Sun4.jpg (8555 bytes)

NLPWESSEX, natural law publishing

nlpwessex.org

"I don't think in the last two or three hundred years we've faced such a concatenation
of  problems all at the same time.... If we are to solve the issues that are ahead of us,

we are going to need to think in completely different ways."

 Paddy Ashdown, High Representative for Bosnia and Herzegovina 2002 -2006

BBC Radio 4, 'Start The Week', 30 April 2007
SURVEILLANCE SOCIETY NEWS
www.nlpwessex.org/docs/surveillancesocietynews.htm

Resources

News - News - News
**
To Go Direct To Current Surveillance Society News Reports - Click Here **

Home

Surveillance Society News Reports

Current

2016

2015

2014

2013

2012

2011

2010

2009

2008 & Earlier

Introduction
'Surveillance & The Corrosion Of Democracy'

"Fears that the United States, Britain and other English-speaking countries are using a cold-war eavesdropping network to gain a commercial edge roused passions across Europe today, even after Washington and London roundly denied the notion. The subject kept the European Parliament in Brussels entranced for hours and drew banner headlines across the continent. One political cartoon showed Britain in bed with the United States, despite Britain's membership in the European Union. The hubbub grew from a report prepared for the European Parliament that found that communications intercepted by a network called Echelon twice helped American companies gain an advantage over Europeans. "
An Electronic Spy Scare Is Alarming Europe
New York Times, 24 February 2000

"Everywhere in the world, every day, people's phone calls, emails and faxes are monitored by Echelon, a secret government surveillance network. No, it's not fiction straight out of George Orwell's 1984. It's reality, says former spy Mike Frost in an interview broadcast on 60 Minutes on Sunday, Feb. 27. 'It's not the world of fiction. That's the way it works. I've been there,' Frost tells CBS News 60 Minutes Correspondent Steve Kroft. 'I was trained by you guys,' says the former Canadian intelligence agent, referring to the United States' National Security Agency.  The NSA runs Echelon with Canada, Britain, Australia and New Zealand as a series of listening posts around the world that eavesdrop on terrorists, drug lords and hostile foreign governments.  But to find out what the bad guys are up to, all electronic communications, including those of the good guys, must be captured and analyzed for key words by super computers. That is a fact that makes Frost uncomfortable, even though he believes the world needs intelligence gathering capabilities like Echelon. 'My concern is no accountability and nothing, no safety net in place for the innocent people who fall through the cracks,' he tells Kroft... Democracies usually have laws against spying on citizens. But Frost says Echelon members could ask another member to spy for them in an end run around those laws.  For example, Frost tells Kroft that his Canadian intelligence boss spied on British government officials for Prime Minister Margaret Thatcher. '(Thatcher) had two ministers that she said, quote, 'they weren't on side,' unquote...So my boss...went to McDonald House in London and did intercept traffic from these two ministers,' claims Frost.  'The British Parliament now have total deniability. They didn't do anything. We did it for them.'   America politicians may also have been eavesdropped on, says Margaret Newsham, a woman who worked at Menwith Hill in England, the NSA's largest spy station. She says she was shocked to hear the voice of U.S. Sen. Strom Thurmond (R.-S.C.) on a surveillance headset about 20 years ago. 'To my knowledge, all (the intercepted voices)...would be...Russian, Chinese... foreign,' she tells Kroft. The exposing of such possible abuses of Echelon will surely add to the growing firestorm in Europe over the system. On Feb. 23, the European Parliament issued a report accusing the U.S. of using Echelon for commercial spying on two separate occasions, to help American companies win lucrative contracts over European competitors. The U.S. State Department denies such spying took place and will not even acknowledge the existence of the top secret Echelon project. Rep. Porter Goss (R.-Fla), chairman of the House Intelligence Committee, which has oversight of the NSA, does acknowledge that the U.S. has the capability to pick up any phone call, and that even his own conversations could have been monitored."
Ex-Snoop Confirms Echelon Network
CBS News (60 Minutes), 24 February 2000

More About Echelon
  • Watch CBS documentary on Echelon.
  • The ACLU has an extensive site about Echelon. Click here for Echelonwatch.
  • The New York Times covered the hubbub at the European Parliament. Click here for the Feb. 24 2000 story.
  • The Bulletin of Atomic Scientists has more about Echelon. Click here to see its report.


"There is a huge difference between legal programs, legitimate spying, legitimate law enforcement - where individuals are targeted based on a reasonable, individualized suspicion - and these programs of dragnet mass surveillance that put entire populations under an all-seeing eye and save copies forever. These programs were never about terrorism: they’re about economic spying, social control, and diplomatic manipulation. They’re about power."
Snowden’s open letter to Brazil: Read the text
Washington Post, 17 December 2015

"The head of MI6 has said the information revolution represents both an "existential threat and a golden opportunity". In rare public comments Alex Younger, who took over as Chief of the Secret Intelligence Service in 2014, said it had fundamentally changed the operating environment for the intelligence community.... Intelligence officials also warned the "internet of things" would bring new threats. Chris Inglis, former deputy director of the US National Security Agency, said people should "just say no" to having household appliances hooked up to the internet."
MI6 chief says information revolution is 'existential threat and golden opportunity'
Telegraph, 20 September 2016

"The majority of the UK cabinet were never told the security services had been secretly harvesting data from the phone calls, texts and emails of a huge number of British citizens since 2005, Nick Clegg has disclosed. Clegg says he was informed of the practice by a senior Whitehall official soon after becoming David Cameron’s deputy in 2010, but that“only a tiny handful” of cabinet ministers were also told – likely to include the home secretary, the foreign secretary and chancellor. He said he was astonished to learn of the capability and asked for its necessity to be reviewed. The former deputy prime minister’s revelation in the Guardian again raises concerns about the extent to which the security services felt they were entitled to use broadly drawn legislative powers to carry out intrusive surveillance and keep this information from democratically elected politicians. The government finally admitted on Wednesday that the mass surveillance of British citizens began in 2001 after 9/11 and was stepped up in 2005, using powers under national security directions largely hidden in the 1984 Telecommunications Act. It is not known if government law officers sanctioned the use of the act in this way, but it appears the intelligence and security committee responsible for parliamentary oversight was not informed, adding to the impression of a so-called deep state operating outside the scrutiny of parliament."
Only 'tiny handful' of ministers knew of mass surveillance, Clegg reveals
Guardian, 5 November 2015

"British spooks intercepted emails from US and UK media organisations and rated ‘investigative journalists’ alongside terrorists and hackers as potential security threats, secret documents reveal. Internal advice circulated by intelligence chiefs at the Government spy centre GCHQ claims ‘journalists and reporters representing all types of news media represent a potential threat to security’. Intelligence documents leaked by the fugitive US whistleblower Edward Snowden also show that British security officers scooped up 70,000 emails in just 10 minutes during one interception exercise in 2008. "
British spooks tapped emails from UK and US media
Mail, 19 January 2015

"Given that spies can routinely break through just about any security software, virtually all Internet users are at risk of a data attack.... Intelligence agencies have adopted 'plausible deniability' as their guiding principle for Internet operations. To ensure their ability to do so, they seek to make it impossible to trace the author of the attack. It's a stunning approach with which the digital spies deliberately undermine the very foundations of the rule of law around the globe. This approach threatens to transform the Internet into a lawless zone in which superpowers and their secret services operate according to their own whims with very few ways to hold them accountable for their actions."
The Digital Arms Race: NSA Preps America for Future Battle
Der Speigel, 17 January 2015

"Even if you power off your cell phone, the U.S. government can turn it back on. That's what ex-spy Edward Snowden revealed in last week's interview with NBC's Brian Williams. "
How the NSA can 'turn on' your phone remotely
CNN, 6 June 2014

"The head of the FBI says he understands why people worry about the scope of the government's powers, and in fact, he agrees with them. 'I believe people should be suspicious of government power. I am,' Director James Comey told the Senate Judiciary Committee on Wednesday morning. 'I think this country was founded by people who were worried about government power so they divided it among three branches,' he added. ...Comey assumed his top post shortly after the Snowden revelations came to light last summer. "
FBI chief: ‘Be suspicious’ of government power
The Hill, 21 May 2014

"When it comes to communication [former US President Jimmy] Carter is evidently a man of his generation, shunning electronic devices for snail mail. He told [satirist Stephen] Colbert that he had recently written a letter to Pope Francis.... and steers clear of e-mail for fear of being monitored by the National Security Agency. The suggestion caused something of a stir in America and prompted a swift denial from the intelligence agency's director. Carter is yet to be convinced, noting that regulations controlling the Government's scope to spy on private communications had been significantly relaxed since he passed them. 'They are not monitoring me now but they record every message that you transmit in America - and probably in Great Britain as well - and later if they want to monitor that message they can do so,' he says."
Did the other presidents call?
London Times, Times2 Section, 9 April 2014, Print Edition, P6

".... in reality NSA has been collecting word for word 'content' of the American citizens. So that is something the NSA is lying about. And they've lied about the abuses in the past. NSA has targeted congress, they've targeted the Supreme Court. They've targeted top level generals and admirals. They've targeted the press and the media. And a whole bunch of other folks: lawyers and law firms. This was between 2002 and 2005 which I was witness to when I held that sort of information in my hand. NSA is not talking about that either.... The meat of the issue is the network to do this is still intact. So the capability exists. Even if you believe this President is the most benevolent in the world, what about the next President, and the one after that and the one after that, and the potential for abuse with future Presidents? When this system, this monster that we've set up, still exists, anyone down the line can use that monster to basically turn our country into a totalitarian police state. I mean 'all the way' police state. So in my opinion we have to kill this baby in the cradle right now. That means unplug all these nodes around the country and say we will not go after domestic communications, except when we have a warrant ... [against an] individual because we have 'probable cause' they've committed a crime.... Like Ben Franklin [one of the 'founding fathers' of the United States] said, if you're going to give up your freedom and liberty for security you deserve neither .... When I made my oath [of office] it was to make sure I protected the constitution of the United States 'against enemies both foreign and domestic'.... The agency I worked for [the NSA] is now an domestic enemy of our constitution. And it's just a horrific thing that's happened. It has to stop."
Russ Tice, former NSA official and whistleblower
(Interview following speech by President Barack Obama's on NSA 'reform')
NSA whistleblower: Obama reforms won't cage 'this monster'
Reuters, 17 January 2014

"A US official has acknowledged that the NSA likely scoops up data on congressional telephone communications but stopped short of saying whether such action extended to calls made by President Barack Obama. The tense exchange occurred on Tuesday during a hearing on the status of the administration's reforms of the bulk data collection programme exposed last year by former National Security Agency contractor Edward Snowden. "
NSA 'probably' collects US Congress telephone call data, official admits
Agence France Presse, 6 February 2014

"MacAskill asked Snowden, almost as an afterthought, whether there was a UK role in this mass data collection. It didn't seem likely to him. MacAskill knew that GCHQ had a longstanding intelligence-sharing relationship with the US, but he was taken aback by Snowden's vehement response. 'GCHQ is worse than the NSA,' Snowden said. 'It's even more intrusive.'.'"
How Edward Snowden went from loyal NSA contractor to whistleblower
Guardian, 1 February 2014

"The power to secretly create government propaganda is among the many hacking tools revealed in the latest batch of Edward Snowden documents. British spies can manipulate online polls -- or trick the world into thinking a video or web page is going viral.  A collection of hacking tools -- some of which are specifically suited to spreading disinformation -- were exposed in a leaked 2012 document provided by Snowden to The Intercept. "
Secret propaganda: British spies can manipulate polls
CNN, 15 July 2014

"GCHQ, Britain’s electronic spying agency, intercepted and stored images of 1.8m Yahoo users taken from their personal webcams even though most of them were not suspected of wrongdoing, documents leaked by the whistleblower Edward Snowden show. A secret programme called 'Optic Nerve', run in conjunction with the US National Security Agency, recorded millions of webcam images from ordinary internet users as many as one in 10 of them sexually explicit 'in bulk', the UK’s Guardian newspaper reported on Thursday. 'Optic Nerve' tapped into Yahoo users’ accounts and took still images from their computer webcams every five minutes. Yahoo reacted angrily to the revelations, denying all knowledge. A spokesperson for the company said the covert surveillance programme represented 'a whole new level of violation of our users’ privacy'. "
Leaks show GCHQ captured ordinary internet users’ webcam images
Financial Times, 27 February 2014

'The Death Pangs Of Democracy'

"Former U.S. president Jimmy Carter is so concerned about the NSA spying scandal that he thinks it has essentially resulted in a suspension of American democracy. 'America does not at the moment have a functioning democracy,' he said at an event in Atlanta on Tuesday sponsored by the Atlantik Bruecke, a private nonprofit association working to further the German-U.S. relationship. The association's name is German for 'Atlantic bridge.' Carter’s remarks didn't appear in the American mainstream press but were reported from Atlanta by the German newsmagazine Der Spiegel, whose Washington correspondent Gregor Peter Schmitz said on Twitter he was present at the event. The story doesn't appear in the English-language section of the Spiegel website and is only available in German."
NSA Controversy: Jimmy Carter Says U.S. 'Has No Functioning Democracy'
International Business Times, 18 July 2013

"Brazil's president, Dilma Rousseff, has launched a blistering attack on US espionage at the UN general assembly.....She was imprisoned and tortured for her role in a guerilla movement opposed to Brazil's military dictatorship in the 1970s. 'In the absence of the right to privacy, there can be no true freedom of expression and opinion, and therefore no effective democracy. In the absence of the respect for sovereignty, there is no basis for the relationship among nations.'"
Brazilian president: US surveillance a 'breach of international law'
Guardian, 24 September 2013

In The Pre-Digital Age

"MI5 used hidden electronic surveillance equipment to secretly monitor 10 Downing Street, the Cabinet and at least five Prime Ministers... The extraordinary disclosure comes despite a succession of parliamentary statements that no such bugging ever took place. And it follows a behind-the-scenes row in which senior Whitehall civil servants – backed by Prime Minister Gordon Brown – attempted to suppress the revelation..... top-secret files held by the Security Service show it installed electronic listening devices in three highly sensitive areas of No10 – the Cabinet Room, the Waiting Room and the Prime Minister’s study. It means that for nearly 15 years, all Cabinet meetings, the offices of senior officials and all visitors to the Prime Minister – including foreign leaders – were being bugged. The disclosure is highly shocking in its own right but it will also bring genuine concerns as to why the Cabinet Office still wants to suppress it. Comments from MI5 chief Jonathan Evans suggest that the attempted block was not done on grounds of national security but for wider public interest reasons.This must raise the possibility that the bugging was carried out for political purposes and officials do not want to admit it went on in the past because similar operations are continuing today.... the eavesdropping devices that were first installed in Downing Street in July 1963 at the request of the then Prime Minister, Harold Macmillan. It is unclear why Macmillan made the extraordinary request...  In all, the equipment monitored the most sensitive areas of Downing Street for around 15 years. It was finally removed on the orders of James Callaghan in about 1977, the year after he took office. The files do not make it clear whether Prime Ministers Heath and Wilson knew there were surveillance devices in No10.... After Wilson stepped down, he co-operated with a book suggesting there had been a plot by Right-wing intelligence officers to undermine him. The claim was later supported by former senior MI5 officer Peter Wright in his banned Spycatcher memoir. It also prompted Callaghan, Wilson’s successor, to launch an investigation into the allegations. The MI5 files indicate that it was Callaghan who finally ordered the surveillance devices to be removed from Downing Street. Despite this, Callaghan made a statement to the House of Commons denying that No10 had ever been bugged."
How MI5 bugged 10 Downing Street, the Cabinet and at least five Prime Ministers for 15 YEARS
Mail On Sunday, 18 April 2010

"When Harold Macmillan called in MI5 in 1963 and asked it to bug his office, he thought the whole world was coming apart.... Macmillan felt he could not trust anybody – but turned for counsel to Dick White, director-general of foreign intelligence service MI6. It is possible that White suggested installing the listening devices in No10 as some kind of insurance policy..... The level of official paranoia at the time cannot be underestimated. But it is the revelation that the bugs were still in place in Downing Street during Harold Wilson’s two administrations, between 1964 and 1970 and 1974 to 1976, which is the most startling. Wilson believed that elements of the Establishment and members of MI5 and MI6 were plotting against him.... Now, despite countless official denials, it appears that Wilson – whose claims that he was under surveillance are often dismissed as the ramblings of an ill and paranoid man – was right."
Stephen Dorril, author of 'MI6 – Fifty Years of Special Operations'
So was Wilson right to be ‘paranoid’ about being spied on?
Mail On Sunday, 18 April 2010

"Paul Scott, the late syndicated columnist, was so paranoid about the CIA wiretapping his Prince George’s County home in the 1960s that he’d make important calls from his neighbor’s house. His teenage son Jim Scott figured his dad was either a shrewd reporter or totally nuts. Not until nearly 45 years later did the son learn that his father’s worries were justified. The insight came in 2007 when the CIA declassified a trove of documents popularly called 'the family jewels.' The papers detailed the agency’s unlawful activities from long ago, including wiretapping the Scott home in District Heights. The operation even had a code name: 'Project Mockingbird.' Jim was floored: The CIA really did eavesdrop on Dad. Now Jim, 64, a retired Navy public relations officer who lives in Anne Arundel County, is waging an operation of his own against the agency. For the past five years, he has sought to declassify and make public any documents Langley might still have on his father and why he was wiretapped..... Between March 12, 1963, and June 15, 1963, phone bugs were installed at the Allen and Scott homes and their Capitol Hill office. But this was no rogue operation: CIA Director John McCone approved the operation 'under pressure,' the documents said, from Attorney General Robert F. Kennedy. And Kennedy planned it with Robert McNamara, the defense secretary and Vietnam War architect. The wiretap identified many of the reporting team’s sources: a dozen senators; six congressmen; 11 congressional staffers; 16 'government employees,' including a staff member at the White House and some at the vice president’s office; and 'other well-placed individuals,' the documents said. "
Long-ago wiretap inspires a battle with the CIA for more information
Washington Post, 3 March 2013

So What's It Like Now?

"The House of Commons office of Damian Green, the Tories' immigration spokesman, is routinely swept for electronic bugging devices, along with other offices belonging to senior Conservatives, amid fears of covert monitoring, The Independent on Sunday has discovered. Anger surrounding the shadow immigration minister's arrest last week escalated dramatically last night over suspicions of a major bugging scandal inside the Palace of Westminster. The IoS understands that even before his surprise arrest on Thursday Mr Green was aware that his Commons office, phone calls and emails could be under surveillance because of the sensitive nature of his job. The fresh revelations rocked the Commons just days before the high point of the parliamentary calendar, the Queen's Speech, which takes place on Wednesday. Tory leader David Cameron last night said the Prime Minister must denounce the arrest of Mr Green or risk charges of hypocrisy because he 'made his career' from Whitehall leaks. Writing in the News of the World, Mr Cameron added: 'If this approach had been in place in the 1990s, then Gordon Brown would have spent most of his time under arrest.' Several offices within the Commons and Portcullis House belonging to senior Tory MPs and officials are checked regularly by security experts for listening devices and other surveillance equipment. The IoS has learnt that there are 'major concerns' at the highest levels of the Tory party over suspected monitoring by the authorities. Any such monitoring may not be illegal but would be hugely controversial. Last night, a Conservative MP wrote to Gordon Brown demanding an urgent review of the Wilson doctrine, the convention that protects MPs from phonetapping but does not cover other surveillance techniques. It is not known whether a covert device has ever been found during searches. But if the suspicions are proved right, it would have major implications for the protection of parliamentary privilege. Ben Wallace, the Conservative MP for Lancaster & Wyre, said the Wilson doctrine, which dates back to 1966, needed to be changed to cover all forms of surveillance, not just intercepting of calls. He said: 'It is disturbing that the authorities may have exploited the difference between surveillance and intercept in order to pursue Members of Parliament over the past 10 years.'"
Bugging scandal inside the Commons
Independent On Sunday, 30 November 2008

The Arrival Of 'Turnkey Totalitarianism'

"People think, well, yeah, I use Facebook, and maybe the FBI if they made a request, could come and get it, and everyone is much more aware of that because of [former CIA Director] Petraeus. But that’s not the problem. The problem is that all the time nearly everything people do on the internet is permanently recorded, every web search. Do you know what you were thinking one year, two days, three months ago? No, you don’t know, but Google knows, it remembers.... You know, the Stasi had a 10 per cent penetration of East German society, with up to 1 in 10 people being informants at some time in their life. Now in countries that have the highest internet penetration, like Iceland, more than 80 per cent of people are on Facebook, informing about their friends. That information doesn’t [simply] go nowhere. It’s not kept in Iceland, it’s sent back into the US where it IS accessed by US intelligence and where it is given out to any friends or cronies of US intelligence – hundreds of national security letters every day publicly declared and being issued by the US government.... We have this position where as we know knowledge is power, and there’s a mass transfer as a result of literally billions of interceptions per day going from everyone, the average person, into the data vaults of state spying agencies for the big countries, and their cronies – the corporations that help build them that infrastructure. Those groups are already powerful, that’s why they are able to build this infrastructure to intercept on everyone. So they are growing more powerful, concentrating the power in the hands of smaller and smaller groups of people at once, which isn’t necessarily bad, but it’s extremely dangerous once there is any sort of corruption occurring in the power. Because absolute power corrupts, and when it becomes corrupt, it can affect a lot of people very quickly. Bill Binney, National Security Agency whistleblower, who was the research head of the National Security Agency’s Signals Intelligence Division, describes this as a ‘turnkey totalitarianism’, that all the infrastructure has been built for absolute totalitarianism. It’s just the matter of turning the key..... in general I think the prognosis is very grim. .... What's necessary is that the critical accountability components of society that stop it from going down the tubes entirely, that those people are protected. Those include corruption investigators, journalists, activists, and political parties. These have got to be protected. If they are not protected, then it's all lost.... if we are not able to protect a significant number of people from mass state spying, then the basic democratic and civilian institutions that we are used to – not in the West, I am no glorifier of the West, but in all societies – are going to crumble away. They will crumble away, and they will do so all at once. And that's an extremely dangerous phenomenon. "
Julian Assange
Assange to RT: Entire nations intercepted online, key turned to totalitarian rule
RT, 30 November 2012

