So the round-the-clock guard outside the London’s Ecuadorian embassy where WikiLeaks founder Julian Assange took refuge the last 3 years and cost British taxpayers over $20 million has finally ended Monday but…
You would probably welcome this more easily if you are a Linux user – check out this How To Forge article:
How to do image steganography on Linux
Steganography is the ancient art of the information concealment. People have found numerous methods to achieve this such as “invisible” inks, messages hidden in objects, and the famous “null cipher”. The word “steganography” comes from the Greek words “steganos” and “graphy” which means “impenetrable writing”. The years have passed and steganography has evolved into a sophisticated part of cryptography. Using the same basic principles that people utilized in their cryptographic efforts during the past, we can now perform similar feats on our Linux operating systems.
Choice of Tools
In this tutorial, I will use the OpenStego tool to perform the steganography. Thankfully, there are quite a lot of options that Linux users can choose from in this particular field with some of them being the command line Steghide and OutGuess, or the GUI Steganography Studio and Steg.
First you need to download the latest version of the program from Git. As I use Ubuntu, I downloaded the .deb file. If you’re using Ubuntu as well, you can install the package by opening a terminal in the /Downloads folder and giving the following command: “sudo dpkg -i openstego_0.6.1-1_amd64.deb”
The way OpenStego achieves the hiding of the data is by embedding them inside a carrier file which can be an image file. Lets suppose that I have a document that I want to pass to another person without anyone else even noticing that it is there. The original document doesn’t need to be encrypted as it will be hidden inside an image file. OpenStego names those as “Message File” and “Cover File”.
The image file can be a .bmp, .gif, .jpeg, or .png. Select the two files by pressing the “file navigation” buttons on the right of each entry box and then set the name and location of an output file. Finally, setting a password is important as this is the only information that you need to share with the recipient who also has to use OpenStego to extract the hidden data. Finally, press the “Hide Data” on the lower right and you’re done.
The two pictures look identical, but the second one contains a hidden document in it. The only thing that could blow this cover is the fact that people believe that there is always a hidden message in Led Zeppelin material.
The second thing that you can do with OpenStego is to watermark the file with a unique signature so that the recipient ensures that the file is coming from a trusted source. To do this, press the “Digital Watermarking” option on the left and then choose the “Generate Signature”. Then you can add a passphrase and set the name and location of the signature file that will be created upon the pressing of the “Generate Signature” button on the right.
The next step is to embed the watermark into the files. Select the signature file, the files to be watermarked, and finally set the name and location of the output files.
The recipient then may verify the watermark by selecting the original signature file and the file to be checked. If the score is higher than 70%, then it’s a good enough match.
(Above) Photo credit: Associated Press
Check out the following article from the Columbia Journalism Review.
The dangerous game of reporting on government spying operations
By Trevor Timm
August 10, 2015
Markus Beckedahl, the editor-in-chief and founder of Netzpolitik,org, working at a computer at the website’s office in Berlin, Germany, after an interview with The Associated Press on Wednesday, August 5, 2015.
Most people in the United States have probably never heard of the popular German news site Netzpolitik.org until this month. But it has been in the news for a reason it wish it wasn’t: the German government is threatening two of its reporters with treason. Their supposed offense? Reporting on leaked information about Germany’s mass surveillance capabilities.
These leaks did not come from Edward Snowden, but the content was eerily similar: they exposed the German government’s secret plans to step up internet surveillance.
The public reaction was swift. The investigation made world headlines and thousands of people marched in the streets to protest the clear violation of press freedom. Dozens of journalists and free speech advocates signed a letter challenging the government’s aggressive tactics. By Tuesday, the German Justice Minister had fired the country’s top prosecutor who brought the case. (On Monday, after some question about whether the inquiry would continue, Germany formally dropped the investigation despite the fact that some powerful members of the government wanted it to proceed).
While the story may be headed towards a just ending, it is one piece in a much larger story that has western government increasingly cracking down on journalism that dares report on mass electronic spying.
