Posts tagged: security
Glenn Greenwald reports on more documents from Edward Snowden’s cache, this batch on how GCHQ uses online deception and other tactics to discredit hacktivists and possibly other political activists:
Among the core self-identified purposes of JTRIG are two tactics: (1) to inject all sorts of false material onto the internet in order to destroy the reputation of its targets; and (2) to use social sciences and other techniques to manipulate online discourse and activism to generate outcomes it considers desirable. To see how extremist these programs are, just consider the tactics they boast of using to achieve those ends: “false flag operations” (posting material to the internet and falsely attributing it to someone else), fake victim blog posts (pretending to be a victim of the individual whose reputation they want to destroy), and posting “negative information” on various forums. […]
Government plans to monitor and influence internet communications, and covertly infiltrate online communities in order to sow dissension and disseminate false information, have long been the source of speculation. Harvard Law Professor Cass Sunstein, a close Obama adviser and the White House’s former head of the Office of Information and Regulatory Affairs, wrote a controversial paper in 2008 proposing that the US government employ teams of covert agents and pseudo-”independent” advocates to “cognitively infiltrate” online groups and websites, as well as other activist groups.
Sunstein also proposed sending covert agents into “chat rooms, online social networks, or even real-space groups” which spread what he views as false and damaging “conspiracy theories” about the government. Ironically, the very same Sunstein was recently named by Obama to serve as a member of the NSA review panel created by the White House, one that – while disputing key NSA claims – proceeded to propose many cosmetic reforms to the agency’s powers (most of which were ignored by the President who appointed them).
What’s more, the GCHQ admit in one of the docs that this activity has nothing to do with terrorism or even national security.
Here’s the description of a talk that happened at Belfer Center for Science and International Affairs:
In today’s world, businesses are facing increasingly complex threats to infrastructure, finances, and information. The government is sometimes unable to share classified information about these threats. As a result, business leaders are creating their own intelligence capabilities within their companies.
This is not about time honored spying by businesses on each other, or niche security firms, but about a completely new use of intelligence by major companies to support their global operations.
The panelists examine the reasons for private sector intelligence: how companies organize to obtain it, and how the government supports them. “Is this a growing trend?” “How do companies collaborate in intelligence?” “How does the government view private intelligence efforts?” “How do private and government intelligence entities relate to one another?” “What does this all mean for the future of intelligence work?”
I’d love to find out more, or find a transcript or video of the talk.
(Thanks Tim Maly)
Tim Maly on self-defense in the security state:
This may well be the defining motto of our times. No one is to be trusted; it’s a dangerous world out there and if you can’t be bothered to take basic steps…
Well, everyone gets what’s coming sooner or later.
The watchword is self-reliance. They’re coming to take what’s yours, so you’d better be ready. Federate your email, buy a generator, make sure you’ve got good locks, and for God’s sake, carry a handgun. There are monsters in the streets and some idiot is arming them.
But how to defend against the errors of the masses unwilling to take care of themselves? Every message in my outbox is in some fool’s inbox; plain as day, as if I’d sent it straight to PRISM myself. NSA-proof? Not without a massive shift of collective action undertaken by a society of people who’ve spent the past decade or so dumping as many photos, feelings, and fantasies online as time and bandwidth would allow. Why not? I certainly did. It’s nice to have friends.
USA Today reports:
“After the scandal with the spread of secret documents by WikiLeaks, the revelations of Edward Snowden, reports of listening to Dmitry Medvedev during his visit to the G20 summit in London, the practice of creating paper documents will increase,” an unidentified FSO source tells Izvestia.
One key reason for using typewriters is that each creates its own unique “signature” that can be traced, the newspaper says.
Cryptogasm has found thousands of unsecured, publicly accessible webcams via Google. Lots of them are doggie day cares, some are pointed at public spaces, some are at work places and quite a few are of private residences. He’s aggregated them all, excepts ones that are pointed at children’s rooms, on a giant page.
You can also filter them by location. Here’s Oregon.
This reminds me of a thread from the William Gibson forum a few years ago, where someone discovered a publicly accessible remotely controllable webcam pointed at someone’s office. The forum poster tried, unsuccessfully, to communicate with the guy.
Spencer Ackerman writes:
Some people are into spelunking through the urban ruins and crevasses of unfamiliar cities. The National Counterterrorism Center has a term for these sorts of people: terrorist dupes.
“Urban Explorers (UE) — hobbyists who seek illicit access to transportation and industrial facilities in urban areas — frequently post photographs, video footage, and diagrams on line [sic] that could be used by terrorists to remotely identify and surveil potential targets,” warns the nation’s premiere all-source center for counterterrorism analysis. […]
Urban exploration is not typically the reconnaissance mission of al-Qaida. While it’s not crazy to think that terrorists might be interested in studying an urban landscape, the vanishingly few cases of domestic terrorism in the post-9/11 era typically involved shooting up places like Fort Hood or leaving a would-be car bomb in Times Square, rather than recon from the top of a bridge or the depths of a subway tunnel. Such tips aren’t even a part of the DIY terrorism advice column in al-Qaida’s English-language webzine.
From Ars Technica:
WikiLeaks remains under a near financial blockade, its founder under effective house arrest after having been granted asylum in the Ecuadorian Embassy in London. The group has yet to release anything as substantial as last year’s “Detainee Policies”—Balkanleaks remains one of the few “leaking sites” still going strong. Its recent insurance-key move comes precisely out of the WikiLeaks playbook.