"James Bamford has a way of digging up the facts that lend credence to America’s worst privacy fears about its own government. Now the author and investigative reporter who wrote the definitive portraits of the National Security Agency in his books The Puzzle Palace, Body of Secrets and The Shadow Factory has drawn a picture of ubiquitous surveillance that seems mind-boggling even by NSA standards. In his just-published cover story for Wired, Bamford lays out the NSA’s plans for a vast new facility in Bluffdale, Utah that aims to become a storage and analysis hub for the record-breakingly massive collections of Internet traffic data that the NSA hopes to gather in coming years not from just foreign networks, but domestic ones as well. The story adds confirmation to what the New York Times revealed in 2005: that the NSA has engaged in widespread wiretapping of Americans with the consent of firms like AT&T and Verizon. But more interestingly–and more troubling in the eyes of many who value their privacy–it details the Agency’s plans to crack AES encryption, the cryptographic standard certified by the NSA itself in 2009 for military and government use and until now considered uncrackable in any amount of time relevant to mortals. ..... The NSA project now aims to break the 'exaflop barrier' by building a supercomputer a hundred times faster than the fastest existing today, the Japanese 'K Computer.' That code-breaking system is projected to use 200 megawatts of power, about as much as would power 200,000 homes."
NSA's New Data Center And Supercomputer Aim To Crack World's Strongest Encryption
Forbes, 16 March 2012


Each Year It Gets Worse


2016

"Most of the world’s international phone calls, internet traffic, emails, and other communications are sent over a network of undersea cables that connect countries like giant arteries. At spy outposts across the world, the NSA and its partners tap into these cables to monitor the data flowing through them. But Menwith Hill is focused on a different kind of surveillance: eavesdropping on communications as they are being transmitted through the air. According to top-secret documents obtained by The Intercept from NSA whistleblower Edward Snowden, Menwith Hill has two main spying capabilities. The first is called FORNSAT, which uses powerful antennae contained within the golf ball-like domes to eavesdrop on communications as they are being beamed between foreign satellites. The second is called OVERHEAD, which uses U.S. government satellites orbiting above targeted countries to locate and monitor wireless communications on the ground below — such as cellphone calls and even WiFi traffic.... As of 2009, Menwith Hill’s foreign satellite surveillance mission, code-named MOONPENNY, was monitoring 163 different satellite data links. The intercepted communications were funneled into a variety of different repositories storing phone calls, text messages, emails, internet browsing histories, and other data. It is not clear precisely how many communications Menwith Hill is capable of tapping into at any one time, but the NSA’s documents indicate the number is extremely large. In a single 12-hour period in May 2011, for instance, its surveillance systems logged more than 335 million metadata records, which reveal information such as the sender and recipient of an email, or the phone numbers someone called and at what time. To keep information about Menwith Hill’s surveillance role secret, the U.S. and U.K. governments have actively misled the public for years through a “cover story” portraying the base as a facility used to provide “rapid radio relay and conduct communications research.” A classified U.S. document, dated from 2005, cautioned spy agency employees against revealing the truth. “It is important to know the established cover story for MHS [Menwith Hill Station] and to protect the fact that MHS is an intelligence collection facility,” the document stated. “Any reference to satellites being operated or any connection to intelligence gathering is strictly prohibited.”... roughly 600 of the personnel at the facility are from U.K. agencies, including employees of the NSA’s British counterpart Government Communications Headquarters, or GCHQ....  a new “collection posture” was introduced at the base, the aim being to “collect it all, process it all, exploit it all.” In other words, it would vacuum up as many communications within its reach as technologically possible.... Fabian Hamilton, a member of Parliament based in the nearby city of Leeds.......told The Intercept that he found the secrecy shrouding Menwith Hill to be “offensive.” The revelations about the role it has played in U.S. killing and capture operations, he said, showed there needed to be a full review of its operations. “Any nation-state that uses military means to attack any target, whether it is a terrorist, whether it is legitimate or not, has to be accountable to its electorate for what it does,” Hamilton said. “That’s the basis of our Parliament, it’s the basis of our whole democratic system. How can we say that Menwith can carry out operations of which there is absolutely no accountability to the public? I don’t buy this idea that you say the word ‘security’ and nobody can know anything. We need to know what is being done in our name.”"
Inside Menwith Hill
The Intercept, 6 September 2016

"A secretive police unit tasked with spying on alleged extremists intent on committing serious crimes has been monitoring leading members of the Green party, the Guardian has learned. Newly released documents show that the intelligence unit has been tracking the political activities of the MP Caroline Lucas and Sian Berry, the party’s candidate for London mayor. Some of the monitoring took place as recently as last year and seemed to contradict a pledge from Sir Bernard Hogan-Howe, the Metropolitan police commissioner, that the unit would only target serious criminals rather than peaceful protesters. Extracts from the files show that the police have chronicled how the Green politicians had been speaking out about issues such as government cuts, the far right, police violence, and the visit of the pope. The police’s actions have been described as “chilling” and come weeks after it was accused of abusing its powers by pursuing prominent people over sex abuse claims. The disclosures bring to four the number of elected Green party politicians whose political movements are known to have been recorded in the files of the unit. The files give no indication that they were involved in serious criminal activity. The file on Lucas, which stretches over eight years, records how she gave a speech at an anti-austerity demonstration last June in London. Lucas accused the government of conducting an “ideological war on welfare” at the rally, attended by thousands. Another entry records how she attended a demonstration in February 2014 against disability cuts in Brighton where she has been an MP since 2010. Police noted she “spoke with some of the assembled” journalists. ..... Peter Francis, a whistleblower who worked undercover for the Met, has alleged that the police kept secret files in the 1990s on 10 Labour MPs, including the Labour leader, Jeremy Corbyn, after they had been elected to parliament."
Police anti-extremism unit monitoring senior Green party figures
Guardian, 28 April 2016

"The UK's security services, including GCHQ, MI5 and MI6, have been unlawfully collecting and using mass datasets of personal information for more than 10 years. The Investigatory Powers Tribunal has ruled in a judgement published online that the bodies had been collecting data without safeguards or supervision. The setups of 'Bulk Communications Data' (BCD) and 'Bulk Personal Datasets' by the agencies did not comply with the right to privacy (Article 8) in the European Convention on Human Rights..... Both types of datasets have been used as part of criminal investigations, but have been criticised by privacy advocates for being overly intrusive.  The tribunal added that the massive datasets (BPD) "include considerable volumes of data about biographical details, commercial and financial activities, communications and travel"........ The court's ruling comes as the government's Investigatory Powers Bill (IP Bill) is in the final stages of becoming law – it is currently passed through the House of Commons and is being debated by the House of Lords. The Bill has been heavily criticised by numerous committees and officials. Powers included in the IP Bill include bulk collection of data, the ability to remotely hack mobile phones and computers, and the storing of website history. The law is the first time these powers have been specifically written into law."
MI6, MI5 and GCHQ 'unlawfully collected private data for 10 years'
Wired, 17 October 2016

2015

"The British government quietly changed anti-hacking laws to exempt GCHQ and other law enforcement agencies from criminal prosecution, it has been claimed. Details of the change were revealed at the Investigatory Powers Tribunal which is hearing a challenge to the legality of computer hacking by UK law enforcement and intelligence agencies. The Government amended the Computer Misuse Act (CMA) two months ago."
UK government rewrites surveillance law to get away with hacking and allow cyber attacks, campaigners claim
Independent, 15 May 2015

2014

"Britain's signals intelligence division is stealing screenshots from hundreds of thousands of innocent Yahoo users' webcam videos, according to the Guardian newspaper, which also reported that the years-long operation has swept up a huge haul of intimate photographs. The newspaper said GCHQ has been scooping up the sensitive images by intercepting video chats such as the kind offered by Yahoo Messenger, an effort codenamed OPTIC NERVE. ........The Guardian said that OPTIC NERVE was intended at least in part to identify targets using automatic facial recognition software as they stared into their computer's webcams. But the stockpiling of sexually explicit images of ordinary people had uncomfortable echoes of George Orwell's 'Nineteen Eighty-Four,' where the authorities — operating under the aegis of 'Big Brother' — fit homes with cameras to monitor the intimate details of people's personal lives. 'At least Big Brother had the decency to install his own cameras,' British media lawyer David Banksy said in a message posted to Twitter after the revelations broke. 'We've had to buy them ourselves.' The collection of nude photographs also raises questions about potential for blackmail. America's National Security Agency has already acknowledged that some analysts have been caught trawling databases for inappropriate material on partners or love interests. Other leaked documents have revealed how U.S. and British intelligence discussed leaking embarrassing material online to blacken the reputations of their targets. GCHQ refused to answer a series of questions about OTPIC NERVE, instead returning the same boilerplate answer it has given to reporters for months."
Report: UK spies collect massive store of nude photos after intercepting Yahoo webcam service
Associated Press, 27 February 2014

2013

“There are a lot more stories to come, a lot more documents that will be covered. It’s important that we understand what it is we’re publishing, so what we say about them is accurate.... It is literally true, without hyperbole, that the goal of the NSA and its partners in the English-speaking world is to eliminate privacy globally. They want to make sure there is no communication that evades their net.”
Glen Grenwald, the journalist who broke the Snowden NSA revelations
‘A Lot’ More NSA Documents to Come
Wired, 27 December 2013

"Edward Snowden is to deliver this year’s Channel 4 Alternative Christmas Message, the broadcaster has confirmed. The whistleblower, who revealed the mass surveillance programmes organised by the US and other governments, will broadcast his message at 4.15pm on Christmas Day. In his first TV interview since [fleeing] to Russia in May, Snowden lays out his vision for why privacy matters and why he believes mass indiscriminate surveillance by governments of their people is wrong....  During his address, Snowden says: 'Great Britain’s George Orwell warned us of the danger of this kind of information. The types of collection in the book – microphones and video cameras, TVs that watch us are nothing compared to what we have available today. We have sensors in our pockets that track us everywhere we go. Think about what this means for the privacy of the average person. A child born today will grow up with no conception of privacy at all. They’ll never know what it means to have a private moment to themselves an unrecorded, unanalysed thought. And that’s a problem because privacy matters, privacy is what allows us to determine who we are and who we want to be.'...The Alternative Christmas Message will broadcast on Channel 4 at 4.15pm on Christmas Day. It will be available to view on 4oD later today."
Edward Snowden will deliver Channel 4’s Alternative Christmas Message
Independent, 24 December 2013

"James Goodale has a message for journalists: Wake up. In his new book, Fighting for the Press (CUNY Journalism Press, 2013), Goodale, chief counsel to The New York Times when its editors published the Pentagon Papers in 1971, argues that President Obama is worse for press freedom than former President Richard Nixon was. The Obama administration has prosecuted more alleged leakers of national security information under the 1917 Espionage Act than all previous administrations combined, a course critics say is overly aggressive. Former New York Times executive editor Bill Keller wrote in a March op-ed that the administration 'has a particular, chilling intolerance' for those who leak. If the Obama administration indicts WikiLeaks founder Julian Assange for conspiracy to violate the Espionage Act, Goodale argues, the president will have succeeded where Nixon failed by using the act to 'end-run' the First Amendment.'"
James Goodale: It’s a bad time for press freedoms
Columbia Journalism Review, 19 March 2013

"Europeans, take note: The U.S. government has granted itself authority to secretly snoop on you. That’s according to a new report produced for the European Parliament, which has warned that a U.S. spy law renewed late last year authorizes 'purely political surveillance on foreigners' data' if it is stored using U.S. cloud services like those provided by Google, Microsoft and Facebook.... According to [Caspar] Bowden, the 2008 FISA amendment created a power of 'mass surveillance' specifically targeted at the data of non-U.S. persons located outside America, which applies to cloud computing. This means that U.S. companies with a presence in the EU can be compelled under a secret surveillance order, issued by a secret court, to hand over data on Europeans. Because non-American citizens outside the United States have been deemed by the court not to fall under the search and seizure protections of the Fourth Amendment, it opens the door to an unprecedented kind of snooping. 'It's like putting a mind control drug in the water supply, which only affects non-Americans,' says Bowden... Most countries’ spy agencies routinely monitor real-time communications like emails and phone calls of groups under suspicion on national security grounds. However, what makes FISA different is that it explicitly authorizes the targeting of real-time communications and dormant cloud data linked to 'foreign-based political organizations'—not just suspected terrorists or foreign government agents. Bowden says FISA is effectively 'a carte blanche for anything that furthers U.S. foreign policy interests' and legalizes the monitoring of European journalists, activists, and politicians who are engaged in any issue in which the United States has a stake. FISA, according to Bowden, expressly makes it lawful for the United States to do 'continuous mass-surveillance of ordinary lawful democratic political activities,' and could even go as far as to force U.S. cloud providers like Google to provide a live 'wiretap' of European users’ data."
FISA renewal: Report suggests spy law allows mass surveillance of European citizens
Slate (Blog), 8 January 2013

2012

"[British] Home Secretary Theresa May said the proposed surveillance law would 'save lives' .... But the committee's MPs and peers are likely to encourage the police and law enforcement agencies to work out a much simpler scheme that the public can trust. The message is likely to be 'go back to the drawing board and come and talk to us when you have something fresh'. As regular Register readers will know, the surveillance plans now being re-examined have been touted to successive governments by the intelligence services for years with little change to any details other than the name. The MPs are likely to offer fierce opposition to the proposals, which would allow the Home Office to wire network traffic probes into the public internet anywhere it chose, for this or any successor government to use for any purpose it chose....The report will be another setback for the Home Secretary: in 2010 the former Director of Public Prosecutions Lord Macdonald was asked to review her plan to monitor citizens online. He previously called the project to mine the UK internet: A paranoid fantasy which would destroy everything that makes living worthwhile. This database would be an unimaginable hellhouse of personal private information. It would be a complete readout of every citizen's life in the most intimate and demeaning detail.... The two panels' highly critical reports will be an expected disappointment for the Home Office. They are the latest in a series of spectacular disasters for career spy Charles Farr, who three years ago had hoped to land the top job at the Secret Intelligence Service (MI6) and become 'C'."
Parliament to unleash barrage of criticism on Snoopers' Charter
The Register, 10 December 2012

"The cable boxes of the future could be able to detect when viewers are cuddling on the sofa and automatically serve adverts for contraceptives. U.S. cable provider Verizon has applied to patent a set-top box technology that can observe what's going on in the room and show viewers adverts based on what it detects. In U.S. Patent Application 20120304206 the company suggests it could detect when people are 'cuddling' then show 'a commercial for a romantic getaway vacation, a commercial for a contraceptive, a commercial for flowers [...] etc.'. The technology would integrate a range of sensors into their products, including thermal imaging cameras, microphones and motion sensors, to detect the mood their audience and tailor media content to suit. Privacy campaigners called the new technology a 'privacy nightmare waiting around the corner' and called for it to be reined in 'before consumers lose control for good'. It has disturbing echoes of George Orwell's dystopia 1984, where the population were constantly watched by authorities through cameras integrated in their television screens....  This needs to be reined in before consumers lose control for good.'"
The TV box that can detect when you're cuddling on the sofa and show you an advert for condoms
Mail, 6 December 2012

"Everything we do on the Internet leaves a trail back to us. Search engine entries, shopping lists, e-mail addresses and so much more which is ripe for the taking. Now governments and their intelligence agencies want a piece of that action and they have new tools to ascertain our intentions and possible future actions.... There have been a series of related and interesting developments in the field of global intelligence gathering. The NSA is building a brand new data center in Utah in order to connect with some new intelligence sharing systems such as the Defense Intelligence Enterprise and the Global Information Grid.... most people would not appreciate their private conversations end up on foreign military or intelligence networks.... It goes on all the time, you could look at Project Echelon, Project Groundbreaker, Project Trailblazer and many others. Why do you think that the head of the CIA is gloating about being about to glean intelligence through your devices and net-centric applications. It is a gold mine for them and they have reaped a bonanza from it. CIA director David Petraeus put his cards on the table because he hinted about the next target, it will be all of data from the smart meters that have been put in place in the past few years. It wouldn’t be hard to tell how many people are living in a certain home from electricity records or which appliances are used the most. Will we be deemed terrorists from some poorly programmed profiling software based on our paper and data trail? Mistakes happen all the time, from faulty no-fly lists to swat team wrong door raids."
Trapped In The Grid: How Net-Centric Devices And Appliances Provide Voluminous Information To Intelligence Agencies And Their Business Partners
StratRisks, 22 March 2012

"When people download a film from Netflix to a flatscreen, or turn on web radio, they could be alerting unwanted watchers to exactly what they are doing and where they are. Spies will no longer have to plant bugs in your home - the rise of 'connected' gadgets controlled by apps will mean that people 'bug' their own homes, says CIA director David Petraeus. The CIA claims it will be able to 'read' these devices via the internet - and perhaps even via radio waves from outside the home. Everything from remote controls to clock radios can now be controlled via apps - and chip company ARM recently unveiled low-powered, cheaper chips which will be used in everything from fridges and ovens to doorbells. The resultant chorus of 'connected' gadgets will be able to be read like a book - and even remote-controlled, according to CIA Director David Petraeus, according to a recent report by Wired's 'Danger Room' blog. Petraeus says that web-connected gadgets will 'transform' the art of spying - allowing spies to monitor people automatically without planting bugs, breaking and entering or even donning a tuxedo to infiltrate a dinner party.  ' 'Transformational’ is an overused word, but I do believe it properly applies to these technologies,' said Petraeus. 'Particularly to their effect on clandestine tradecraft. Items of interest will be located, identified, monitored, and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers, and energy harvesters - all connected to the next-generation internet using abundant, low-cost, and high-power computing.' Petraeus was speaking to a venture capital firm about new technologies which aim to add processors and web connections to previously 'dumb' home appliances such as fridges, ovens and lighting systems. This week, one of the world's biggest chip companies, ARM, has unveiled a new processor built to work inside 'connected' white goods."
The CIA wants to spy on you through your TV
Mail, 16 March 2012

2011

"Sir Richard Dearlove, Britain’s former chief spymaster has said the country should start spying on its Eurozone neighbours to protect the economy as the common currency is wracked by national defaults. Sir Richard Dearlove, who served as head of MI6 until 2004, said that Britain must not be 'squeamish' about using the intelligence services to defend its economic interests. The former C said central banks like the Bank of England maintained extensive networks of contacts to secure information on future developments. But specialist intelligence agencies should also undertake the task of financial security. 'I am addressing the future of the euro and how defaults affect us economically,' he told the Global Strategy Forum. 'Efficient central bankers should be able to handle themselves but I am indicating they could and might need help from time to time on the currency issue.' Sir Richard added that 2008 financial crisis had changed his views on the role of intelligence agencies in protecting the economy. Britain needed to be 'forewarned and forearmed’ in anticipation of a future crisis. He said: 'I don’t think we should be squeamish about using all means to protect ourselves financially.'.... As one of the highest regarded global spy agencies, the Secret Intelligence Service, or MI6, has deep ties with its intelligence counterparts across Europe. Sir Richard acknowledged that MI6 was a leader in efforts to integrate Europe’s intelligence agencies. By ordering the foreign intelligence agency to actively spy on its partners, the government would risk a backlash from the country’s closest neighbours and allies. Countries vulnerable to quitting the euro would be sure to view the move as an act of selfishness at a time of national weakness.... Sir Richard noted that the Bank of England had effectively intelligence capabilities – though it did not classify these activities as spying. As such MI6 would play a subordinate role to the Bank. Sir Richard was appointed head of MI6 in 1999 and was head of the organisation during the September 11 attacks on the US by al Qaeda. When he retired in 2004, the final year of his career had been overshadowed by controversy over the dossier used by the government to accuse Iraq of pursuing a secret Weapons of Mass Destruction programme.'
Britain should start spying on Eurozone neighbours, former MI6 chief says
Telegraph, 5 July 2011

2010

"The top-secret world the government created in response to the terrorist attacks of Sept. 11, 2001, has become so large, so unwieldy and so secretive that no one knows how much money it costs, how many people it employs, how many programs exist within it or exactly how many agencies do the same work.... In Washington and the surrounding area, 33 building complexes for top-secret intelligence work are under construction or have been built since September 2001. Together they occupy the equivalent of almost three Pentagons or 22 U.S. Capitol buildings - about 17 million square feet of space."
A hidden world, growing beyond control
Washington Post, 19 July 2010

"Fraudulent bankers are more of a danger to society than terrorists and the failure to reassure people that their money is safe is an 'absolute failure of public policy', a former Director of Public Prosecutions says today. Writing in The Times, Sir Ken Macdonald says that the systems for regulating markets and for prosecuting market crime have completely broken down...In his article, Sir Ken lambasts the 'liberty-sapping addictions' of the Home Office and the 'paranoiac paraphernalia of national databases and ID cards'. He also attacks the rush to 'bring in lots of terror law, the tougher the better'. Rather than ensuring that people's money and financial security 'will not be stolen from them', legislators wanted 'criminal justice to be an auction of fake toughness', he says. Sir Ken has previously criticised government plans to extend the time that terrorism suspects could be held without charge beyond 28 days; and, recently, plans for increased surveillance and data retention."
Sir Ken Macdonald rounds on Britain's banking robbers
London Times, 23 February 2009

