Category Archives: Computer and security

Right2Bforgotten

Shhh… The BBC “Forgotten” List (& Forgotten Company Directors?)

The BBC plans to publish a regularly updated list of articles removed from the search engine Google following the controversial “right to be forgotten rule”.

Google has so far received some 153,000 requests which have involved about half a million different link and 40 percent of these links have been removed. However, according to associate professor David Glance, director of the Center for Software Practice at the University of Western Australia:

… there is a great deal of concern about the sorts of things that are being removed. So, for example, information about former company directors have been removed. So various people are now asking for that type of information to be restored because it’s part of the public record and important information when you are considering the effectiveness or the background of a company or the directors.”

DigitalFingerprint

Shhh… Micah Lee on Snowden & Smuggling (Secrets) Tricks

Check out this excellent piece from Glenn Greenwald’s The Intercept on how Edward Snowden first contacted Laura Poitras and smuggled his truckloads of NSA secret documents to her with Micah Lee as the middleman.

MicahLee

Photo (above) credit: Micah Lee & Wired

NSAmonkeyBiz

Shhh… More NSA Shakeup Following Another Conflict of Interest?

More personnel problems at the National Security Agency…

Another conflict of interest matter has led the agency’s top spy Teresa Shea to leave her position as director of signals intelligence (SIGINT), which the NSA said last week was a “routine” transition “planned well before recent news articles”.

Shea as the SIGINT head was behind some of the most controversial mass surveillance programs disclosed by former NSA contractor Edward Snowden.

The shakeup followed a recent BuzzFeed report (below) on the financial interests of Shea and her husband James Shea. The latter was a contractor with a SIGINT “contracting and consulting” company – Telic Networks – registered to the couple’s home. He is also the vice president of another SIGINT contractor – DRS Signals Solutions – that “appears to do business with the NSA”. The sleuth Shea herself had also incorporated an “office and electronics” business at her home.

These headlines came hot on the heels of recent reports on former NSA director Keith Alexander, who had business dealings with potential conflicts of interest during and after his NSA reign in March. Furthermore, a recent Reuters report found Alexander also hired another top NSA official, chief technology officer Patrick Dowd, to work at his new cyber-security company when Dowd was still on NSA payroll.

Find out more from the following Buzzfeed report:

Exclusive: Shakeup At NSA After BuzzFeed News Reports On Potential Conflict Of Interest

Top National Security Agency official Teresa Shea is leaving her position after BuzzFeed News reported on her and her husband’s financial interests. The move comes as the NSA faces more questions about the business dealings of its former director Keith Alexander, and potential ethics conflicts. This post has been updated to include a response from the NSA.

posted on Oct. 24, 2014, at 12:28 p.m.

Aram Roston
BuzzFeed Staff

WASHINGTON — One of the nation’s top spies is leaving her position at the National Security Agency (NSA), a spokesman confirmed Friday, amid growing disclosures of possible conflicts of interest at the secretive agency.
The shakeup comes just a month after BuzzFeed News began reporting on the financial interests of the official, Teresa Shea, and her husband.

Shea was the director of signals intelligence, or SIGINT, which involves intercepting and decoding electronic communications via phones, email, chat, Skype, and radio. It’s widely considered the most important mission of the NSA, and includes some of the most controversial programs disclosed by former contractor Edward Snowden, including the mass domestic surveillance program.

The NSA provided a statement Friday that said Teresa Shea’s “transition” from the SIGINT director job was routine and “planned well before recent news articles.” The agency indicated she would remain employed, but did not provide specifics.

The Sheas did not respond to a message left at their home telephone number.

In September, BuzzFeed News reported that a SIGINT “contracting and consulting” company was registered at Shea’s house, even while she was the SIGINT director at NSA. The resident agent of the company, Telic Networks, was listed as James Shea, her husband.

Mr. Shea is also the vice president of a major SIGINT contractor that appears to do business with the NSA. The company, DRS Signals Solutions, is a subsidiary of DRS Technologies, which itself is a subsidiary of Italian-owned Finmeccanica SPA.

Last week BuzzFeed News also reported Shea herself had incorporated an “office and electronics” business at her house, and that the company owned a six-seat airplane and a condominium in the resort town of Hilton Head, South Carolina.

Over the past month, Teresa and James Shea haven’t returned phone calls, and the NSA has declined to comment about any specifics, beyond explaining how the agency tries to address conflict of interest issues in general, and to say that “the agency takes Federal ethics laws quite seriously.”

