portscanner-for-windows-7-matrix

Shhh… German Paper Reveals GCHQ’s Hacienda Program for Internet Colonization

The German news site Heise Online revealed late last week that British intelligence agency GCHQ has a “Hacienda” program to search for vulnerable systems across 27 countries that could be compromised by the British agency and its spy-counterparts in other countries, including the US, Canada, Australia and New Zealand.

Hacienda

The GCHQ reportedly used port scanning, which hackers used to find systems they can potentially penetrate, as a “standard tool” against the entire nations it targeted.

“It should also be noted that the ability to port-scan an entire country is hardly wild fantasy; in 2013, a port scanner called Zmap was implemented that can scan the entire IPv4 address space in less than one hour using a single PC,” according to Heise.

“The list of targeted services includes ubiquitous public services such as HTTP and FTP, as well as common administrative protocols such as SSH (Secure SHell protocol – used for remote access to systems) and SNMP (Simple Network Management Protocol – used for network administration).”

Hacienda27countries

The same argument holds for those who still harbor the self-comforting thought of being “nobody”, “just an ordinary law-abiding citizen”, “small potato”, etc and thus not a surveillance target: it may not be you that they are interested but the people you “know”, “work with”, “chat with”, “befriend with”, “live with”, etc.

“Using this logic, every device is a target for colonization, as each successfully exploited target is theoretically useful as a means to infiltrating another possible target” and “Firewalls are unlikely to offer sufficient protection”, said the Heise report.

Let's Share This:Share on FacebookTweet about this on TwitterShare on LinkedInShare on TumblrShare on StumbleUponShare on Google+Digg thisShare on RedditBuffer this pageFlattr the authorPin on PinterestEmail this to someonePrint this page
Message+in+a+bottle

Shhh… New Secure NSA-Proof Chat & Messaging Solutions like Bleep and Tox

If you are looking for Skype-alternatives because you are concerned with reports of its security issues – given Skype’s alleged “background” problems and refusal to reveal its encryption method – then take comfort that there are a host of options available you’ll be spoiled with choices.

Most recently BitTorrent, best associated with making the peer-to-peer (P2P) software that allows users to download the same file from multiple sources simultaneously, has announced the launch of a pre-alpha version of its secure chat and voice-message service called BitTorrent Bleep.

Bleep

In order to counter mass surveillance and eavesdropping, Bleep enables users to make calls and send messages over the Internet without using any central server to direct traffic. What BitTorrent did was to apply the same P2P technology used for decentralized file sharing to Bleep so there is no way one could track and peep at the conversations. In essence, Bleep is a decentralized communication platform specifically designed to protect user metadata and anonymity.

And in short, every messages a user sent out is just a “Bleep” to the recipients. Sounds good? The only problem for now is that Bleep is currently limited to Windows 7 or 8 users, although there will be support for more operating systems later.

On the other hand, there is also TOX, a Free and Open Source Software (FOSS – ie. one can verify its code, unlike Skype) initiative and secure alternative to an all-in-one communication platform that guarantees full privacy and secure message delivery.

TOX

Tox takes pride in being a configuration-free P2P Skype replacement.

“Configuration-free means that the user will simply have to open the program and without any account configuration will be capable of adding people to his or her’s friends list and start conversing with them,” according to the TOX homepage.

And finally, here’s a list of ten other Skype alternatives to explore.

Let's Share This:Share on FacebookTweet about this on TwitterShare on LinkedInShare on TumblrShare on StumbleUponShare on Google+Digg thisShare on RedditBuffer this pageFlattr the authorPin on PinterestEmail this to someonePrint this page
2Snowden-Bolshoi

Shhh… NSA Missed Snowden’s Clues

The NSA had all along claimed Snowden stole 1.7 million files but Snowden told WIRED in an exclusive interview that there were apparently much more as the agency somehow missed his “digital bread crumbs“.

“I figured they would have a hard time,” Snowden said of his evidence trail. “I didn’t figure they would be completely incapable.”