2009

"A former head of MI5 has accused the government of exploiting the fear of terrorism and trying to bring in laws that restrict civil liberties. In an interview in a Spanish newspaper, published in the Daily Telegraph, Dame Stella Rimington, 73, also accuses the US of 'tortures'....Dame Stella, who stood down as the director general of the security service in 1996, has previously been critical of the government's policies, including its attempts to extend pre-charge detention for terror suspects to 42 days and the controversial plan to introduce ID cards. 'It would be better that the government recognised that there are risks, rather than frightening people in order to be able to pass laws which restrict civil liberties, precisely one of the objects of terrorism - that we live in fear and under a police state,' she told the Spanish newspaper La Vanguardia...."
Ministers 'using fear of terror'
BBC Online, 17 February 2009

"With Google’s Latitude, parents will be able to swoop down like helicopters on their children, whirr around their heads and chase them away from the games arcade and back to do their French verbs....However Orwellian it sounds, don’t worry. The police and security services can already track you down from your phone without any help from Google..."
Sloping off could soon be a thing of the past
London Times, 5 February 2009

"Over the past few days, at trade fairs from Las Vegas to Seoul, a constant theme has been the unstoppable advance of 'FRT', the benign abbreviation favoured by industry insiders. We learnt that Apple's iPhoto update will automatically scan your photos to detect people's faces and group them accordingly, and that Lenovo's new PC will log on users by monitoring their facial patterns....So let's understand this: governments and police are planning to implement increasingly accurate surveillance technologies that are unnoticeable, cheap, pervasive, ubiquitous, and searchable in real time. And private businesses, from bars to workplaces, will also operate such systems, whose data trail may well be sold on or leaked to third parties - let's say, insurance companies that have an interest in knowing about your unhealthy lifestyle, or your ex-spouse who wants evidence that you can afford higher maintenance payments. Rather than jump up and down with rage - you never know who is watching through the window - you have a duty now, as a citizen, to question this stealthy rush towards permanent individual surveillance. A Government already obsessed with pursuing an unworkable and unnecessary identity-card database must be held to account."
Let's face it, soon Big Brother will have no trouble recognising you
London Times, 13 January 2009

2008

"Our privacy is being invaded by the world's security services in every second of every day, as a routine matter. Vast quantities of information are collected by commercial enterprises such as Google or Tesco. Against these invasions of our privacy we have little or no protection."
Lord Rees-Mogg
London Times, 25 July 2008

'Stalin's Delight'
Smart Phones For Not So Smart People

"The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone's microphone and using it to eavesdrop on nearby conversations. ......Kaplan's opinion said that the eavesdropping technique 'functioned whether the phone was powered on or off.' Some handsets can't be fully powered down without removing the battery.....Security-conscious corporate executives routinely remove the batteries from their cell phones, he added....A BBC article from 2004 reported that intelligence agencies routinely employ the remote-activiation method. 'A mobile sitting on the desk of a politician or businessman can act as a powerful, undetectable bug,' the article said, 'enabling them to be activated at a later date to pick up sounds even when the receiver is down.'........ A 2003 lawsuit revealed that the FBI was able to surreptitiously turn on the built-in microphones in automotive systems like General Motors' OnStar to snoop on passengers' conversations. When FBI agents remotely activated the system and were listening in, passengers in the vehicle could not tell that their conversations were being monitored. Malicious hackers have followed suit. A report last year said Spanish authorities had detained a man who write a Trojan horse that secretly activated a computer's video camera and forwarded him the recordings."
FBI taps cell phone mic as eavesdropping tool
ZDNetNews, 1 December 2006

"Cellphone users say they want more privacy, and app makers are listening. No, they're not listening to user requests. They're literally listening to the sounds in your office, kitchen, living room and bedroom. A new class of smartphone app has emerged that uses the microphone built into your phone as a covert listening device -- a 'bug,' in common parlance. But according to app makers, it's not a bug. It's a feature! The apps use ambient sounds to figure out what you're paying attention to. It's the next best thing to reading your mind. The issue was brought to the world's attention recently on a podcast called This Week in Tech. Host Leo Laporte and his panel shocked listeners by unmasking three popular apps that activate your phone's microphone to collect sound patterns from inside your home, meeting, office or wherever you are. The apps are Color, Shopkick and IntoNow, all of which activate the microphones in users' iPhone or Android devices in order to gather contextual information that provides some benefit to the user.   Color uses your iPhone's or Android phone's microphone to detect when people are in the same room. The data on ambient noise is combined with color and lighting information from the camera to figure out who's inside, who's outside, who's in one room, and who's in another, so the app can auto-generate spontaneous temporary social networks of people who are sharing the same experience. ... So, what's possible with current technology? By listening in on your phone, capturing 'patterns,' then sending that data back to servers, marketers can determine the following: * Your gender, and the gender of people you talk to. * Your approximate age, and the ages of the people you talk to. * What time you go to bed, and what time you wake up. * What you watch on TV and listen to on the radio. * How much of your time you spend alone, and how much with others. * Whether you live in a big city or a small town. *What form of transportation you use to get to work."
Snooping: It's not a crime, it's a feature
Computerworld, 16 April 2011

"Security researchers have discovered that Apple's iPhone keeps track of where you go – and saves every detail of it to a secret file on the device which is then copied to the owner's computer when the two are synchronised. The file contains the latitude and longitude of the phone's recorded coordinates along with a timestamp, meaning that anyone who stole the phone or the computer could discover details about the owner's movements using a simple program. For some phones, there could be almost a year's worth of data stored, as the recording of data seems to have started with Apple's iOS 4 update to the phone's operating system, released in June 2010. 'Apple has made it possible for almost anybody – a jealous spouse, a private detective – with access to your phone or computer to get detailed information about where you've been,' said Pete Warden, one of the researchers. Only the iPhone records the user's location in this way, say Warden and Alasdair Allan, the data scientists who discovered the file and are presenting their findings at the Where 2.0 conference in San Francisco on Wednesday. 'Alasdair has looked for similar tracking code in [Google's] Android phones and couldn't find any,' said Warden."
iPhone keeps record of everywhere you go
Guardian, 20 April 2011



'We Need A New Way Of Thinking' - Consciousness-Based Education



Latest Developments In 'Turnkey Totalitarianism'
KEEP UP TO DATE WITH SURVEILLANCE SOCIETY NEWS MEDIA REPORTS

2017 - 2016 - 2015 - 2014 - 2013 - 2012 - 2011 - 2010 - 2009 - 2008 & Earlier


2017

"Australia is to build a national database of as many citizens' images as it can, with state premiers rubber-stamping prime minister Malcolm Turnbull's plan to add drivers' licenses to a national facial recognition database. The plan, called overreach by rights activists like Digital Rights Watch's chair Tim Singleton Norton, has been considered since at least 2015."
Australia approves national database of everyone's mugshots
The Register, 5 October 2017

"Uber's iPhone app has a secret back door to powerful Apple features, allowing the ride-hailing service to potentially record a user's screen and access other personal information without their knowledge. This access to special iPhone functions — which are so powerful that Apple almost always keeps them off-limits to outside companies — is not disclosed in any consumer-facing information included with Uber's app."
Apple gave Uber's app 'unprecedented' access to sensitive Apple features that can record iPhone screens
Business Insider, 5 October 2017

"Intel agencies and top-tier hackers are actively hacking other hackers in order to steal victim data, borrow tools and techniques, and reuse each other's infrastructure, attendees at Virus Bulletin Con, Madrid, were told yesterday. The increasing amount of spy-vs-spy type activity is making accurate threat intel increasingly difficult for security researchers, according to Kaspersky Lab. Threat intelligence depends on spotting patterns and tools that point towards a particular threat actor. Related work allows researchers to infer a hacking group's targets and objectives before advising clients about the risk they face. This process falls down now that threat actors are hacking each other and taking over tools, infrastructure and even victims. Juan Andres Guerrero-Saade and Costin Raiu, both from Kaspersky Lab, explained the attribution problems that can arise when one hacking group exploits another's seemingly closed-source toolkit or infrastructure. Quizzed on this point by El Reg, the pair said to date there was no example of an intel agency backdating another foreign hacking group's malware. Cyber-expionage groups are busy instead stealing each other's tools, repurposing exploits, and compromising the same infrastructure, they said. Reuse of fragments of other's tools is more common than wholesale theft and repurposing of third-party APTs. There are two main attack vectors. First, passive attacks that involve intercepting other groups' data in transit, for example as it moves between victims and command and control servers. The second (active) approach involves hacking into another threat actor's malicious infrastructure, an approach much more likely to risk detection but which also brings potential rewards. Kaspersky researchers have come across two examples of backdoors installed in another hacking group's command-and-control infrastructure. One of these was found in 2013, while analysing a server used by NetTraveler, a Chinese-language campaign targeting activists and organisations in Asia. The second one was found in 2014, while probing a hacked website used by Crouching Yeti, a Russian-language hacking crew. Last year a website put together by the Korean-language DarkHotel also hosted exploit scripts for another targeted attacker, which the team called ScarCruft, a group targeting mainly Russian, Chinese and South Korean-organisations, it said. In November 2014, Kaspersky Lab reported that a server belonging to a research institution in the Middle East, known as the Magnet of Threats, simultaneously hosted implants for Regin and Equation Group (English-language), Turla and ItaDuke (Russian-language), as well as Animal Farm (French-language) and Careto (Spanish). This server was the starting point for the discovery of the Equation Group, linked by the leaks of former NSA sysadmin Edward Snowden to an elite NSA hacking crew."
Spy vs spy vs hacker vs... who is THAT? Everyone's hacking each other
The Register, 5 October 2017

"Google received more government requests for user data in the first half of this year than ever before. It also admits it's significantly underreported the number of non-US accounts targeted by US intelligence. Google's latest Transparency Report covering January to June 2017 shows once again it's the go-to firm when governments need data on people.Due the breadth of Google's services, this data could include your Gmail messages, documents and photos you've saved on Google services, and videos on YouTube During the period, Google received 48,941 requests for data from 83,345 accounts and produced user information for 65 percent of requests. This time last year it received 44,943 requests from 76,713 accounts. About half the requests come from the US government. Other major sources of requests include Germany, France, and the UK. Many countries in the report have made fewer than 10 requests.The report doesn't show US national security requests made under the Foreign Intelligence Surveillance Act (FISA) for the current period. Using Section 702 of the FISA Amendment Act of 2008, agencies like the NSA can force Google to hand over content from non-US citizens for foreign intelligence purposes. Current figures are subject to a six-month delay. However, Google has revised upwards the number of accounts affected by these requests, which have been significantly underreported for the past three years. In January 2016 to June 2016, for example, Google originally said there were 500-999 requests for 18,500 to 18,900 accounts. In fact the 500-999 requests were for 25,000 to 25,499 accounts."
Google warns that govt is demanding more of your private data than ever
ZD Net, 29 September 2017

"Face ID doesn’t actually store pictures of you on the iPhone in the Secure Enclave. Instead, the data is turned into a mathematical representation and the images are deleted immediately. For each login, a math representation is compared to the one that’s stored in the Secure Enclave.... The paper does say that the probability of a random person in the world being able to unlock your phone with their face is 1 in 1,000,000, which makes Face ID significantly more secure than Touch ID (1 in 50,000). The likelihood of a false match grows for twins and children under 13, Apple says. That probably means a twin will be able to unlock the other twin’s iPhone. On the other hand, if someone takes the phone away from you and points it to your face, there’s a chance it’ll unlock unless a second failsafe is enabled: attention. The attention feature requires you to look at your phone in order to unlock it, which means your significant other can’t point the phone at your face while you’re asleep to read all your chats. That’s why it’s advisable to have Face ID check your eyes for attention, though you can choose to disable the feature to speed up unlocks. Also of note, you can disable Face ID at anytime by holding the power button and volume button simultaneously. It’ll require some quick thinking on the user’s part, but it’ll prevent authorities or anyone else from forcibly unlocking an iPhone with Face ID."
All the iPhone X’s Face ID secrets were just revealed

BGR, 28 September 2017

"[Apple's] Face ID is far from being the first facial recognition system to be built into a mobile device. But previous technologies have been plagued by complaints they are relatively easy to fool by with photos, video clips or 3D models shown to the sensor. This has made them unsuitable for payment authentication or other security-sensitive circumstances. In publishing its Face ID documentation more than a month ahead of the iPhone X going on sale, Apple is hoping to head off such concerns - particularly since the handset lacks the Touch ID fingerprint sensor found on its other iOS phones and tablets....  Apple has said it carried out many controlled tests involving three-dimensional masks created by Hollywood special effects professionals, among other tasks, to train its neural network into detecting spoofs. However, it does not claim it is perfect, and intends to continue lab-based trials to further train the neural network and offer updates to users over time."
IPhone X to use 'black box' anti-spoof Face ID tech
BBC, 27 September 2017

"A campaign utilizing a new variant of the government spying software FinFisher has spread, potentially with the help of Internet Service Providers. FinFisher, also known as FinSpy, is a surveillance suite developed by Munich-based Gamma Group and is sold to government customers and law enforcement worldwide. The malware -- which often avoids detection by traditional antivirus software -- can be used to monitor communication software such as Skype, eavesdrop on video chats, log calls, view and copy user files, and more. Gamma Group says the malware "helps government law enforcement and intelligence agencies identify, locate and convict serious criminals." According to ESET researchers, a new campaign spreading the malware has been detected in a total of seven countries. In two of them, Internet Service Providers (ISPs) are "most likely" working in collaboration with governments to infect targets of interest with the surveillance malware. The countries have not been named due to safety concerns. In a blog post, the research team said that FinFisher has been spread through man-in-the-middle (MiTM) attacks, which target communication relays to tamper with data streams, spy on users, and deploy malware. "We believe that major internet providers have played the role of the man in the middle," said Filip Kafka, an ESET malware analyst. ESET says the latest variant has been deployed with a number of improvements designed to avoid detection and analysis. Rather than rely on fake Flash plugins or older infection techniques such as watering holes or spearphishing, FinFisher can now infect systems when users are attempting to download a popular application such as WhatsApp, Skype, Avast, WinRAR, or VLC Player. With a successful MiTM attack in play, the target is redirected to the attacker's server, which installs a malicious file containing a Trojan that deploys FinFisher. However, the legitimate app is also installed to prevent suspicion. In addition, the latest version of the malware uses custom code virtualization to protect the majority of its components, including the kernel-mode driver, as well as anti-disassembly tricks which prevent sandboxing, debugging, and emulation -- making the job of security analysts difficult when it comes to picking apart the malicious code. "During the course of our investigations, we found a number of indicators that suggest the redirection is happening at the level of a major internet provider's service," commented Kafka. The new techniques have been used "at the ISP level" in two countries, whereas the other five are still relying on older techniques. "It would be technically possible for the "man" in these man-in-the-middle attacks to be situated at various positions along the route from the target's computer to the legitimate server (e.g. compromised Wi-Fi hotspots)," ESET notes. "However, the geographical dispersion of ESET's detection of latest FinFisher variants suggests the MitM attack is happening at a higher level - an ISP arises as the most probable option." As Gamma Group also offers a solution called "FinFly ISP," which can be deployed on ISP networks to distribute this malware, it may indeed be possible that subscribers are being placed at risk by these companies working in collusion. "The deployment of the ISP-level MitM attack technique mentioned in the leaked documents has never been revealed -- until now," the team says. "If confirmed, these FinFisher campaigns would represent a sophisticated and stealthy surveillance project unprecedented in its combination of methods and reach.""
ISP involvement suspected in latest FinFisher gov't spyware campaign
ZDNet, 22 September 2017

"An international group of cryptography experts has forced the U.S. National Security Agency to back down over two data encryption techniques it wanted set as global industry standards, reflecting deep mistrust among close U.S. allies. In interviews and emails seen by Reuters, academic and industry experts from countries including Germany, Japan and Israel worried that the U.S. electronic spy agency was pushing the new techniques not because they were good encryption tools, but because it knew how to break them. The NSA has now agreed to drop all but the most powerful versions of the techniques - those least likely to be vulnerable to hacks - to address the concerns. The dispute, which has played out in a series of closed-door meetings around the world over the past three years and has not been previously reported, turns on whether the International Organization of Standards should approve two NSA data encryption techniques, known as Simon and Speck. The U.S. delegation to the ISO on encryption issues includes a handful of NSA officials, though it is controlled by an American standards body, the American National Standards Institute (ANSI). The presence of the NSA officials and former NSA contractor Edward Snowden’s revelations about the agency’s penetration of global electronic systems have made a number of delegates suspicious of the U.S. delegation’s motives, according to interviews with a dozen current and former delegates. A number of them voiced their distrust in emails to one another, seen by Reuters, and in written comments that are part of the process. The suspicions stem largely from internal NSA documents disclosed by Snowden that showed the agency had previously plotted to manipulate standards and promote technology it could penetrate. Budget documents, for example, sought funding to “insert vulnerabilities into commercial encryption systems.” More than a dozen of the experts involved in the approval process for Simon and Speck feared that if the NSA was able to crack the encryption techniques, it would gain a “back door” into coded transmissions, according to the interviews and emails and other documents seen by Reuters. “I don’t trust the designers,” Israeli delegate Orr Dunkelman, a computer science professor at the University of Haifa, told Reuters, citing Snowden’s papers. “There are quite a lot of people in NSA who think their job is to subvert standards. My job is to secure standards.”"
Distrustful U.S. allies force spy agency to back down in encryption fight
Reuters, 21 September 2017

"This Tuesday Apple unveiled a new line of phones to much fanfare, but one feature immediately fell under scrutiny: FaceID, a tool that would use facial recognition to identify individuals and unlock their phones.  Unsurprisingly, this raised major anxiety about consumer privacy: Consumers are already questioning whether FaceID could be spoofed. And it's also possible police would be able to more easily unlock phones without consent by simply holding an individual’s phone up to his or her face.But FaceID should create fear about another form of government surveillance: mass scans to identify individuals based on face profiles. Law enforcement is rapidly increasing use of facial recognition; one in two American adults are already enrolled in a law enforcement facial recognition network, and at least one in four police departments have the capacity to run face recognition searches. Still, until now, co-opting consumer platforms hasn’t been an option....For the first time, a company will have a unified single facial recognition system built into the world's most popular devices—the hardware necessary to scan and identify faces throughout the world.... that could theoretically make Apple an irresistible target for a new type of mass surveillance order. The government could issue an order to Apple with a set of targets and instructions to scan iPhones, iPads, and Macs to search for specific targets based on FaceID, and then provide the government with those targets’ location based on the GPS data of devices that receive a match. Apple has a good record of fighting for user privacy, but there's only so much the company could do if its objections to an order were turned down by the courts.... Over the last decade the government has increasingly embraced this type of mass scan method. Edward Snowden's disclosures revealed the existence of Upstream, a program under FISA Section 702 (set to expire in just a few months). With Upstream, the NSA scans all internet communications going into and out of the United States for surveillance targets' emails, as well as IP addresses and what the agency has called cybersignatures. And last year Reuters revealed that Yahoo, in compliance with a government order, built custom software to scan hundreds of millions of email accounts for content that contained a digital signature used by surveillance targets.To many these mass scans are unconstitutional and unlawful, but that has not stopped the government from pursing them... Until now text has been the focus of mass scan surveillance, but Apple and FaceID could change that. By generating millions of face prints while simultaneously controlling the cameras that can scan and identify them, Apple might soon face a government order to turn its new unlocking system into the killer app for mass surveillance. What should Apple—and the rest of us—do to respond to this risk?.... Another concern: If iPhone users become accustomed to holding their phone up for face scans to unlock their phone, those consumers could be more vulnerable to other facial-recognition systems with fewer security and privacy protections."
Apple’s FaceID Could Be a Powerful Tool for Mass Spying
Wired, 14 September 2017

"Diners at a KFC store in the eastern Chinese city of Hangzhou will have a new way to pay for their meal. Just smile. Customers will be able to use a “Smile to Pay” facial recognition system at the tech-heavy, health-focused concept store, part of a drive by Yum China Holdings Inc to lure a younger generation of consumers. Diners can pay by scanning their faces at an ordering kiosk and entering a phone number - which is meant to guard against people cheating the system. “Combined with a 3D camera and liveness detection algorithm, Smile to Pay can effectively block spoofing attempts using other people’s photos or video recordings and ensure account safety,” Jidong Chen, Ant’s director of biometric identification technology, said in a statement."
Just smile: In KFC China store, diners have new way to pay
Reuters, 1 September 2017

