Posts tagged with ‘surveillance’
Tor, the network used specifically for privacy and anonymity, just warned users of an attack meant to deanonymize people on the service. Anyone who used Tor from February 2014 through this July 4 can assume they were impacted.
Who’s behind the attacks? It appears researchers from Carnegie Mellon. Via The Verge:
The Tor team suspects the CERT division of Carnegie Mellon University’s Software Engineering Institute (SEI). Earlier this month, CERT abruptly canceled a Black Hat conference talk called “You Don’t Have to be the NSA to Break Tor: Deanonymizing Users on a Budget.” The NSA has famously attempted to break Tor, to limited success.
So what’s the big deal?: If it was the team from CERT, consider the attack a proof of concept. If they can get in, so to can more malicious actors. According to The Guardian, the CERT talk at the Black Hat conference would explain “how anyone with $3,000 could de-anonymise users of Tor.”
Somewhat related: US Government increases funding for Tor, via The Guardian.
Tor, the internet anonymiser, received more than $1.8m in funding from the US government in 2013, even while the NSA was reportedly trying to destroy the network.
According to the Tor Project’s latest annual financial statements, the organisation received $1,822,907 from the US government in 2013. The bulk of that came in the form of “pass-through” grants, money which ultimately comes from the US government distributed through some independent third-party.
Sorta Somewhat Related, Tinfoil Hat Edition: Back in January, Reuters reported that the NSA funneled $10 million to RSA, a computer security firm whose encryption tools are an industry standard. The Reuters report indicates that the funding helped ensure that a less secure encryption system was used as the default setting in an RSA “software tool called Bsafe that is used to enhance security in personal computers and many other products.”
Bruce Schneier, security technologist, in a presentation at the SOURCE Boston conference.
Via Security Week:
The data economy—the growth of mass data collection and tracking—is changing how power is perceived, Schneier said in his keynote speech. The Internet and technology has changed the impact a group can have on others, where dissidents can use the Internet to amplify their voices and extend their reach. Governments already have a lot of power to begin with, so when they take advantage of technology, their power is magnified, he said.
“That’s how you get weird situations where Syrian dissidents use Facebook to organize, and the government uses Facebook to arrest its citizens,” Schneier said.
Over the past few years, it’s become easier and cheaper to store data and search for the necessary item rather than to sort and delete. Email is a very good example of this shift in behavior. This change, spurred by the popularity of mobile devices and the push to move more data and services to the cloud has also made it easier to track user behavior. When corporations track users for marketing purposes, it seems benign, but the same actions come across as sinister when it’s the government…
…The government didn’t tell anyone they have to carry around a tracking device, but people now carry mobile devices. The government doesn’t require users to notify any agency about their relationships. Users will tell Facebook soon enough, Schneier noted. “Fundamentally, we have reached the golden age of surveillance because we are all being surveilled ubiquitously.”
Somewhat related programming note: Read up on Heartbleed, change your passwords everywhere.
On its 25th birthday, Web creator Tim Berners-Lee calls for an online bill of rights. The Guardian, An online Magna Carta: Berners-Lee calls for bill of rights for web.
Via the Web We Want:
March 12 2014 is the World Wide Web’s 25th Birthday. On this day in 1989, Sir Tim Berners-Lee filed the memo that led to the creation of the Web.
To mark this occasion, Berners-Lee and two organisations close to him, the World Wide Web Foundation and the World Wide Web Consortium are inviting everyone, everywhere to wish the Web a happy birthday using #web25. They have also joined forces to create webat25.org, a site where a selection of global birthday greetings will be displayed and worldwide events to celebrate the anniversary will be publicised.
And back to The Guardian:
Berners-Lee has been an outspoken critic of the American and British spy agencies’ surveillance of citizens following the revelations by National Security Agency whistleblower Edward Snowden. In the light of what has emerged, he said, people were looking for an overhaul of how the security services were managed.
His views also echo across the technology industry, where there is particular anger about the efforts by the NSA and Britain’s GCHQ to undermine encryption and security tools – something many cybersecurity experts say has been counterproductive and undermined everyone’s security.
Principles of privacy, free speech and responsible anonymity would be explored in the Magna Carta scheme. “These issues have crept up on us,” Berners-Lee said. “Our rights are being infringed more and more on every side, and the danger is that we get used to it. So I want to use the 25th anniversary for us all to do that, to take the web back into our own hands and define the web we want for the next 25 years.”
The web constitution proposal should also examine the impact of copyright laws and the cultural-societal issues around the ethics of technology.
As The Guardian notes, “While regional regulation and cultural sensitivities would vary, Berners-Lee said he believed a shared document of principle could provide an international standard for the values of the open web.”
Bonus: Read Berners-Lee’s birthday announcement at WebAt25.org where he briefly outlines some challenges and opportunities for the next 25 years.
A note to governments from Index on Censorship:
Index on Censorship here. We’ve noticed some you have had trouble telling the difference between terrorists and journalist lately (yes, you too Barack: put the BlackBerry down). So we thought as people with some experience of the journalism thing, we could offer you a few handy tips to refer to the next time you find yourself asking: journalist or terrorist?
Have a look at your suspect. Is he carrying a) a notebook with weird squiggly lines on it, or b) an RPG-7. If the latter, odds on he’s a terrorist. The former? Most likely a journalist. Those squiggly lines are called “shorthand” – it’s what reporters do when they’re writing things down for, er, reporting. It might look a bit like Arabic, but it’s not, and even if it was, that wouldn’t be a good enough reason to lock the guy up.
Still not clear? Let’s move on to the questioning part.
