especially from large vendors.

5) Try to use public-domain encryption that has to be compatible with other implementations.

anon September 6, 2013 at 4:57 pm

N.S.A. Able to Foil Basic Safeguards of Privacy on Web

Beginning in 2000, as encryption tools were gradually blanketing the Web, the N.S.A. invested billions of dollars in a clandestine campaign to preserve its ability to eavesdrop. Having lost a public battle in the 1990s to insert its own “back door” in all encryption, it set out to accomplish the same goal by stealth.

“For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies,” said a 2010 memo describing a briefing about N.S.A. accomplishments for employees of its British counterpart, Government Communications Headquarters, or GCHQ. “Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”

N.S.A. rules permit the agency to store any encrypted communication, domestic or foreign, for as long as the agency is trying to decrypt it or analyze its technical features.

Some of the agency’s most intensive efforts have focused on the encryption in universal use in the United States, including Secure Sockets Layer, or SSL; virtual private networks, or VPNs; and the protection used on fourth-generation, or 4G, smartphones.

Because strong encryption can be so effective, classified N.S.A. documents make clear, the agency’s success depends on working with Internet companies — by getting their voluntary collaboration, forcing their cooperation with court orders or surreptitiously stealing their encryption keys or altering their software or hardware.

. September 12, 2013 at 12:54 pm

How the feds asked Microsoft to backdoor BitLocker, their full-disk encryption tool

This is the crypto standard that the NSA sabotaged

The New York Times has published further details of last week’s leaked documents detailing the NSA’s program of sabotage to crypto products and standards. The new report confirms that the standard that the NSA sabotaged was the widely-suspected NIST Dual EC DRBG standard. The Times reports that the NSA then pushed its backdoored standard through the International Organization for Standardization and the Canadian Communications Security Establishment.

. September 12, 2013 at 1:29 pm

I have resisted saying this up to now, and I am saddened to say it, but the US has proved to be an unethical steward of the internet. The UK is no better. The NSA’s actions are legitimizing the internet abuses by China, Russia, Iran and others. We need to figure out new means of internet governance, ones that makes it harder for powerful tech countries to monitor everything. For example, we need to demand transparency, oversight, and accountability from our governments and corporations.

. October 3, 2013 at 12:13 pm
. October 3, 2013 at 12:14 pm
. October 7, 2013 at 11:22 am
. October 7, 2013 at 2:36 pm

The NSA and cryptography
Cracked credibility
To be safe, the internet needs reliable encryption. But the standards, software and hardware it uses are vulnerable
Sep 14th 2013 | LONDON AND SAN FRANCISCO |From the print edition

. October 7, 2013 at 2:38 pm

How to foil snoopers

“Have important meetings naked, in newly ploughed field, at night, in a howling gale. Failing that, draw curtains, sweep for bugs, mutter and avoid direct factual references.

. October 8, 2013 at 5:18 pm

Silk Road’s Downfall Killed the Dream of the Dark Net

It’s a dark time on the Dark Net. This Tuesday the FBI shuttered Silk Road, a drug market that operated for more than two years with impunity. The Silk Road helped popularize the Dark Net as the Mall of Anarcho-Capitalism, where illegal drugs, stolen credit cards, child porn and weapons are traded openly. But a series of high-profile busts has seriously undermined the premise of the Dark Net.

In fact the mood on the shadow web went sour weeks ago. “There’s been so much doubt about it recently,” I was told by a guy who calls himself Heisenberg 2.0 last week, before the Silk Road fell. Heisenberg has been directly affected by the Dark Net blues. He was the former social marketing maven for the underground online drug market Atlantis, a Silk Road competitor, but now he’s out of a job. Atlantis abruptly shut down last month, citing “security reasons”, in a move that now seems eerily prophetic.