"The latest documents from Vault 7, a collection of confidential materials related to hacking tools used by the United States Central Intelligence Agency and obtained by WikiLeaks, was made public today by the whistle blowing organization. This newest leak details the CIA's Angelfire project, which is a persistent framework that can load and execute custom malware on computers running Windows XP and Windows 7. Angelfire consists of five components, including Solartime, Wolfcreek, Keystone (previously MagicWand), BadMFS,a nd the Windows Transitory File system. Each of these parts has a distinct job. It starts with Solartime, which modifies the partition boot sector so that when Windows fires up boot time device drivers, it also loads and executes the Wolfcreek implant. Once executed, it is able to load and run other Angelfire implants According the documentation, Keystone is part of the Wolfcreek implant and is responsible for starting up malicious user applications. What makes all this hard to detect is that loaded implants never touch the file system. It also disguises itself as svchost.exe in the C:\Windows\system32 directory. BadMFS is described as a covert file system that is created at the end of the active partition. Angelfire uses BadMFS to store all other components, with all files being obfuscated and encrypted. Finally, the Windows Transitory File system is a newer component that is an alternative to BadMFS. Rather than store files on a secret file system, the component uses temporary files for the storage system. These files are added to the UserInstallAppl (both the .exe or .dll versions). Summed up, Angelfire is yet another tool the CIA used for hacking Windows PCs. Compared to other tools, such as Grasshopper and AfterMidnight, Angelfire seems a bit rudimentary with plenty of cons. For example, some versions of BadMFS can be detected because the reference to the covert file system is stored ina file named "zf." Additionally, loading implants can cause memory leaks that might be detected on infected machines. It is not known if the CIA has fully retired Angelfire or if it is now using a newer, more sophisticated version."
WikiLeaks Exposes CIA’s Angelfire Toolset For Hacking Window XP And Windows 7 PCs
Hot Hardware, 1 September 2017

"Techdirt has written a number of stories about facial recognition software being paired with CCTV cameras in public and private places. As the hardware gets cheaper and more powerful, and the algorithms underlying recognition become more reliable, it's likely that the technology will be deployed even more routinely. But if you think loss of public anonymity is the end of your troubles, you might like to think again: 'Lip-reading CCTV software could soon be used to capture unsuspecting customer's private conversations about products and services as they browse in high street stores. Security experts say the technology will offer companies the chance to collect more "honest" market research but privacy campaigners have described the proposals as "creepy" and "completely irresponsible". That story from the Sunday Herald in Scotland focuses on the commercial "opportunities" this technology offers. It's easy to imagine the future scenarios as shop assistants are primed to descend upon people who speak favorably about goods on sale, or who express a wish for something that is not immediately visible to them. But even more troubling are the non-commercial uses, for example when applied to CCTV feeds supposedly for "security" purposes. How companies and law enforcement use CCTV+lip-reading software will presumably be subject to legislation, either existing or introduced specially. But given the lax standards for digital surveillance, and the apparent presumption by many state agencies that they can listen to anything they are able to grab, it would be na&iumlve to think they won't deploy this technology as much as they can. In fact, they probably already have."
CCTV + Lip-Reading Software = Even Less Privacy, Even More Surveillance
Techdirt, 28 August 2017

"In the US, ISPs are allowed to use or sell data they collect about their users’ internet use and histories. Do our smart devices broadcast yield any bankable information? To find out, Noah Apthorpe at Princeton University and his colleagues set up a mock smart home, complete with seven internet-connected devices, to find out what they might reveal about their users. Four of the devices, the team found, could be easily identified by ISPs just because of the way they connected to the internet. That might not be a problem when it comes to an Amazon Echo, which immediately revealed its identity. But now that everything from insulin pumps to vibrators comes with internet connectivity, just knowing what gadgets someone is using could be valuable information to advertisers. Encrypted connections are one way of preventing the amount of information that an ISP can gather about its users. Website addresses that begin with “HTTPS” encrypt their traffic so although an ISP or other network observer could see that a user had visited a particular website, they wouldn’t be able to work out which specific pages they visited or what they did on that website. And encryption doesn’t stop ISPs from knowing which internet-of-things devices their users have, nor does it stop them seeing when we use those devices. In the Princeton study, ISPs could track a user’s sleep patterns by detecting when a sleep tracker was connecting to the internet. It also revealed that ISPs could identify when a home security camera detected movement and when someone was watching a live stream from their security camera.... This type of observation is possible anywhere, but in the US there are few restrictions on what data ISPs are allowed to sell. EU law makes it more difficult for ISPs to do similar things, and the upcoming General Data Protection Regulation should protect UK citizens."
Your broadband provider can use your smart devices to spy on you
New Scientists, 28 August 2017

"Identity theft is reaching "epidemic levels", according to a fraud prevention group, with people in their 30s the most targeted group. ID fraudsters obtain personal information before pretending to be that individual and apply for loans or store cards in their name. A total of 89,000 cases were recorded in the first six months of the year by UK anti-fraud organisation Cifas. That is a 5% rise on the same period last year and a new record high. "We have seen identity fraud attempts increase year on year, now reaching epidemic levels, with identities being stolen at a rate of almost 500 a day," said Simon Dukes, chief executive of Cifas. "These frauds are taking place almost exclusively online. The vast amounts of personal data that is available either online or through data breaches is only making it easier for the fraudster." ID theft accounts for more than half of fraud recorded by Cifas, a not-for-profit organisation that shares fraud prevention tips between businesses and public bodies. More than four in five of these crimes were committed online, it said, with many victims unaware that they had been targeted until they received a random bill or realised their credit rating had slumped. This would prevent them getting a loan of their own. Fraudsters steal identities by gathering information such as their name and address, date of birth and bank account details. They get hold of such information by stealing mail, hacking computers, trawling social media, tricking people into giving details or buying data through the "dark web".... Its 30-page report showed that a lot of personal details that might be useful to a criminal were out there on public websites - but if you choose to have an online presence, that is quite hard to avoid. Far more worrying was the presence in hidden corners of the web of some of my passwords for various accounts, harvested in some of the many hacking attacks on major online firms.Luckily I had already changed those passwords, but the security researchers told me that anyone in the Western world who used the internet reasonably often was likely to have their details held in one of these data dumps. That information is up for sale on a number of criminal marketplaces. Identity theft is big business and it is thriving on the dark web....  Cifas said it was important that employers needed to be alert to fraud, rather than just consumers. There had been a sharp rise in ID fraudsters applying for loans, online retail, telecoms and insurance products, it added. "For smaller and medium-sized businesses in particular, they must focus on educating staff on good cyber-security behaviours and raise awareness of the social engineering techniques employed by fraudsters. Relying solely on new fraud prevention technology is not enough," Mr Dukes said."
Identity theft at epidemic levels, warns Cifas
BBC, 23 August 2017

"Did you know that Google has been recording you without your knowledge? The technology giant has effectively turned millions of its users’ smartphones into listening devices that can capture intimate conversations – even when they aren’t in the room. If you own an Android phone, it’s likely that you’ve used Google’s Assistant, which is similar to Apple’s Siri. Google says it only turns on and begins recording when you utter the words “OK Google”. But a Sun investigation has found that the virtual assistant is a little hard of hearing. In some cases, just saying “OK” in conversation prompted it to switch on your phone and record around 20 seconds of audio. It regularly switches on the microphone as you go about your day-to-day activities, none the wiser."
Paranoid Android
Sun, 22 August 2017

"Today, many automobiles companies are offering vehicles that run on the mostly drive-by-wire system, which means a majority of car's

"A U.S. federal judge on Monday ruled that Microsoft Corp's (MSFT.O) LinkedIn unit cannot prevent a startup from accessing public profile data, in a test of how much control a social media site can wield over information its users have deemed to be public. U.S. District Judge Edward Chen in San Francisco granted a preliminary injunction request brought by hiQ Labs, and ordered LinkedIn to remove within 24 hours any technology preventing hiQ from accessing public profiles. The case is considered to have implications beyond LinkedIn and hiQ Labs and could dictate just how much control companies have over publicly available data that is hosted on their services. "To the extent LinkedIn has already put in place technology to prevent hiQ from accessing these public profiles, it is ordered to remove any such barriers," Chen's order reads. HiQ Labs uses the LinkedIn data to build algorithms capable of predicting employee behaviors, such as when they might quit."
U.S. judge says LinkedIn cannot block startup from public profile data
Reuters, 14 August 2017

"Appropriately paranoid travelers have always been wary of hotel Wi-Fi. Now they have a fresh justification of their worst wireless networking fears: A Russian espionage campaign has used those Wi-Fi networks to spy on high-value hotel guests, and recently started using a leaked NSA hacking tool to upgrade their attacks.Since as early as last fall, the Russian hacker group known as APT28, or Fancy Bear, has targeted victims via their connections to hacked hotel Wi-Fi networks, according to a new report from security firm FireEye...FireEye says it first saw evidence that Fancy Bear might be targeting hotels in the fall of last year, when the company analyzed an intrusion that had started on one corporate employee's computer. The company traced that infection to the victim's use of a hotel Wi-Fi network while traveling; 12 hours after the person had connected to that network, someone connected to the same Wi-Fi network had used the victim's own credentials to log into their computer, install malware on their machine, and access their Outlook data. That implies, FireEye says, that a hacker had been sitting on the same hotel's network, possibly sniffing its data to intercept the victim's credentials. Then, just last month, FireEye learned of a series of similar Wi-Fi attacks at hotels across seven European capitals and one Middle Eastern capital. In each case, hackers had first breached the target hotel's network—FireEye believes via the common tactic of phishing emails carrying infected attachments that included malicious Microsoft Word macros. They then used that access to launch the NSA hacking tool EternalBlue, leaked earlier this year in a collection of NSA internal data by hackers known as the ShadowBrokers, which allowed them to quickly spread their control through the hotels' networks via a vulnerability in Microsoft's so-called "server message block" protocol, until they reached the servers managing the corporate and guest Wi-Fi networks. From there, the attackers used a network-hacking tool called Responder, which allowed them not only to monitor traffic on the hijacked networks, but also to trick computers connecting to them to cough up users' credentials without giving victims any sign of the theft. When the victim computer reaches out to known services like printers or shared folders, Responder can impersonate those friendly entities with a fake authentication process, fooling the victim machine into transmitting its network username and password. And while the password is sent in a cryptographically hashed form, that hashing can sometimes be cracked. (FireEye believes, for instance, that hackers used Responder to steal the hotel guest's password in the 2016 case; the 12-hour delay may have been the time it took to crack the hash.) In each case, FireEye says that the hacked networks were those of moderately high-end hotels, the kind that attract presumably valuable targets. "These were not super expensive places, but also not the Holiday Inn," FireEye's Read says. "They're the type of hotel a distinguished visitor would stay in when they’re on corporate travel or diplomatic business." But FireEye says it doesn't know whether the hackers had specific visitors in mind, or were simply casting a wide net for potential victims... FireEye says it has "moderate confidence" in its conclusion that Fancy Bear conducted both the 2016 hotel attack and the more recent spate. It bases that assessment on the use of two pieces of Fancy Bear-associated malware, known as GameFish and XTunnel, planted on hotel and victim computers. The company also points to clues in the command and control infrastructure of that malware and information about the victims, which it's not making public. If Fancy Bear is in fact behind the hotel espionage spree, FireEye notes that the group's use of EternalBlue would represent the first publicly confirmed time that Russian hackers have used one of the NSA hacking techniques leaked in the ShadowBrokers' scandal.....All of which should serve as a reminder that hotel networks are not safe havens for travelers with sensitive information. FireEye's Read warns that even using a VPN may not prevent the leakage of private credentials that Responder exploits, though he notes that vulnerability likely depends on which proxy software someone is using. But the safest approach, for any traveler with truly valuable secrets to keep, is to bring your own wireless hotspot—and then stay off the hotel's Wi-Fi altogether."
Russia's 'Fancy Bear' Hackers Used Leaked NSA Tool to Target Hotel Guests
Wired, 11 August 2017

"A former head of MI5 has spoken out against curtailing use of encryption in messaging apps despite warning that Islamist terrorism will remain a threat for up to another 30 years. Jonathan Evans said the terrorist threat to Britain was a “generational problem”, and suggested the Westminster Bridge attack in March may have had an energising effect on extremists.... But Lord Evans, who retired from the security service in 2013, told BBC Radio 4’s Today programme that he would not support a clampdown on use of encryption. His comments came after Amber Rudd, the home secretary, argued that internet companies were not doing enough to tackle extremism online. She has previously singled out the use of encryption as a problem. Acknowledging that use of encryption had hampered security agencies’ efforts to access the content of communications between extremists, Evans added: “I’m not personally one of those who thinks we should weaken encryption because I think there is a parallel issue, which is cybersecurity more broadly. “While understandably there is a very acute concern about counter-terrorism, it is not the only threat that we face. The way in which cyberspace is being used by criminals and by governments is a potential threat to the UK’s interests more widely. “It’s very important that we should be seen and be a country in which people can operate securely – that’s important for our commercial interests as well as our security interests, so encryption in that context is very positive.”"
Ex-MI5 chief warns against crackdown on encrypted messaging apps
Guardian, 11 August 2017

"... a handful of security researchers, lawyers and privacy watchdogs voice increasing concern that consumers might one day wake up in anger at the collection of data by software companies winning rights to do so through “end user license agreements,” also known as EULAs. One researcher says the data collection potentially poses a national security threat. For now, news about how companies collect data emerges in bite-sized stories. In late July, articles brought to light that certain models of the Roomba robotic vacuum not only collect dust as they whir across the floor, they also map the homes of users and send the data back to headquarters... Gary Reback, a Palo Alto, California, antitrust lawyer who has tangled in legal battles with Google and Microsoft over data privacy issues, said data harvested from consumers has led companies to create individual profiles, often at a level of detail that even family members may not know. “When an online profile is created of you, which you never really get to see, it’s not just kind of what you buy, it’s who you might vote for,” Reback said in a recent telephone interview. An old saying goes that when a consumer gets a service or product for free, the consumer becomes the product. His or her profile becomes an item to be marketed. “You may think your identity is, you look in the mirror and that’s what you see, but it’s really not. Your identity is what they’ve compiled,” Reback said. “That is kind of scary when you think about it. I just don’t think people think about it enough.” Internet-connected devices proliferate in homes. An estimated 8.4 billion such devices exist in the world today, the Gartner research firm says, and that number is projected to climb to 20.4 billion by 2020. Those devices are often lumped together as the “Internet of Things.”  Wysopal is concerned enough about privacy that he avoids all voice-activated devices in his own home out of concern they may be feeding his private activities back to manufacturers. But he said young people may feel that “we enjoy all this technology so much that we’re willing to give it up.” As time passes, added Reback, the growth of big players in technology may leave consumers with the sense they have little choice but to accept conditions imposed on them.... In addition to how the personal data of consumers is used, a corollary is whether companies can keep the data safe, said James Scott, senior fellow at the Institute for Critical Infrastructure Technology, a Washington center that calls itself America’s cybersecurity think tank. If U.S. adversaries hack databases containing consumer profiles collected and built up by data firms working with software companies, they could use the information to manipulate public opinion to stoke chaos, Scott said.... On a trip to one of the main U.S. intelligence agencies, which Scott would only identify as a three-letter agency, he said he was stuck at security with an unrelated large delegation, and inquired of a colleague who they were. “‘Oh, that’s Google,’” he said he was told. “‘They are always here begging us to buy their data.’”"
Is Alexa spying on us? We're too busy to care — and we might regret that
McClatchy, 10 August 2017

"You will get chipped. It’s just a matter of time. In the aftermath of a Wisconsin firm embedding microchips in employees last week to ditch company badges and corporate logons, the Internet has entered into full-throated debate. Religious activists are so appalled, they’ve been penning nasty 1-star reviews of the company, Three Square Market, on Google, Glassdoor and social media. On the flip side, seemingly everyone else wants to know: Is this what real life is going to be like soon at work? Will I be chipped? “It will happen to everybody,” says Noelle Chesley, 49, associate professor of sociology at the University of Wisconsin-Milwaukee. “But not this year, and not in 2018. Maybe not my generation, but certainly that of my kids.” Gene Munster, an investor and analyst at Loup Ventures, is an advocate for augmented reality, virtual reality and other new technologies. He thinks embedded chips in human bodies is 50 years away.... In the future, consumers could zip through airport scanners sans passport or drivers license; open doors; start cars; and operate home automation systems. All of it, if the technology pans out, with the simple wave of a hand. The embedded chip is not a GPS tracker, which is what many critics initially feared. However, analysts believe future chips will track our every move.... In Sweden, BioHax says nearly 3,000 customers have had its chip embedded to do many things, including ride the national rail system without having to show the conductor a ticket."
You will get chipped — eventually
USA Today, 10 August 2017

"A judge’s porn preferences and the medication used by a German MP were among the personal data uncovered by two German researchers who acquired the “anonymous” browsing habits of more than three million German citizens. “What would you think,” asked Svea Eckert, “if somebody showed up at your door saying: ‘Hey, I have your complete browsing history – every day, every hour, every minute, every click you did on the web for the last month’? How would you think we got it: some shady hacker? No. It was much easier: you can just buy it.”  Eckert, a journalist, paired up with data scientist Andreas Dewes to acquire personal user data and see what they could glean from it. Presenting their findings at the Def Con hacking conference in Las Vegas, the pair revealed how they secured a database containing 3bn URLs from three million German users, spread over 9m different sites. Some were sparse users, with just a couple of dozen of sites visited in the 30-day period they examined, while others had tens of thousands of data points: the full record of their online lives."
Anonymous' browsing data can be easily exposed, researchers reveal
Guardian, 1 August 2017

"The Five Eyes surveillance cabal, established at the end of World War 2, includes the US, UK, Australia, Canada and New Zealand. The agreement covers how intelligence is shared. And that's about all we know about it. But that could be about to change. The US government is being sued for information about the deal, officially known as the United Kingdom-United States Communications Intelligence Agreement. UK-based charity Privacy International has filed a lawsuit against the National Security Agency, Office of the Director of National Intelligence, the State Department and the National Archives and Records Administration, which all hold information about the intelligence sharing partnership. The lawsuit follows requests for details about the partnership under the US Freedom of Information Act. All the government agencies rejected the requests. The Five Eyes group has existed since 1946 and the last document officially published about it comes from 1955. Since then, vast technological changes have altered how national security bodies collect and store information. "We hope to find out the current scope and nature of the Five Eyes intelligence sharing agreement – and how much has changed since the 1955 version," Privacy International legal officer Scarlet Kim tells WIRED. "We’d also like to know the US rules and regulations governing this exchange of information – what safeguards and oversight, if any, exist with respect to these activities?" The complaint, says Privacy International wants to access the current text of the agreement, how the US government implements it, and the procedures for how intelligence is shared. "These records are of paramount concern because the public lacks even basic information about the Five Eyes alliance," the document says. The campaign group argues that because the public doesn't have enough information about Five Eyes, it is impossible to know if there is a "legal basis" for exchanging signals intelligence. "We are eager to know whether the US shares information not only about Americans but also about Five Eyes citizens and residents with its Five Eyes partners – and whether it undertakes any sort of due diligence before it shares this information," Kim says.  The lawsuit will take a long time to progress through the US legal system but if it is successful could reveal previously private information. Seven years ago, the 1946 agreement between the UK and US, which was superseded by the 1955 document, was acknowledged and released for the first time in the UK. Documents published by the National Archives revealed the basis for the co-operation between the countries. The last light shed on the Five Eyes network came after 2013, when former NSA contractor Edward Snowden published thousands of documents from inside the intelligence agency. "The Snowden disclosures gave us a glimpse into how the change in technical capabilities has transformed the work the 5 Eyes countries do together," Kim explains. "For example, we know that the NSA and GCHQ have worked together to obtain the contact lists and address books from hundreds of millions of personal email and IM accounts as well as webcam images from video chats of millions of Yahoo users". Among many of the practices and capabilities revealed by Snowden surrounding the global intelligence picture, was a glimpse at what is shared with members of Five Eyes. In 2015 it was said New Zealand conducted mass surveillance against its Pacific neighbours, including gathering calls, emails, and social media messages. The documents also revealed New Zealand's Government Communications Security Bureau passed gathered intelligence to the partners within Five Eyes."
The US government is being sued for info on the secretive Five Eyes intelligence group
Wired, 6 July 2017

"Germany is a big target of spying and cyber attacks by foreign governments such as Turkey, Russia and China, a government report said on Tuesday, warning of "ticking time bombs" that could sabotage critical infrastructure. Industrial espionage costs German industry billions of euros each year, with small- and medium-sized businesses often the biggest losers, the BfV domestic intelligence agency said in its 339-page annual report. The report mapped out a range of security threats, including Islamist militancy and increased far-right violence, but highlighted the growing incidence of cyber espionage.  It cited a "noticeable increase" in spying by Turkey's MIT foreign intelligence agency in Germany in 2016, following the failed July 15 coup in Turkey, and said Russia was seeking to influence a parliamentary election on Sept. 24. "The consequences for our country range from weakened negotiating positions to high material costs and economic damage all the way to impairment of national sovereignty," it said."
Germany big target of cyber espionage and attacks - government report
Reuters, 4 July 2017

"The High Court has granted Liberty permission to challenge part of the UK's "extreme mass surveillance regime", with a judicial review of the Investigatory Powers Act. The law forces internet companies to keep logs of emails, phone calls, texts and web browsing histories and to hand them over to the state to be stored or examined. The civil liberties campaign group wants to challenge this mass collection, arguing that the measure breaches British people's rights. In a separate case in December, the European Court of Justice ruled the same powers in the previous law governing UK state surveillance were unlawful. The government argues that it needs access to the data to help with criminal investigations and that the legislation is required because so much communication is done online. But Liberty said the legislation had passed through Parliament in part thanks to "shambolic political opposition" and that the government failed to provide evidence that surveillance of everybody in the UK was lawful or necessary. Martha Spurrier, director of Liberty, said: "It's become clearer than ever in recent months that this law is not fit for purpose. The government doesn't need to spy on the entire population to fight terrorism. All that does is undermine the very rights, freedoms and democracy terrorists seek to destroy." She added: "Our government's obsession with storing vast amounts of sensitive information about every single one of us looks dangerously irresponsible. If they truly want to keep us safe and protect our cybersecurity, they urgently need to face up to reality and focus on closely monitoring those who pose a serious threat."  The High Court has also allowed Liberty to seek permission to challenge three other parts of the Act, either once the government publishes further codes of practice, or by March 2018. These include bulk and 'thematic' hacking,which allows police and intelligence agencies to hack into devices on an industrial scale. It also allows Liberty to challenge the bulk interception and acquisition of communications content and the use of bulk personal datasets, which allows government agencies to access vast databases held by the public or private sector, which Liberty said contain details on "religion, ethnic origin, sexuality, political leanings and health problems, potentially on the entire population - and are ripe for abuse and discrimination". Liberty said that now permission has been granted, its application for a costs capping order will be considered. If this application is granted, the case will be listed for a full hearing."
UK's 'extreme mass surveillance' web snooping powers face legal challenge
ZDNet, 30 June 2017

"US authorities intercepted and recorded millions of phone calls last year under a single wiretap order, authorized as part of a narcotics investigation. The wiretap order authorized an unknown government agency to carry out real-time intercepts of 3.29 million cell phone conversations over a two-month period at some point during 2016, after the order was applied for in late 2015. The order was signed to help authorities track 26 individuals suspected of involvement with illegal drug and narcotic-related activities in Pennsylvania. The wiretap cost the authorities $335,000 to conduct and led to a dozen arrests. But the authorities noted that the surveillance effort led to no incriminating intercepts, and none of the handful of those arrested have been brought to trial or convicted.The revelation was buried in the US Courts' annual wiretap report, published earlier this week but largely overlooked....Albert Gidari, a former privacy lawyer who now serves as director of privacy at Stanford Law School's Center for Internet and Society, criticized the investigation. "They spent a fortune tracking 26 people and recording three million conversations and apparently got nothing," said Gidari. "I'd love to see the probable cause affidavit for that one and wonder what the court thought on its 10 day reviews when zip came in."
With a single wiretap order, US authorities listened in on 3.3 million phone calls
ZDNet, 30 June 2017

"Before she was elevated to the role of Prime Minister by the fallout from Brexit, Theresa May was the author of the UK's Investigatory Powers bill, which spelled out the UK's plans for mass surveillance in a post-Snowden world. At the unveiling of the bill in 2015, May's officials performed the traditional dance: they stated that they would be looking at controls on encryption, and then stating definitively that their new proposals included "no backdoors". Sure enough, the word "encryption" does not appear in the Investigatory Powers Act (IPA). That's because it is written so broadly it doesn't need to. We've covered the IPA before at EFF, but it's worth re-emphasizing some of the powers it grants the British government.

