Posts tagged with ‘surveillance’

Attack on Tor Has Likely Stripped Users of Anonymity →

Via Gizmodo:

Tor, the network used specifically for privacy and anonymity, just warned users of an attack meant to deanonymize people on the service. Anyone who used Tor from February 2014 through this July 4 can assume they were impacted.

Who’s behind the attacks? It appears researchers from Carnegie Mellon. Via The Verge:

The Tor team suspects the CERT division of Carnegie Mellon University’s Software Engineering Institute (SEI). Earlier this month, CERT abruptly canceled a Black Hat conference talk called “You Don’t Have to be the NSA to Break Tor: Deanonymizing Users on a Budget.” The NSA has famously attempted to break Tor, to limited success.

So what’s the big deal?: If it was the team from CERT, consider the attack a proof of concept. If they can get in, so to can more malicious actors. According to The Guardian, the CERT talk at the Black Hat conference would explain “how anyone with $3,000 could de-anonymise users of Tor.”

Somewhat related: US Government increases funding for Tor, via The Guardian.

Tor, the internet anonymiser, received more than $1.8m in funding from the US government in 2013, even while the NSA was reportedly trying to destroy the network.

According to the Tor Project’s latest annual financial statements, the organisation received $1,822,907 from the US government in 2013. The bulk of that came in the form of “pass-through” grants, money which ultimately comes from the US government distributed through some independent third-party.

Sorta Somewhat Related, Tinfoil Hat Edition: Back in January, Reuters reported that the NSA funneled $10 million to RSA, a computer security firm whose encryption tools are an industry standard. The Reuters report indicates that the funding helped ensure that a less secure encryption system was used as the default setting in an RSA “software tool called Bsafe that is used to enhance security in personal computers and many other products.”

Surveillance is the business model of the Internet. We build systems that spy on people in exchange for services. Corporations call it marketing.

Bruce Schneier, security technologist, in a presentation at the SOURCE Boston conference.

Via Security Week:

The data economy—the growth of mass data collection and tracking—is changing how power is perceived, Schneier said in his keynote speech. The Internet and technology has changed the impact a group can have on others, where dissidents can use the Internet to amplify their voices and extend their reach. Governments already have a lot of power to begin with, so when they take advantage of technology, their power is magnified, he said.

“That’s how you get weird situations where Syrian dissidents use Facebook to organize, and the government uses Facebook to arrest its citizens,” Schneier said.

Over the past few years, it’s become easier and cheaper to store data and search for the necessary item rather than to sort and delete. Email is a very good example of this shift in behavior. This change, spurred by the popularity of mobile devices and the push to move more data and services to the cloud has also made it easier to track user behavior. When corporations track users for marketing purposes, it seems benign, but the same actions come across as sinister when it’s the government…

…The government didn’t tell anyone they have to carry around a tracking device, but people now carry mobile devices. The government doesn’t require users to notify any agency about their relationships. Users will tell Facebook soon enough, Schneier noted. “Fundamentally, we have reached the golden age of surveillance because we are all being surveilled ubiquitously.”

Somewhat related programming note: Read up on Heartbleed, change your passwords everywhere.

Unless we have an open, neutral internet we can rely on without worrying about what’s happening at the back door, we can’t have open government, good democracy, good healthcare, connected communities and diversity of culture. It’s not naive to think we can have that, but it is naive to think we can just sit back and get it.

On its 25th birthday, Web creator Tim Berners-Lee calls for an online bill of rights. The Guardian, An online Magna Carta: Berners-Lee calls for bill of rights for web.

Via the Web We Want:

March 12 2014 is the World Wide Web’s 25th Birthday. On this day in 1989, Sir Tim Berners-Lee filed the memo that led to the creation of the Web.

To mark this occasion, Berners-Lee and two organisations close to him, the World Wide Web Foundation and the World Wide Web Consortium are inviting everyone, everywhere to wish the Web a happy birthday using #web25. They have also joined forces to create, a site where a selection of global birthday greetings will be displayed and worldwide events to celebrate the anniversary will be publicised.

