Category Archives: Cyber Espionage

Comey-FBI

Shhh… FBI’s Comey Hints Action Against Apple & Google Over Encryption

The FBI director James Comey has been busy making his rounds pressurizing the Congress to force Apple and Google to do away with their new default smartphone encryption.

“Perhaps it’s time to suggest that the post-Snowden pendulum has swung too far in one direction — in a direction of fear and mistrust,” Comey reportedly told the Brookings Institution in a speech last week, where he hinted that the administration might consider new laws and regulations to force companies to offer the government some ways to unlock personal data stored on the phones, such as photos, videos, emails, messages and contacts list “so that those of us in law enforcement, national security and public safety can continue to do the job you have entrusted us to do, in the way you would want us to.”

Here are some video clips to amplify his views on the subject:

BearHacker

Shhh… Sandworm Team Turned Microsoft Windows Flaw into Russian Cyber-espionage Campaign

A group of hackers known as the “Sandworm Team”, allegedly from Russia, has found a fundamental flaw in Microsoft Windows (a zero-day vulnerability impacting all supported versions of Microsoft Windows and Windows Server 2008 and 2012) and turned it into a Russian cyber-espionage campaign targeting NATO, European Union, telecommunications and energy sectors – by pulling emails and documents off computers from NATO, Ukrainian government groups, Western European government officials, and also the energy sector and telecommunications firms, according to new research from iSight Partners, a Dallas-based cybersecurity firm.

iSIGHT_Partners_sandworm_timeline_13oct2014

Photo credit: iSight Partners.

BrowseAnonymously2

Shhh… Privacy: Tor Guide on Browsing Anonymously

Here’s an interesting chart on how to use Tor to browse the web anonymously:

TorInfographics

The Tor Project is a free software and an open network that shields your online identity and thus helps you maintain privacy by defending against network surveillance:

But Tor can still be compromised and multiple layers of security is recommended:

FlashlightApp

Shhh… Top 10 Flashlight Apps Major Privacy Breach & Windfall for CyberCriminals

“I think this is bigger than Ebola right now because 500 million people are infected and they don’t know it. But it’s not them, it’s their smartphone,” said Gary Miliefsky, CEO of SnoopWall, a counterveillance software company focused on helping consumers and enterprises protect their privacy on all of their computing devices including smartphones, tablets and laptops.

“The top 10 flashlight apps today that you can download from the Google Play Store are all malware. They’re malicious, they’re spying, they’re snooping and they’re stealing.”

The personal data stolen from our smartphones – including contacts, emails, messages, bank account details, photos, video, etc – are then sold to cybercriminals in 3 countries: China, India and Russia, according to Miliefsky, a founding member of the US Department of Homeland Security who has advised two White House Administrations on cybersecurity matters.

More information below from SnoopWall press release:

SnoopWall-PR1

SnoopWall-PR2

SnoopWall-PR3

SnoopWall-PR4

SnoopWall-PR5

SnoopWall-PR6

DropBox

Shhh… Dropbox Hacked?

Dropbox reportedly “appears” to have been hacked after anonymous hackers claimed to have compromised some 7 million accounts with several hundreds of usernames and passwords leaked in plain text so far, and with full leak promised if they received donations to their bitcoin address.

Dropbox, however, has denied claims of any data breach:

“Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.”

Advice: Change your password immediately. And just like the recent iCloud hack, think hard before you post anything personal and confidential online.

Snowden-UKobserverIdeas2014

Shhh… Snowden Attacks UK’s “Anything Goes” Privacy Intrusions

In his first UK public appearance via satellite link from Moscow at the Observer Ideas festival on Sunday, Edward Snowden warned that British spy agencies are using digital technology to conduct mass population surveillance without any checks and balances at all and thus overreaching and encroaching on privacy rights in a way that he characterized as even worse than the US NSA had managed.

nsa-facebook

Shhh… NSA Disguised as Facebook Servers

The National Security Agency has been disguising itself as Facebook servers in order to gain access to the computers of intelligence targets, according to a new report by The Intercept:

“In one man-on-the-side technique, codenamed QUANTUMHAND, the agency disguises itself as a fake Facebook server. When a target attempts to log in to the social media site, the NSA transmits malicious data packets that trick the target’s computer into thinking they are being sent from the real Facebook. By concealing its malware within what looks like an ordinary Facebook page, the NSA is able to hack into the targeted computer and covertly siphon out data from its hard drive.”