In April, Adm. Michael Rogers took over as director of the NSA, and it was expected he might shuffle staff. One intelligence source said Shea’s departure from her job appeared to be due in part to the “optics” of a top NSA official coming under scrutiny by the press for her and her husband’s business dealings. The other said the press disclosures may have nothing to do with her leaving.

In a statement Friday, NSA spokesman Michael Halbig said that “NSA considers regular rotations of senior leaders as a catalyst for achieving diverse, fresh perspectives on the nation’s critical national security challenges.”

He added that “We value her leadership as a senior leader and look forward to her continued contribution to the mission to help defend the nation.”

Since she would no longer be director of SIGINT, presumably potential conflicts stemming from her husband’s role as a SIGINT contractor, with a SIGINT company at their home, would be alleviated.

Shea, as SIGINT director, presided over most of the NSA operations disclosed by Snowden. The most controversial of those is the mass domestic surveillance program, under which the agency collects data on virtually every phone call Americans make, domestically or overseas, from a cell phone or a landline. But other operations included disclosures that calls by the leaders of foreign allies were intercepted, and that a vast amount of electronic communications were collected from American internet companies such as Google and Yahoo.

Last week, the NSA came under increasing pressure because of the business dealings of former director Keith Alexander, who left the agency in March.

Reuters disclosed that Alexander hired another top NSA official to work at his company, even while the scientist continued to work at the NSA. Reuters said the NSA had begun a review of the unusual agreement, under which NSA Chief Technology Officer Patrick Dowd was to work 20 hours a week at Alexander’s company, Ironnet Cybersecurity, while still working for the U.S. government.

This week, after the controversy erupted, the company said Dowd would no longer work there.

AshkanSoltani

Shhh… FTC New Appointee Ashkan Soltani Irks NSA Top Guns

The US Federal Trade Commission announced last week the appointment of Ashkan Soltani as the FTC’s chief technologist starting November, where he would advise on technology and policy issues for the same agency where he had previously served as a technical expert and staff technologist.

But what made his appointment stands out was other aspects of his resume. Soltani is a renowned and outspoken security researcher and has served as a technical expert for several state attorney general. Most notably, he was recently involved in investigative journalism, as a media consultant at the Washington Post helping Barton Gellman and other reporters on the technical and security aspects of the Snowden documents – and sharing their 2014 Pulitzer Prize for Public Service – plus other spells at The Wall Street Journal and The New York Times.

His latest appointment has upset NSA top guns, drawing criticisms from former NSA director Michael Hayden (and CIA director from 2006 to 2009):

I’m not trying to demonize this fella, but he’s been working through criminally exposed documents and making decisions about making those documents public.

and former NSA general counsel Stewart Baker:

I don’t think anyone who justified or exploited Snowden’s breach of confidentiality obligations should be trusted to serve in government.

In the same report on these reactions, there’s an interesting reader’s comment:

Applesauce-Oath

Hayden and Baker seem to think they took a different oath: to protect the American people from “terrorists” at all costs. And maybe to profit from investing in surveillance companies“? See my earlier posts on Keith Alexander’s business ventures during and after his NSA tenure.

TimCook-Foxconn-RoadTrip

Shhh… Tim Cook in China to Discuss Data Protection & iCloud Hacks

Apple CEO Tim Cook tweeted his photo Wednesday during a China “road trip” where he visited Foxconn and also met Chinese vice premier Ma Kai in Beijing to discuss recent targeted attacks on iCloud originating from the country – The activist group GreatFire.org has reportedly alleged Chinese government involvement.

Meanwhile, Apple has published a guide on how one can verify the authenticity of the iCloud website in Safari, Chrome and Firefox.

Comey-FBI

Shhh… FBI’s Comey Hints Action Against Apple & Google Over Encryption

The FBI director James Comey has been busy making his rounds pressurizing the Congress to force Apple and Google to do away with their new default smartphone encryption.

“Perhaps it’s time to suggest that the post-Snowden pendulum has swung too far in one direction — in a direction of fear and mistrust,” Comey reportedly told the Brookings Institution in a speech last week, where he hinted that the administration might consider new laws and regulations to force companies to offer the government some ways to unlock personal data stored on the phones, such as photos, videos, emails, messages and contacts list “so that those of us in law enforcement, national security and public safety can continue to do the job you have entrusted us to do, in the way you would want us to.”