Let's Share This:Share on FacebookTweet about this on TwitterShare on LinkedInShare on TumblrShare on StumbleUponShare on Google+Digg thisShare on RedditBuffer this pageFlattr the authorPin on PinterestEmail this to someonePrint this page
AllThePresident'sMen

Shhh… Obama’s CIA Watergate?

This year August 9 marked the day Richard Milhous Nixon resigned as the 37th US President back in 1974 and the Discovery channel aptly aired its documentary “All the President’s Men Revisited” that day to mark the 40th anniversary of the Watergate.

Redford-Hoffman

I watched the 1976 classic “All the President’s Men” countless times during my newsroom days as a commercial crimes investigative reporter – and eventually won the 2005 SOPA award for one of my exposé thanks to this inspiring and fascinating “violent” movie, as Robert Redford the narrator in the documentary put it.

And I can’t help wondering: does the movie have any relevance today?

Obviously President Barack Obama is not President Nixon. The former has not been impeached like the latter. But the recent CIA spying on the Senate is exactly the present day equivalent, with some cyber elements of course, of the Watergate break-in.

Professor Bruce Ackerman of Yale University is right when he wrote that Obama “is wrong to support the limited response of his CIA director, John Brennan, who is trying to defer serious action by simply creating an “accountability panel” to consider “potential disciplinary measures” or “systemic issues.””

CIA Director John Brennan apologized to the Senate Intelligence Committee earlier this month when he admitted his agency not only spied on computers used by its staffers but also read the emails of the Senate investigators involved in investigating the controversial post 9/11 CIA interrogation and detention program.

Senate committee members were certainly not impressed even though Obama continued to support Brennan as a “man of great integrity”.

With continued failure to live up to his promise of a more transparent government, Obama is increasingly tainting his leadership to put himself in the history books for all the wrong reasons – probably not as bad as Nixon but only time will tell.

Let's Share This:Share on FacebookTweet about this on TwitterShare on LinkedInShare on TumblrShare on StumbleUponShare on Google+Digg thisShare on RedditBuffer this pageFlattr the authorPin on PinterestEmail this to someonePrint this page

Shhh… CIA Style Manual? For Those Who Inspire to Write Like a Spy

It looks like the US intelligence agency takes writing very seriously – the picture below says it, “the security of our nation depends on it”.

CIAreport

Wonder if the CIA hired John le Carre to write this style guide and if the great spy novelist endorsed it if it was otherwise. Check out the 190-page manual here.

cat-writing

Oh btw you can tweet to the PR-savvy agency @CIA

Let's Share This:Share on FacebookTweet about this on TwitterShare on LinkedInShare on TumblrShare on StumbleUponShare on Google+Digg thisShare on RedditBuffer this pageFlattr the authorPin on PinterestEmail this to someonePrint this page
2USBbaby

Shhh… BadUSB Evil Accessories

Think thrice next time before you plug in USB devices like keyboard, flash memory, webcam, speakers, hub, mice, etc, into your computer as the occasional virus scan and install is no longer safe.

ToyUSB

Several reports have now emerged that hackers could now load malicious software onto cheap petite chips that control the functions inside these devices which have nothing to shield against any tampering of their code.

In other words, these so called BadUSB are reprogrammed into a new form of covert weapons to spoof and take control of a computer, smuggle out data and also spy on the user.

Karsten Nohl, chief scientist with Berlin’s SR Labs will demonstrate these findings in a Black Hat security conference in Las Vegas scheduled 2-7 August 2014.

 

Let's Share This:Share on FacebookTweet about this on TwitterShare on LinkedInShare on TumblrShare on StumbleUponShare on Google+Digg thisShare on RedditBuffer this pageFlattr the authorPin on PinterestEmail this to someonePrint this page

Shhh… What’s this Google’s “Project Zero”?

