A group of hackers known as the “Sandworm Team”, allegedly from Russia, has found a fundamental flaw in Microsoft Windows (a zero-day vulnerability impacting all supported versions of Microsoft Windows and Windows Server 2008 and 2012) and turned it into a Russian cyber-espionage campaign targeting NATO, European Union, telecommunications and energy sectors – by pulling emails and documents off computers from NATO, Ukrainian government groups, Western European government officials, and also the energy sector and telecommunications firms, according to new research from iSight Partners, a Dallas-based cybersecurity firm.
Photo credit: iSight Partners.
Countdown to the official release of CitizenFour on 24th October (Note: Actual Q&A starts at 6:10 of the clip).
Here’s an interesting chart on how to use Tor to browse the web anonymously:
The Tor Project is a free software and an open network that shields your online identity and thus helps you maintain privacy by defending against network surveillance:
But Tor can still be compromised and multiple layers of security is recommended:
“I think this is bigger than Ebola right now because 500 million people are infected and they don’t know it. But it’s not them, it’s their smartphone,” said Gary Miliefsky, CEO of SnoopWall, a counterveillance software company focused on helping consumers and enterprises protect their privacy on all of their computing devices including smartphones, tablets and laptops.
“The top 10 flashlight apps today that you can download from the Google Play Store are all malware. They’re malicious, they’re spying, they’re snooping and they’re stealing.”
The personal data stolen from our smartphones – including contacts, emails, messages, bank account details, photos, video, etc – are then sold to cybercriminals in 3 countries: China, India and Russia, according to Miliefsky, a founding member of the US Department of Homeland Security who has advised two White House Administrations on cybersecurity matters.
More information below from SnoopWall press release:
Dropbox reportedly “appears” to have been hacked after anonymous hackers claimed to have compromised some 7 million accounts with several hundreds of usernames and passwords leaked in plain text so far, and with full leak promised if they received donations to their bitcoin address.
Dropbox, however, has denied claims of any data breach:
“Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.”
Advice: Change your password immediately. And just like the recent iCloud hack, think hard before you post anything personal and confidential online.
In his first UK public appearance via satellite link from Moscow at the Observer Ideas festival on Sunday, Edward Snowden warned that British spy agencies are using digital technology to conduct mass population surveillance without any checks and balances at all and thus overreaching and encroaching on privacy rights in a way that he characterized as even worse than the US NSA had managed.
“In one man-on-the-side technique, codenamed QUANTUMHAND, the agency disguises itself as a fake Facebook server. When a target attempts to log in to the social media site, the NSA transmits malicious data packets that trick the target’s computer into thinking they are being sent from the real Facebook. By concealing its malware within what looks like an ordinary Facebook page, the NSA is able to hack into the targeted computer and covertly siphon out data from its hard drive.”
Mark your calendar. The 24th of October has been set for the official release of “Citizenfour”, a long anticipated ground-breaking documentary by Laura Poitras, premiered at the New York Film Festival on Friday night, which reveals a behind-the-scene and intimate portrait of Edward Snowden and his leak of NSA documents as it unfolded at the Mira hotel in Hong Kong last year.
Poitras and former Guardian columnist Glenn Greenwald flew from New York to Hong Kong early June 2013 to meet Snowden for the first time. This documentary captures minute by minute their tense initial encounters and the many days of questioning, cross-examining and waiting for the Guardian greenlight to their explosive exposé that changed the world to this day.
Here’s an interesting story from BuzzFeed about a “little-noticed” court ruling from the US Justice Department – that the government has the right to impersonate someone’s identity, create a phony Facebook account in that person’s name, post racy photos found on that person’s seized phone – all without that person’s knowledge – in order to reach out to suspected criminals.
The world is still coming to grips with the snooping of personal information by the NSA, GCHQ and the likes in this post-Snowden era. But to commandeer one’s identity, without one’s knowledge, to catch criminals (or terrorists for that matter)? Has that gone too far, endangering one’s life?
(Btw check out this article on how to detect fake Facebook profiles.)
Government Set Up A Fake Facebook Page In This Woman’s Name
A DEA agent commandeered a woman’s identity, created a phony Facebook account in her name, and posted racy photos he found on her seized cell phone. The government said he had the right to do that.
Chris Hamby BuzzFeed Staff
Posted on Oct. 7, 2014, at 7:16 a.m.