Journalism legend Duncan Campbell penned an incredible piece for the Intercept last week about his 40-year quest to report on the British government’s mass surveillance capabilities, despite Britain’s notorious penchant for harsh clampdowns when investigative reporting casts them in a bad light. He wrote:
“In my 40 years of reporting on mass surveillance, I have been raided three times; jailed once; had television programs I made or assisted making banned from airing under government pressure five times; seen tapes seized; faced being shoved out of a helicopter; had my phone tapped for at least a decade; and — with this arrest — been lined up to face up to 30 years imprisonment for alleged violations of secrecy laws.”
Campbell ended his retrospective on a high note, saying that “thanks to Edward Snowden and those who courageously came before, the need for public accountability and review has become unassailable.” However, the UK, which arguably has the most authoritarian approach to the press in the western world, has still refused to give an inch on the Snowden revelations—even as the GCHQ, Britain’s NSA equivalent, has been found to have broken the law over and over again by British courts.
Just two weeks prior to Campbell’s epoch, Intercept journalist Ryan Gallagher confirmed that the UK government continues to criminally investigate the journalists at the Guardian who were involved in the Snowden story more than two years later. (This is on top of their deplorable detainment of Glenn Greenwald’s partner David Miranda under their “terrorism” law merely for traveling through the UK with encrypted Snowden documents on his person.)
In Australia, their government in the past year has passed a series of disturbing measures, not only dramatically expanding their surveillance capabilities, but criminalizing reporting on them as well. Their data retention law, which forces service providers to hold onto metadata, was passed, in part, “for the express purpose of determining the identity of a journalist’s sources.” Another national security law, passed at the end of 2014, expressly outlaws journalism on “special intelligence operations,” which, defined broadly could mean just about anything related to national security the government didn’t like.
Australia’s neighbor New Zealand raided the house and seized the computers of famed investigative reporter Nicky Hager (along with his children’s computers). Hager had recently written a popular book critical of Prime Minister John Key that was based on a leak, and was busy working on another major story based on the Snowden documents. (Disclosure: The organization I work for, Freedom of the Press Foundation, raised money for Hager’s legal defense.)
These crackdowns are not limited to the US’s main “Five-Eyes” spying partners, however. Japan is currently fuming over documents published by WikiLeaks showing the US has been spying on them, a fact they would not know if it wasn’t for another leak. Yet they too passed a draconian secrecy law in the post-Snowden era. In December 2013, after strenuous objections from the minority party and the Japanese public, the ruling Liberal Democratic party pushed through a law clamping down on the government’s supposed secrets, which could potentially criminalize their publication if they were obtained “illegally.” The US government had been pushing for the law and hailed its passage.
As NPR reported at the time, “The penalties for violators are harsh: 10 years in prison for civil servants who leak classified information; five years for citizens convicted of abetting leaks. The law covers defense, diplomacy, counterterrorism and counterintelligence.”
“Abetting leaks.” Don’t forget that’s what Glenn Greenwald was once accused of in the press, and what Fox News reporter James Rosen was accused of in court documents. It’s also known to many reporters as simply doing their jobs. (If only the prosecutor in that case was fired like his or her counterpart in Germany.)
If there was ever a doubt, journalism that surfaces the propensity of governments for mass surveillance remains a dangerous game.
Follow Vox below for this hilarious insight:
In World War II, civilian spies were less James Bond and more Mr. Bean
Updated by Phil Edwards on September 14, 2015, 3:30 p.m. ET @PhilEdwardsInc firstname.lastname@example.org
In 1944, the CIA’s precursor, the Office of Strategic Services (OSS), created a manual for citizens in Germany, Italy, and Japan who might want to subvert their own governments’ wartime operations. The Simple Sabotage Field Manual was a user’s guide for normal people who wanted to become de facto spies assisting the United States.
But rather than involving James Bond–style espionage, these sabotage attempts were all about fostering ineptitude. The manual was full of advice for how citizens in other countries (like those working in German munitions factories) could be bad at their jobs and bog down operations. Instead of being James Bond, a good spy tried to be Mr. Bean. Some of the best tricks include:
1. Using trash and everyday tools. The best materials for citizen sabotage weren’t special laser lock picks from James Bond’s Q — they were simple ingredients often found in the trash. Salt, nails, candles, pebbles, and thread were all recommended as great materials for sabotage. “His arsenal is the kitchen shelf, the trash pile,” the manual says.