. October 16, 2013 at 9:57 pm

A Court Order is an Insider Attack

Commentators on the Lavabit case, including the judge himself, have criticized Lavabit for designing its system in a way that resisted court-ordered access to user data. They ask: If court orders are legitimate, why should we allow engineers to design services that protect users against court-ordered access?

The answer is simple but subtle: There are good reasons to protect against insider attacks, and a court order is an insider attack.

To see why, consider two companies, which we’ll call Lavabit and Guavabit. At Lavabit, an employee, on receiving a court order, copies user data and gives it to an outside party—in this case, the government. Meanwhile, over at Guavabit, an employee, on receiving a bribe or extortion threat from a drug cartel, copies user data and gives it to an outside party—in this case, the drug cartel.

From a purely technological standpoint, these two scenarios are exactly the same: an employee copies user data and gives it to an outside party. Only two things are different: the employee’s motivation, and the destination of the data after it leaves the company. Neither of these differences is visible to the company’s technology—it can’t read the employee’s mind to learn the motivation, and it can’t tell where the data will go once it has been extracted from the company’s system. Technical measures that prevent one access scenario will unavoidably prevent the other one.

anon October 27, 2013 at 11:33 pm

In June, the Guardian disclosed the existence of GCHQ’s Tempora internet surveillance programme. It uses intercepts on the fibre-optic cables that make up the backbone of the internet to gain access to vast swaths of internet users’ personal data. The intercepts are placed in the UK and overseas, with the knowledge of companies owning either the cables or landing stations.

GCHQ taps fibre-optic cables for secret access to world’s communications

anon October 27, 2013 at 11:36 pm

The GCHQ mass tapping operation has been built up over five years by attaching intercept probes to transatlantic fibre-optic cables where they land on British shores carrying data to western Europe from telephone exchanges and internet servers in north America.

This was done under secret agreements with commercial companies, described in one document as “intercept partners”.

The papers seen by the Guardian suggest some companies have been paid for the cost of their co-operation and GCHQ went to great lengths to keep their names secret. They were assigned “sensitive relationship teams” and staff were urged in one internal guidance paper to disguise the origin of “special source” material in their reports for fear that the role of the companies as intercept partners would cause “high-level political fallout”.

anon November 20, 2013 at 1:21 pm

The internet backbone — the infrastructure of networks upon which internet traffic travels — went from being a passive infrastructure for communication to an active weapon for attacks.

According to revelations about the QUANTUM program, the NSA can “shoot” (their words) an exploit at any target it desires as his or her traffic passes across the backbone. It appears that the NSA and GCHQ were the first to turn the internet backbone into a weapon; absent Snowdens of their own, other countries may do the same and then say, “It wasn’t us. And even if it was, you started it.”

If the NSA can hack Petrobras, the Russians can justify attacking Exxon/Mobil. If GCHQ can hack Belgacom to enable covert wiretaps, France can do the same to AT&T. If the Canadians target the Brazilian Ministry of Mines and Energy, the Chinese can target the U.S. Department of the Interior. We now live in a world where, if we are lucky, our attackers may be every country our traffic passes through except our own.

Which means the rest of us — and especially any company or individual whose operations are economically or politically significant — are now targets. All cleartext traffic is not just information being sent from sender to receiver, but is a possible attack vector.

. December 8, 2013 at 8:16 pm

SECURITY guards (at least the good ones) are paid to be paranoid. Computer-security researchers are the same. Many had long suspected that governments use the internet not only to keep tabs on particular targets, but also to snoop on entire populations. But suspicions are not facts. So when newspapers began publishing documents leaked by Edward Snowden, once employed as a contractor by America’s National Security Agency (NSA), the world’s most munificently funded electronic spy agency, those researchers sat up.

They were especially incensed by leaks published in September by the Guardian and the New York Times, which suggested that American spooks (with help from their British counterparts) had been working quietly for years to subvert and undermine the cryptographic software and standards which make secure communication over the internet possible. “At that point”, says Matthew Green, a cryptographer at Johns Hopkins University, “people started to get really upset.”