Here are some video clips to amplify his views on the subject:

BearHacker

Shhh… Sandworm Team Turned Microsoft Windows Flaw into Russian Cyber-espionage Campaign

A group of hackers known as the “Sandworm Team”, allegedly from Russia, has found a fundamental flaw in Microsoft Windows (a zero-day vulnerability impacting all supported versions of Microsoft Windows and Windows Server 2008 and 2012) and turned it into a Russian cyber-espionage campaign targeting NATO, European Union, telecommunications and energy sectors – by pulling emails and documents off computers from NATO, Ukrainian government groups, Western European government officials, and also the energy sector and telecommunications firms, according to new research from iSight Partners, a Dallas-based cybersecurity firm.

iSIGHT_Partners_sandworm_timeline_13oct2014

Photo credit: iSight Partners.

BrowseAnonymously2

Shhh… Privacy: Tor Guide on Browsing Anonymously

Here’s an interesting chart on how to use Tor to browse the web anonymously:

TorInfographics

The Tor Project is a free software and an open network that shields your online identity and thus helps you maintain privacy by defending against network surveillance:

But Tor can still be compromised and multiple layers of security is recommended:

FlashlightApp

Shhh… Top 10 Flashlight Apps Major Privacy Breach & Windfall for CyberCriminals

“I think this is bigger than Ebola right now because 500 million people are infected and they don’t know it. But it’s not them, it’s their smartphone,” said Gary Miliefsky, CEO of SnoopWall, a counterveillance software company focused on helping consumers and enterprises protect their privacy on all of their computing devices including smartphones, tablets and laptops.

“The top 10 flashlight apps today that you can download from the Google Play Store are all malware. They’re malicious, they’re spying, they’re snooping and they’re stealing.”

The personal data stolen from our smartphones – including contacts, emails, messages, bank account details, photos, video, etc – are then sold to cybercriminals in 3 countries: China, India and Russia, according to Miliefsky, a founding member of the US Department of Homeland Security who has advised two White House Administrations on cybersecurity matters.

More information below from SnoopWall press release:

SnoopWall-PR1

SnoopWall-PR2

SnoopWall-PR3

SnoopWall-PR4

SnoopWall-PR5

SnoopWall-PR6

DropBox

Shhh… Dropbox Hacked?

Dropbox reportedly “appears” to have been hacked after anonymous hackers claimed to have compromised some 7 million accounts with several hundreds of usernames and passwords leaked in plain text so far, and with full leak promised if they received donations to their bitcoin address.

Dropbox, however, has denied claims of any data breach:

“Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.”

Advice: Change your password immediately. And just like the recent iCloud hack, think hard before you post anything personal and confidential online.

Google-JapanDoraemon

Shhh… Japan’s “Forget” Ruling on Google

The Tokyo District Court ordered Google Japan last Thursday to follow Europe’s recent “right to be forgotten” ruling and remove the search results of a Japanese man’s past relations with a criminal organization following his complaint of violation into his privacy.

According to the judge preceding the case, some of the Google results “infringe personal rights” and had harmed the plaintiff.

The European Court of Justice ruled in May that anyone living in the European Union and Europeans living outside the region could ask search engines to remove links if they believed the online contents breached their right to privacy and are “inadequate, irrelevant or no longer relevant, or excessive in relation to the purposes for which they were processed.”

But despite the uproar and headlines in the aftermath, the dirty little secret is that nothing has really changed. What Google has effectively done is to remove results from name search of those names approved to be deleted but only on its European websites. The same results remain on the Google US homepage and all its non-European sites.

Furthermore, Google is only removing the results but not the links. Its European sites may have deleted the results for a search on a specific name but a search for the same name accompanied by other key words may still churn out the same results.

In an earlier Shhh-cretly column, I explained with examples why there is a limit on the extent of privacy and any attempt to manually and selectively remove the Google search contents, successful or otherwise, is like playing God.