2. Lose stuff. Mission: Impossible’s Ethan Hunt might require a hacker on the other end, but a citizen spy could sabotage operations simply by losing stuff. “Making a faulty decision,” the manual advises, “may simply be a matter of placing tools in one spot instead of another.” Over time, these tiny subversions could add up to serious delays in work.
3. Hide in the crowd. The best spies don’t perch atop skyscrapers or base-jump from cliffs — they hide. “Try to commit acts for which large numbers of people could be responsible,” the manual recommends. Better to blow out electrical wiring that 90 people could have screwed up rather than do something for which you could be blamed.
4. Being incompetent is better than being wily. The best spies weren’t masters of disguise or suave playboys. In fact, they probably looked like idiots. Incompetency was the easiest way to get away with sabotaging a factory, transportation hub, or communications system. When it comes to trains, for example, the manual advises tactics that wouldn’t be out of place in a screwball comedy. Recommendations include writing train tickets by hand instead of printing them (so a passenger will miss their train) and assigning two people the same seat, so that they’ll get in a fight over it (yes, that’s actually the advice).
Many of the tips almost look absurd, like the recommendation to let cutting tools grow dull or to put too much paper into a hole puncher so it will break. But the strategies highlight two realities: both that our sense of espionage is heightened from movies and fiction, and that ordinary citizens have an extremely limited scope to exercise their power during wartime.
That may be why the best advice for sabotage is the tip that appears on page 31, item 12, section C: “Act stupid.” Sometimes, it’s the smartest thing you can do.
Again? What corporate genius do they have at Lenovo to coin the idea of installing spyware into their own products… for the second time in under a year – despite an earlier class action lawsuit against the company for similar actions??
Lenovo in the News Again for Installing Spyware on Its Machines
by Manish Singh , 24 September 2015
Despite launching a number of interesting products this year, Lenovo has perhaps got more press time for the things it has done wrong. The Chinese technology conglomerate is back in news, this time for allegedly installing a program on at least some of its refurbished notebook lineup that is programmed to send users’ feedback data to Lenovo. Upon further inspection, the program seems to have an association with a third-party marketing and Web analytics firm.
As per many users’ report, the company ships its factory refurbished laptops with a program called “Lenovo Customer Feedback Program 64″ that is scheduled to run every day. According to its description, Lenovo Customer Feedback Program 64 “uploads Customer Feedback Program data to Lenovo.”
Upon further digging, Michael Horowitz of Computerworld found these files in the folder of the aforementioned program: “Lenovo.TVT.CustomerFeedback.Agent.exe.config, Lenovo.TVT.CustomerFeedback.InnovApps.dll, and Lenovo.TVT.CustomerFeedback.OmnitureSiteCatalyst.dll.” As he further pointed out, Omniture, as mentioned in the suffix of one of the files, is an online marketing and Web analytics firm, which suggests that the laptops are tracking and monitoring users’ activities.
On its support website, the largest PC vendor noted that it may include software components that communicate with servers on the Internet. These applications could be on any and every ThinkCentre, ThinkStation, and ThinkPad lineups. One of the applications listed on the website is Lenovo.TVT.CustomerFeedback.Agent.exe.config.
This isn’t the first time Lenovo has been caught shipping what appears to be a spyware on its machines. Earlier this year, Lenovo was found bundling a spyware called “Superfish” on its machines. In August, the company was caught covertly downloading and installing software on its Windows PCs. The program modified the BIOS to force the computer to download its programs upon each login.
Find out more from the following article.
Did you hear the latest news that Chinese President Xi Jinxing currently on State visit to the US has just inked a US$38 billion deal to buy 300 Boeing aircraft? Well, how coincidental with this “timely” report from John McAfee – Check out the full story below:
John McAfee: China Spies on Airline Passengers Using Covert Android App
Four Chinese airlines are serving malware using their in-flight WiFi system and IMSI-catchers installed on the planes
Four Chinese airlines are supposedly installing spyware on the Android smartphones of passengers traveling on international flights, John McAfee claims.
John McAfee, a renowned security researcher and founder of McAfee antivirus (now Intel Security), has made a habit of publishing controversial articles once in a blue moon or so.