Several reports have surfaced the last 24 hours about Google’s “Project Zero”, essentially the online search giant’s very own in-house super-geeks team of security researchers and hackers now devoted to finding security flaws in non-Google, third-party software “across the internet”, especially zero-day flaws (newly discovered bugs) – also known as “zero-day” vulnerabilities, those hackable bugs that are exploited by criminals, state-sponsored hackers and intelligence agencies.

Now the question is, is this a Google PR stunt? Read this and that articles and decide for yourself.

Let's Share This:Share on FacebookTweet about this on TwitterShare on LinkedInShare on TumblrShare on StumbleUponShare on Google+Digg thisShare on RedditBuffer this pageFlattr the authorPin on PinterestEmail this to someonePrint this page

Shhh… GCHQ’s Hacking Tools Leaked

The latest Snowden revelations include a leaked document that lists the cyber-spy tools and techniques used by the American NSA’s UK counterpart GCHQ, according to a BBC News report.

More disturbing point: the GCHQ apparently used its toolbox to find ways to “alter the outcome of online polls, find private Facebook photos, and send spoof emails that appeared to be from Blackberry users, among other things”.

Let's Share This:Share on FacebookTweet about this on TwitterShare on LinkedInShare on TumblrShare on StumbleUponShare on Google+Digg thisShare on RedditBuffer this pageFlattr the authorPin on PinterestEmail this to someonePrint this page

Shhh… Guide to Safer Computing

The (Globe & Mail) Paranoid Computer User’s Guide to Privacy, Security and Encryption

A nice reference and handy guide.

Let's Share This:Share on FacebookTweet about this on TwitterShare on LinkedInShare on TumblrShare on StumbleUponShare on Google+Digg thisShare on RedditBuffer this pageFlattr the authorPin on PinterestEmail this to someonePrint this page

Shhh… was Snowden Tricked?

Today is one year to the day Edward Snowden revealed himself to the world from a hotel in Hong Kong as the source of the NSA leaks.

How timely, there’s a report in the Daily Mail that former KGB agent Boris Karpichkov said the Russian spies agencies (now known as the Federal Security Service (FSB) and Foreign Intelligence Service (SVR))have identified Snowden as a potential defector “as far back as 2007″ and the Russian spies have ‘tricked’ him into asking Moscow for asylum by posing as diplomats.

“It was a trick and he fell for it. Now the Russians are extracting all the intelligence he possesses,” according to Karpichkov.

Would you believe it?

Let's Share This:Share on FacebookTweet about this on TwitterShare on LinkedInShare on TumblrShare on StumbleUponShare on Google+Digg thisShare on RedditBuffer this pageFlattr the authorPin on PinterestEmail this to someonePrint this page

Shhh… Microsoft, the NSA & You

End of Wins XP is No Dawn for Wins 8

Don’t be fooled into upgrading to Wins 8 after Microsoft recently ended support for the popular Wins XP OS. High time to switch to Linux instead – as I did 3 years ago.

Read this nicely written piece on those long held conspiracy theories about Microsoft and the NSA.

Let's Share This:Share on FacebookTweet about this on TwitterShare on LinkedInShare on TumblrShare on StumbleUponShare on Google+Digg thisShare on RedditBuffer this pageFlattr the authorPin on PinterestEmail this to someonePrint this page

Shhh… Heartbleed Check & Fix

The open source OpenSSL project revealed Monday a serious security vulnerability known as the “Heartbleed” bug that is used by two-third of the web to encrypt data, ie. to protect usernames, passwords and any sensitive information on secure websites. Yahoo is said to be the most exposed to Heartbleed but the company said it has fixed the core vulnerability on its main sites. There are several things you would need to do to check for Heartbleed bug and protect yourself from it, apart from changing your passwords. And according to the Tor project, staying away from the internet entirely for several days might be a good idea.

Check these YouTube video clips for more information – and find out how to fix it on Ubuntu Linux.