Snowden-UKobserverIdeas2014

Shhh… Snowden Attacks UK’s “Anything Goes” Privacy Intrusions

In his first UK public appearance via satellite link from Moscow at the Observer Ideas festival on Sunday, Edward Snowden warned that British spy agencies are using digital technology to conduct mass population surveillance without any checks and balances at all and thus overreaching and encroaching on privacy rights in a way that he characterized as even worse than the US NSA had managed.

nsa-facebook

Shhh… NSA Disguised as Facebook Servers

The National Security Agency has been disguising itself as Facebook servers in order to gain access to the computers of intelligence targets, according to a new report by The Intercept:

“In one man-on-the-side technique, codenamed QUANTUMHAND, the agency disguises itself as a fake Facebook server. When a target attempts to log in to the social media site, the NSA transmits malicious data packets that trick the target’s computer into thinking they are being sent from the real Facebook. By concealing its malware within what looks like an ordinary Facebook page, the NSA is able to hack into the targeted computer and covertly siphon out data from its hard drive.”

Snowden-CitizenFour

Shhh… Laura Poitras’ Documentary “CitizenFour” on Snowden Revelation to be Released

Mark your calendar. The 24th of October has been set for the official release of “Citizenfour”, a long anticipated ground-breaking documentary by Laura Poitras, premiered at the New York Film Festival on Friday night, which reveals a behind-the-scene and intimate portrait of Edward Snowden and his leak of NSA documents as it unfolded at the Mira hotel in Hong Kong last year.

citizenfour_poster

Poitras and former Guardian columnist Glenn Greenwald flew from New York to Hong Kong early June 2013 to meet Snowden for the first time. This documentary captures minute by minute their tense initial encounters and the many days of questioning, cross-examining and waiting for the Guardian greenlight to their explosive exposé that changed the world to this day.

CitizenB-NGF

Shhh-cretly Featured in “Citizen B”: A Documentary on Surveillance & Privacy

Shhh-cretly was interviewed by renowned and award-winning director Werner Boote, who was in Hong Kong with his Austrian crew this week to film Citizen B, a 90-minute documentary on surveillance and privacy to be released in 2015.

IMG_20141009_161005

IMG_20141009_161920

CitizenB

CitizenB2

GoogleHacked

Shhh… iCloud Hack Victims to Sue Google for $100 million

Photo credit: http://www.pitstopmedia.com/

Hollywood lawyer Marty Singer, of Los Angeles-based law firm Lavely & Singer, has written to Google chairman Eric Schmidt and founders Larry Page and Sergey Brin threatening to sue Google for US$100 million if the US search giant failed to remove the naked photos of their clients that were recently hacked and posted online.

Their clients include a dozen of Hollywood celebrities like Kate Upton, Amber Heard, Rihanna, Jennifer Lawrence, Ariana Grande and Cara Delevingne whose nude photos have been hacked and distributed online after hackers took advantage of a flaw in Apple’s password recovery system to gain access to their iCloud accounts.

Singer has accused Google of “blatantly unethical behavior” – as takedown requests were sent to the company days after the photos were leaked but those images remained on YouTube and blogs – and its failure “to act expeditiously, and responsibly to remove the images, but in knowingly accommodating, facilitating, and perpetuating the unlawful conduct. Google is making millions and profiting from the victimization of women”.

“The seriousness of this matter cannot be overstated. If Google continues to thumb its nose at my clients’ rights – and continues to both allow and facilitates the further victimization of these women – and disregards the demands of this letter, it does so at its own peril,” according to the letter (see below).

Google is no stranger to takedown requests.

A landmark ruling that originated from a Spanish court has led the European Court of Justice to rule last May that anyone living in the European Union and Europeans living outside the region could ask search engines to remove links if they believed the online contents breached their right to privacy and are “inadequate, irrelevant or no longer relevant, or excessive in relation to the purposes for which they were processed”.

Following this controversial European “right to be forgotten” ruling, Google has started removing results from its search engine since late June.

Hacked celebrities threaten to sue

Emmys

Shhh… The Guardian Bagged An Emmy

Congratulations to The Guardian for winning an Emmy award in New York Tuesday night for its groundbreaking coverage on the Snowden revelations.

The multimedia interactive feature NSA Decoded by The Guardian emerged the winner in the new approaches: current news category at the news and documentary Emmy awards.

The interactive coverage, which includes interviews and discussions with key players like journalist Glenn Greenwald, former NSA employees, senators and members of US congress, helps the audience understand the facts and implications of Edward Snowden’s disclosures last year about the NSA’s mass surveillance program.

The Guardian has also won in April, along with the Washington Post, the Pulitzer prize for public service for their groundbreaking coverage of the Snowden revelations.