In one of his monthly editorials for International Business Times, the security guru has revealed how passengers on four Chinese airlines, which he declined to name, are secretly being served boot-persistent spyware while connected to the plane’s internal WiFi system.
Attackers use IMSI-catchers to pose as telephony towers
According to McAfee, the first steps of the attack are seen when passengers attempt to connect to the plane’s in-flight WiFi system provided on some more modern airplanes.
The internal WiFi network will push a module to the user’s phone, a module that turns on the user’s 3G or 4G network communications without displaying an icon on the phone’s screen.
The purpose of doing this, McAfee explains, is linked to the fact that planes from these four airlines come equipped with their own IMSI-catcher, a device that emulates mobile telecommunication towers, fooling the user’s phone into connecting to it and performing MitM (Man-in-the-Middle) attacks.
The IMSI-catchers push the Simple Logging Android app to passengers’ phones
Once the user’s smartphone is connected to this device, the first operation performed is to check to see if a particular Android app is installed on the user’s phone. This app’s name is Silent Logging.
If this app is not found, it is pushed to the user’s phone. Mr. McAfee does not detail if the app needs to be manually approved by users or is installed using various exploits without their knowledge and consent.
What he says is that, once on your smartphone, this app immediately starts downloading a spyware app, which then uses Simple Logging’s capabilities to record everything the user does, and then send the data to an IP address registered in Beijing, China.
Factory resets won’t remove the spyware
According to Mr. McAfee, the spyware can be uninstalled only by a “physical wipe” of the phone’s drive. Factory resets won’t work because the spyware intercepts this command and emulates the factory reset results, fooling the user and continuing to remain on their phone.
“Any business person, diplomat or government employee who has ever traveled on any of these four airlines has forever after been wired by the Chinese government,” says McAfee. “Every email, text, word or action has been recorded for Chinese posterity.”
While Mr. McAfee’s own conclusion puts the blame on the Chinese government, he has no evidence to sustain his claims.
A more plausible explanation would be if a criminal group has managed to bribe employees at these four airlines and have them install the necessary infrastructure in the company’s planes. Maintenance crews usually have this type of access when planes are sent for periodical check-ups and repairs.
A similar Chinese criminal group has also been able to install malware on 24 smartphone models, right after they were shipped from the factory.
Now speaking of turning back the clock and have another closer look at history – the decade of many major events that shaped the world today, the vibrant 1960s…
From the CIA:
The Collection of Presidential Briefing Products from 1961 to 1969
The CIA’s Historical Review Program on 16 September 2015 released a collection of presidential briefing products written during the Kennedy and Johnson presidential administrations. This large-scale release of The President’s Intelligence Checklists (PICLs) [an acronym pronounced “pickles”] and The President’s Daily Briefs (PDBs) includes almost 2,500 documents exclusively written for the president each day except Sunday. They summarized the day-to-day intelligence and analysis on current and future national security issues. President Kennedy received the first PICL — a seven-page 8 ½- by 8-inch booklet — on Saturday, 17 June 1961 at his country home near Middleburg, Virginia. The PICL was replaced by the PDB on 1 December 1964, during the Johnson administration. In addition to the PDBs and PICLs, the collection includes The President’s Intelligence Review and its replacement, Highlights of the Week, as well as ad hoc supplemental products and annexes that featured topics of presidential interest. The CIA originators of the PICL, and later the PDB, strove to craft a daily current product that was true to sensitive source reporting and yet was easily readable by the president and his advisors.
(Above) photo credit: Tom Barfield (The Local)
I had fun visiting the Spy Museum in Washington D.C. some years ago and now there’s another one to look forward to in Berlin which was opened over the weekend. Check it out from The Local.
(Above) photo credit: Spy Museum Berlin
“Twitter surreptitiously eavesdrops on its users’ private Direct Message communications. As soon as a user sends a Direct Message, Twitter intercepts, reads, and, at times, even alters the message.”
Find out more from the following article.
Find out (below) the ridiculous extent some would go to rally support in politics.
“It was on property guarded by the Secret Service. And there were no security breaches.”