Let's Share This:Share on FacebookTweet about this on TwitterShare on LinkedInShare on TumblrShare on StumbleUponShare on Google+Digg thisShare on RedditBuffer this pageFlattr the authorPin on PinterestEmail this to someonePrint this page
When Chaos Trumps Security

When Chaos Trumps Security

Lapse in Taipei a Lesson for Hong Kong

It doesn’t take much for unfolding events to break down security, especially if security forces aren’t well trained to handle unexpected situations. The continuing standoff between the Taiwan government and protesters over the lack of transparency during the negotiations of a cross-Strait services pact between Taipei and Beijing has stolen global headlines and illustrates that scenario.

Scores of university students stormed the legislative chamber in Taipei on March 18, leading to the continued unrest that has been dubbed the “Sunflower Movement”. That was followed by 100,000 people who gathered for a sit-in protest outside the Presidential Office Building earlier this month.

Contentious issues aside, the entire episode – with memorable scenes of students fending off the raiding police by piling entrances and exits with furniture and riot police using batons and water cannons on them – prompted the nagging question: Was security at the government buildings in Taipei so lax and easily penetrable? Definitely, from my personal experience.

Please find the entire column here.

Let's Share This:Share on FacebookTweet about this on TwitterShare on LinkedInShare on TumblrShare on StumbleUponShare on Google+Digg thisShare on RedditBuffer this pageFlattr the authorPin on PinterestEmail this to someonePrint this page
More US Cyber-Spying?

More US Cyber-Spying?

Defense Secretary Hagel Faces a Tough Time Explaining This to China

US Defense Secretary Chuck Hagel announced at the National Security Agency headquarters last Friday that the Pentagon would triple its cyber security staff – to 6,000 – over the next few years to defend against computer-based attacks.

That’s great. I wonder how Hagel is going to face the music when he visits China later this week where he expects to be grilled on the latest NSA revelations and aggressive US cyber spying. Just last month, it was revealed that the NSA has for years assessed the networks of Chinese telecommunications company Huawei, which the US House of Representatives has long advocated that US companies should avoid on the grounds of national security.

Find out more from my latest column here and there.

Let's Share This:Share on FacebookTweet about this on TwitterShare on LinkedInShare on TumblrShare on StumbleUponShare on Google+Digg thisShare on RedditBuffer this pageFlattr the authorPin on PinterestEmail this to someonePrint this page

When the Boss Hacks

Hot Mails

There is an unspoken underlying tension in the workplace on privacy matters relating to office telephones, computers, emails, documents, CCTV cameras, etc. Employers like to think they reserve the right to probe what they consider their property while employees believe their turf is clear from invasion.

This tension is nowhere better exemplified than by reports last Thursday that operatives with US tech giant Microsoft Inc. hacked into a blogger’s Hotmail account in the course of an investigation to try to identify an employee accused of stealing Microsoft trade secrets.

And it is not uncommon in my business to encounter client complaints about potential espionage and other alleged misconduct by their employees, leading to their consideration to search the (company-owned) computers, emails, phone records, etc.

Find out more from my latest column here and there.

Let's Share This:Share on FacebookTweet about this on TwitterShare on LinkedInShare on TumblrShare on StumbleUponShare on Google+Digg thisShare on RedditBuffer this pageFlattr the authorPin on PinterestEmail this to someonePrint this page

The Growing Hacker Epidemic

Time for Standardized Data Breach Law

The latest hack on Bitcoin exchange Mt.Gox, leading to its sudden bankruptcy late February, and the spate of recent cyber-attacks have prompted warnings of a wave of serious cybercrimes ahead as hackers continue to breach the antiquated payment systems of companies like many top retailers.

Stock exchange regulators like the American SEC have rules for disclosures when company database were hacked but the general public is often at the mercy of private companies less inclined or compelled to raise red flags.

The private sector, policymakers and regulators have been slow to respond and address the increasing threats and sophistication of cybercriminals – only 11 percent of companies adopt industry-standard security measures, leaving our personal data highly vulnerable.

Time for a standardized data breach law?

Find out more from my latest column posted here and there.