And back to The Guardian:

Berners-Lee has been an outspoken critic of the American and British spy agencies’ surveillance of citizens following the revelations by National Security Agency whistleblower Edward Snowden. In the light of what has emerged, he said, people were looking for an overhaul of how the security services were managed.

His views also echo across the technology industry, where there is particular anger about the efforts by the NSA and Britain’s GCHQ to undermine encryption and security tools – something many cybersecurity experts say has been counterproductive and undermined everyone’s security.

Principles of privacy, free speech and responsible anonymity would be explored in the Magna Carta scheme. “These issues have crept up on us,” Berners-Lee said. “Our rights are being infringed more and more on every side, and the danger is that we get used to it. So I want to use the 25th anniversary for us all to do that, to take the web back into our own hands and define the web we want for the next 25 years.”

The web constitution proposal should also examine the impact of copyright laws and the cultural-societal issues around the ethics of technology.

As The Guardian notes, “While regional regulation and cultural sensitivities would vary, Berners-Lee said he believed a shared document of principle could provide an international standard for the values of the open web.”

Bonus: Read Berners-Lee’s birthday announcement at where he briefly outlines some challenges and opportunities for the next 25 years.

How to spot the difference between a terrorist and a journalist →

A note to governments from Index on Censorship:

Index on Censorship here. We’ve noticed some you have had trouble telling the difference between terrorists and journalist lately (yes, you too Barack: put the BlackBerry down). So we thought as people with some experience of the journalism thing, we could offer you a few handy tips to refer to the next time you find yourself asking: journalist or terrorist?

Have a look at your suspect. Is he carrying a) a notebook with weird squiggly lines on it, or b) an RPG-7. If the latter, odds on he’s a terrorist. The former? Most likely a journalist. Those squiggly lines are called “shorthand” – it’s what reporters do when they’re writing things down for, er, reporting. It might look a bit like Arabic, but it’s not, and even if it was, that wouldn’t be a good enough reason to lock the guy up.

Still not clear? Let’s move on to the questioning part.

Background: In Egypt, Al Jazeera journalists are on trial for having links to a “terrorist organization”; in England, a court ruled that the detention of Glenn Greenwald’s partner at Heathrow Airport was legal because carrying the Edward Snowden NSA documents is, um, terroristy; in Morocco, a journalist was charged last fall with “inciting terrorism” because he linked to an Al Qaeda video; and in the United States the government admits that journalists could be targeted with counter-terrorism laws as they do their jobs (see here, here, and here for all things depressing). 

We could go on.

How Covert Agents Infiltrate the Internet to Manipulate, Deceive, and Destroy Reputations →

Via Glenn Greenwald / The Intercept:

One of the many pressing stories that remains to be told from the Snowden archive is how western intelligence agencies are attempting to manipulate and control online discourse with extreme tactics of deception and reputation-destruction. It’s time to tell a chunk of that story, complete with the relevant documents…

…Among the core self-identified purposes of [the Joint Threat Research Intelligence Group] are two tactics: (1) to inject all sorts of false material onto the internet in order to destroy the reputation of its targets; and (2) to use social sciences and other techniques to manipulate online discourse and activism to generate outcomes it considers desirable. To see how extremist these programs are, just consider the tactics they boast of using to achieve those ends: “false flag operations” (posting material to the internet and falsely attributing it to someone else), fake victim blog posts (pretending to be a victim of the individual whose reputation they want to destroy), and posting “negative information” on various forums…

The broader point is that, far beyond hacktivists, these surveillance agencies have vested themselves with the power to deliberately ruin people’s reputations and disrupt their online political activity even though they’ve been charged with no crimes, and even though their actions have no conceivable connection to terrorism or even national security threats. As Anonymous expert Gabriella Coleman of McGill University told me, “targeting Anonymous and hacktivists amounts to targeting citizens for expressing their political beliefs, resulting in the stifling of legitimate dissent.” Pointing to this study she published, Professor Coleman vehemently contested the assertion that “there is anything terrorist/violent in their actions.”