So the server is safe and secure from hackers when it’s guarded by the Secret Service?!? And there’s no security breaches so far? Well, it wouldn’t take long to prove them wrong. Watch this space.
Pro-Clinton Group Is Out With New Report Defending Email Server Security
11:09 PM 09/12/2015
As Hillary Clinton has spent this week apologizing for using a personal email account as secretary of state, a group closely-aligned with her campaign is out with a new report defending the Democratic presidential candidate’s off-the-books email arrangement.
Correct the Record, which was founded by close Clinton ally David Brock and has been paid $275,000 by the Clinton campaign for “research,” insists that Clinton’s use of the private server and a personal email account as the nation’s top diplomat was a wise move in light of the numerous hacks carried out against the federal government’s computer systems.
But the pro-Clinton Super PAC’s defense of Clinton is curious given that she apologized earlier this week for not using an official state.gov email account.
“Yes, I should have used two email addresses, one for personal matters and one for my work at the State Department. Not doing so was a mistake. I’m sorry about it, and I take full responsibility,” Clinton wrote on Facebook.
The group’s argument relies on claims made by the State Department and Clinton herself that the private setup was not infiltrated by state-sponsored hackers.
Correct the Record’s 12-page report begins:
Among the news media’s obsessive coverage of Hillary Clinton’s email practices, a simple fact has been lost. There is no evidence that Hillary Clinton’s personal email was ever breached. On the other hand, the U.S. government has been hacked on numerous occasions, compromising even the most sensitive of information.
The report compares Clinton’s email arrangement to what it insists is the federal government’s Swiss cheese-like setup.
From Edward Snowden’s theft of millions of classified national security documents, to WikiLeaks, to a hack of OPM that compromised personal information of more than 22 million people, the scope of recent breaches into private and top secret government servers is sweeping and well documented.
“Anyone who attempts to argue that the contents of Hillary Clinton’s email would have been more secure on a government server must contend with these facts,” the report reads.
The report quotes Clinton who said in March that her email system “had numerous safeguards.”
“It was on property guarded by the Secret Service. And there were no security breaches.”
Also in March, State Department spokeswoman Marie Harf also insisted that that there was “no indication that the email was compromised, the account was compromised or hacked in anyway.”
The security of Clinton’s email system has been a focal point of the scandal since it broke open in March. But it took on renewed significance last month when the FBI seized control of Clinton’s server. That move came after the Intelligence Community’s inspector general discovered that at least two emails containing highly classified information had traversed Clinton’s hardware.
In addition to insisting that her server was safe, Clinton has also claimed that she did not send or receive classified information.
Numerous intelligence community and cybersecurity experts — as well as Edward Snowden, the exiled National Security Agency contractor — have asserted that Clinton’s email server was most likely breached by sophisticated hackers.
“It’s very difficult to respond to any statement made by Donald Trump,” said Snowden.
“The idea that someone keeping a private server in a renovated bathroom in Colorado is more secure is completely ridiculous.”
(Above) photo credit: Motherboard via Privacy International
Here’s the story from Motherboard:
Here Is a Government Surveillance Device Disguised as a Baby’s Car Seat
September 8, 2015 // 07:00 AM EST
Spend enough time investigating the global surveillance industry, and you’ll come to realize that reality is far stranger than fiction.
A previous Motherboard investigation into the cache of documents leaked after the hack of Hacking Team revealed a huge network of companies reselling spyware around the world.
But the Italian firm, which makes the governmental hacking suite Remote Control System, is barely a drop in the bucket of the massive market for invasive—and often weird—surveillance tech.
Consider the comically-creepy “Babyseat,” a video surveillance device disguised to look like a baby’s car seat. According to its brochure, Babyseat features a hidden camera with full pan, tilt and zoom capability, which can be remotely viewed and controlled in real-time via GSM mobile internet connection and records to a “discreetly mounted” Compact Flash card.
It’s sold by LMW Electronics, an obscure British company that was acquired in 2012 by another UK surveillance firm, Digital Barriers. According to Digital Barriers’ website, LMW provides “advanced video capture and transmission technology capabilities to the international law enforcement and military markets” with products including “video cameras, outstations, vehicle and body-worn equipment, and controller units.”