  • Any "communications service provider" can be served with a secret warrant, signed by the Home Secretary. Communications service provider is interpreted extremely broadly to include ISPs, social media platforms, mail services and other messaging services.
  • That warrant can describe a set of people or organizations that the government wants to spy upon.
  • It can require tech companies to insert malware onto their users' computers, re-engineer their own technology, or use their networks to interfere with any other system.
  • The warrant explicitly allows those companies to violate any other laws in complying with the warrant.
  • Beyond particular warrants, private tech companies operating in the United Kingdom also have to respond to "technical capability notices" which will require them to "To provide and maintain the capability to disclose, where practicable, the content of communications or secondary data in an intelligible form," as well as permit targeted and mass surveillance and government hacking.
  • Tech companies also have to the provide the UK government with new product designs in advance, so that the government can have time to require new "technical capabilities" before they are available to customers.

These capabilities alone already go far beyond the Nineties' dreams of a blanket ban on crypto. Under the IPA [Investigatory Power Act], the UK claims the theoretical ability to order a company like Apple or Facebook to remove secure communication features from their products—while being simultaneously prohibited from telling the public about it. Companies could be prohibited from fixing existing vulnerabilities, or required to introduce new ones in forthcoming products. Even incidental users of communication tech could be commandeered to become spies in her Majesty's Secret Service: those same powers also allow the UK to, say, instruct a chain of coffee shops to use its free WiFi service to deploy British malware on its customers. (And, yes, coffee shops are given by officials as a valid example of a "communications service provider.").... The IPA includes language that makes it clear that the UK expects foreign companies to comply with its secret warrants. Realistically, it's far harder for UK law enforcement to get non-UK technology companies to act as their personal hacking teams. That's one reason why May's government has talked up the IPA as a "global gold standard" for surveillance, and one that they hope other countries will adopt.... hacking and the subversion of tech companies isn't just for spies anymore. The British Act explicitly granted these abilities to conduct "equipment interference" to more than just GCHQ and Britain's other intelligence agencies. Hacking and secret warrants can now be used by, among others, the civilian police force, inland revenue and border controls. The secrecy and dirty tricks that used to be reserved for fighting agents of foreign powers is now available for use against a wide range of potential suspects. With the Investigatory Powers Bill, the United Kingdom is now a country empowered with a blunt tools of surveillance that have no comparison in U.S. or any other countries' law."
Five Eyes Unlimited: What A Global Anti-Encryption Regime Could Look Like
Electronic Frontier Foundation, 29 June 2017

"The latest cache of classified intelligence documents dumped online by WikiLeaks includes files describing malware CIA apparently uses to track PCs via Wi‑Fi. The Julian Assange-led website claims the spyware, codenamed ELSA, infects a target's Windows computer and then harvests wireless network details to pinpoint the location of the machine. The software nasty is said to pull data from Google and Microsoft in order to pinpoint the real-world location of the infiltrated machine. "ELSA is a geo-location malware for Wi‑Fi enabled devices like laptops running the Microsoft Windows operating system," says Wikileaks. "Once persistently installed on a target machine using separate CIA exploits, the malware scans visible Wi‑Fi access points and records the ESS identifier, MAC address and signal strength at regular intervals." ELSA is one more weapon in the suite of malware tools the CIA uses to infiltrate the machines of people under investigation. It is used in combination with other exploits and tracking tools. "The collected access point/geo-location information is stored in encrypted form on the device for later exfiltration," Wikileaks says. "The malware itself does not beacon this data to a CIA back-end; instead the operator must actively retrieve the log file from the device – again using separate CIA exploits and backdoors."
Spies do spying, part 97: The CIA has a tool to track targets via Wi-Fi
The Register, 29 June 2017

"How many people specifically know where you are right now? Some friends and family? Your coworkers, maybe? If you're using a Windows laptop or PC you could add another group to the list: the CIA. New documents released on Wednesday as part of WikiLeaks' series of CIA hacking revelations detail a method the agency uses to geolocate computers and the people using them. The agency infects target devices with malware that can then check which public Wi-Fi networks a given computer can connect to at a given moment, as well as the signal strengths of those networks. From there, the malware compares the list of available Wi-Fi options to databases of public Wi-Fi networks to figure out roughly where the device is. The leaked documents detailing the project, which is known as ELSA, date back to 2013, and specifically address laptops and PCs running Windows 7. But experts say that the technique is straightforward enough that the CIA could have a version of it for every Windows release. ELSA only works on Wi-Fi-enabled workstations, but that’s … pretty much everything at this point. The specific process involves installing malware on a target computer, using that to access the victim device’s Wi-Fi sensor to check for nearby public Wi-Fi points, logging each one’s MAC address and Extended Service Set Identifier (the fingerprints of a Wi-Fi network), and then checking those identifiers against publicly available Wi-Fi databases maintained by Google and Microsoft. By combining this location data with signal strength readings, the malware can calculate the device’s approximate longitude and latitude at a given time. It then encrypts this data and stores it until a CIA agent can work to exfiltrate it. ELSA also includes a removal process so the CIA can cover its tracks. While the underlying concepts are commonly enough known, pulling it off requires quite a bit of sophistication. The technique requires exploit tools (methods for taking advantage of unpatched bugs in computer software) to give the CIA access to the target device in the first place. And at the point where the agency can install ELSA malware on the device, they presumably also have access to do a host of other aspects of the computer in question. You can see how gathering location data might be a frequent priority, though, and the ELSA strategy is practical because it doesn’t require any specialized capabilities like GPS or a wireless chip. It can even work when the target device isn’t actually connected to the internet. As long as the Wi-Fi sensor is enabled, the malware can still record which Wi-Fi networks are in range and when, and store the information for later processing.Researchers note that the Wi-Fi databases maintained by Google and Microsoft have expanded and improved since 2013, so it’s likely that the capability has only gotten more accurate over time. It might also have been possible for companies like Google and Microsoft to figure out who the CIA investigates into if they can glean any unique qualities of the database queries the malware would send. But now that technical details of the capability have leaked, the CIA will presumably revise it–if the agency hasn’t already over the last four years."
WikiLeaks Dump Reveals a Creepy CIA Location-Tracking Trick
Wired, 28 June 2017

"The Australian government looks set to take a hard line on encryption at this week’s Five Eyes meeting, and encourage the other nations in the network to jump on the back-door band wagon. The Five Eyes nations - the UK, United States, Canada, Australia and New Zealand - have an agreement to gather and share intelligence, and are meeting this week to discuss national security. Talks are expected to focus on how to force tech companies to introduce back-doors into their previously encrypted products. The UK government has already indicated it is thinking of going down this path - plans that have gone down like a lead balloon with tech experts and privacy campaigners - but its Australian counterpart has been more forthright in its praise of the idea. In a statement, Australian attorney general George Brandis said that he would “raise the need to address ongoing challenges posed by terrorists and criminals using encryption” as his government’s priority issue at the Five Eyes meeting in Canada."
Australian govt promises to push Five Eyes nations to break encryption
The Register, 26 June 2017

"Parliament has suffered its biggest ever cyber attack as hackers launched a “sustained and determined” attempt to break into MPs email accounts. The “brute force” assault lasted for more than 12 hours on Friday as unknown hackers repeatedly targeted “weak” passwords of politicians and aides. Parliamentary officials were forced to lock MPs out of their own email accounts as they scrambled to minimise the damage from the incident. The network affected is used by every MP including Theresa May, the Prime Minister, and her cabinet ministers for dealing with constituents.  Experts last night warned that politicians could be exposed to blackmail or face a heightened threat of terrorist attack if emails were successfully accessed.  MPs also apologised to their constituents and expressed concerns that sensitive and private information shared with them may have leaked. Fears were raised by cyber specialists that “state actors” such as Russia, China or North Korea could be behind the attack - thought Government sources said it was too early for conclusions. The attack was launched on Friday morning and targeted the 9,000 people who have email accounts on Parliament’s internal network. All 650 MPs have parliamentary email accounts as well as peers, political aides, constituency staff and officials who work in the building.... Henry Smith, the Tory MP, said: “Sorry no parliamentary email access today - we're under cyber attack from Kim Jong Un, Putin or a kid in his mom's basement or something.”... MPs affected warned of the damage a successful hack could bring. Andrew Bridgen, the Tory MP for North West Leicestershire, raised concerns about “confidential information” shared by voters with their local politicians.  “People come to us with their worse problems in their life in the confidence that their emails are secure,” he said.... Sean Sullivan, security adviser to F-secure, a cyber security company, said last night: “This is at an early stage but possible perpetrators of this attack include state actors including Russia, China and North Korea. They would all be in the frame.” Mr Sullivan said MPs’ emails would provide a trove of information to criminal gangs or to hostile enemy states. “This information could be used to launch a terrorist attack or for blackmail plots. MPs accounts contains so much confidential information.”
Blackmail fears after Parliament hit by 'sustained and determined' cyber attack leaving MPs unable to access their emails remotely
Telegraph, 24 June 2017

"Germany's foreign intelligence service long spied on numerous official and business targets in the United States, including the White House, Spiegel weekly reported Thursday. The magazine said it had seen documents showing that the intelligence service, the BND, had a list of some 4,000 so-called selector keywords for surveillance between 1998 and 2006. These included telephone or fax numbers, as well as email addresses at the White House as well as the US finance and foreign ministries. Other monitoring targets ranged from military institutions including the US Air Force or the Marine Corps, space agency NASA to civic group Human Rights Watch. Hundreds of foreign embassies as well as international organisation like the International Monetary Fund were not spared, Spiegel said. The BND declined comment in the Spiegel report. Germany had reacted with outrage when information leaked by former NSA contractor Edward Snowden revealed in 2013 that US agents were carrying out widespread tapping worldwide, including of Chancellor Angela Merkel's mobile phone.  Merkel, who grew up in communist East Germany where state spying on citizens was rampant, declared repeatedly that "spying among friends is not on" while acknowledging Germany's reliance on the US in security matters. But to the great embarrassment of Germany, it later emerged that the BND helped the NSA spy on European allies."
Germany spied on the White House over years: report
The Local, 22 June 2017

"Germany on Thursday passed a controversial new law that expands the power of authorities to spy on the content of encrypted message services such as WhatsApp and Skype.... German investigators will now be able to insert into users' cellphones and computers spy software (or a "Trojan horse") to access data in encrypted message services such as popular applications WhatsApp and Skype, including as part of criminal investigations.... The new law is seen as a significant change for a country that usually is very protective of private information, given the burden of Germany's past dictatorships, the Nazi regime in the 1930s-40s and the communist government in the east of the country after the war. Interior Minister Thomas de Maiziere welcomed parliamentary approval of a law which he believes will correct a technological lag on the part of the state in dealing with criminals who, along with the population at large, use these applications all the time. The opposition far-left and Greens parties voted against the law, however, criticising it as an unlimited extension of a surveillance tool in the country. The debate stretches far beyond just Germany. France and Britain, also targets of recent attacks, want to establish a system of legal requirements regarding encrypted services to reinforce Europe's fight against terrorism. WhatsApp, acquired by Facebook, and Skype use data encryption to guarantee user confidentiality."
Germany expands surveillance of encrypted message services
Phys.org, 22 June 2017

"A new analysis of documents leaked by whistleblower Edward Snowden details a highly classified technique that allows the National Security Agency to "deliberately divert" US internet traffic, normally safeguarded by constitutional protections, overseas in order to conduct unrestrained data collection on Americans. According to the new analysis, the NSA has clandestine means of "diverting portions of the river of internet traffic that travels on global communications cables," which allows it to bypass protections put into place by Congress to prevent domestic surveillance on Americans.....The government only has to divert their internet data outside of the US to use the powers of the executive order to legally collect the data as though it was an overseas communication. Two Americans can send an email through Gmail, for example, but because their email is sent through or backed up in a foreign data center, the contents of that message can become "incidentally collected" under the executive order's surveillance powers. The research cites several ways the NSA is actively exploiting methods to shape and reroute internet traffic -- many of which are well-known in security and networking circles -- such as hacking into routers or using the simpler, less legally demanding option of forcing major network providers or telecoms firms into cooperating and diverting traffic to a convenient location. Goldberg noted that sans any conclusive legal or public definitions from the FISA surveillance court on whether the practice is legal, the loophole remains, and "eliminating it calls for a realignment of current US surveillance laws and policies," she added."
NSA's use of 'traffic shaping' allows unrestrained spying on Americans
ZDNet, 22 June 2017

"China has signed an agreement saying it will stop conducting state-sponsored cyberattacks aimed at stealing Canadian private-sector trade secrets and proprietary technology. This industrial espionage accord was worked out this past Friday during high-level talks in Ottawa between senior Communist Party official Wang Yongqing and Daniel Jean, the national security and intelligence adviser to Prime Minister Justin Trudeau. “The two sides agreed that neither country’s government would conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors,” an official communiqué drawn up between China and Canada says. The bilateral pact was concluded four days after Mr. Trudeau held a telephone discussion with Chinese Premier Li Keqiang, where the two leaders focused on a coming third round of exploratory free-trade talks. This new deal only covers economic espionage – hacking corporate secrets – and does not preclude China from conducting state-sponsored cyberattacks against the Canadian government or military as it did in 2014, when Chinese hackers broke into the main computers at the country’s National Research Council. A senior government official, who took part in Friday’s talks, said the agreement should nevertheless be seen as a potentially important step toward addressing the broader problem of Chinese espionage. “This is something that three or four years ago [Beijing] would not even have entertained in the conversation,” according to the official, who is not authorized to speak on the record for the government. “For us, having the commitment on paper is good because we can refer to it. The fact that we do this doesn’t mean we won’t be vigilant, but at the same time if things happen we can go back [to this commitment].” China recently inked similar cyberagreements with the United States, Great Britain, Australia, Brazil and Russia..... Many observers, however, suspect China’s decision to sign the cyberagreement with the United States, Canada and other countries is little more than a shift in tactics. This could include embracing more advanced and secretive computer hacking. “The Chinese may be becoming more stealthy and sophisticated in their attacks. Indeed FireEye noted that the decline in number of attacks [in the United States] may be accompanied by a rise in the sophistication of attacks,” cybersecurity expert Adam Segal wrote in a recent edition of Foreign Affairs magazine. FireEye is a cybersecurity firm that protects against advanced cyberthreats."
Canada and China strike corporate hacking deal
Globe and Mail, 25 June 2017

"The audience at the opening night on Broadway of a new stage adaptation of George Orwell's dystopian fantasy "1984" will include a special guest — the author's son. Richard Blair, whose father finished the book in 1949 when he was a young boy, was in New York on Thursday to cheer on the cast amid a huge jump in interest of his father's nightmarish vison of the future. "His novel '1984' was his take on what could possibly happen — not necessarily will happen — but, as it turned out, it was really quite prescient," said Blair..... The novel tells the story of a man who works at the Ministry of Truth falsifying war news and promoting adoration of the mythical leader Big Brother. The play version stars Olivia Wilde, Tom Sturridge and Reed Birney. Orwell's portrait of a government that manufactures its own facts, demands total obedience and demonizes foreign enemies has enjoyed renewed attention of late... Orwell, the pen name for Eric Arthur Blair, seemed to predict the government's mass surveillance programs and data mining in the age of Facebook and WikiLeaks.... "As the decades have gone by, world events tend to collide with '1984' and suddenly everyone wakes up and says, 'Oh my goodness. This is a bit Orwellian, isn't it?' And a lot of them rush and start buying '1984' and realizing that fiction is imitating life or life is imitating fiction," said Blair."
George Orwell's son says his father's '1984' was 'prescient'
Associated Press, 23 June 2017

"The UK and the EU are at loggerheads once again, but it's not what you might think. This isn't another Brexit debate, but a tussle over encryption. The British government is keen to exploit flaws in tech services for intelligence-gathering and surveillance operations. Home Secretary Amber Rudd, backed by Downing Street, has persistently called for access to WhatsApp, a service used by terrorists in the March attack at Westminster. But on Monday, a European Parliament committee proposed an amendment to incoming legislation that would prevent member states from trying to decrypt encrypted communications, as well as compelling tech companies that don't already use end-to-end encryption to do so. The proposal would protect internet companies from national governments pressuring them to create security flaws, or backdoors, that they could use to hack into people's emails or other messages. The different approaches are emblematic of a debate raging around the world, boiling down to whether tech companies poke security holes in their products so that governments can spy on potential terrorists, or whether they should keep communications locked up tight so as to protect the privacy and safety of internet users. You saw it in the fight that Apple put up against the FBI's efforts to compel the company to create a backdoor into a terrorist's iPhone. While the UK wants to ensure that terrorists have no place to hide, the EU is determined to protect the privacy of law-abiding internet users.... May has long been in favor of increasing the UK's surveillance powers, introducing two bills nicknamed the "Snooper's Charter." The second of these bills, the Investigatory Powers Act, passed into law under her own leadership of the country. The Prime Minister wants the internet to be weak and penetrable, say her critics. They also claim she is using this issue right now to reinforce her own image as "strong and stable" -- her slogan during the recent election campaign....The biggest objection to her proposals is that they will make the internet less safe for users. If governments can exploit backdoors to get to your private communications, so too could criminals or rogue states....Another risk of this style of surveillance is that it could force terrorists to use alternative, less pleasant communication services, added Killock. Pushing them underground completely would only make them even harder to monitor than they are right now, he argued.... The proposals tabled by members of the European Parliament this week are amendments to draft privacy legislation, and forbid member states from "decryption, reverse engineering or monitoring" of encrypted communications, or compelling tech companies to do so. "Member states shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services," one proposal reads. Not only could these proposals scupper the UK's plans, but they could conflict with surveillance activities allowed by the Investigatory Powers Act.... Because of Brexit, it's hard to know how EU rules on privacy and data will apply once the UK leaves the European Union. But without support from other countries, it's highly unlikely that the British government alone would be able to compel tech companies to create backdoors to allow them to bypass encryption. The UK's own new surveillance plans are also not yet a done deal. The small and fragile majority the Conservative party currently holds in Parliament means greater consensus and more debate will be needed in order to pass new laws...."
UK and EU at odds over encryption, fighting terror
CNet, 21 June 2017