Read through for source documents demonstrating how this done.

War on Anonymous: British Spies Attacked Hackers →

NBC News reports that British intelligence engaged in a distributed denial of service (DDoS) attack on Anonymous:

A secret British spy unit created to mount cyber attacks on Britain’s enemies has waged war on the hacktivists of Anonymous and LulzSec, according to documents taken from the National Security Agency by Edward Snowden and obtained by NBC News.

The blunt instrument the spy unit used to target hackers, however, also interrupted the web communications of political dissidents who did not engage in any illegal hacking. It may also have shut down websites with no connection to Anonymous.

According to the documents, a division of Government Communications Headquarters (GCHQ), the British counterpart of the NSA, shut down communications among Anonymous hacktivists by launching a “denial of service” (DDOS) attack – the same technique hackers use to take down bank, retail and government websites – making the British government the first Western government known to have conducted such an attack.

Writing in Wired, McGill University’s Gabriella Coleman says the British government tactics are an extrajudicial danger that affects us all:

Whether you agree with the activities of Anonymous or not — which have included everything from supporting the Arab Spring protests to DDoSing copyright organizations to doxing child pornography site users — the salient point is that democratic governments now seem to be using their very tactics against them.

The key difference, however, is that while those involved in Anonymous can and have faced their day in court for those tactics, the British government has not. When Anonymous engages in lawbreaking, they are always taking a huge risk in doing so. But with unlimited resources and no oversight, organizations like the GCHQ (and theoretically the NSA) can do as they please. And it’s this power differential that makes all the difference

…But here’s the thing: You don’t even need to believe in or support DDoS as a protest tactic to find the latest Snowden revelations troubling. There are clearly defined laws and processes that a democratic government is supposed to follow. Yet here, the British government is apparently throwing out due process and essentially proceeding straight to the punishment — using a method that is considered illegal and punishable by years in prison.

FJP: Read that last line again. So, for example, a hacker fined $183,000 and put on probation for participating in 1 minute of a DDoS attack. And here’s a search across the FBI’s Web site for its prosecutions for DDoS attacks.

NSA, British Intelligence is Tracking You on Angry Birds
Via ProPublica:

When a smartphone user opens Angry Birds, the popular game application, and starts slinging birds at chortling green pigs, spy agencies have plotted how to lurk in the background to snatch data revealing the player’s location, age, sex and other personal information, according to secret British intelligence documents.
In their globe-spanning surveillance for terrorism suspects and other targets, the National Security Agency and its British counterpart have been trying to exploit a basic byproduct of modern telecommunications: With each new generation of mobile phone technology, ever greater amounts of personal data pour onto networks where spies can pick it up.
According to dozens of previously undisclosed classified documents, among the most valuable of those unintended intelligence tools are so-called leaky apps that spew everything from users’ smartphone identification codes to where they have been that day.

Read through for the details.

NSA, British Intelligence is Tracking You on Angry Birds

Via ProPublica:

When a smartphone user opens Angry Birds, the popular game application, and starts slinging birds at chortling green pigs, spy agencies have plotted how to lurk in the background to snatch data revealing the player’s location, age, sex and other personal information, according to secret British intelligence documents.

In their globe-spanning surveillance for terrorism suspects and other targets, the National Security Agency and its British counterpart have been trying to exploit a basic byproduct of modern telecommunications: With each new generation of mobile phone technology, ever greater amounts of personal data pour onto networks where spies can pick it up.

According to dozens of previously undisclosed classified documents, among the most valuable of those unintended intelligence tools are so-called leaky apps that spew everything from users’ smartphone identification codes to where they have been that day.

Read through for the details.

Internet governance is too important to be left just to governments.

— Patricia Lewis, Research Director, International Security at Chatham House to The Guardian. Independent commission to investigate future of internet after NSA revelations.