On November 6th a meeting in Vancouver of the Internet Engineering Task Force (IETF), an organisation which brings together the scientists, technicians and programmers who built the internet in the first place and whose behind-the-scenes efforts keep it running, debated what to do about all this. A strong streak of West Coast libertarianism still runs through the IETF, and the tone was mostly hostile to the idea of omnipresent surveillance. Some of its members were involved in creating the parts of the internet that spooks are now exploiting. “I think we should treat this as an attack,” said Stephen Farrell, a computer scientist from Trinity College, Dublin, in his presentation to the delegates. Discussion then moved on to what should be done to thwart it.\

Other security experts are re-examining existing products. Dr Green and his colleague Kenn White are leading a forensic audit of Truecrypt, a popular program that enciphers a user’s hard disks but which displays some odd-looking behaviour and has rather murky origins (it is open-source, but its designers are anonymous, and are thought to live in eastern Europe).

“There’s a lot of anger out there,” says Christopher Soghoian, principal technologist at the American Civil Liberties Union, a lobbying group. “I’ve seen two blog posts by Google engineers in the last three days that contained the words ‘fuck you, NSA’.” Google has brought forward a programme to encrypt traffic between its data centres, which should make life harder for spies. Yahoo has promised similar measures and Twitter (a big social-media site) is considering them.

. December 14, 2013 at 9:17 pm

Wyden, who said that he has had “several spirited discussions” with Obama, is not optimistic. “It really seems like General Clapper, the intelligence leadership, and the lawyers drive this in terms of how decisions get made at the White House,” he told me. It is evident from the Snowden leaks that Obama inherited a regime of dragnet surveillance that often operated outside the law and raised serious constitutional questions. Instead of shutting down or scaling back the programs, Obama has worked to bring them into narrow compliance with rules—set forth by a court that operates in secret—that often contradict the views on surveillance that he strongly expressed when he was a senator and a Presidential candidate.

. December 21, 2013 at 11:34 am
. December 22, 2013 at 1:35 am

NSA Paid Security Company to Adopt Weakened Encryption Standards

Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.

. December 24, 2013 at 10:31 am

Yes, it may be true that RSA engineers didn’t know Dual EC_DRBG was dangerously weak in 2004, when they made it the BSAFE default. But by 2007—when researchers from Microsoft devised an attack that allowed adversaries to guess any key created with the PRNG with relatively little work—the weakness was abundantly clear. Whether RSA didn’t notice the glaring insecurity or was contractually prevented from demoting or speaking out against Dual EC_DRBG is unknown. In either case, RSA allowed BSAFE to favor an algorithm known to be unsafe for more than five years, and thanks to a contract that was never publicly disclosed, RSA profited from that action. That hardly endorses RSA or its products.

. January 7, 2014 at 9:04 pm

How the NSA Threatens National Security

Our choice isn’t between a digital world where the agency can eavesdrop and one where it cannot; our choice is between a digital world that is vulnerable to any attacker and one that is secure for all users.

. January 20, 2014 at 5:50 pm

Malware is a tool that most states have their toolbox, and Vietnam is no exception. For the last several years, the communist government of Vietnam has used malware and RATs to spy on journalists, activists, dissidents, and bloggers, while it cracks down on dissent. Vietnam’s Internet spying campaign dates back to at least March 2010, when engineers at Google discovered malware broadly targeting Vietnamese computer users. The infected machines were used to spy on their owners as well as participating in DDoS attacks against dissident websites. The Vietnamese government has cracked down sharply on anti-government bloggers, who represent the country’s only independent press. It is currently holding 18 bloggers and journalists, 14 from a year earlier, according to a report issued by the Committee to Protect Journalists in 2013.

. January 28, 2014 at 12:00 am
. January 31, 2014 at 5:23 pm

Now we know Ottawa can snoop on any Canadian. What are we going to do?