The Justice Department is claiming, in a little-noticed court filing, that a federal agent had the right to impersonate a young woman online by creating a Facebook page in her name without her knowledge. Government lawyers also are defending the agent’s right to scour the woman’s seized cellphone and to post photographs — including racy pictures of her and even one of her young son and niece — to the phony social media account, which the agent was using to communicate with suspected criminals.
The woman, Sondra Arquiett, who then went by the name Sondra Prince, first learned her identity had been commandeered in 2010 when a friend asked about the pictures she was posting on her Facebook page. There she was, for anyone with an account to see — posing on the hood of a BMW, legs spread, or, in another, wearing only skimpy attire. She was surprised; she hadn’t even set up a Facebook page.
The account was actually set up by U.S. Drug Enforcement Administration special agent Timothy Sinnigen.
Not long before, law enforcement officers had arrested Arquiett, alleging she was part of a drug ring. A judge, weighing evidence that the single mom was a bit player who accepted responsibility, ultimately sentenced Arquiett to probation. But while she was awaiting trial, Sinnigen created the fake Facebook page using Arquiett’s real name, posted photos from her seized cell phone, and communicated with at least one wanted fugitive — all without her knowledge.
The Justice Department’s headquarters in Washington, D.C., referred all questions to the DEA, which then declined to answer questions and, in turn, referred inquiries to the local U.S. attorney’s office in Albany, New York. That office did not respond to multiple requests for an interview.
A Facebook spokesman declined to comment on the case. The site’s “Community Standards” say, “Claiming to be another person, creating a false presence for an organization, or creating multiple accounts undermines community and violates Facebook’s terms.” The spokesman said there is no exception to this policy for law enforcement.
Meanwhile, the bogus Facebook page remains accessible to the public, BuzzFeed News found.
Leading privacy experts told BuzzFeed News they found the case disturbing. “It reeks of misrepresentation, fraud, and invasion of privacy,” said Anita L. Allen, a professor at University of Pennsylvania Law School.
The experts also agreed that the case raises novel legal and ethical questions. There is a long tradition of deceptive practices by police that are legal, they noted. For example, officers assume a false identity to go undercover. “What’s different here,” said Ryan Calo, a professor at the University of Washington School of Law, is that the agent assumed the identity of a real person without her explicit consent.
“The technologies we have now are enabling all sorts of new uses,” said Neil Richards, a professor at the Washington University School of Law. “There are a whole bunch of new things that are possible, and we don’t have rules for them yet.”
The DEA’s actions might never have come to light if Arquiett, now 28, hadn’t sued Sinnigen, accusing him in federal district court in Syracuse, New York, of violating her privacy and placing her in danger.
In a court filing, a U.S. attorney acknowledges that, unbeknownst to Arquiett, Sinnigen created the fake Facebook account, posed as her, posted photos, sent a friend request to a fugitive, accepted other friend requests, and used the account “for a legitimate law enforcement purpose.”
The government’s response lays out an argument justifying Sinnigen’s actions: “Defendants admit that Plaintiff did not give express permission for the use of photographs contained on her phone on an undercover Facebook page, but state the Plaintiff implicitly consented by granting access to the information stored in her cell phone and by consenting to the use of that information to aid in an ongoing criminal investigations [sic].”
That argument is problematic, according to privacy experts. “I may allow someone to come into my home and search,” said Allen, of the University of Pennsylvania, “but that doesn’t mean they can take the photos from my coffee table and post them online.”
“I cannot imagine she thought that this would be a use that she consented to,” the University of Washington’s Calo said.
“That’s a dangerous expansion of the idea of consent, particularly given the amount of information on people’s cell phones,” said Elizabeth Joh, a professor at the University of California, Davis, School of Law.
The government’s court filing confirms that Sinnigen posted a photo of Arquiett “wearing either a two-piece bathing suit or a bra and underwear,” but denies “the characterization of the photograph as suggestive.”
This picture is no longer on the Facebook page, but others are. An album called “Sosa,” her nickname, shows her in a strapless shirt and large hoop earrings or, in another, lying face-down on the hood of the BMW, legs kicked up behind her. “At least I still have this car!” reads a comment supposedly posted by her.
The DOJ also acknowledges that Sinnigen posted photos of Arquiett’s son and niece, who were then clearly young children.
Arquiett’s current attorneys declined requests to interview her. But court documents tell much of her story.
She was arrested in July 2010 and accused of participating in a conspiracy to distribute cocaine, an offense that could carry up to a life sentence. She pled guilty in February 2011, and, in a court filing, federal prosecutors recommended a reduced sentence, noting that she was not a significant player in the conspiracy and had promptly accepted responsibility.