"“Surveillance”, as the security expert Bruce Schneier has observed, is the business model of the internet and that is true of both the public and private sectors. Given how central the network has become to our lives, that means our societies have embarked on the greatest uncontrolled experiment in history. Without really thinking about it, we have subjected ourselves to relentless, intrusive, comprehensive surveillance of all our activities and much of our most intimate actions and thoughts. And we have no idea what the long-term implications of this will be for our societies – or for us as citizens. One thing we do know, though: we behave differently when we know we are being watched. There is lots of evidence about this from experimental psychology and other fields, but most of that comes from small-scale studies conducted under controlled conditions. By comparison, our current experiment is cosmic in scale: nearly 2 billion people on Facebook, for example, doing stuff every day. Or the 3.5bn searches that people type every day into Google. All this activity is leaving digital trails that are logged, stored and analysed. We are being watched 24x7x365 by machines running algorithms that rummage through our digital trails and extract meaning (and commercial opportunities) from them. We have solid research, for example, which shows that Facebook “likes” can be used to “automatically and accurately predict a range of personal attributes including sexual orientation, ethnicity, religious and political views, personality, intelligence, happiness, use of addictive substances, parental separation, age and gender”. The idea that being watched on this scale isn’t affecting our behaviour is implausible, to put it mildly. Throughout history, surveillance has invariably had a chilling effect on freedom of thought and expression. It affects, for example, what you search for. After the Snowden revelations, traffic to Wikipedia articles on topics that raise privacy concerns for internet users decreased significantly. Another research project found that people’s Google searches changed significantly after users realised what the NSA looked for in their online activity... By now, most internet users are aware that they are being watched, but may not yet appreciate the implications of it. If that is indeed the case, then a visit to an interesting new website – Social Cooling – might be instructive. It illustrates the way social media assembles a “data mosaic” about each user that includes not just the demographic data you’d expect, but also things such as your real (as opposed to your “projected”) sexual orientation, whether you’ve been a victim of rape, had an abortion, whether your parents divorced before you were 21, whether you’re an “empty nester”, are “easily addictable” or “into gardening”, etc. On the basis of these parameters, you are assigned a score that determines not just what ads you might see, but also whether you get a mortgage. Once people come to understand that (for example) if they have the wrong friends on Facebook they may pay more for a bank loan, then they will start to adjust their behaviour (and maybe change their friends) just to get a better score. They will begin to conform to ensure that their data mosaic keeps them out of trouble. They will not search for certain health-related information on Google in case it affects their insurance premiums. And so on. Surveillance chills, even when it’s not done by the state. And even if you have nothing to hide, you may have something to fear."
Google, not GCHQ, is the truly chilling spy network
Guardian, 18 June 2017

"Routers sit at the front gate of nearly every network, offering total access and few security measures to prevent remote attacks. If you can compromise someone’s router, you’ve got a window into everything they’re doing online. According to new documents published by WikiLeaks, the CIA has been building and maintaining a host of tools to do just that. This morning, the group published new documents describing a program called Cherry Blossom, which uses a modified version of a given router’s firmware to turn it into a surveillance tool. Once in place, Cherry Blossom lets a remote agent monitor the target’s internet traffic, scan for useful information like passwords, and even redirect the target to a desired website. The document is part of a series of publications on CIA hacking tools, including previous modules targeting Apple products and Samsung Smart TVs. As with previous publications, the document dates to 2012, and it’s unclear how the programs have developed in the five years since. The manual describes different versions of Cherry Blossom, each tailored to a specific brand and model of router. The pace of hardware upgrades seems to have made it arduous to support each model of router, but the document shows the most popular routers were accessible to Cherry Blossom. “As of August 2012,” the manual reads, “CB-implanted firmwares can be built for roughly 25 different devices from 10 different manufacturers, including Asus, Belkin, Buffalo, Dell, DLink, Linksys, Motorola, Netgear, Senao, and US Robotics.” The manual also goes into detail on how CIA agents would typically install the modified firmware on a given device. “In typical operation,” another passage reads, “a wireless device of interest is implanted with Cherry Blossom firmware, either using the Claymore tool or via a supply chain operation.” The “supply-chain operation” likely refers to intercepting the device somewhere between the factory and the user, a common tactic in espionage operations. No public documents are available on the “Claymore tool” mentioned in the passage. It’s unclear how widely the implant was used, although the manual generally refers to use against specific targets, rather than for mass surveillance. There’s also reason to believe the NSA was employing similar tactics. In 2015, The Intercept published documents obtained by Edward Snowden that detailed efforts by the UK’s GCHQ to exploit vulnerabilities in 13 models of Juniper firewalls."
The CIA has lots of ways to hack your router
The Verge, 15 June 2017

"The New York Times is enabling comments on more of its online articles because of an artificial intelligence tool developed by Google. The software, named Perspective, helps identify "toxic" language, allowing the newspaper's human moderators to focus on non-offensive posts more quickly. Its algorithms have been trained by feeding them millions of posts previously vetted by the team. By contrast, several other news sites have shut their comments sections. Popular Science, Motherboard, Reuters, National Public Radio, Bloomberg and The Daily Beast are among those to have stopped allowing the public to post their thoughts on their sites, in part because of the cost and effort required to vet them for obscene and potentially libellous content. The BBC restricts comments to a select number of its stories for the same reasons, but as a result many of them end up being complaints about the selection."
Google AI polices newspaper comments
BBC, 14 June 2017

"Officials from the United States, the United Kingdom, Canada, Australia and New Zealand will discuss next month plans to force tech companies to break encryption on their products. The so-called Five Eyes nations have a long-standing agreement to gather and share intelligence from across the globe. They will meet in Canada with a focus on how to prevent "terrorists and organized criminals" from "operating with impunity ungoverned digital spaces online," according to Australian prime minister Malcolm Turnbull. In the most forthright call yet from a national leader to break encryption, Turnbull told Parliament: "The privacy of a terrorist can never be more important than public safety – never." Turnbull's comments reflect a more vague but similar response from UK prime minister Theresa May earlier this week in which she said she was focused on "giving the police and the authorities the powers they need to keep our country safe." And the UK authorities have already put in a legislative placeholder for breaking encryption into Blighty's Investigatory Powers Act. Australia's administration is rather enamored with that new UK law, and hopes to implement it Down Under. The United States meanwhile has been having a long debate on the issue of encryption, with tech firms battling it out with law enforcement in both public and private. It is in the United States where the issue will ultimately be decided however, since the most widely used encrypted services – ranging from Apple's iPhone to Facebook's WhatsApp messaging – are developed and run by US companies. Even the UK's heavily criticized anti-encryption law recognizes that it may be powerless to enforce encryption breaking on products and services that come from overseas – and online that geographic boundary doesn't exist. The Five Eyes group is also going to have to decide how to deal with the mathematical realities of encryption. If companies are forced to insert a backdoor into their encryption products in order to make their contents accessible, there is nothing to stop a malicious third party from doing the same: you cannot wall off a vulnerability. Security experts have called the argument put forward by law enforcement and politicians – that they want access but don't want the bad guys to be able to do the same – "magical thinking." The Five Eyes group needs to reach a decision on how to answer the inherent conundrum of magical thinking. Europe, which has been making its own noises about anti-encryption legislation, needs to do the same. It is also possible of course that the vast and massively powerful spying machinery owned and run by the Five Eyes could be focused on cracking encryption. To isolate specific messages of concern and then throw all computing resources at them.Or, a third way could be for the security services from the five nations to oblige tech companies to develop a way to undermine specific devices – ie, create a piece of software that could be sent to an individual's phone that would allow spies direct access to the device and so enable them to bypass encryption protection. America's National Security Agency is already known to have developed software that uses undiscovered vulnerabilities in software to give itself access to people's phones. If you have full access to someone's phone (or other device), all the encryption in the world won't make a difference. Although some tech companies have been public in their determination not to introduce backdoors – such as Apple and its feud with the FBI, and Facebook's fight with the Brazilian authorities – it is notable that others have been silent or have called for compromise. Google, for example, has stayed out of the fray, while Microsoft has repeatedly implied it is open to a shared solution."
Five Eyes nations stare menacingly at tech biz and its encryption
The Register, 13 June 2017

"A former top spy agency official who was the target of a government leak investigation says the National Security Agency conducted blanket surveillance in Salt Lake City during the 2002 Winter Olympics, according to court documents.Ex-NSA official Thomas Drake wrote in a declaration released Friday that the agency collected and stored virtually all electronic communications going into or out of the Salt Lake area, including the contents of emails and text messages. "Officials in the NSA and FBI viewed the Salt Lake Olympics Field Op as a golden opportunity to bring together resources from both agencies to experiment with and fine tune a new scale of mass surveillance," Drake wrote. It comes as part of a lawsuit filed by attorney Rocky Anderson, who was the mayor of Salt Lake City during the Games held a few months after the Sept. 11, 2001, attacks. Anderson said the document was disclosed to the U.S. Department of Justice on Wednesday. Former CIA and NSA director Michael Hayden has denied in court documents that such a program existed. Hayden was NSA director from 1999 to 2005. Current NSA operations director Wayne Murphy said in court documents that NSA surveillance in Salt Lake City was limited to international communications in which at least one participant was reasonably believed to be associated with foreign terrorist groups. Drake disputed that statement, writing that he spoke with colleagues who worked on the operation and were concerned about its legality. He said he also saw documents showing surveillance equipment being directed to the Utah program....Drake started working for the NSA in 2001 and blew the whistle on what he saw as a wasteful and invasive program. He was later prosecuted for keeping classified information. Most of the charges were dropped before trial in 2011, and he was sentenced to one year of probation."
Ex-spy says NSA did mass surveillance during Utah Olympics
Associated Press, 3 June 2017

"The first arrest using new facial recognition software has been made. South Wales Police has become the first force in the UK to use the equipment. The first arrest was made on Wednesday but it was not related to the Champions League final. Real-time cameras linked to facial recognition software will monitor people in and around the city centre. The images will be use identify people who exist on pre-determined watch lists, usually used for terrorists and hooligans. It will also be used to monitor to ticket touts.  The force has also been given funding for a separate trial of software that enables them to cross reference CCTV images and other picture with their database of 500,000 custody images. Police vehicles have been spotted around the city labelled as using "facial recognition"."
The first arrest using facial recognition software has been made
Wales Online, 2 June 2017

"A back door has been built into modems sent to customers of major internet service providers allowing the companies' staff to access settings and potentially create a security hole. The discovery alarmed a computer expert who contacted the Herald, saying the remote access could provide a pathway to the contents of people's computers by employees of the company. Vodafone is not the only major ISP with a "back door" into its modems - Spark has confirmed it also has built-in "remote access" in modems it supplies to customers. The companies say the ability for its staff to access modems remotely is a huge benefit to customers who might find it technically challenging. The expert - who won't be named - said he was astonished to discover the back door existed after his partner sought help from Vodafone while he was away from home.... Waikato University associate professor Ryan Ko - director of the New Zealand Institute for Security and Crime Science - said internet providers were already able to view anything sent to and from people's computers across the internet. He said the danger around remote access would come from a disgruntled worker at an internet provider and it was "high value targets" rather than the average user who would be at risk. "The whole thing exists on the fact you trust your ISP to keep their security up to speed. It all depends on trust.""
Internet providers have backdoor access to customers' modems
New Zealand Herald, 27 May 2017

"U.S. intelligence agencies conducted illegal surveillance on American citizens over a five-year period, a practice that earned them a sharp rebuke from a secret court that called the matter a “very serious” constitutional issue. The criticism is in a lengthy secret ruling that lays bare some of the frictions between the Foreign Intelligence Surveillance Court and U.S. intelligence agencies obligated to obtain the court’s approval for surveillance activities. The ruling, dated April 26 and bearing the label “top secret,” was obtained and published Thursday by the news site Circa. It is rare that such rulings see the light of day, and the lengthy unraveling of issues in the 99-page document opens a window on how the secret federal court oversees surveillance activities and seeks to curtail those that it deems overstep legal authority. The document, signed by Judge Rosemary M. Collyer, said the court had learned in a notice filed Oct. 26, 2016, that National Security Agency analysts had been conducting prohibited queries of databases “with much greater frequency than had previously been disclosed to the court.” It said a judge chastised the NSA’s inspector general and Office of Compliance for Operations for an “institutional ‘lack of candor’ ” for failing to inform the court. It described the matter as “a very serious Fourth Amendment issue.” The Fourth Amendment protects people from unreasonable searches and seizures by the government, and is a constitutional bedrock protection against intrusion. Parts of the ruling were redacted, including sections that give an indication of the extent of the illegal surveillance, which the NSA told the court in a Jan. 3 notice was partly the fault of “human error” and “system design issues” rather than intentional illegal searches. The NSA inspector general’s office tallied up the number of prohibited searches conducted in a three-month period in 2015, but the number of analysts who made the searches and the number of queries were blacked out in the ruling. The NSA gathers communications in ways known as “upstream” and “downstream” collection. Upstream collection occurs when data are captured as they move through massive data highways – the internet backbone – within the United States. Downstream collection occurs as data move outside the country along fiber optic cables and satellite links. Data captured from both upstream and downstream sources are stored in massive databases, available to be searched when analysts need to, often months or as much as two years after the captures took place. The prohibited searches the court mentioned involved NSA queries into the upstream databanks, which constitute a fraction of all the data NSA captures around the globe but are more likely to contain the emails and phone calls of people in the United States. Federal law empowers the NSA and CIA to battle foreign terrorist actions against the United States by collecting the electronic communications of targets believed to be outside the country. While communications of U.S. citizens or residents may get hoovered up in such sweeps, they are considered “incidental” and must be “minimized” – removing the identities of Americans – before broader distribution.""
Secret court rebukes NSA for 5-year illegal surveillance of U.S. citizens
McClatchy, 26 May 2017

"The National Security Agency under former President Barack Obama routinely violated American privacy protections while scouring through overseas intercepts and failed to disclose the extent of the problems until the final days before Donald Trump was elected president last fall, according to once top-secret documents that chronicle some of the most serious constitutional abuses to date by the U.S. intelligence community. More than 5 percent, or one out of every 20 searches seeking upstream Internet data on Americans inside the NSA’s so-called Section 702 database violated the safeguards Obama and his intelligence chiefs vowed to follow in 2011, according to one classified internal report reviewed by Circa. The Obama administration self-disclosed the problems at a closed-door hearing Oct. 26 before the Foreign Intelligence Surveillance Court that set off alarm. Trump was elected less than two weeks later.The normally supportive court censured administration officials, saying the failure to disclose the extent of the violations earlier amounted to an “institutional lack of candor” and that the improper searches constituted a “very serious Fourth Amendment issue,” according to a recently unsealed court document dated April 26, 2017. The admitted violations undercut one of the primary defenses that the intelligence community and Obama officials have used in recent weeks to justify their snooping into incidental NSA intercepts about Americans. Circa has reported that there was a three-fold increase in NSA data searches about Americans and a rise in the unmasking of U.S. person’s identities in intelligence reports after Obama loosened the privacy rules in 2011. Officials like former National Security Adviser Susan Rice have argued their activities were legal under the so-called minimization rule changes Obama made, and that the intelligence agencies were strictly monitored to avoid abuses. The intelligence court and the NSA’s own internal watchdog found that not to be true. “Since 2011, NSA’s minimization procedures have prohibited use of U.S.-person identifiers to query the results of upstream Internet collections under Section 702,” the unsealed court ruling declared. “The Oct. 26, 2016 notice informed the court that NSA analysts had been conducting such queries inviolation of that prohibition, with much greater frequency than had been previously disclosed to the Court.”...The American Civil Liberties Union said the newly disclosed violations are some of the most serious to ever be documented and strongly call into question the U.S. intelligence community’s ability to police itself and safeguard American’s privacy as guaranteed by the Constitution’s Fourth Amendment protections against unlawful search and seizure.... The NSA acknowledged it self-disclosed the mass violations to the court last fall and that in April it took the extraordinary step of suspending the type of searches that were violating the rules, even deleting prior collected data on Americans to avoid any further violations. “NSA will no longer collect certain internet communications that merely mention a foreign intelligence target,” the agency said in the statement that was dated April 28 and placed on its Web site without capturing much media or congressional attention. In question is the collection of what is known as upstream “about data”about an American that is collected even though they were not directly in contact with a foreigner that the NSA was legally allowed to intercept. The NSA said it doesn't have the ability to stop collecting ‘about’ information on Americans, “without losing some other important data. ” It, however, said it would stop the practice to “reduce the chance that it would acquire communication of U.S. persons or others who are not in direct contact with a foreign intelligence target.” Officials "explained that NSA query compliance is largely maintained through a series of manual checks" and had not "included the proper limiters" to prevent unlawful searches, the NSA internal watchdog reported in a top secret report in January that was just declassified. A new system is being developed now, officials said...The NSA’s Signal Intelligence Directorate, the nation’s main foreign surveillance arm, wrote a letter back to the IG saying it agreed with the findings and that “corrective action plans” are in the works.""
Obama intel agency secretly conducted illegal searches on Americans for years
Circa, 25 May 2017

"The government may use the deadly attack in Manchester to launch a crackdown on internet securities. Government officials appear to have briefed newspapers that they will put many of the most invasive parts of the relatively new Investigatory Powers Act into effect after the bombing at Manchester Arena. The specific powers being discussed – named Technical Capability Orders – require big technology and internet companies to break their own security so that messages can be read by intelligence agencies. Government will ask parliament to allow the use of those powers if Theresa May is re-elected, senior ministers told The Sun. “We will do this as soon as we can after the election, as long as we get back in," The Sun said it was told by a government minister. "The level of threat clearly proves there is no more time to waste now. “The social media companies have been laughing in our faces for too long."  The anonymous briefings to the paper come soon after the Conservatives launched their manifesto promising "regulation" on the internet. Those proposals included what appeared to be a reiteration of the government's plans to weaken security and encryption. Home secretary Amber Rudd appeared to attempt to limit the application of the powers, suggesting that security services already have the powers they need and that she wouldn't push for increased powers until further work had been done. Ms Rudd had previously suggested that the government will seek to dramatically weaken the encryption that apps like WhatsApp use to keep messages safe. There has been no suggestion yet that encryption, which keeps messages from being read by hackers, played any part in the attack. Neither has it been suggested that the extended powers would have prevented such an attack. Internet companies have repeatedly argued that the powers made possible under the Investigatory Powers Act will make everyone less safe. While building "backdoors" into security will mean that intelligence agencies can read messages, it will also mean that those messages can potentially be read by anyone else, too. Technology companies have told The Independent that it is still impossible to know whether it would be possible to legally comply with such orders. Weakening encryption in one country like the UK might lead the companies to be in breach of – and it still isn't clear whether the UK government could force them to break security across the world, as has been suggested."
Manchester attack could lead Theresa May's government to launch huge internet crackdown
Independent, 24 May 2017

"Your phone may be sending out ultrasonic tones right now. Sounds the human ear can't pick up, but which other devices can. A research team sponsored by the German government discovered more than 230 apps on Google's Android market that secretly tracked users through the use of ultrasonic audio. The so-called ultrasonic tracking beacons can help create intimate profiles of people, tying them to a slew of devices communicating with each other through the beacons. Here's how it works: Let's say your friend's smart TV uses the beacon, and you watch that TV. When a beacon from your phone meets the one from the TV, advertisers tied to both learn a bit more about you — and your friend. In a paper posted online by the researchers at Braunschweig University of Technology in Germany, the team wrote that they identified 234 Android apps "that are constantly listening for ultrasonic beacons in the background without the user's knowledge." Four out of 35 stores the team visited in two European cities use the ultrasonic beacons to track shoppers, as well. The researchers found coding from SilverPush, a San Francisco company that sells cross-device tracking software, on earlier versions of McDonald's and Krispy Kreme apps distributed in the Philippines, but "the functionality has already been removed by the developers," they said in an email to CBS News. Google confirmed to CBS News that the apps discovered by the researchers have all either been suspended or updated to meet the company's privacy policies. In order for the use of ultrasonic beacons to be permissible on Android devices, app developers have to disclose to users that the apps will be using their cellphone microphones for that purpose. While the use of ultrasonic beacons is not yet widespread, the paper notes that known instances of its use have grown from just six in April 2015, to the 234 identified by the German researchers. "Our findings strengthen our concerns that the deployment of ultrasonic tracking increases in the wild and therefore needs serious attention regarding its privacy consequences," the researchers wrote.""
Google removes apps that use ultrasonic frequencies to track users
CBS, 24 May 2017

"The majority of people in the UK are unaware of just how closely the government can monitor their online activities, a new report claims. 76 per cent of Brits are “completely unaware” of the highly controversial Investigatory Powers Act – also known as the Snooper’s Charter – which allows the government to see everything we do online, according to virtual private network comparison site BestVPN.com. 23 per cent were unable to name any of the 48 government bodies that have access to their full browsing history.... 33 per cent of respondents thought the government had no power to monitor online activities, and 59 per cent said they wouldn’t consent to the government or third parties viewing and monitoring their digital activities. However, 63 per cent of the 2,000 adults involved the the study, which was conducted in April, said they would only agree to being monitored in order to prevent criminal activity or a potential terrorist threat. “The public and parliamentary debate about the Investigatory Powers Act was overshadowed by Brexit so it is perhaps unsurprising that many people are not aware of the Government’s extreme surveillance powers,” Jim Killock, the executive director of Open Rights Group, told The Independent. “This has not been helped by the Home Office who recently carried out a ‘secret consultation’ into policies that could affect our privacy and security. “The British public need to be made aware that the UK government has extensive powers to monitor their online activity en masse without any prior suspicion.” Civil liberties group Liberty described the introduction of the measures as a “beacon for despots everywhere”. Theresa May is also planning to regulate the internet, allowing the government to decide what web users can post, share and publish online."
Snooper’s Charter: Majority of public unaware of government online surveillance
Independent, 23 May 2017