What’s this mean for Canadians? When you go to the airport and flip open your phone to get your flight status, the government could have a record. When you check into your hotel and log on to the Internet, there’s another data point that could be collected. When you surf the Web at the local cafe hotspot, the spies could be watching. Even if you’re just going about your usual routine at your place of work, they may be following your communications trail.

Ingenious? Yes. Audacious? Yes. Unlawful? Time for the courts to decide. With regard to recent revelations, Canadian government officials have strenuously denied doing what is clearly described in this presentation. On 19 September 2013, CSEC chief John Forster was quoted by the Globe and Mail saying “CSEC does not direct its activities at Canadians and is prohibited by law from doing so.” In response to a lawsuit launched by the British Columbia Civil Liberties Association against the Government of Canada, CSEC admitted that there “may be circumstances in which incidental interception of private communications or information about Canadians will occur.” Only in Orwell-speak would what is contained in these presentations be described as “incidental” or “not directed at Canadians.” Then again, an Orwellian society is what we are in danger of becoming.

The revelations require an immediate response. They throw into sharp relief the obvious inadequacy of the existing “oversight” mechanism, which operates entirely within the security tent. They cast into doubt all government statements made about the limits of such programs. They raise the alarming prospect that Canada’s intelligence agencies may be routinely obtaining data on Canadian citizens from private companies – which includes revealing personal data – on the basis of a unilateral and highly dubious definition of “metadata” (the information sent by cellphones and mobile devices describing their location, numbers called and so on) as somehow not being “communications.” Such operations go well beyond invasions of privacy; the potential for the abuse of unchecked power contained here is practically limitless.

. January 31, 2014 at 5:23 pm

** Snowden document reveals CSEC used wi-fi to track Canadians (
A top secret document leaked by US whistleblower Edward Snowden and obtained by CBC News shows that “Canada’s electronic spy agency, the Communications Security Establishment Canada (CSEC), used information from the free internet service at a major Canadian airport to track the wireless devices of thousands of ordinary airline passengers for days after they left the terminal.” The document was reviewed by Citizen Lab Director Ron Deibert, who said the clandestine operation by the CSEC was “almost certainly illegal.”

Read the full coverage on the CBC ( and Deibert’s editorial in the Globe and Mail ( . See more media coverage in CBC The National ( (video) and CBC Metro Morning ( .

** Towards Transparency in Canadian Telecommunications (
The Citizen Lab, along with other Canadian scholars and civil liberties organizations, issued a letter on 22 January to the country’s Internet and phone service providers asking how, when, and why they disclose private and personal information to agents of the state. The letter asked that many of Canada’s most preeminent telecommunications companies disclose the kinds, amounts, and regularity at which state agencies request telecommunications data pertaining to Canadians. See the coverage of the campaign in the Globe and Mail ( , Toronto Star ( , Ottawa Citizen ( , and The
Wire Report ( .

. February 9, 2014 at 8:09 pm

The Internet is Broken–Act Accordingly

PUNTA CANA–Costin Raiu is a cautious man. He measures his words carefully and says exactly what he means, and is not given to hyperbole or exaggeration. Raiu is the driving force behind much of the intricate research into APTs and targeted attacks that Kaspersky Lab’s Global Research and Analysis Team has been doing for the last few years, and he has first-hand knowledge of the depth and breadth of the tactics that top-tier attackers are using.

So when Raiu says he conducts his online activities under the assumption that his movements are being monitored by government hackers, it is not meant as a scare tactic. It is a simple statement of fact.

“I operate under the principle that my computer is owned by at least three governments,” Raiu said during a presentation he gave to industry analysts at the company’s analyst summit here on Thursday.

The comment drew some chuckles from the audience, but Raiu was not joking. Security experts for years have been telling users–especially enterprise users–to assume that their network or PC is compromised. The reasoning is that if you assume you’re owned then you’ll be more cautious about what you do. It’s the technical equivalent of telling a child to behave as if his mother is watching everything he does. It doesn’t always work, but it can’t hurt.