The choice is not whether to allow the NSA to spy. The choice is between a communications infrastructure that is vulnerable to attack at its core and one that, by default, is intrinsically secure for its users. Every country, including our own, must give intelligence and law-enforcement authorities the means to pursue terrorists and criminals, but we can do so without fundamentally undermining the security that enables commerce, entertainment, personal communication, and other aspects of 21st-century life. We urge the US government to reject society-wide surveillance and the subversion of security technology, to adopt state-of-the-art, privacy-preserving technology, and to ensure that new policies, guided by enunciated principles, support human rights, trustworthy commerce, and technical innovation.

An Open Letter from US Researchers in Cryptography and Information Security.

As TechDirt points out, “One of the things that’s been glaring about all of the investigations and panels and research into these [surveillance] programs is that they almost always leave out actual technologists, and especially leave out security experts. That seems like a big weakness, and now those security researchers are speaking out anyway. At some point, the politicians backing these programs are going to have to realize that almost no one who actually understands this stuff thinks what they’re doing is the right way to go about this.

Guardian journalists could face criminal charges over Edward Snowden leaks →

Via The Telegraph:

Employees of The Guardian newspaper could face criminal charges over their role in publishing secrets leaked by Edward Snowden, Britain’s most senior counter-terrorism officer has signalled.

Cressida Dick, an assistant commissioner at Scotland Yard, confirmed for the first time that detectives were examining whether staff at the newspaper had committed an offence.

She also told MPs that her officers are looking at potential breaches of a specific anti-terrorism law which makes it unlawful to communicate information about British intelligence agents. The offence carries up to 10 years’ imprisonment.

Rationale? Exactly what you’d think: “[L]ast month Sir John Sawers, the MI6 chief, said terrorists were ‘rubbing their hands with glee’ at the Snowden disclosures.”

Dear subscriber, you are registered as a participant in a mass disturbance.

Via Vice:

That’s a text message that thousands of Ukrainian protesters spontaneously received on their cell phones today, as a new law prohibiting public demonstrations went into effect. It was the regime’s police force, sending protesters the perfectly dystopian text message to accompany the newly minted, perfectly dystopian legislation.

Via The New York Times:

The government’s opponents said three recent actions had been intended to incite the more radical protesters and sow doubt in the minds of moderates: the passing of laws last week circumscribing the right of public assembly, the blocking of a protest march past the Parliament building on Sunday and the sending of cellphone messages on Tuesday to people standing in the vicinity of the fighting that said, “Dear subscriber, you are registered as a participant in a mass disturbance.”…

…The phrasing of the message, about participating in a “mass disturbance,” echoed language in a new law making it a crime to participate in a protest deemed violent. The law took effect on Tuesday. And protesters were concerned that the government seemed to be using cutting-edge technology from the advertising industry to pinpoint people for political profiling.

I am Pentagon Papers leaker Daniel Ellsberg. Ask me Anything. →

Ellsberg does a Reddit AMA. Questions he answers include: how do you respond to people who apathetically respond to surveillance saying they’ve got “nothing to hide”? What’s the most effective way to force the government to change its ways of surveillance? Does the president even have power to prevent public surveillance? Can an elected official ever have that power? Plus his thoughts on Snowden and what a nonviolent revolution looks like. Read it.

Look Up, Wave, Say Hello

Via Nature

Imagine using Google Earth or other online mapping tools to zoom in on high-resolution satellite images of the planet taken just hours or days ago. Navigating backwards and forwards in time, one could track changes in everything from crops, forests and wildlife movement to urban sprawl and natural disasters, all with unrivalled temporal precision.

San Francisco-based Planet Labs, founded in 2010 by three former NASA scientists, is scheduled to launch 28 of its ‘Doves’ on 8 January. Each toaster-sized device weighs about 5 kilograms and can take images at a resolution of 3–5 metres.This is the vision of two Californian start-up companies that are set to launch swarms of small imaging satellites, which, by virtue of their sheer numbers, will be able to revisit and photograph huge swathes of the planet as often as several times each day — a frequency much higher than that achieved by current Earth-observing satellites.