"The U.S. National Security Agency collected more than 151 million records of Americans' phone calls last year, even after Congress limited its ability to collect bulk phone records, according to an annual report issued on Tuesday by the top U.S. intelligence officer. The report from the office of Director of National Intelligence Dan Coats was the first measure of the effects of the 2015 USA Freedom Act, which limited the NSA to collecting phone records and contacts of people U.S. and allied intelligence agencies suspect may have ties to terrorism. It found that the NSA collected the 151 million records even though it had warrants from the secret Foreign Intelligence Surveillance court to spy on only 42 terrorism suspects in 2016, in addition to a handful identified the previous year. The NSA has been gathering a vast quantity of telephone "metadata," records of callers' and recipients' phone numbers and the times and durations of the calls - but not their content - since the September 11, 2001, attacks. The report came as Congress faced a decision on whether to reauthorize Section 702 of the Foreign Intelligence Surveillance Act (FISA), which permits the NSA to collect foreign intelligence information on non-U.S. persons outside the United States, and is scheduled to expire at the end of this year....Officials on Tuesday argued that the 151 million records collected last year were tiny compared with the number collected under procedures that were stopped after former NSA contractor Edward Snowden revealed the surveillance program in 2013."
NSA collected Americans' phone records despite law change: report
Reuters, 3 May 2017

"The "live" surveillance of British web users' internet communications has been proposed in a draft technical paper prepared by the government. If made law, such access would occur via the Investigatory Powers (IP) Act, which includes provisions for the removal of encryption on content. The paper was allegedly leaked to civil liberties body the Open Rights Group, which received the document on 4 May. The Home Office denied there was anything new in the consultation. Phone companies and internet service providers would be asked to provide "data in near real time" within one working day, according to one clause in the technical capabilities paper. Such access would need to be sanctioned by secretaries of state and a judge appointed by the prime minister. The paper also echoes the IP Act itself, noting that tech companies would be required to remove - or enable the removal - of encryption from communications as they would need to be provided "in an intelligible form" without "electronic protection". Cryptographers often describe such access as a "backdoor" in the security of communications services. The idea is controversial because some argue it could be exploited by hackers, endangering innocent users. Under the terms of the Investigatory Powers Act, telecoms firms would have to carry out the requirements of any notices to these effects in secret, so the public would be unaware that such access had been given. Simultaneous surveillance could occur in bulk, but be limited to one in every 10,000 users of a given service - a maximum of roughly 900 of BT's 9 million British broadband customers, for instance. A consultation about the paper - due to end on 19 May - is allegedly under way at the moment, though this was not publicly announced by the government. It does not have a legal obligation notify the public about draft regulations, which would have to be passed by both Houses of Parliament in order to become law.... "It seems very clear that the Home Office intends to use these to remove end-to-end encryption - or more accurately to require tech companies to remove it," said Dr Cian Murphy, a legal expert at the University of Bristol who has criticised the scope of the IP act. "I do read the regulations as the Home Office wanting to be able to have near real-time access to web chat and other forms of communication," he told the BBC... Surveillance of some mobile phone user data in "as near real-time as possible" has already been available to law enforcement authorities for many years, noted Dr Steven Murdoch at University College London. The UK's Internet Service Providers' Association (Ispa), which represents BT, Sky, Virgin Media, TalkTalk and others, said it would be "consulting its members and submitting a response to the draft regulations"."
Investigatory Powers: 'Real-time surveillance' in draft update
BBC, 5 May 2017

"The U.S. National Security Agency said on Friday it had stopped a form of surveillance that allowed it to collect without a warrant the digital communications of Americans who mentioned a foreign intelligence target in their messages, marking an unexpected triumph for privacy advocates long critical of the practice. The decision to stop the once-secret activity, which involved messages sent to or received from people believed to be living overseas, came despite the insistence of U.S. officials in recent years that it was both lawful and vital to national security. The halt is among the most substantial changes to U.S. surveillance policy in years and comes as digital privacy remains a contentious issue across the globe following the 2013 disclosures of broad NSA spying activity by former intelligence contractor Edward Snowden. "NSA will no longer collect certain internet communications that merely mention a foreign intelligence target," the agency said in a statement. "Instead, NSA will limit such collection to internet communications that are sent directly to or from a foreign target." NSA also said it would delete the "vast majority" of internet data collected under the surveillance program "to further protect the privacy of U.S. person communications." The decision is an effort to remedy privacy compliance issues raised in 2011 by the Foreign Intelligence Surveillance Court, a secret tribunal that rules on the legality of intelligence operations, sources familiar with the matter said. The court recently approved the changes, NSA said in its statement. The NSA is not permitted to conduct surveillance within the United States. The so-called "about" collection went after messages that mentioned a surveillance target, even if the message was neither to nor from that person. That type of collection sometimes resulted in surveillance of emails, texts and other communications that were wholly domestic. The NSA will continue to collect communications directly involving intelligence targets. Friday's announcement came as a surprise to privacy advocates who have long argued that "about" collection was overly broad and ran afoul of the U.S. Constitution's protections against unreasonable searches."
U.S. spy agency abandons controversial surveillance technique
Reuters, 28 April 2017

"The UK has dropped two places on the World Press Freedom Index following the passing of the Investigatory Powers Act and threats to pursue journalists reporting on national security. The World Press Freedom Index for 2017 was published today by Reporters Without Borders (Reporters sans frontičres), the Paris-based international non-profit NGO to promote and defend the freedom of the press, which has consultant status at the United Nations. Of 180 countries, the UK — the land of John Milton, who wrote Areopagitica* — has dropped to 40th, being pipped by France, Chile, and even South Africa. Despite the nation's Parliamentary history and cultural commitment to the freedom of speech, the UK has slipped further behind its neighbours who continue to populate the top spots, where Norway, Sweden, Finland, Denmark and the Netherlands occupy the top five positions respectively.... Among the issues with the UK's respect for press freedom was the Law Commission's plans to target journalists with a punitive new official secrets law, though these have stalled since The Register revealed the lack of process behind the proposals. Open Rights Group executive director Jim Killock responded to the rankings drop: "Extensive surveillance powers are threatening investigative journalism and freedom of expression in the UK. In just four years, the UK has fallen ten places in the World Press Freedom Index, a deeply worrying trend that needs to be addressed. "The government failed to protect journalists when it passed the Investigatory Powers Act. Now, the Law Commission has proposed to send them to prison if they so much as handle official data. This comes at a time when we must be able to hold the Government to account over its vast surveillance powers. Mass surveillance chills freedom of expression and undermines democracy.""
UK drops in World Press Freedom Index following surveillance and anti-espionage threats
The Register, 26 April 2017

"And new data suggests that these televisions are even more susceptible to attack than previously thought. While the recent Samsung Smart TV vulnerabilities exposed by Wikileaks (aka Weeping Angel) required an in-person delivery of a malicious payload via USB drive, more distant, remote attacks are unsurprisingly also a problem. Rafael Scheel, a security researcher working for Swiss cyber security consulting company Oneconsult, recently revealed that around 90% of smart televisions are vulnerable to a remote attack using rogue DVB-T (Digital Video Broadcasting - Terrestrial) signals. This attack leans heavily on Hybrid Broadcast Broadband TV (HbbTV), an industry standard supported by most cable companies and set top manufacturers that helps integrate classic broadcast, IPTV, and broadband delivery systems."
Researcher: 90% Of 'Smart' TVs Can Be Compromised Remotely
Techdirt, 7 April 2017

"Security researchers at Google and Lookout have discovered an extremely sophisticated Android app capable of spying on users by hacking their smartphones' camera and microphone, as well as track calls, messages, internet history and more.
Called Chrysaor, the spyware seems to be linked to Pegasus, a notorious program that was found to be targeting iPhone users in 2016 and is suspected of having been created by Israeli firm NSO Group Technologies. Google and Lookout announced the discovery of the spyware last week. The app, which was not available for download from Google Play, has already been detected on 36 devices, most of which were owned by people living in Israel.  “To install Chrysaor, we believe an attacker coaxed specifically targeted individuals to download the malicious software onto their device,” said Google. “Once Chrysaor is installed, a remote operator is able to surveil the victim’s activities on the device and within the vicinity, leveraging microphone, camera, data collection, and logging and tracking application activities on communication apps such as phone and SMS.” Other countries to have found infected devices are Georgia, Mexico, Turkey, Kenya and others.
NSO Group Technologies has previously been accused of developing Smartphone hacking software and selling them to spy agencies across the globe, as they allegedly did with Pegasus."
Google discovers 'Israeli' spy app designed to hack smartphones
Ynetnews, 7 April 2017

"Julian Assange's WikiLeaks website has released the source code for what it says is a malware obfuscation tool used by the CIA, as part of its Vault 7 information leaks. According to the documentation for the Marble Framework published by WikiLeaks, it is "designed to allow for flexible and easy-to-use obfuscation when developing tools".  The obfuscation is done to avoid anyone attributing the malware to the CIA. "When signaturing tools, string obfuscation algorithms (especially those that are unique) are often used to link malware to a specific developer or development shop," the documation states. Announcing the release of the Marble data, WikiLeaks claimed "thousands of CIA viruses and hacking attacks can now be attributed".  Obfuscation of strings and data in malware can be done using the Marble algorithms, which can be randomly selected by the tool. The CIA suite also includes a de-obfuscator that restores scrambled files to their original, clean states. Marble tools such as Warble can add languages such as Arabic, Russian, Chinese, Korean and Farsi to the malware, as part of the agency's anti-forensic effort... The documentation for the Marble Framework is marked as SECRET/NOFORN, the second highest security classification used by the CIA, which prohibits access by foreign nationals."
WikiLeaks dumps CIA malware obfuscation code
 ITnews, 3 April 2017

Wikileaks releases code that could unmask CIA hacking operations

"WikiLeaks released the third tranche of its leaked CIA documents trove on Friday, which in this episode focuses on anti-forensics tools.....Episode three brings the release of source-code files for the CIA's secret anti-forensic Marble Framework. The technology is designed to make the CIA's malware harder for security researchers at antivirus firms to analyse, thus hampering attribution. It does this by hiding ("obfuscating") text fragments..... One feature in Marble stands out. It creates a means for virus writers to pretend that the malware was created by a speaker of a range of foreign languages (Chinese, Russian, Korean, Arabic and Farsi)... WikiLeaks suggests that this tech would allow the real-life equivalent of American Dad's Stan Smith to trick security researchers into thinking they were, for example, Chinese PLA. "The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, but there are other possibilities, such as hiding fake error messages."
WikiLeaks exposes CIA anti-forensics tool that makes Uncle Sam seem fluent in enemy tongues
The Register, 31 March 2017

"For years, the development of real-time face recognition has been hampered by poor video resolution, the angles of bodies in motion, and limited computing power. But as systems begin to transcend these technical barriers, they are also outpacing the development of policies to constrain them. Civil liberties advocates fear that the rise of real-time face recognition alongside the growing number of police body cameras creates the conditions for a perfect storm of mass surveillance. “The main concern is that we’re already pretty far along in terms of having this real-time technology, and we already have the cameras,” said Jake Laperruque, a fellow at the Constitution Project. “These cameras are small, hard to notice, and all over the place. That’s a pretty lethal combination for privacy unless we have reasonable rules on how they can be used together.”. This imminent reality has led several civil liberties groups to call on police departments and legislators to implement clear policies on camera footage retention, biometrics, and privacy. On Wednesday morning, the House Oversight Committee held a hearing on law enforcement’s use of facial recognition technology, where advocates emphasized the dangers of allowing advancements in real-time recognition to broaden surveillance powers. As Alvaro Bedoya, executive director of the Center on Privacy and Technology at Georgetown Law, told Congress, pairing the technology with body cameras, in particular, “will redefine the nature of public spaces.”.... At least five U.S. police departments, including those in Los Angeles and New York, have already purchased or looked into purchasing real-time face recognition for their CCTV cameras, according to a study of face recognition technology published by Bedoya and other researchers at Georgetown. Bedoya emphasized that it’s only a matter of time until the nation’s body-worn cameras will be hooked up to real-time systems. With 6,000 of the country’s 18,000 police agencies estimated to be using body cameras, the pairing would translate into hundreds of thousands of new, mobile surveillance cameras....Civil liberties experts warn that just walking down the street in a major urban center could turn into an automatic law enforcement interaction. With the ability to glean information at a distance, officers would not need to justify a particular interaction or find probable cause for a search, stop, or frisk. Instead, everybody walking past a given officer on his patrol could be subject to a “perpetual line-up,” as the Georgetown study put it. In Ferguson, Missouri, where a Justice Department investigation showed that more than three-quarters of the population had outstanding warrants, real-time face searches could give police immense power to essentially arrest individuals at will. And in a city like New York, which has over 100 officers per square mile and plans to equip each one of them with body cameras by 2019, the privacy implications of turning every beat cop into a surveillance camera are enormous.....  Civil rights group concur that tracking individuals caught on body cameras — either live or using archival footage — could put a chill on First Amendment-protected activities. “Are you going to go to a gun rights rally or a protest against the president, for that matter, if the government can secretly scan your face and identify you?” Bedoya asked the House Committee in his testimony on Wednesday....The databases, too, have already been built. Georgetown researchers estimated that one in every two faces of adults in the United States — many of whom have never committed a crime — are captured in searchable federal, state, or local databases."
Real-Time Face Recognition Threatens to Turn Cops’ Body Cameras Into Surveillance Machines
The Intercept, 22 March 2017

"A GRIM year for American spy agencies took a turn for the worse with the leaking, on March 7th, of what appeared to be a lengthy, detailed catalogue of the CIA's secret hacking tools for turning computers, internet routers, telephones and even web-enabled televisions into remote spying devices, and for bypassing encrypted messaging services by penetrating individual Apple and Android smartphones. The WikiLeaks anti-secrecy organisation posted nearly 9,000 documents and files dated 2013-16 in what it said was a first taste of a 'vault'ť of CIA secrets. WikiLeaks claimed that the archive was provided by a former American government hacker or contractor eager to 'initiate a public debate'ť about the security and democratic control of cyber-weapons, viruses and malware. The group said it had redacted computer code that could be used to launch attacks, pending such a debate....The FBI will now hunt for moles and leakers. The CIA must patch up its systems and meanwhile brace itself for fresh disclosures. That would be bad enough, but trust is low between those agencies and close supporters of Mr Trump, who charge intelligence services with acting as a 'deep state'ť disloyal to the president."
WikiLeaks embarrasses the CIA
Economist, 11 March 2017

"'The fallout from WikiLeaks' disclosure of alleged CIA hacking secrets stretched around the world Thursday, as Chinese officials accused the U.S. of 'stealing secrets'ť and German prosecutors continued to investigate claims about a major American cyber-spying base in Frankfurt. While stateside investigators hunted the source of the leaks -- a trove of more than 8,000 documents that WikiLeaks claims is the 'entire hacking capacity of the CIA' -- foreign officials were examining what the release revealed about the CIA's interests abroad. Routers produced by Chinese companies Huawei and ZTE were named as devices targeted by CIA hackers, Reuters reported, prompting a rebuke from Beijing.....Thousands of miles away, federal prosecutors in Germany were looking into WikiLeaks-derived allegations that the CIA operated a hacking hub out of the U.S. Consulate in Frankfurt. 'We will initiate an investigation if we see evidence of concrete criminal acts or specific perpetrators,'ť a spokesman for the prosecutor's office told Reuters. 'We're looking at it very carefully.' The probe may not end at Germany's border. In a release explaining its document dump on Tuesday, WikiLeaks noted that 'once in Frankfurt CIA hackers can travel without further border checks to the 25 European countries that are part of the Shengen open border area -- including France, Italy and Switzerland.ť The Frankfurt allegations represent the second awkward disclosure this decade regarding possible U.S. spying on its European ally. A previous WikiLeaks release showed the NSA had snooped on Chancellor Angela Merkel's government in 2011. One of the more startling revelations divulged by WikiLeaks is an alleged CIA ability to turn Samsung smart televisions into microphones, technology the anti-secrecy website says was developed in tandem with Britain's intelligence services. South Korea-based Samsung released a statement Wednesday saying it was 'urgently looking into the matter.'ť WikiLeaks said its Tuesday release was less than 1 percent of the total documents it possesses and set a press conference for later Thursday morning to respond to the alleged CIA leak."
WikiLeaks CIA disclosure fallout is worldwide as agency does damage control
Fox News, 9 March 2017

"The latest revelations about the U.S. government’s powerful hacking tools potentially takes surveillance right into the homes and hip pockets of billions of users worldwide, showing how a remarkable variety of everyday devices can be turned to spy on their owners. Televisions, smartphones and even anti-virus software are all vulnerable to CIA hacking, according to the WikiLeaks documents released Tuesday. The capabilities described include recording the sounds, images and the private text messages of users, even when they resort to encrypted apps to communicate. While many of the attack technologies had been previously discussed at cybersecurity conferences, experts were startled to see evidence that the CIA had turned so many theoretical vulnerabilities into functioning attack tools against staples of modern life. These include widely used Internet routers, smartphones, and Mac and Windows computers. In the case of a tool called “Weeping Angel” for attacking Samsung SmartTVs, WikiLeaks wrote, “After infestation, Weeping Angel places the target TV in a ‘Fake-Off’ mode, so that the owner falsely believes the TV is off when it is on, In ‘Fake-Off’ mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.” The CIA reportedly also has studied whether it could infect vehicle control systems for cars and trucks, which WikiLeaks alleged could be used to conduct “nearly undetectable assassinations.” And a specialized CIA unit called the Mobile Devices Branch produced malware to control and steal information from iPhones, which according to WikiLeaks were a particular focus because of the smartphone’s popularity “among social, political diplomatic and business elites.” The agency also targeted popular phones running Google’s Android, the world’s leading mobile operating system....By targeting devices, the CIA reportedly gains access to even well-encrypted communications, on such popular apps as Signal and WhatsApp, without having to crack the encryption itself. The WikiLeaks reports acknowledged that difference by saying the CIA had found ways to “bypass,” as opposed to defeat, encryption technologies....The WikiLeaks revelations also will serve as a reminder that, for whatever the political backlash to revelations about digital spying, it is not going away and probably will continue to grow. Aside from the United States, many other advanced nations such as China, Russia, Britain and Israel have extremely sophisticated tools for digital spying. . Less advanced nations have gained access to powerful online spying technology through a robust and lightly regulated industry of surveillance contractors based throughout the world.On Tuesday, resignation and frustration rippled through Silicon Valley as technologists grappled with revelations of yet another U.S. government attempt to exploit their systems. And cybersecurity experts reacted with alarm. “This is explosive,” said Jake Williams, founder of Rendition Infosec, a cybersecurity firm. The material highlights specific anti-virus products that can be defeated, going further than a release of NSA hacking tools last year, he said. The WikiLeaks release revealed that the CIA has sophisticated “stealth” capabilities that enable hackers not only to infiltrate systems, but evade detection, as well as abilities to move inside a system freely as if they owned it."
WikiLeaks: The CIA is using popular TVs, smartphones and cars to spy on their owners
Washington Post, 7 March 2017

"WikiLeaks published thousands of secret CIA files on Tuesday detailing hacking tools the government employs to break into users' computers, mobile phones and even smart TVs. Some companies that manufacture smart TVs include Apple, Google, Microsoft and Samsung. The documents describe clandestine methods for bypassing or defeating encryption, antivirus tools and other protective security features intended to keep the private information of citizens and corporations safe from prying eyes. U.S. government employees, including President Trump, use many of the same products and internet services purportedly compromised by the tools."
WikiLeaks posts trove of CIA documents detailing mass hacking

CBS, 7 March 2017

"'This is CIA's Edward Snowden,' former CIA acting director Michael Morrell told CBS News Justice correspondent Jeff Pegues, referring to the former National Security Agency contractor who leaked millions of documents in 2013. The files include comments by CIA hackers boasting in slang language of their prowess. 'You know we got the dankest Trojans and collection tools,'ť one reads. The documents show broad exchanges of tools and information among the CIA, NSA and other U.S. intelligence agencies, as well as intelligence services of close allies Australia, Canada, New Zealand and the United Kingdom. WikiLeaks claimed the CIA used both its Langley, Virginia, headquarters and the U.S. consulate in Frankfurt, Germany, as bases for its covert hackers. The AP found that one purported CIA hack that imitates the Domain Name System -- the internet's phone book -- traced to an internet domain hosted in Germany. Tuesday's documents, purported to be from the CIA's 'Embedded Development Branch,'ť discuss techniques for injecting malicious code into computers protected by the personal security products of leading international anti-virus companies. They describe ways to trick anti-virus products from companies including Russia-based Kaspersky Lab, Romania-based BitDefender, Dutch-based AVG Technologies, F-Secure of Finland and Rising Antivirus, a Chinese company. In the new trove, programmers also posted instructions for how to access user names and passwords in popular internet browsers. Those browsers include Microsoft Internet Explorer, Google Chrome and Mozilla Firefox. Under a list of references in one exchange, users were advised that 'the following may be low traffic sites, sites in which it might be a good idea to disable JavaScript, etc,'ť referring to a widely used internet programming language. 'Remember, practice safe browsing, kidz!' they were told. Some documents were classified 'secret'ť or 'top secret'ť and not for distribution to foreign nationals. One file said those classifications would protect deployed hacks from being 'attributed'ť to the U.S. government. The practice of attribution, or identifying who was behind an intrusion, has been difficult for investigators probing sophisticated hacks that likely came from powerful nation-states."
WikiLeaks Publishes Secret Files Allegedly Revealing CIA’s Hacking Methods
CBS, 7 March 2017