Raiu and his fellow researchers around the world are obvious targets for highly skilled attackers of all stripes. They spend their days analyzing new attack techniques and working out methods for countering them. Intelligence agencies, APT groups and cybercrime gangs all would love to know what researchers know and how they get their information. Just about every researcher has a story about being attacked or compromised at some point. It’s an occupational hazard.

. May 10, 2014 at 2:48 pm

If law enforcement gets hold of your locked iPhone and has some interest in its contents, Apple can pull all kinds of content from the device, including texts, contacts, photos and videos, call history and audio recordings.

The company said in a new document that provides guidance for law enforcement agencies on the kinds of information Apple can provide and what methods can be used to obtain it that if served with a search warrant, officials will help law enforcement agents extract specific application-specific data from a locked iOS device. However, that data appears to be limited to information related to Apple apps, such as iMessage, the contacts and the camera.

Interestingly, Apple said that its technicians can only extract the data from a locked iOS device at the company’s headquarters in Cupertino, Calif. And law enforcement officials need to provide their own removable media in order to store the extracted data.

However, Apple said that because of the way that its Find My iPhone feature works, the company can’t provide historical location data for a given device or turn on that feature remotely. It also says that Apple doesn’t have GPS data for iOS devices.

. May 17, 2014 at 10:59 am

Photo of NSA technicians sabotaging Cisco router prior to export

Photos of an NSA “upgrade” factory show Cisco router getting implant

Servers, routers get “beacons” implanted at secret locations by NSA’s TAO team

. May 24, 2014 at 12:13 pm

I am regularly asked what is the most surprising thing about the Snowden NSA documents. It’s this: the NSA is not made of magic. Its tools are no different from what we have in our world, it’s just better-funded. X-KEYSCORE is Bro plus memory. FOXACID is Metasploit with a budget. QUANTUM is AirPwn with a seriously privileged position on the backbone. The NSA breaks crypto not with super-secret cryptanalysis, but by using standard hacking tricks such as exploiting weak implementations and default keys. Its TAO implants are straightforward enhancements of attack tools developed by researchers, academics, and hackers; here’s a computer the size of a grain of rice, if you want to make your own such tools. The NSA’s collection and analysis tools are basically what you’d expect if you thought about it for a while.

. July 15, 2014 at 11:35 am

The latest Snowden story is a catalog of exploit tools from JTRIG (Joint Threat Research Intelligence Group), a unit of the British GCHQ, for both surveillance and propaganda. It’s a list of code names and short descriptions, such as these:

GLASSBACK: Technique of getting a targets IP address by pretending to be a spammer and ringing them. Target does not need to answer.

MINIATURE HERO: Active skype capability. Provision of real time call records (SkypeOut and SkypetoSkype) and bidirectional instant messaging. Also contact lists.

MOUTH: Tool for collection for downloading a user’s files from

PHOTON TORPEDO: A technique to actively grab the IP address of MSN messenger user.

SILVER SPECTOR: Allows batch Nmap scanning over Tor.

SPRING BISHOP: Find private photographs of targets on Facebook.

ANGRY PIRATE: is a tool that will permanently disable a target’s account on their computer.

BUMPERCAR+: is an automated system developed by JTRIG CITD to support JTRIG BUMPERCAR operations. BUMPERCAR operations are used to disrupt and deny Internet-based terror videos or other materials. The techniques employs the services provided by upload providers to report offensive materials.

BOMB BAY: is the capacity to increase website hits/rankings.

BURLESQUE: is the capacity to send spoofed SMS messages.

CLEAN SWEEP: Masquerade Facebook Wall Posts for individuals or entire countries.

CONCRETE DONKEY: is the capacity to scatter an audio message to a large number of telephones, or repeatedely bomb a target number with the same message.