Background: In Egypt, Al Jazeera journalists are on trial for having links to a “terrorist organization”; in England, a court ruled that the detention of Glenn Greenwald’s partner at Heathrow Airport was legal because carrying the Edward Snowden NSA documents is, um, terroristy; in Morocco, a journalist was charged last fall with “inciting terrorism” because he linked to an Al Qaeda video; and in the United States the government admits that journalists could be targeted with counter-terrorism laws as they do their jobs (see here, here, and here for all things depressing).
One of the many pressing stories that remains to be told from the Snowden archive is how western intelligence agencies are attempting to manipulate and control online discourse with extreme tactics of deception and reputation-destruction. It’s time to tell a chunk of that story, complete with the relevant documents…
…Among the core self-identified purposes of [the Joint Threat Research Intelligence Group] are two tactics: (1) to inject all sorts of false material onto the internet in order to destroy the reputation of its targets; and (2) to use social sciences and other techniques to manipulate online discourse and activism to generate outcomes it considers desirable. To see how extremist these programs are, just consider the tactics they boast of using to achieve those ends: “false flag operations” (posting material to the internet and falsely attributing it to someone else), fake victim blog posts (pretending to be a victim of the individual whose reputation they want to destroy), and posting “negative information” on various forums…
The broader point is that, far beyond hacktivists, these surveillance agencies have vested themselves with the power to deliberately ruin people’s reputations and disrupt their online political activity even though they’ve been charged with no crimes, and even though their actions have no conceivable connection to terrorism or even national security threats. As Anonymous expert Gabriella Coleman of McGill University told me, “targeting Anonymous and hacktivists amounts to targeting citizens for expressing their political beliefs, resulting in the stifling of legitimate dissent.” Pointing to this study she published, Professor Coleman vehemently contested the assertion that “there is anything terrorist/violent in their actions.”
Read through for source documents demonstrating how this done.
NBC News reports that British intelligence engaged in a distributed denial of service (DDoS) attack on Anonymous:
A secret British spy unit created to mount cyber attacks on Britain’s enemies has waged war on the hacktivists of Anonymous and LulzSec, according to documents taken from the National Security Agency by Edward Snowden and obtained by NBC News.
The blunt instrument the spy unit used to target hackers, however, also interrupted the web communications of political dissidents who did not engage in any illegal hacking. It may also have shut down websites with no connection to Anonymous.
According to the documents, a division of Government Communications Headquarters (GCHQ), the British counterpart of the NSA, shut down communications among Anonymous hacktivists by launching a “denial of service” (DDOS) attack – the same technique hackers use to take down bank, retail and government websites – making the British government the first Western government known to have conducted such an attack.
Writing in Wired, McGill University’s Gabriella Coleman says the British government tactics are an extrajudicial danger that affects us all:
Whether you agree with the activities of Anonymous or not — which have included everything from supporting the Arab Spring protests to DDoSing copyright organizations to doxing child pornography site users — the salient point is that democratic governments now seem to be using their very tactics against them.The key difference, however, is that while those involved in Anonymous can and have faced their day in court for those tactics, the British government has not. When Anonymous engages in lawbreaking, they are always taking a huge risk in doing so. But with unlimited resources and no oversight, organizations like the GCHQ (and theoretically the NSA) can do as they please. And it’s this power differential that makes all the difference…
…But here’s the thing: You don’t even need to believe in or support DDoS as a protest tactic to find the latest Snowden revelations troubling. There are clearly defined laws and processes that a democratic government is supposed to follow. Yet here, the British government is apparently throwing out due process and essentially proceeding straight to the punishment — using a method that is considered illegal and punishable by years in prison.
FJP: Read that last line again. So, for example, a hacker fined $183,000 and put on probation for participating in 1 minute of a DDoS attack. And here’s a search across the FBI’s Web site for its prosecutions for DDoS attacks.
— Patricia Lewis, Research Director, International Security at Chatham House to The Guardian. Independent commission to investigate future of internet after NSA revelations.
As TechDirt points out, “One of the things that’s been glaring about all of the investigations and panels and research into these [surveillance] programs is that they almost always leave out actual technologists, and especially leave out security experts. That seems like a big weakness, and now those security researchers are speaking out anyway. At some point, the politicians backing these programs are going to have to realize that almost no one who actually understands this stuff thinks what they’re doing is the right way to go about this.
Via The Telegraph:
Employees of The Guardian newspaper could face criminal charges over their role in publishing secrets leaked by Edward Snowden, Britain’s most senior counter-terrorism officer has signalled.
Cressida Dick, an assistant commissioner at Scotland Yard, confirmed for the first time that detectives were examining whether staff at the newspaper had committed an offence.
She also told MPs that her officers are looking at potential breaches of a specific anti-terrorism law which makes it unlawful to communicate information about British intelligence agents. The offence carries up to 10 years’ imprisonment.
Rationale? Exactly what you’d think: “[L]ast month Sir John Sawers, the MI6 chief, said terrorists were ‘rubbing their hands with glee’ at the Snowden disclosures.”
That’s a text message that thousands of Ukrainian protesters spontaneously received on their cell phones today, as a new law prohibiting public demonstrations went into effect. It was the regime’s police force, sending protesters the perfectly dystopian text message to accompany the newly minted, perfectly dystopian legislation.
Via The New York Times:
The government’s opponents said three recent actions had been intended to incite the more radical protesters and sow doubt in the minds of moderates: the passing of laws last week circumscribing the right of public assembly, the blocking of a protest march past the Parliament building on Sunday and the sending of cellphone messages on Tuesday to people standing in the vicinity of the fighting that said, “Dear subscriber, you are registered as a participant in a mass disturbance.”…
…The phrasing of the message, about participating in a “mass disturbance,” echoed language in a new law making it a crime to participate in a protest deemed violent. The law took effect on Tuesday. And protesters were concerned that the government seemed to be using cutting-edge technology from the advertising industry to pinpoint people for political profiling.