Snowden-CitizenFour

Shhh… Laura Poitras’ Documentary “CitizenFour” on Snowden Revelation to be Released

Mark your calendar. The 24th of October has been set for the official release of “Citizenfour”, a long anticipated ground-breaking documentary by Laura Poitras, premiered at the New York Film Festival on Friday night, which reveals a behind-the-scene and intimate portrait of Edward Snowden and his leak of NSA documents as it unfolded at the Mira hotel in Hong Kong last year.

citizenfour_poster

Poitras and former Guardian columnist Glenn Greenwald flew from New York to Hong Kong early June 2013 to meet Snowden for the first time. This documentary captures minute by minute their tense initial encounters and the many days of questioning, cross-examining and waiting for the Guardian greenlight to their explosive exposé that changed the world to this day.

CitizenB-NGF

Shhh-cretly Featured in “Citizen B”: A Documentary on Surveillance & Privacy

Shhh-cretly was interviewed by renowned and award-winning director Werner Boote, who was in Hong Kong with his Austrian crew this week to film Citizen B, a 90-minute documentary on surveillance and privacy to be released in 2015.

IMG_20141009_161005

IMG_20141009_161920

CitizenB

CitizenB2

HKprotests3

Shhh… Phone Apps Disguised to Spy on Hong Kong Protesters

With the widespread use of social media during the week-long protests in Hong Kong, including attempts to find phone apps capable of defying potential shutdown of the power grid, this story from The Associated Press below (Credits to The Associated Press) is a timely stern reminder:

The Associated Press
Published: October 2, 2014

HONG KONG — The Chinese government might be using smartphone apps to spy on pro-democracy protesters in Hong Kong, a U.S. security firm said.

The applications are disguised as tools created by activists, said the firm, Lacoon Mobile Security. It said that once downloaded, they give an outsider access to the phone’s address book, call logs and other information.

The identities of victims and details of the servers used “lead us to believe that the Chinese government are behind the attack,” said a Lacoon statement.

China is, along with the United States and Russia, regarded as a leader in cyber warfare research. Security experts say China is a leading source of hacking attacks aimed at foreign governments and companies to computers in China.

The Chinese government has denied engaging in cyberspying and says China is among the biggest victims of hacking attacks.

Lacoon said it found two similar “malicious, fake” apps that appeared to be related. One targets phones that run Apple Inc.’s iOS operating system; the other is meant for phones using Google Inc.’s Android system.

The “very advanced software,” known as an mRAT, or multidimensional requirements analysis tool, “is undoubtedly being backed by a nation state,” the company said. Lacoon said it was calling the software Xsser.

“The Xsser mRAT represents a fundamental shift by nation-state cybercriminals from compromising traditional PC systems to targeting mobile devices,” the company said.

Such “cross-platform attacks” that target both Apple and Android phones are rare, which adds to signs a government is involved, Lacoon said. It said the app might be the first spyware for iOS created by a Chinese government entity.

In May, U.S. prosecutors charged five Chinese military officers with cyberspying and stealing trade secrets from major American companies. A security firm, Mandiant, said last year it traced attacks on American and other companies to a military unit in Shanghai.

Emmys

Shhh… The Guardian Bagged An Emmy

Congratulations to The Guardian for winning an Emmy award in New York Tuesday night for its groundbreaking coverage on the Snowden revelations.

The multimedia interactive feature NSA Decoded by The Guardian emerged the winner in the new approaches: current news category at the news and documentary Emmy awards.

The interactive coverage, which includes interviews and discussions with key players like journalist Glenn Greenwald, former NSA employees, senators and members of US congress, helps the audience understand the facts and implications of Edward Snowden’s disclosures last year about the NSA’s mass surveillance program.

The Guardian has also won in April, along with the Washington Post, the Pulitzer prize for public service for their groundbreaking coverage of the Snowden revelations.

TimBerners-Lee

Shhh… Tim Berners-Lee on the Web & Privacy

Tim Berners-Lee, the inventor of the web 25 years ago and director of the World Wide Web Consortium, spoke at the Web We Want Festival last Saturday whereby he, according to The Guardian, also called on Saturday for a bill of rights that would guarantee the independence of the internet and ensure users’ privacy.

“If a company can control your access to the internet, if they can control which websites they go to, then they have tremendous control over your life,” the British computer scientist said. “If a government can block you going to, for example, the opposition’s political pages, then they can give you a blinkered view of reality to keep themselves in power.

“Suddenly the power to abuse the open internet has become so tempting both for government and big companies.”

Below is Tim Berners-Lee at a TED Talk earlier this year.

Phone-encrypt

Shhh… Apple & Google Phones Too Secure?

This may as well be the best ever advertisement any company would die for…

FBI director James Comey criticized on Thursday that the encryption in the latest operating systems of Apple and Google phones were so secure that law enforcement officials would have no access to information stored on those devices even with valid warrants and asked why companies would “market something expressly to allow people to place themselves beyond the law”.

“There will come a day when it will matter a great deal to the lives of people … that we will be able to gain access,” Mr Comey reportedly told the media.

“I want to have that conversation [with companies responsible] before that day comes.”