GATEWAY: Ability to artificially increase traffic to a website.

GESTATOR: amplification of a given message, normally video, on popular multimedia websites (Youtube).

SCRAPHEAP CHALLENGE: Perfect spoofing of emails from Blackberry targets.

SUNBLOCK: Ability to deny functionality to send/receive email or view material online.

SWAMP DONKEY: is a tool that will silently locate all predefined types of file and encrypt them on a targets machine

UNDERPASS: Change outcome of online polls (previously known as NUBILO).

WARPATH: Mass delivery of SMS messages to support an Information Operations campaign.

HAVLOCK: Real-time website cloning techniques allowing on-the-fly alterations.

HUSK: Secure one-on-one web based dead-drop messaging platform.

. August 5, 2014 at 6:29 pm

The FBI Is Infecting Tor Users With Malware With Drive-By Downloads

For the last two years, the FBI has been quietly experimenting with drive-by hacks as a solution to one of law enforcement’s knottiest Internet problems: how to identify and prosecute users of criminal websites hiding behind the powerful Tor anonymity system. The approach has borne fruit—over a dozen alleged users of Tor-based child porn sites are now headed for trial as a result. But it’s also engendering controversy, with charges that the Justice Department has glossed over the bulk-hacking technique when describing it to judges, while concealing its use from defendants.

. September 28, 2014 at 11:43 pm

Dread Pirate Sunk By Leaky CAPTCHA

“The IP address leak we discovered came from the Silk Road user login interface. Upon examining the individual packets of data being sent back from the website, we noticed that the headers of some of the packets reflected a certain IP address not associated with any known Tor node as the source of the packets. This IP address (the “Subject IP Address”) was the only non-Tor source IP address reflected in the traffic we examined.”

“The Subject IP Address caught our attention because, if a hidden service is properly configured to work on Tor, the source IP address of traffic sent from the hidden service should appear as the IP address of a Tor node, as opposed to the true IP address of the hidden service, which Tor is designed to conceal. When I typed the Subject IP Address into an ordinary (non-Tor) web browser, a part of the Silk Road login screen (the CAPTCHA prompt) appeared. Based on my training and experience, this indicated that the Subject IP Address was the IP address of the SR Server, and that it was ‘leaking’ from the SR Server because the computer code underlying the login interface was not properly configured at the time to work on Tor.”

. December 26, 2014 at 2:16 pm

At 1:30pm on Christmas Eve, the NSA dumped a huge cache of documents on its website in response to a long-fought ACLU Freedom of Information Act request, including documents that reveal criminal wrongdoing.

The dump consists of its quarterly and annual reports to the President’s Intelligence Oversight Board from Q4/2001 to Q1/2013. They were heavily redacted prior to release, but even so, they reveal that the NSA illegally spied on Americans, including a parade of user-errors in which NSA operatives accidentally spied on themselves, raided their spouses’ data, and made self-serving errors in their interpretation of the rules under which they were allowed to gather and search data.

The NSA admits that its analysts “deliberately ignored restrictions on their authority to spy on Americans multiple times in the past decade.”

U.S. Spy Agency Reports Improper Surveillance of Americans

The National Security Agency today released reports on intelligence collection that may have violated the law or U.S. policy over more than a decade, including unauthorized surveillance of Americans’ overseas communications.

. December 26, 2014 at 2:16 pm

The NSA’s inspector general last year detailed 12 cases of “intentional misuse” of intelligence authorities from 2003 to 2013 in a letter to Senator Charles Grassley, of Iowa, the top Republican on the Senate Judiciary Committee.

Those cases included a member of a U.S. military intelligence unit who violated policy by obtaining the communications of his wife, who was stationed in another country. After a military proceeding, the violator was punished by a reduction in rank, 45 days of extra duty and forfeiture of half of his pay for two months, according to the letter.