More than two years ago, a flurry of new WikiLeaks clones sprung up around the world inspired by the world’s most famous transparency-driven organization. They had all kinds of names: QuebecLeaks, BaltiLeaks, EnviroLeaks, and more. PirateLeaks (based in the Czech Republic), BrusselsLeaks (Belgium) and RuLeaks (Russia) all did not respond to Ars’ requests for comments. […]
So how does Balkanleaks thrive where others haven’t?
Tchobanov, the site’s co-founder, boils it down to one word: Tor. It’s the open-source online anonymizing tool that’s become the de facto gold standard for hiding one’s tracks online. Balkanleaks provides instructions in Bulgarian, Serbian, Macedonian, and English, and the submission website is only available on its Tor-enabled server.
Full Story: Ars Technica Whither whistleblowing: Where have all the leaking sites gone?
The article goes on to detail the state of some other projects, including OpenLeaks and GlobalLeaks.
Deeply weird piece by Mark Ames and Alexander Zaitchik on the murder of CIA operative/godfather of the goldbug movement Nicholas Deak, which uncovers some possible connections between the homeless woman who killed him, Lois Lang, and the CIA’s MK-ULTRA program:
Police responding to the motel room took Lang to nearby Santa Clara Valley Medical Center. For the next month, she was put under the care of Dr. Frederick Melges, a psychiatrist associated with the Stanford Research Institute. One of Dr. Melges’ main areas of research: drug-aided hypnosis. A few years after Lang was put in Melges’ care, the New York Times exposed the Stanford Research Institute as a center for CIA research into “brain-washing” and “mind-control” experiments in which unwitting subjects were dosed with hallucinogenic drugs and subjected to hypnosis. Melges, who died in 1988, is today remembered in the field for his research on the relationship between perceptions of time and mental illness.
Full Story: Salon: James Bond and the killer bag lady
It goes deeper than that, with Ames and Zaitchik speculating that it may have been Argentine gangersters with knowledge of MK-ULTRA who ordered the hit:
If Lang was tapped to whack Nicholas Deak, she was part of a long tradition. In mobster literature, insane assassins are regular characters. “Nuts were used from time to time by certain people for certain matters,” explains Jimmy Hoffa’s former right-hand man, Frank “The Irishman” Sheeran, in his memoir, “I Heard You Paint Houses.” Chuck Giancana, brother of Chicago mob boss Sam Giancana, writes that he once heard his brother say that “picking a nutcase who was also a sharpshooter” to carry out an assassination was “as old as the Sicilian hills.”
I found this bit interesting as well, though it’s more of a side note:
Meanwhile, the sunny side of Deak’s business thrived. Its retail foreign currency operation, now reconstituted under new ownership and known to the world as Thomas Cooke, became a staple at airports, its multi-packs of francs and marks symbols of every American family’s European vacation. Deak’s retail precious metals business dominated the market after the legalization of gold sales. After a series of sales and reconstitutions, it is today known as Goldline, a major sponsor of Glenn Beck and subject of a recent fraud settlement.
(via Abe Burmeister)
If you’ve not heard, John McAfee, founder of McAfee Antivirus, is on the lamb in Belize, wanted for murder. Joshua Davis has been covering McAfee’s time Belize has published a short ebook about the fiasco:
McAfee picks a bullet off the floor and fixes me with a wide-eyed, manic intensity, his light blue eyes sparkling. “This is a bullet, right?” he says in the congenial Southern accent that has stuck with him since his boyhood in Virginia.
“Let’s put the gun down,” I tell him. I’d come here to investigate why the government of Belize was accusing him of assembling a private army and entering the drug trade. It seemed implausible that a wildly successful tech entrepreneur would disappear into the Central American jungle and become a narco-trafficker. Now I’m not so sure.
But he explains that the accusations are a fabrication. “Maybe what happened didn’t actually happen,” he says, staring hard at me. “Can I do a demonstration?”
He loads the bullet into the gleaming silver revolver and spins the cylinder.
“This scares you, right?” he says. Then he puts the gun to his head.
My heart rate kicks up; it takes me a second to respond. “Yeah, I’m scared,” I admit.
“We don’t have to do this.”
“I know we don’t,” he says, the muzzle pressed against his temple. And then he pulls the trigger.
Yeah, I know this is really old by internet time, but I’ve been really busy with work and I’m still catching up:
A team of security researchers from Oxford, UC Berkeley, and the University of Geneva say that they were able to deduce digits of PIN numbers, birth months, areas of residence and other personal information by presenting 30 headset-wearing subjects with images of ATM machines, debit cards, maps, people, and random numbers in a series of experiments. The paper, titled “On the Feasibility of Side-Channel Attacks with Brain Computer Interfaces,” represents the first major attempt to uncover potential security risks in the use of the headsets. […]
Emotiv and NeuroSky both have “app stores,” where users of the devices can download third-party applications. The applications use a common API for access to the EEG device. […]
“We simulated a scenario where someone writes a malicious app, the user downloads it and trusts the app, and actively supports all the calibration steps of the device to make the software work,” said Frank. In these seemingly innocuous calibration steps, which are standard for most games and other applications using the headsets, there could be the potential to harvest personal information.
The paper is available on Scribd.
I wonder if this could be used to determine passwords that users don’t consciously remember?
I’ve said before: steganograph your brain before it’s too late!