Arquiett grew up in Watertown, New York, according to a motion on sentencing by her attorney in her criminal case. Her father was imprisoned when she was an infant. Her mother was an alcoholic and drug user, and her stepfather abused both Arquiett and her mother.
By 2008, Arquiett was dating Jermaine Branford, who authorities believed to be the head of a drug trafficking ring, the criminal complaint against Arquiett says. He also physically abused her, according to the sentencing motion her lawyer filed.
The government accused Arquiett of allowing Branford and his associates to process and store cocaine in her apartment and helping them contact other members of the drug ring and arrange transactions. Branford later pled guilty in federal court to conspiracy to distribute cocaine and received a sentence of almost 16 years.
Arquiett’s lawyer argued that Branford and his crew took advantage of her vulnerabilities. “To her, because they ‘took care’ of her, she considered them like family,” attorney Kimberly Zimmer wrote. “In fact, they preyed upon and used her.”
Arquiett, Zimmer wrote, wasn’t paid like other members of the drug ring, just given money on occasion to buy gas or other items. “At the time, although she knew that her co-defendants were distributing drugs and that she was helping them to do so, she considered the things that she did for Branford and the other co-defendants as ‘favors,’ ” Zimmer wrote.
Zimmer also noted Sinnigen’s actions. “Ms. Arquiett never intended for any of the pictures on her phone to be displayed publicly, let alone on Facebook, which has more than 800 million active users,” she wrote in the motion addressing sentencing. “More disturbing than the fact that the DEA Agents posted a picture of her in her underwear and bra is the fact that the DEA agents posted a picture of her young son and young niece in connection with that Facebook account, which the DEA agents later claim was used for legitimate law enforcement purposes, that is, to have contact with individuals involved in narcotics distribution.”
Taking all of this into account, a judge sentenced Arquiett to five years of probation, including six months of weekend incarceration and six months of home detention. This March, a probation officer certified that she had complied with the terms of her sentence and terminated her probation.
Photo credit: The Guardian
Reaction of Edward Snowden and The Guardian editor-in-chief Alan Rusbridger upon receiving the Right Livelihood Award 2014 late September.
Photo credit: http://www.pitstopmedia.com/
Hollywood lawyer Marty Singer, of Los Angeles-based law firm Lavely & Singer, has written to Google chairman Eric Schmidt and founders Larry Page and Sergey Brin threatening to sue Google for US$100 million if the US search giant failed to remove the naked photos of their clients that were recently hacked and posted online.
Their clients include a dozen of Hollywood celebrities like Kate Upton, Amber Heard, Rihanna, Jennifer Lawrence, Ariana Grande and Cara Delevingne whose nude photos have been hacked and distributed online after hackers took advantage of a flaw in Apple’s password recovery system to gain access to their iCloud accounts.
Singer has accused Google of “blatantly unethical behavior” – as takedown requests were sent to the company days after the photos were leaked but those images remained on YouTube and blogs – and its failure “to act expeditiously, and responsibly to remove the images, but in knowingly accommodating, facilitating, and perpetuating the unlawful conduct. Google is making millions and profiting from the victimization of women”.
“The seriousness of this matter cannot be overstated. If Google continues to thumb its nose at my clients’ rights – and continues to both allow and facilitates the further victimization of these women – and disregards the demands of this letter, it does so at its own peril,” according to the letter (see below).
Google is no stranger to takedown requests.
A landmark ruling that originated from a Spanish court has led the European Court of Justice to rule last May that anyone living in the European Union and Europeans living outside the region could ask search engines to remove links if they believed the online contents breached their right to privacy and are “inadequate, irrelevant or no longer relevant, or excessive in relation to the purposes for which they were processed”.
Following this controversial European “right to be forgotten” ruling, Google has started removing results from its search engine since late June.
A short educational video on the impacts of mass surveillance on the average John Doe.
This is the instructional video tutorial Edward Snowden created for Glenn Greenwald on how to protect online communications using PGP (Pretty Good Privacy) encryption prior to his leaking thousands of classified documents to Greenwald in early 2013.
Tim Berners-Lee, the inventor of the web 25 years ago and director of the World Wide Web Consortium, spoke at the Web We Want Festival last Saturday whereby he, according to The Guardian, also called on Saturday for a bill of rights that would guarantee the independence of the internet and ensure users’ privacy.