In a 2003 case, a civilian employee ordered intelligence collection “of the telephone number of his foreign-national girlfriend without an authorized purpose for approximately one month” to determine whether she was being faithful to him, according to the letter. The employee retired before an investigation could be completed.

. January 14, 2015 at 9:12 am

FBI Access To NSA Surveillance Data Expands In Recent Years

The FBI’s access to email and other data collected from overseas targets in the NSA’s Prism program has been growing since 2008, according to a 2012 U.S. Department of Justice inspector general’s report declassified last Friday by the DOJ in response to a Freedom of Information Act request by the New York Times. Here are some of the milestones mentioned in the report: In 2008, the FBI began reviewing email accounts targeted by the NSA through the Prism program. In October 2009, the FBI requested that information collected under the Prism program be ‘dual routed’ to both the NSA and the FBI so that the FBI ‘could retain this data for analysis and dissemination in intelligence reports.’ And in April 2012, the FBI began nominating email addresses and phone numbers that the NSA should target in it surveillance program, according to the document.

anon February 17, 2015 at 5:11 am
anon February 19, 2015 at 4:45 pm

The Great SIM Heist
How Spies Stole the Keys to the Encryption Castle

The company targeted by the intelligence agencies, Gemalto, is a multinational firm incorporated in the Netherlands that makes the chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world. The company operates in 85 countries and has more than 40 manufacturing facilities. One of its three global headquarters is in Austin, Texas and it has a large factory in Pennsylvania.

In all, Gemalto produces some 2 billion SIM cards a year. Its motto is “Security to be Free.”

With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.

. May 13, 2015 at 4:32 pm
. May 26, 2015 at 5:04 pm

* Canadian authorities have received expansive new powers, with more planned, that have increased authorities’ powers to conduct telecommunications surveillance. Moreover, the ‘official’ modes of surveillance (used by police and other domestic agencies to conduct surveillance) may soon be amplified should C-51 be passed into law and CSE consequently expands its domestic and foreign collaborations with CSIS
* Canadian telecommunications and government representatives work within international standards-setting forums to develop new modes of intercepting communications. Rogers Communications, in particular, has been involved in a European standards body (ETSI) and has proposed ways of defeating some forms of end-to-end encryption, discussed challenges of deploying a lawful-intercept compliant Dropbox competitor, and raised concerns about how Canadian lawful access legislation may force updates to how lawful interception is conceived
* Telecom companies’ transparency reports are a good, first, step but are lacking details needed to contextualize how often, and what kinds of, surveillance is being conducted on Canadians. Details on the kinds of legal requests (e.g. for interceptions, for stored data, etc), their annual totals, as well as subscribers affected must be added in future reports. Moreover, these companies must release information about how long they retain data as well as how they work with government to lawfully disclose Canadians’ telecommunications data to government agencies
* Federal government watchdogs – such as CSE’s oversight commission, CSIS’s review board (SIRC), and the Privacy Commissioner of Canada – are largely unable to assure Canadians that telecommunications surveillance is occurring lawfully. These agencies cannot effectively coordinate with one another, have stunted mandates, and are under resourced. These limitations are made worse by the fact that the annual interception reports tabled by federal and provincial governments are relics of the 1970s: they do not include the contemporary modes of surveillance that are most commonly used by government agencies and, in the case of provinces, are rarely placed online. Consequently it is almost impossible to know how many interceptions of government communications, let alone other kinds of telecommunications surveillance, take place annually in Canada
* The result of the large amount of surveillance, often authorized by secret regulation or enabled through largely closed-door standards negotiations, is that neither Canadians nor their elected representatives can effectively debate or raise questions about contemporary surveillance practices. Consequently, companies’ products may be treated with skepticism and, more significantly, the democratic deficit between citizens and their governments may broaden

. May 27, 2015 at 9:20 pm

Latest Privacy Revelations Show It’s Up to Canadians to Protect Themselves

The most important self-help step? Get into encryption.