Law enforcement agencies place premiums on their forensic abilities to search sensitive data like photos, messages and web histories on smartphones – and also on old plain vanilla cellular phones to some extent – to solve some serious crimes: mobile phones increasingly perform and even replace what we used to do with our computers but thanks to the convergence of technologies, law enforcement and investigators are now able to use mobile phone forensic, much like computer forensic techniques, to retrieve data, including deleted data, from the phones as they did on computers.

The comments from Comey came hot on the heels of news last week that Apple’s latest mobile operating system, iOS 8, is so well encrypted that even Apple Inc. cannot unlock their mobile devices. Google meanwhile is also adopting its latest encryption format for its new (to be released) Android operating system that the company would be unable to unlock.

Question: Has Comey approached the NSA for help?

Snowden-RightLivlihhood

Shhh… Snowden Won Right Livelihood Award

The former NSA contractor Edward Snowden has received Wednesday the Right Livelihood Honorary Award – also known as the “Alternative Nobel Prize” – from the Stockholm-based Right Livelihood Award Foundation for his work on press freedom and “for his courage and skill in revealing the unprecedented extent of state surveillance violating basic democratic processes and constitutional rights.”

Alan Rusbridger, editor-in-chief of the British newspaper The Guardian with whom Snowden collaborated to publish what became known today as the Snowden revelations, also won the award for “responsible journalism in the public interest.

Both Snowden and Rusbridger are honorary winners, meaning they will not receive the award’s customary 500,000 kronor (54,500 euros) but the foundation said it would fund legal support for Snowden, who has been nominated for the Nobel Peace Prize to be announced later this year.

The Swiss attorney general has reportedly said earlier this month that Snowden could receive Swiss asylum if he opts to travel to Switzerland to testify against the National Security Agency.

The Right Livelihood Award was created in 1980 by German-Swedish philanthropist Jakob von Uexkull to “honour and support those offering practical and exemplary answers to the most urgent challenges facing us today”.

Three other prize winners, named to receive the monetary award, are Pakistani human rights lawyer Asma Jahanger, Sri Lankan rights activist Basil Fernando and US environmentalist Bill McKibbben.

BenjaminNetanyahu

Shhh… Israeli Spooks Against Spying Palestinians for the US

Some 43 veterans of Israel’s secret spy agency Unit 8200 has written an open letter of protest to Prime Minister Benjamin Netanyahu and head of the Israeli army accusing the agency of targeting and collecting data of innocent Palestinians for political and not national security purposes, adding that they have a “moral duty” not to “take part in the state’s actions against Palestinians”.

This relates well to a New York Times article last week about how the special relationship between the US and Israel – including how the NSA shared “unminimized”, ie. raw data (on Arab-and Palestinian-Americans with relatives in Israel and the Palestinian territories) with Israel unlike the sharing of only “minimized” data with other countries – has motivated Edward Snowden to blow the whistle last year.

CIA-ClandestineOps

Shhh… CIA’s Declassified Archives – Highlight American Vulnerabilities

The US Central Intelligence Agency released on Thursday a trove of newly declassified “Studies in Intelligence” documents on its homepage.

The move was the result of a long-running lawsuit between the agency and a former employee Jeffrey Scudder – according to the Washington Post (see video clip below) – whose CIA stint includes a 2-year spell looking after the agency’s historical files which ultimately ended his CIA career after he submitted a request under the Freedom of Information Act to release records of old clandestine operations he believed should have been made public.

Amongst the 249 documents released, spanning from the 1970s to 2000s, there’s one labeled “Analyzing Economic Espionage” which attempts to examine foreign intelligence operations against US economic interests beyond the scope and threats of technological advances – including the focus on certain traits of Americans that make them vulnerable to foreign agents, ie. resulting in a threat to the US.

“Foreign intelligence services are more inclined to operate against American targets outside the US” and “some intelligence services that stop short of recruiting US citizens use intelligence operatives to elicit information from them; the targeted American is unwitting of his interlocutor’s intelligence connection”.

CIAclassified

The 7-page document listed “certain personality attributes that increase our vulnerability”:

- Americans like to talk. We tend to be sociable and gregarious, even with casual contacts. We want to be liked, especially by foreigners, because many of us are still trying to overcome an “ugly American” complex. We place a higher premium on candor than on guile, on trust than on discretion.

- Many Americans do not know foreign languages, which in some respects puts them at a disadvantage when living in foreign countries. This does not mean we are “innocents abroad,” but it may make us less likely to pick up clues of suspicious behavior. Americans who do not know the language of a given country may forget that nationals of that country in a position to overhear their conversations often do know English.

- Many Americans are ambitious, oriented toward job advancement and professional recognition. Inevitably, some morally weak individuals are willing to sacrifice personal integrity in pursuit of their career goals.