“If a company can control your access to the internet, if they can control which websites they go to, then they have tremendous control over your life,” the British computer scientist said. “If a government can block you going to, for example, the opposition’s political pages, then they can give you a blinkered view of reality to keep themselves in power.
“Suddenly the power to abuse the open internet has become so tempting both for government and big companies.”
Below is Tim Berners-Lee at a TED Talk earlier this year.
Photo credit: Propublica
In what could be equivalent to a nuclear bomb on Wall Street, former New York Federal Reserve Examiner Carmen Segarra has released some 46 hours worth of voice recordings, secretly taped with a small recorder on her keychain in 2012, that purportedly show bank regulators going soft and cozy with banking giant Goldman Sachs at a time when the New York Fed was expected to become a stronger regulator after the financial crisis of 2008.
To demonstrate a case in point from the recordings: “We’re looking at a transaction that’s legal but shady,” according to a New York Fed staffer in reference to a proposed Goldman Sachs financial transaction.
The secret recordings – released to both a reporter for ProPublica and radio program This American Life – show an unwillingness among some Fed supervisors to both demand specific information from Goldman about a transaction with Banco Santander and to strongly criticize what Segarra concluded was the lack of an appropriate conflict-of-interest policy at Goldman.
Segarra, who later suited the New York Fed for wrongful termination after her refusal to alter a critical examination of Goldman’s legal and compliance units, said her colleagues were too soft on those kinds of transactions and the banking industry in general.
This may as well be the best ever advertisement any company would die for…
FBI director James Comey criticized on Thursday that the encryption in the latest operating systems of Apple and Google phones were so secure that law enforcement officials would have no access to information stored on those devices even with valid warrants and asked why companies would “market something expressly to allow people to place themselves beyond the law”.
“There will come a day when it will matter a great deal to the lives of people … that we will be able to gain access,” Mr Comey reportedly told the media.
“I want to have that conversation [with companies responsible] before that day comes.”
Law enforcement agencies place premiums on their forensic abilities to search sensitive data like photos, messages and web histories on smartphones – and also on old plain vanilla cellular phones to some extent – to solve some serious crimes: mobile phones increasingly perform and even replace what we used to do with our computers but thanks to the convergence of technologies, law enforcement and investigators are now able to use mobile phone forensic, much like computer forensic techniques, to retrieve data, including deleted data, from the phones as they did on computers.
The comments from Comey came hot on the heels of news last week that Apple’s latest mobile operating system, iOS 8, is so well encrypted that even Apple Inc. cannot unlock their mobile devices. Google meanwhile is also adopting its latest encryption format for its new (to be released) Android operating system that the company would be unable to unlock.
Question: Has Comey approached the NSA for help?
The former NSA contractor Edward Snowden has received Wednesday the Right Livelihood Honorary Award – also known as the “Alternative Nobel Prize” – from the Stockholm-based Right Livelihood Award Foundation for his work on press freedom and “for his courage and skill in revealing the unprecedented extent of state surveillance violating basic democratic processes and constitutional rights.”
Alan Rusbridger, editor-in-chief of the British newspaper The Guardian with whom Snowden collaborated to publish what became known today as the Snowden revelations, also won the award for “responsible journalism in the public interest.
Both Snowden and Rusbridger are honorary winners, meaning they will not receive the award’s customary 500,000 kronor (54,500 euros) but the foundation said it would fund legal support for Snowden, who has been nominated for the Nobel Peace Prize to be announced later this year.
The Swiss attorney general has reportedly said earlier this month that Snowden could receive Swiss asylum if he opts to travel to Switzerland to testify against the National Security Agency.
The Right Livelihood Award was created in 1980 by German-Swedish philanthropist Jakob von Uexkull to “honour and support those offering practical and exemplary answers to the most urgent challenges facing us today”.
Three other prize winners, named to receive the monetary award, are Pakistani human rights lawyer Asma Jahanger, Sri Lankan rights activist Basil Fernando and US environmentalist Bill McKibbben.
WikiLeaks founder Julian Assange equated Google with the US National Security Agency and its British counterparts GCHQ, saying in an interview with BBC and Sky News last week the tech giant has become “a privatized version of the NSA”.
See another related video below.
How do NSA staffer feel about being filmed, even it’s just only in the public? Strangely, irate and very uncomfortable as 2 students found out Wednesday at the University of New Mexico’s Engineering and Science Career Fair where the NSA has set up a booth to recruit computer geeks (yes, hackers).
Source: The Intercept