The Babyseat is just one of the many products being offered by various surveillance vendors to the government of Colombia, according to a new report (PDF) from the UK-based watchdog group Privacy International.
The report reveals about a dozen foreign firms and local resellers working together to supply Colombian police and military with everything from fiber-optic cable taps, to network monitoring software, to more “old-school” tactical spy tech, like covert recording devices.
One of the country’s more interesting suppliers is DreamHammer, a California-based company that develops software for military drones and sells to the Colombian government in collaboration with a local partner, Emerging Technologies Corporation.
The government also seems to be a big fan of IMSI-catchers, the mass surveillance devices better known in the US as “Stingrays” that track phones and intercept calls and texts by posing as cellphone towers.
Those devices are bought through several foreign firms including UK-based Smith Myers, New Zealand-based Spectra Group, and the Finnish branch of the Canadian telecommunications company Exfo. Several of the companies were also responsible for helping build and maintain PUMA, an untargeted mass surveillance system run by the country’s criminal investigative agency, DIJIN, according to the report.
The sales are notable given Colombia’s history of illegal wiretapping and surveillance scandals. In 2009, it was revealed that the now-dissolved Administrative Security Department (DAS) had conducted illegal surveillance and intimidation on over 600 people including judges, journalists, political opposition members, human rights activists, and others.
That apparently hasn’t slowed the Colombian surveillance trade, however. Just like the Hacking Team leak showed, governments are keen on buying some of the wackiest and more invasive spy toys imaginable, and the global surveillance industry is more than willing to provide.
Find out more from this arstechnica article.
That’s what Julian Assange told The Times magazine in an exclusive interview splashed in the Daily Mail article below.
I told whistleblower Edward Snowden to escape to Russia or risk being kidnapped and killed, claims Wikileaks founder Assange
- Assange claims he advised Snowden to choose Russia over Latin America
– Snowden was apparently concerned over the PR implications of Moscow
– Wikileaks founder has been hiding in Ecuadorian embassy since 2012
– He now claims he can no longer use the balcony for fear of assassination
By Flora Drury For Mailonline
Published: 09:23 GMT, 29 August 2015 | Updated: 12:17 GMT, 29 August 2015
Wikileaks founder Julian Assange has revealed how he told Edward Snowden to flee to Russia – saying otherwise he risked being ‘kidnapped or possibly killed’.
Assange claims he told former NSA contractor Snowden to choose the controversial destination after he leaked details of the U.S. government’s wide-ranging surveillance programme to the media in 2013.
Snowden had apparently mooted Latin America as a possibility, but Assange feared it left him vulnerable to being kidnapped by the CIA.
The Wikileaks founder, who has been hiding in the Ecuadorian embassy since June 2012, told Giles Whittel in The Times Magazine: ‘Snowden was well aware of the spin that would be put on it if he took asylum in Russia.
‘He preferred Latin America, but my advice was that he should take asylum in Russia despite the negative PR consequences, because my assessment is that he had a significant risk of being kidnapped from Latin America on CIA orders.’
Questioned further, Assange added he feared Snowden could be ‘kidnapped or possibly killed’.
Snowden has been living in exile in Russia ever since the documents were revealed by The Guardian, who met the American in Hong Kong.
The newspaper claims he was en route to Latin America when the U.S. government revoked his passport, trapping him in Moscow.
Assange, meanwhile, was granted political asylum by the government of Ecuador under the 1951 Refugee Convention in 2012.
He believes he risks extradition to the U.S. from the UK and Sweden, where he is under investigation for his involvement with Wikileaks. He also faces extradition to Sweden for an investigation into an alleged rape.
Over a period of nearly five years, he has been detained without charge in prison, under house arrest and inside the embassy, with round-the-clock police guard thought to cost more than £11million.
Assange revealed to The Times he no longer likes to even go out on the balcony, saying there have been ‘bomb threats and assassination threats from various people’.
Swedish officials are set to meet their Ecuadorian counterparts on Monday to find a way for Swedish prosecutors to question the Australian over the allegation.
‘It is the first time that we are going to meet and we will discuss a general agreement for judicial cooperation between the two countries,’ Swedish justice ministry official Cecilia Riddselius said on Friday.