At Skybox Imaging in nearby Palo Alto, plans are afoot for a swarm of 24 satellites, each weighing about 100 kilograms, which will take images of 1 metre resolution or better. Skybox launched its first satellite on 21 November and plans to launch another this year, followed by the remainder between 2015 and 2017.

In a first — at least for civilian satellites — Skybox’s devices will also stream short segments of near-live high-resolution video footage of the planet. So, too, will UrtheCast, a start-up based in Vancouver, Canada, whose cameras will hitch a ride on the International Space Station (see ‘Earth goes under video surveillance’).

FJP: So, “statellite swarms” is now part of our working vocabulary.

Stills from Skybox can be viewed here. The level of detail is startling.

Seven months ago, the world began to learn the vast scope of the National Security Agency’s reach into the lives of hundreds of millions of people in the United States and around the globe, as it collects information about their phone calls, their email messages, their friends and contacts, how they spend their days and where they spend their nights. The public learned in great detail how the agency has exceeded its mandate and abused its authority, prompting outrage at kitchen tables and at the desks of Congress, which may finally begin to limit these practices…

…All of this is entirely because of information provided to journalists by Edward Snowden, the former N.S.A. contractor who stole a trove of highly classified documents after he became disillusioned with the agency’s voraciousness. Mr. Snowden is now living in Russia, on the run from American charges of espionage and theft, and he faces the prospect of spending the rest of his life looking over his shoulder.

Considering the enormous value of the information he has revealed, and the abuses he has exposed, Mr. Snowden deserves better than a life of permanent exile, fear and flight. He may have committed a crime to do so, but he has done his country a great service. It is time for the United States to offer Mr. Snowden a plea bargain or some form of clemency that would allow him to return home, face at least substantially reduced punishment in light of his role as a whistle-blower, and have the hope of a life advocating for greater privacy and far stronger oversight of the runaway intelligence community…

When someone reveals that government officials have routinely and deliberately broken the law, that person should not face life in prison at the hands of the same government.

New York Times Editorial. Edward Snowden, Whistle-Blower.

FJP: First, good on The New York Times.

Second, as the Times points out, Snowden’s been charged with two violations of the Espionage Act “involving unauthorized communication of classified information, and a charge of theft of government property.”

While the editorial suggests Snowden should receive clemency or, at the very least, a reduced sentence compared to the decades he faces under the current charges, take a look at the Freedom of the Press Foundation’s analysis of what Snowden would be able to present in his defense should he wind up in court. Basically, nothing:

If Edward Snowden comes back to the US to face trial, he likely will not be able to tell a jury why he did what he did, and what happened because of his actions. Contrary to common sense, there is no public interest exception to the Espionage Act. Prosecutors in recent cases have convinced courts that the intent of the leaker, the value of leaks to the public, and the lack of harm caused by the leaks are irrelevant—and are therefore inadmissible in court…

…[I]n Snowden’s case, the administration will be able to exclude almost all knowledge beneficial to his case from a jury until he’s already been found guilty of felonies that will have him facing decades, if not life, in jail.

This would mean Snowden could not be able to tell the jury that his intent was to inform the American public about the government’s secret interpretations of laws used to justify spying on millions of citizens without their knowledge, as opposed to selling secrets to hostile countries for their advantage.

If the prosecution had their way, Snowden would also not be able to explain to a jury that his leaks sparked more than two dozen bills in Congress, and half a dozen lawsuits, all designed to rein in unconstitutional surveillance. He wouldn’t be allowed to explain how his leaks caught an official lying to Congress, that they’ve led to a White House review panel recommending forty-six reforms for US intelligence agencies, or that they’ve led to an unprecedented review of government secrecy.

Chilling, and worthwhile to keep in mind when people say he should return from Russia and make his case to court.