Let's Share This:Share on FacebookTweet about this on TwitterShare on LinkedInShare on TumblrShare on StumbleUponShare on Google+Digg thisShare on RedditBuffer this pageFlattr the authorPin on PinterestEmail this to someonePrint this page

The Perilous Job of Auditing China

Sometimes Auditors Have to Flee for Their Lives

Who should be most afraid of auditing in China – a US examiner, the Chinese regulators or the companies being audited? Pick those doing the examining. For all of the accounting profession’s image as a dull and boring occupation, in China it isn’t. Sometimes it can be downright dangerous.

You can find the entire column here.

Let's Share This:Share on FacebookTweet about this on TwitterShare on LinkedInShare on TumblrShare on StumbleUponShare on Google+Digg thisShare on RedditBuffer this pageFlattr the authorPin on PinterestEmail this to someonePrint this page

Coping With Offline Snoops

Latest NSA Revelations Not the End of the World

The latest NSA revelations about their ability to penetrate into computers that are not even connected to the Internet may have caused deep concerns but there are at least 2 defensive measures one can undertake.

You can find out more from my latest column here.

Let's Share This:Share on FacebookTweet about this on TwitterShare on LinkedInShare on TumblrShare on StumbleUponShare on Google+Digg thisShare on RedditBuffer this pageFlattr the authorPin on PinterestEmail this to someonePrint this page

Cyberborgs for Cyber Wars

Creating Giants to Battle Snoops by NSA and the Likes

Size matters in the covert wars of cyber espionage – even more so when two Herculean cyber warriors merge on Wall Street. US cyber-security firm FireEye Inc. announced the acquisition of Mandiant Corp. late last week in a deal worth more than US$1 billion, generating not just an immediate surge in FireEye’s share price but a Mexican wave across the world.

This merger and creation of a next-generation cyber-security firm – FireEye is a provider of security software for detecting cyber-attacks and Mandiant a specialist firm best known for emergency responses to computer network breaches – comes at a time when old-style anti-virus software took a dive, with governments, companies and private citizens across the globe hunting desperately for more effective defensive measures to fend off sophisticated hackers and state-sponsored cyber-attacks.

But the interesting and ironic twist to this FireEye and Mandiant deal is that many of Mandiant’s employees came from the US intelligence world and the Defense Department.

Please find the entire column here and there.

Let's Share This:Share on FacebookTweet about this on TwitterShare on LinkedInShare on TumblrShare on StumbleUponShare on Google+Digg thisShare on RedditBuffer this pageFlattr the authorPin on PinterestEmail this to someonePrint this page

Shhh… the NSA’s special app for iPhones

The NSA has a special DROPOUTJEEP program for all Apple devices including the iPhones to intercept all SMS messages, collect contact lists, locate a phone (and its user/owner) and also activate the device’s microphone and camera with 100 percent success rate, according to a leaked document obtained by German magazine Der Speigel and a presentation by security researcher/independent journalist Jacob Applebaum, who said:

“[The NSA] literally claim that anytime they target an iOS device that it will succeed for implantation. Either they have a huge collection of exploits that work against Apple products, meaning that they are hoarding information about critical systems that American companies produce and sabotaging them, or Apple sabotaged it themselves. Not sure which one it is. I’d like to believe that since Apple didn’t join the PRISM program until after Steve Jobs died, that maybe it’s just that they write sh—y software. We know that’s true.”

I wrote in Sept 2012 that the NSA and Defense Information Systems Agency (the unit that manages all communications hardware needs for the Pentagon) issued their own specially developed smartphones for their top level officials. And they chose Android – no surprise now?!

Check out this NSA doc and YouTube presentation.

Let's Share This:Share on FacebookTweet about this on TwitterShare on LinkedInShare on TumblrShare on StumbleUponShare on Google+Digg thisShare on RedditBuffer this pageFlattr the authorPin on PinterestEmail this to someonePrint this page

Columnist, Writer, Sleuth – Vanson Soo