" WikiLeaks on Tuesday released thousands of documents that it said described sophisticated software tools used by the Central Intelligence Agency to break into smart phones, computers and even Internet-connected televisions. If the documents are authentic, as appeared likely at first review, the release would be the latest coup for the anti-secrecy organization and a serious blow to the C.I.A., which maintains its own hacking capabilities to be used for espionage. The initial release, which WikiLeaks said was only the first part of the document collection, included 7,818 web pages with 943 attachments, the group said. The entire archive of C.I.A. material consists of several hundred million lines of computer code, it said. Among other disclosures that, if confirmed, will rock the tech world, the WikiLeaks release said that the C.I.A. and allied intelligence services had managed to bypass encryption on popular phone and messaging services such as Signal, WhatsApp and Telegram. According to the statement from WikiLeaks, government hackers can penetrate Android phones and collect 'audio and message traffic before encryption is applied. The source of the documents was not named. WikiLeaks said the documents, which it called Vault 7, had been 'circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.' WikiLeaks said the source, in a statement, set out policy questions that 'urgently need to be debated in public, including whether the C.I.A.'s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency.'ť The source, the group said, 'wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.' The documents, from the C.I.A's Center for Cyber Intelligence, are dated from 2013 to 2016 and WikiLeaks described them as 'the largest ever publication of confidential documents on the agency.'ť One former intelligence officer who briefly reviewed the documents on Tuesday morning said some of the code names for C.I.A. programs, an organization chart and the description of a C.I.A. hacking base appeared to be genuine."
WikiLeaks Releases Trove of Alleged C.I.A. Hacking Document
New York Times, 7 March 2017

"Wikileaks has published details of what it says are wide-ranging hacking tools used by the CIA. The alleged cyber-weapons are said to include malware that targets Windows, Android, iOS, OSX and Linux computers as well as internet routers. Some of the software is reported to have been developed in-house, but the UK's MI5 agency is said to have helped build a spyware attack for Samsung TVs. A spokesman for the CIA would not confirm the details. "We do not comment on the authenticity or content of purported intelligence documents," he said. A spokesman for the UK Home Office was unable to comment. Wikileaks said that its source had shared the details with it to prompt a debate into whether the CIA's hacking capabilities had exceeded its mandated powers. The NSA faced huge embarrassment when many of its secrets were revealed by Edward Snowden, and now the CIA appears to face similar problems, the BBC's security correspondent Gordon Corera said. The effort to compromise Samsung's F8000 range of smart TVs was codenamed Weeping Angel, according to documents dated June 2014. They describe the creation of a "fake-off" mode, designed to fool users into believing that their screens had been switched off. Instead, the documents indicate, infected sets were made to covertly record audio, which would later be transferred over the internet to CIA computer servers once the TVs were fully switched back on, allowing their wi-fi links to re-establish. Under a "future work" section, it is suggested that video snapshots might also be taken and the wi-fi limitation be overcome. Samsung has not commented on the allegations. Wikileaks also claims that as of last year, the CIA has built up an arsenal of 24 Android "zero days" - the term given to previously unknown security flaws in code. Some of these are said to have been discovered by the CIA, but others were allegedly obtained from the UK's GCHQ agency as well as the NSA and unnamed third-parties. Devices made by Samsung, HTC and Sony, among others, were said to have been compromised as a result, allowing the CIA to read messages on Whatsapp, Signal, Telegram and Weibo among other chat services. It is also claimed that a specialised CIA unit was set up to target iPhones and iPads, allowing the agency to see a target's location, activate their device's camera and microphone, and read text communications. The unit is also reported to have made use of further OS "zero days" obtained from GCHQ, the NSA and FBI. "It is longstanding policy that we do not comment on intelligence matters," GCHQ told the BBC. "Furthermore, all of GCHQ's work is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorised, necessary and proportionate." Other claims say the CIA: *  was trying to find ways to infect vehicles' computer control systems. Wikileaks claims these might have been used for undetectable assassinations *  had found ways to infect "air-gapped" computers - machines that are not linked up to the internet or other insecure networks. Methods are said to have included hiding data in images or hidden parts of computer storage * had developed attacks against popular anti-virus products * had built up a library of hacking techniques "stolen" from malware developed in Russia and elsewhere * Wikileaks describes its release as the first in a series of planned leaks about the CIA's cyber-activities, which it refers to as Vault 7. - It added that the material had already circulated among hackers who used to work for the US government as well as contractors in an unauthorised manner."
Wikileaks: CIA has tools to snoop via TVs
BBC, 7 March 2017

"WikiLeaks has published a huge trove of what appear to be CIA spying secrets.The files are the most comprehensive release of US spying files ever made public, according to Julian Assange. In all, there are 8,761 documents that account for "the entire hacking capacity of the CIA", Mr Assange claimed in a release, and the trove is just the first of a series of "Vault 7" leaks. Already, the files include far more pages than the Snowden files that exposed the vast hacking power of the NSA and other agencies. In publishing the documents, WikiLeaks had ensured that the CIA had "lost control of its arsenal", he claimed. That included a range of software and exploits that if real could allow unparalleled control of computers around the world. It includes software that could allow people to take control of the most popular consumer electronics products used today, claimed WikiLeaks. "'Year Zero' introduces the scope and direction of the CIA's global covert hacking program, its malware arsenal and dozens of "zero day" weaponized exploits against a wide range of U.S. and European company products, include Apple's iPhone, Google's Android and Microsoft's Windows and even Samsung TVs, which are turned into covert microphones," the organisation said in a release. The public files don't include the cyber weapons themselves, according to a statement. The organisation will refrain from distributing "armed" software "until a consensus emerges on the technical and political nature of the CIA's program and how such 'weapons' should analyzed, disarmed and published", it said. The files were made available by a source who intended for them to start a conversation about whether the CIA had gained too much power, according to the organisation. "In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public, including whether the CIA's hacking capabilities exceed its mandated powers and the problem of public oversight of the agency," a release read. "The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons." It also redacts the details of some of the names, locations and targets that are identified in the documents. "
WikiLeaks publishes massive trove of CIA spying files in 'Vault 7' release
Independent, 7 March 2017

"A hacker has created a rather terrifying smart box shaped just like a mobile phone charger, which can keep tabs on you and surreptitiously steal your data....The KeySweeper will sniff-out keystrokes as they're typed, as well as being able to home in on specific data '“ for instance, if you type in particular web addresses (such as Paypal.com), the KeySweeper knows that the next thing you type is likely to be a user name and password. The evil little bugger then earmarks the data for later analysis. The info can be stored on the KeySweeper itself and then extracted via USB, or even sent directly to the person spying via SMS. Thankfully these devices aren't capable of sniffing data from every wireless keyboard. The main types which are vulnerable are ones which still utilise 2.4GHz wireless rather than Bluetooth, such as Microsoft's wireless keyboards. While Microsoft claims that it hasn't produced keyboards using this connection method since 2011, Kamar released a statement suggesting that people may still not be protected from potential surveillance."
The terrifying 'phone charger' that can steal your passwords
Recombu, 15 January 2015

"The BBC has voiced dismay over alleged German spying on foreign journalists, including some working for the BBC. Germany's foreign intelligence service BND spied on media e-mails, faxes and phone calls, including more than a dozen BBC numbers in London and Afghanistan, Spiegel news reported. The surveillance, which began in 1999, also extended to Reuters news agency and the New York Times, it is alleged."
BBC dismayed at German 'BND spying on journalists'
BBC, 24 February 2017

"A few hours after dark one evening earlier this month, a small quadcopter drone lifted off from the parking lot of Ben-Gurion University in Beersheba, Israel. It soon trained its built-in camera on its target, a desktop computer's tiny blinking light inside a third-floor office nearby. The pinpoint flickers, emitting from the LED hard drive indicator that lights up intermittently on practically every modern Windows machine, would hardly arouse the suspicions of anyone working in the office after hours. But in fact, that LED was silently winking out an optical stream of the computer’s secrets to the camera floating outside. That data-stealing drone, shown in the video below, works as a Mr. Robot-style demonstration of a very real espionage technique. A group of researchers at Ben-Gurion's cybersecurity lab has devised a method to defeat the security protection known as an “air gap,” the safeguard of separating highly sensitive computer systems from the internet to quarantine them from hackers. If an attacker can plant malware on one of those systems—say, by paying an insider to infect it via USB or SD card—this approach offers a new way to rapidly pull secrets out of that isolated machine. Every blink of its hard drive LED indicator can spill sensitive information to any spy with a line of sight to the target computer, whether from a drone outside the window or a telescopic lens from the next roof over. If an attacker has a foothold in your air-gapped system, the malware still can send the data out to the attacker," says Ben-Gurion researcher Mordechai Guri, who has spent years focusing on finding techniques for ferreting data out of isolated computer systems. "We found that the small hard drive indicator LED can be controlled at up to 6,000 blinks per second. We can transmit data in a very fast way at a very long distance." An air gap, in computer security, is sometimes seen as an impenetrable defense. Hackers can't compromise a computer that's not connected to the internet or other internet-connected machines, the logic goes. But malware like Stuxnet and the Agent.btz worm that infected American military systems a decade ago have proven that air gaps can't entirely keep motivated hackers out of ultra-secret systems—even isolated systems need code updates and new data, opening them to attackers with physical access. And once an air-gapped system is infected, researchers have demonstrated a grab bag of methods for extracting information from them despite their lack of an internet connection, from electromagnetic emanations to acoustic and heat signaling techniques—many developed by the same Ben-Gurion researchers who generated the new LED-spying trick. But exploiting the computer's hard drive indicator LED has the potential to be a stealthier, higher-bandwidth, and longer-distance form of air-gap-hopping communications. By transmitting data from a computer's hard drive LED with a kind of morse-code-like patterns of on and off signals, the researchers found they could move data as fast as 4,000 bits a second, or close to a megabyte every half hour. That may not sound like much, but it's fast enough to steal an encryption key in seconds. And the recipient could record those optical messages to decode them later; the malware could even replay its blinks on a loop, Guri says, to ensure that no part of the transmission goes unseen. The technique also isn't as limited in range as other clever systems that transmit electromagnetic signals or ultrasonic noises from speakers or a computer's fans. And compared to other optical techniques that use the computer's screen or keyboard light to secretly transmit information, the hard-drive LED indicator—which blinks anytime a program accesses the hard drive—routinely flashes even when a computer is asleep. Any malware that merely gains the ability of a normal user, rather than deeper administrative privileges, can manipulate it. The team used a Linux computer for their testing, but the effects should be the same on a Windows device. "The LED is always blinking as it's doing searching and indexing, so no one suspects, even in the night," says Guri. "It’s very covert, actually."....The good news, however, for anyone security-sensitive enough to worry about the researchers' attack—and anyone who air gaps their computers may be just that sensitive—is that the Ben Gurion researchers point to clear countermeasures to block their hard drive LED exfiltration method. They suggest keeping air-gapped machines in secure rooms away from windows, or placing film over a building's glass designed to mask light flashes. They also note that protective software on a target machine could randomly access the hard drive to create noise and jam any attempt to send a message from the computer's LED.But the simplest countermeasure by far is simply to cover the computer's LED itself. Once, a piece of tape over a laptop's webcam was a sign of paranoia. Soon, a piece of tape obscuring a computer's hard drive LED may be the real hallmark of someone who imagines a spy drone at every window."
Malware Lets a Drone Steal Data by Watching a Computer’s Blinking LED
Wired, 22 February 2017

"Samsung has confirmed that its "smart TV" sets are listening to customers' every word, and the company is warning customers not to speak about personal information while near the TV sets. The company revealed that the voice activation feature on its smart TVs will capture all nearby conversations. The TV sets can share the information, including sensitive data, with Samsung as well as third-party services. The news comes after Shane Harris at The Daily Beast pointed out a troubling line in Samsung's privacy policy: "Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party." Samsung has now issued a new statement clarifying how the voice activation feature works. "If a consumer consents and uses the voice recognition feature, voice data is provided to a third party during a requested voice command search," Samsung said in a statement. "At that time, the voice data is sent to a server, which searches for the requested content then returns the desired content to the TV." The company added that it does not retain or sell the voice data, but it didn't name the third party that translates users' speech.""
Samsung warns customers not to discuss personal information in front of smart TVs
The Week, 9 February 2015

"Judges have ruled that Cleveland police acted unlawfully when they monitored journalists’ phones in an attempt to uncover the source of a series of leaks.The police force used powers under the Regulation of Investigatory Powers Act (Ripa) to seize records of calls totalling more than 1m minutes from three journalists, a solicitor and two police officers after details of internal grievances appeared in the Northern Echo in 2012. Having initially maintained that the data collection was justified, this month the force apologised for its actions after hearing evidence given to an investigatory powers tribunal late last year....  Ripa can be used to check data from phones and other devices to discover evidence of crimes where there is a reasonable chance of prosecution. The tribunal judges decided the decision to access the records was based on a “subjective belief” and that targeting the journalists and a solicitor was always unlikely to be justified.... The application for phone data was made in part to uncover the identity of a whistleblower who passed the Northern Echo an internal report that had uncovered elements of institutional racism in the force. The paper ran the story on its front page in 2012. Tuesday’s judgment says police should have considered that their actions were an infringement of the right to freedom of speech when they accessed data from the personal and work phones of reporters at the paper....  The judgment has been sent to the Independent Police Complaints Commission and the chief inspector of constabulary, Sir Thomas Winsor, for their consideration.  Andy Richardson, the editor of the Northern Echo, told the journalism trade website Hold the Front Page that he was delighted to see the law come down on the side of reporters who were trying to expose matters of public interest “rather than police officers who were attempting to stifle the truth”."
UK police force's monitoring of reporters' phones ruled unlawful
Guardian, 31 January 2017

"The inventor behind James Bond's ingenious gadgets, codenamed "Q" in the spy films, exists in reality and is actually a woman, the head of Britain's MI6 espionage agency has said. "The real-life Q is looking forward to meeting you, and I'm pleased to report that the real-life Q is a woman," Alex Younger said at a women's technology awards ceremony this week in London. Q, the head of gadgets at foreign intelligence service MI6, has always been played by a man in the Bond series, though the inventor's boss, "M," was played by Judi Dench from 1995 to 2015. Younger, known as "C," also revealed that the devices used by his operatives were much more sophisticated than those dreamt up by Q.  "The gadgets that we employ -- or operational technology as we more properly call it -- probably defy the imagination of spy writers," he said. "Technology now is at the core of what we do in a way that it wasn't before.""
Real-life 'Q' is a woman, British spy chief reveals
AFP, 28 January 2017

"The National Security Agency has implanted software in nearly 100,000 computers around the world that allows the United States to conduct surveillance on those machines and can also create a digital highway for launching cyberattacks. While most of the software is inserted by gaining access to computer networks, the N.S.A. has increasingly made use of a secret technology that enables it to enter and alter data in computers even if they are not connected to the Internet, according to N.S.A. documents, computer experts and American officials. The technology, which the agency has used since at least 2008, relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers. In some cases, they are sent to a briefcase-size relay station that intelligence agencies can set up miles away from the target. The radio frequency technology has helped solve one of the biggest problems facing American intelligence agencies for years: getting into computers that adversaries, and some American partners, have tried to make impervious to spying or cyberattack. In most cases, the radio frequency hardware must be physically inserted by a spy, a manufacturer or an unwitting user. The N.S.A. calls its efforts more an act of “active defense” against foreign cyberattacks than a tool to go on the offensive. But when Chinese attackers place similar software on the computer systems of American companies or government agencies, American officials have protested, often at the presidential level. Among the most frequent targets of the N.S.A. and its Pentagon partner, United States Cyber Command, have been units of the Chinese Army, which the United States has accused of launching regular digital probes and attacks on American industrial and military targets, usually to steal secrets or intellectual property. But the program, code-named Quantum, has also been successful in inserting software into Russian military networks and systems used by the Mexican police and drug cartels, trade institutions inside the European Union, and sometime partners against terrorism like Saudi Arabia, India and Pakistan, according to officials and an N.S.A. map that indicates sites of what the agency calls “computer network exploitation.” “What’s new here is the scale and the sophistication of the intelligence agency’s ability to get into computers and networks to which no one has ever had access before,” said James Andrew Lewis, the cybersecurity expert at the Center for Strategic and International Studies in Washington. “Some of these capabilities have been around for a while, but the combination of learning how to penetrate systems to insert software and learning how to do that using radio frequencies has given the U.S. a window it’s never had before.”"
N.S.A. Devises Radio Pathway Into Computers
New York Times, 14 January 2017

"In its final days, the Obama administration has expanded the power of the National Security Agency to share globally intercepted personal communications with the government’s 16 other intelligence agencies before applying privacy protections. The new rules significantly relax longstanding limits on what the N.S.A. may do with the information gathered by its most powerful surveillance operations, which are largely unregulated by American wiretapping laws. These include collecting satellite transmissions, phone calls and emails that cross network switches abroad, and messages between people abroad that cross domestic network switches. The change means that far more officials will be searching through raw data. Essentially, the government is reducing the risk that the N.S.A. will fail to recognize that a piece of information would be valuable to another agency, but increasing the risk that officials will see private information about innocent people. Attorney General Loretta E. Lynch signed the new rules, permitting the N.S.A. to disseminate “raw signals intelligence information,” on Jan. 3, after the director of national intelligence, James R. Clapper Jr., signed them on Dec. 15, according to a 23-page, largely declassified copy of the procedures. Previously, the N.S.A. filtered information before sharing intercepted communications with another agency, like the C.I.A. or the intelligence branches of the F.B.I. and the Drug Enforcement Administration. The N.S.A.’s analysts passed on only information they deemed pertinent, screening out the identities of innocent people and irrelevant personal information. Now, other intelligence agencies will be able to search directly through raw repositories of communications intercepted by the N.S.A. and then apply such rules for “minimizing” privacy intrusions. “This is not expanding the substantive ability of law enforcement to get access to signals intelligence,” said Robert S. Litt, the general counsel to Mr. Clapper. “It is simply widening the aperture for a larger number of analysts, who will be bound by the existing rules.” But Patrick Toomey, a lawyer for the American Civil Liberties Union, called the move an erosion of rules intended to protect the privacy of Americans when their messages are caught by the N.S.A.’s powerful global collection methods. He noted that domestic internet data was often routed or stored abroad, where it may get vacuumed up without court oversight.... The limits on using Americans’ information gathered under Order 12333 do not apply to metadata: logs showing who contacted whom, but not what they said. Analysts at the intelligence agencies may study social links between people, in search of hidden associates of known suspects, “without regard to the location or nationality of the communicants.”"
N.S.A. Gets More Latitude to Share Intercepted Communications
New York Times, 12 January 2017

"Facebook currently provides a staggering 29,000 individual categories to its advertisers. These allow advertisers to drill-down and target specific groups amongst the 1.79 billion monthly active users. Of those 29,000 categories, Facebook says 600 come from third-party data providers. According to the research conducted by ProPublica, the majority of this data from commercial data brokers is financial. It allows advertisers to single-out Facebook users in categories including, "total liquid investible assets $1 - $24,999", "people in households that have an estimated household income of between $100K and $125K", or even "individuals that are frequent transactor at lower cost department or dollar stores". Regardless of whether you've ever posted a status, photo or liked a brand on your social media feed relating to your preference for lower cost department stores – Facebook knows. The world's most popular social network, founded by Mark Zuckerberg back in 2004, works with six data collection firms in the US – Acxiom, Epsilon, Experian, Oracle Data Cloud, TransUnion and WPP. "They are not being honest," said Jeffrey Chester, executive director of the Centre for Digital Democracy, told ProPublica. "Facebook is bundling a dozen different data companies to target an individual customer, and an individual should have access to that bundle as well." Here's the catch – unlike the data points that Facebook collects itself, it is extremely difficult to opt-out of the data hoarded by these third-party commercial providers. To remove your preference in department store – or household income estimate – you'll need to contact each provider directly. According to ProPublica, that process is often complex and hidden behind reams of legal mumbo-jumbo. When ProPublica approached Facebook about its perceived lack of disclosure, the US social network responded that it does not inform users about the third-party data because it’s widely available and not collected by Facebook itself.... Earlier this year, Facebook revealed the extensive list of information it holds on users and uses to target its advertisements. The criteria ranges from the obvious – age, hometown, school, friends – to the downright bizarre. For example, Facebook keeps a record of when you've recently started a new relationship, calculates how much money you are likely to spend on your next car, tracks what operating system you are using to login to the social network, and more. It will even track the types of credit cards you have owned.  If you remain logged into Facebook, the social network can see almost every other website you visit. And even if you log-out of your Facebook account before you start surfing the world wide web, it still keeps a close eye. Facebook is alerted every time you load a webpage with one of its Like or Share buttons embedded. Any websites that use advertisements sourced from Atlas network will also track your movements. Facebook also provides online publishers with a small piece of code – dubbed Facebook Pixel – that allows them (and of course, Facebook) to log any Facebook-using visitors."
Why Facebook is NOT telling YOU everything it really knows about you
Express, 2 January 2017








".... if you look around and see what the world is now facing I don't think  in the last two or three hundred years we've faced such a concatenation of  problems all at the same time..... if we are to solve the issues that are ahead of us, we are going to need to think in completely different ways. "
Paddy Ashdown, High Representative for Bosnia and Herzegovina 2002 -2006

BBC Radio 4, 'Start The Week', 30 April 2007

"Individual peace is the unit of world peace. By offering Consciousness-Based Education to the coming generation, we can promote a strong foundation for a healthy, harmonious, and peaceful world.... Consciousness-Based education is not a luxury. For our children who are growing up in a stressful, often frightening, crisis-ridden world, it is a necessity."
Academy Award Winning Film Producer David Lynch (Elephant Man, Blue Velvet, etc)
David Lynch Foundation





  

NLPWESSEX, natural law publishing
nlpwessex.org