By Michael Geist, Yesterday,

. June 7, 2015 at 11:48 am

FBI has fleet of secret spy planes with tech to identify people through their cellphones

Who needs Alex Jones to feed your paranoid fantasies about the authoritarian panopticon when you have the FBI to do it for you? The Associated Press has identified at least 50 small planes used by the FBI to spy on Americans in “both major cities and rural areas.” The planes are equipped with sophisticated technology that can identify people through the cell phones they carry. And they aren’t the only government organization who uses these tools

Divining the capabilities of the FBI’s ubiquitous spy aircraft

The FBI has filled the skies of America’s cities with covert aircraft, crisscrossing overhead, bristling with sensors and cloaked in mystery, from the shell companies that own them to the obfuscated tail-numbers they sport.

The FBI won’t talk about the capabilities or uses of their planes, but we can make some good guesses at their capabilities, thanks to the NYPD. The nation’s largest police force did a lot of ill-advised bragging about its $10M spy helicopter, and since then, there’s been a steady leak of good technical detail of what a state-of-the-art spy aircraft is likely doing when it passes overhead.

Spy equipment added to the NYPD helicopter in 2003 includes a WESCAM MX-15 Video Imaging System, also described as a Thermal Imager, and a WESCAM SkyPod B Airborne Microwave Transmission System. The latter includes a GPS receiver that allows the camera to zoom in on specified locations.

Additionally, there is a Comant CI 405 GPS antenna installed on the cockpit roof, a Chelton 931-8 Direction Finding system and a Datong Tracking System “for tracking targeted electronic beacons.” The latter presumably is for monitoring GPS trackers that law enforcement agencies place surreptitiously on vehicles.

. September 16, 2015 at 9:47 pm

For the first time ever, a judge has invalidated a secret Patriot Act warrant

U.S. District Judge Victor Marrero’s decision invalidated the gag order in full, finding no “good reason” to prevent Merrill from speaking about any aspect of the NSL, particularly an attachment to the NSL that lists the specific types of “electronic communication transactional records” (“ECTR”) that the FBI believed it was authorized to demand. The FBI has long refused to clarify what kinds of information it sweeps up under the rubric of ECTR, a phrase that appears in the NSL statute but is not publicly defined anywhere.

Judge Marrero’s decision describes the FBI’s position as “extreme and overly broad,” affirming that “Courts cannot, consistent with the First Amendment, simply accept the Government’s assertions that disclosure would implicate and create a risk.” The Court observed that, according to the government, Mr. Merrill would only be allowed to discuss the kinds of records the FBI demanded in “a world in which no threat of terrorism exists, or a world in which the FBI, acting on its own accord and its own time, decides to disclose the contents of the Attachment.” The Court decisively rejected this position: “Such a result implicates serious issues, both with respect to the First Amendment and accountability of the government to the people.”

. October 5, 2015 at 10:49 pm

Smurfs vs phones: GCHQ’s smartphone malware can take pics, listen in even when phone is off

“Dreamy Smurf is the power management tool which means turning your phone on and off with you knowing,” he said.

“Nosey Smurf is the ‘hot mic’ tool. For example if it’s in your pocket, [GCHQ] can turn the microphone on and listen to everything that’s going on around you – even if your phone is switched off because they’ve got the other tools for turning it on.

“Tracker Smurf is a geo-location tool which allows [GCHQ] to follow you with a greater precision than you would get from the typical triangulation of cellphone towers.”

Mr Snowden also referred to a tool known as Paronoid Smurf.

“It’s a self-protection tool that’s used to armour [GCHQ’s] manipulation of your phone. For example, if you wanted to take the phone in to get it serviced because you saw something strange going on or you suspected something was wrong, it makes it much more difficult for any technician to realise that anything’s gone amiss.”

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

{ 1 trackback }

Previous post:

Next post: