Category Archives: Cyber Espionage

USsenate2

Shhh… US Senate Vote Falls Short of Curbing NSA Surveillance

It’s a fitting scene from the classic movie Gone with the Wind with the famous closing quote “Frankly, my dear, I don’t give a damn”.

The US Senate vote on the USA Freedom Act Tuesday night to rein in the NSA spying power came shy of just 2 votes of the 60 needed to take up the legislation, which would have otherwise stopped the controversial phone record metadata collection by the NSA

Any hope will now hinge on June next year as the legal grounds for the NSA phone snooping, as revealed by the Snowden revelations, under the Patriot Act will then expire – which means the NSA would require then new legislation to justify their access to these mass data.

DroneCamera

Shhh… A Personal Gadget to Block Wireless Surveillance Devices Like Drones & Google Glass

Are you concerned that someone might be spying on you using drones, Google Glass or hidden cameras and microphones – and streaming the recording online? Fancy owning a gadget that can detect and disconnect these intrusive surveillance devices?

A new German product called Cyborg Unplug, now available for online order (at 52 Euros), is designed to block wireless surveillance where you are most vulnerable – in public spaces where the devices can be easily prying, and streaming online, without your knowledge.

It sniffs the air for wireless signatures from devices you don’t want around, sending an alert to your phone when detected. Should the target device connect to a network you’ve chosen to defend, Cyborg Unplug will immediately disconnect them, stopping them from streaming video, audio and data to the Internet.”

But do note that whilst this Cyborg Unplug can disconnect the spying devices, it cannot prevent them from saving the video and audio recording locally. It’s only half the problem solved…

And equipments like the Cyborg Unplug are considered illegal in some countries, including the US.

QuietZone-US

Shhh… “Quiet Zone” for the perfect holiday?

Are you in trouble – still without any Christmas holiday plan? If that’s the case, maybe it’s a blessing in disguise.

Have you ever (even secretly) fancy a holiday with absolute peace, ie. where no one can reach or find you AT ALL? Or is that even remotely possible? Seriously, in this post-Snowden era?

Now, there’s actually a place where you’ll find no modern conveniences at all – no cell phones, no wi-fi and not even digital cameras? And it’s in the US: Pocahontas County in West Virginia.

Now where are my tents and books…??

Hotel-wifi

Shhh… Hotel Cyber Blues

Business travels carry a huge price tag in security risks. Hence a common (but unspoken) practice amongst sleuths is particularly noteworthy: Avoid the biggest hotels in the biggest cities.

This is relevant because a Kaspersky Lab report (below) released earlier this week found a sophisticated industrial espionage campaign aimed at business executives using in-house wireless connections in luxury hotels across Asia, with thousands of victims since 2009 who otherwise believed they were using private and secure networks.

However, the risk with using hotel internet (both LAN and wireless) connections is nothing new.

The FBI has warned 2 years ago about malware being spread across hotel wi-fi systems.

And in the scandal involving former CIA director David Petraeus and his mistress Paula Broadwell (picture below) back in 2012, the way the FBI managed to trace emails sent by Broadwell from her hotel rooms also underscored the problems associated with using supposedly secure hotel internet connections – despite her attempt to shield her identity by using anonymous email accounts, the FBI were able to find out where the emails were sent from (ie. which cities, which wi-fi locations and which hotels) which eventually led to her name.

DavidPetraeus&PaulaBroadwell-2

Previously on Shhh-cretly, several columns also highlighted the perilous voyage business travelers faced, especially in Asia and the risks go well beyond hotel internet connections. Some fellow sleuths are well aware of how some government would send their agents to break into hotel rooms when the house guests were out for the day. For example, a Shhh-cretly post 2 years ago revealed how the FBI had video footage, covertly taken in a hotel room somewhere in China, showing how Chinese agents broke in and swept through the belongings and laptop of an American businessman.

It also helps to know that the locks found on between 4 and 5 million hotel room doors worldwide can easily be opened by a simple hacking device.

And one is still not necessarily safe inside a hotel room, even if the door is locked and blocked. Spy gadgets may have been planted inside the room to snoop on the unwary house guests. And some rooms even have “spying walls“.

With these knowledge, some sleuths have gone to great lengths to protect themselves – such as planting a covert camera in the room, weighing a data-less laptop, with and without the battery, and the power plug before and after leaving the hotel room as well as hiding a SD card (which store all your data transferred from your laptop prior to a business trip, thus the data-less laptop) under the tongue, etc.

According to the Kaspersky report, “a key mystery remains how attackers appear to know the precise travel itinerary of each victim”.

Well, recall the Snowden revelations have also revealed that the British intelligence agency GCHQ had a secretive “Royal Concierge” program that broke into the global hotel booking system of some 350 luxury hotels for about 3 years, specifically to trace and wiretap the suites of traveling diplomats.

Now, has the world reached a state of paranoia?

Execs in Asian luxury hotels fall prey to cyber-espionage -study

By Eric Auchard
FRANKFURT Mon Nov 10, 2014 5:04am EST

Nov 10 (Reuters) – Security researchers have uncovered a sophisticated industrial espionage campaign that targets business executives in luxury hotels across Asia once they sign on to computers using in-room wireless connections they consider private and secure.

The attacks, which go well beyond typical cybercriminal operations, have claimed thousands of victims dating back to 2009 and continue to do so, Kaspersky Lab, the world’s largest private security firm, shows in a report published on Monday.

Executives from the auto, outsourced manufacturing, cosmetic and chemical industries have been hit, the security firm said. Others targeted include military services and contractors.

In 2012, the FBI issued a general warning to U.S. government officials, businessmen and academics, advising them to use caution when updating computer software via hotel Internet connections when travelling abroad (1.usa.gov/1xAP4YI).

Kaspersky’s report goes further in detailing the scale, methods and precise targeting of these attacks on top business travelers. (bit.ly/1xcU0Gs)

The movements of executives appear to be tracked as they travel, allowing attackers to pounce once a victim logs on to a hotel Wi-Fi network. Hackers cover their tracks by deleting these tools off hotel networks afterward.

“These attackers are going after a very specific set of individuals who should be very aware of the value of their information and be taking strong measures to protect it,” said Kurt Baumgartner, principal security researcher for Kaspersky, the world’s largest privately held cybersecurity firm.

Unsuspecting executives who submit their room number and surname while logging on to their hotel room’s wireless network are tricked into downloading an update to legitimate software such as Adobe Flash, Google Toolbar or Microsoft Messenger, Kaspersky said. Because attacks happen at sign-on, encrypted communications set up later offer no defence against attack.

The same elite spying crew has used advanced keystroke-logging software and encryption-breaking at multiple hotel chains across Asia, it said.

Kaspersky declined to name the executives involved or the luxury destinations targeted but said it had informed the hotels as well as law enforcement officials in affected locations.

Ninety percent of the victims came from five countries — Japan, Taiwan, China, Russia and South Korea. Business travelers to Asia from Germany, Hong Kong, Ireland and the United States have also been duped, Baumgartner said.

The Kaspersky report said a key mystery remains how attackers appear to know the precise travel itinerary of each victim, which points to a larger compromise of hotel business networks that researchers say they are continuing to probe. (Reporting By Eric Auchard; Editing by Clara Ferreira Marques)

SnowdenRick

Shhh… List of Celebrities & Intellectuals in Support of Snowden

More than 50 well known musicians, actors and Nobel laureates (full list below) have shown their support for Edward Snowden and other whistleblowers like WikiLeaks and they are encouraging the public, through their social media outlets, to donate to the Courage Foundation which oversees the official legal defense fund for Edward Snowden and other whistleblowers, as well as fights for whistleblower protections worldwide.

SnowdenMovie

Meanwhile, The Guardian reported that actor Joseph Gordon-Levitt (best remembered for his roles in “Lincoln,” “The Dark Knight Rises” and “Inception” – photo above) has been confirmed to play Snowden in a movie to be directed by Oliver Stone, who has won best director Oscars for “Platoon” and “Born on the Fourth of July”. Stone is also noted for his political films like “JFK”, “Nixon” and “Looking for Fidel”.

According to a press release Monday, the list of signatories in support of Snowden includes:

Udi Aloni
Pamela Anderson
Anthony Arnove
Etienne Balibar
Alexander Bard
John Perry Barlow
Radovan Baros
David Berman
Russell Brand
Victoria Brittain
Susan Buck-Morss
Eduardo L. Cadava
Calle 13
Alex Callinicos
Robbie Charter
Noam Chomsky
Scott Cleverdon
Ben Cohen
Sadie Coles
Alfonso Cuaròn
John Deathridge
Costas Douzinas
Roddy Doyle
Bella Freud
Leopold Froehlich
Terry Gilliam
Charlie Glass
Boris Groys
Michael Hardt
P J Harvey
Wang Hui
Fredric Jameson
Brewster Kahle
Hanif Kureishi
Engin Kurtay
Alex Taek-Gwang Lee
Nadir Lahiji
Kathy Lette
Ken Loach
Maria Dolores Galán López
Sarah Lucas
Mairead Maguire
Tobias Menzies
M.I.A.
W. J. T. Mitchell
Moby
Thurston Moore
Tom Morello
Viggo Mortensen
Jean-Luc Nancy
Bob Nastanovich
Antonio Negri
Brett Netson
Rebecca O’Brien
Joshua Oppenheimer
John Pilger
Alexander Roesler
Avital Ronell
Pier Aldo Rovatti
Susan Sarandon
Peter Sarsgaard
Assumpta Serna
Vaughan Smith
Ahdaf Soueif
Oliver Stone
Cenk Uygur
Yanis Varoufakis
Peter Weibel
Vivienne Westwood
Tracy Worcester
Slavoj Zizek

FacialRecognition

Shhh… US Federal Judge Calls for Scrutiny of FBI’s Facial Recognition System

A federal judge, US District Judge Tanya Chutkan, ruled last week that the FBI’s futuristic facial-recognition database requires scrutiny from open-government advocates because of the size and scope of the surveillance technology as well as privacy concerns – see story below.

Quick background: The FBI announced in late September its US$1 billion facial recognition program – the Next Generation Identification (NGI) System – was finally up and running. In development since at least 2008, “the NGI System was developed to expand the Bureau’s biometric identification capabilities, ultimately replacing the FBI’s Integrated Automated Fingerprint Identification System (IAFIS) in addition to adding new services and capabilities”.

Privacy groups are concerned that the NGI System becomes invasive by collecting images of people suspected of no wrongdoing.

Federal Judge Says Public Has a Right to Know About FBI’s Facial Recognition Database

By Dustin Volz National Journal November 7, 2014

A federal judge has ruled that the FBI’s futuristic facial-recognition database is deserving of scrutiny from open-government advocates because of the size and scope of the surveillance technology.

U.S. District Judge Tanya Chutkan said the bureau’s Next Generation Identification program represents a “significant public interest” due to concerns regarding its potential impact on privacy rights and should be subject to rigorous transparency oversight.

“There can be little dispute that the general public has a genuine, tangible interest in a system designed to store and manipulate significant quantities of its own biometric data, particularly given the great numbers of people from whom such data will be gathered,” Chutkan wrote in an opinion released late Wednesday.

Her ruling validated a Freedom of Information Act lawsuit filed by the Electronic Privacy Information Center that last year made a 2010 government report on the database public and awarded the group nearly $20,000 in attorneys’ fees. That government report revealed the FBI’s facial-recognition technology could fail up to 20 percent of the time. Privacy groups believe that failure rate may be even higher, as a search can be considered successful if the correct suspect is listed within the top 50 candidates.

“The opinion strongly supports the work of open-government organizations and validates their focus on trying to inform the public about government surveillance programs,” said Jeramie Scott, national security counsel with EPIC.

Privacy groups, including EPIC, have long assailed Next Generation Identification, which they argue could be used as an invasive means of tracking that collects images of people suspected of no wrongdoing. The program—a biometric database that includes iris scans and palm prints along with facial recognition—became “fully operational” this summer, despite not undergoing an internal review, known as a Privacy Impact Assessment, since 2008. Government officials have repeatedly pledged they would complete a new privacy audit.

FBI Director James Comey has told Congress that the database would not collect or store photos of ordinary citizens, and instead is designed to “find bad guys by matching pictures to mug shots.” But privacy groups contend that the images could be shared among the FBI and other agencies, including the National Security Agency, and even with state motor-vehicle departments.

In his testimony, given in June, Comey did not completely refute that database information could potentially be shared with states, however.

Government use of facial-recognition technology has undergone increasing scrutiny in recent years, as systems once thought to exist only in science fiction movies have become reality. TheNew York Times reported on leaks from Edward Snowden revealing that the NSA intercepts “millions of images per day” across the Internet as part of an intelligence-gathering program that includes a daily cache of some 55,000 “facial-recognition quality images.”

The Justice Department did not immediately return a request for comment regarding whether it will appeal Chutkan’s decision.

FBIdoc-OpOnymous

Shhh… Counting the Costs of FBI’s Operation Onymous

Op-Onymous

The FBI announced last week that law enforcement agencies including the bureau, the Department of Homeland Security and Europol have arrested 26-year old San Francisco resident Blake Benthall (below) who was allegedly the operator and administrator – under the handle “Defcon” – of the online drugs marketplace Silk Road 2.0, just a year after the original Silk Road’s alleged mastermind, Russ Ulbricht, was also arrested in San Francisco.

BlakeBenthall

According to related court documents, Benthall was charged last Friday with narcotics trafficking, as well as conspiracy charges related to money laundering, computer hacking, and trafficking in fraudulent identification documents – which Benthall reportedly “admitted to everything”.

“The website [Silk Road 2.0] has operated on the “Tor” network, a special network of computers on the Internet, distributed around the world, designed to conceal the true IP addresses of the computers on the network and thereby the identities of the network’s users,” according to the FBI.

The globally coordinated effort involving 17 nations dubbed Operation Onymous – obviously as opposed to the “anonymous” Tor network – has reportedly led to 17 arrests and a seizure of more than 400 “hidden services” and darknet domains, $1 million in bitcoins, $250,000 in cash plus a variety of drugs, gold and silver.

It later emerged there were actually just over 27 sites seized – including Silk Road 2.0 – instead of more than 400 as initially reported: the FBI spokesperson David Berman later clarified the 400 URLs amounted only to a dozen or so sites.

However, several pertinent questions surfaced:

- Is Tor still safe given the FBI has obviously broken (how?) into it?

- Is the world really a safer place after the FBI shut down a major “darknet” marketplace? What makes the authorities rule out the emergence of a more secure, bigger and effective Silk Road 3.0? (The FBI said in its press release that “Those looking to follow in the footsteps of alleged cyber-criminals should understand that we will return as many times as necessary to shut down noxious online criminal bazaars. We don’t get tired.”)

- How much of taxpayers’ monies were spent to make these 17 arrests in 17 nations with this global operation?

Blackberry-Encryption

Shhh… Former NSA Attorney: Encryption Behind Blackberry’s Demise & Warning to Apple and Google

The authorities hate smartphone encryption and it shows. And they’re in concerted efforts to wage a war against it.

In echoing the recent messages from FBI director James Comey and GCHQ chief Robert Hannigan, former NSA general counsel Stewart Baker told the Web Summit audience in Dublin earlier this week that the moves by Google and Apple and others to encrypt user data was more hostile to western intelligence gathering than to surveillance by China or Russia.

In a conversation with Guardian special projects editor James Ball, Baker used Blackberry as an example:

Encrypting user data had been a bad business model for Blackberry, which has had to dramatically downsize its business and refocus on business customers. “Blackberry pioneered the same business model that Google and Apple are doing now – that has not ended well for Blackberry,” said Baker.

He claimed that by encrypting user data Blackberry had limited its business in countries that demand oversight of communication data, such as India and the UAE and got a bad reception in China and Russia. “They restricted their own ability to sell. We have a tendency to think that once the cyberwar is won in the US that that is the end of it – but that is the easiest war to swim.”

Baker said the market for absolute encryption was very small, and that few companies wanted all their employees’ data to be completely protected. “There’s a very comfortable techno-libertarian culture where you think you’re doing the right thing,” said Baker.

“But I’ve worked with these companies and as soon as they get a law enforcement request no matter how liberal or enlightened they think they are, sooner to later they find some crime that is so loathsome they will do anything to find that person and identify them so they can be punished.

This latest anti-encryption blabbing drew quick defense from Blackberry COO Marty Beard, who found Baker’s remarks “don’t make any sense”.

“Security is a topic that’s increasing in importance,” Beard told the audience at FedScoop’s FedTalks event Thursday. “It’s the reason that all G7 countries and the G20 work with BlackBerry.

“We just see it growing in importance. The increasing cybersecurity threats are exploding, security across all [technology] layers is critical.”

2CCTVhack24-HanoiVN

Shhh… CCTVs Live Broadcast

Do not be surprised to find yourself and your treasured private space broadcast round the clock and around the world if whoever installed the security surveillance systems at your home, office or the public areas simply left the default login and password unchanged.

The still images captured (with high-speed broadband) below are just some samples for illustration – the compromised CCTV cameras were conveniently categorized by countries and cities plus the details and exact coordinates like:

- Latitude
- Longitude
- ZIP code
- Time zone
- Channels
- Manufacturer (of the camera)
- Default login
- Default password

According to the web site:

Here you can see thousands of such cameras located in a cafes, shops, malls, industrial objects and bedrooms of all countries of the world. To browse cameras just select the country or camera type.

This site has been designed in order to show the importance of the security settings. To remove your public camera from this site and make it private the only thing you need to do is to change your camera password.

2CCTVhack8-Rome
Photo: Someone bought the latest iPhone in Rome, Italy?

2CCTVhack14-CorunaSPAIN
Photo: Early diners at a restaurant in Coruna, Spain.

2CCTVhack18-KrasnodarRUSSIA
Photo: Someone bothering a receptionist in Krasnodar, Russia?

2CCTVhack22-HanoiVN
Photo: She’s probably lost in Hanoi, Vietnam.

2CCTVhack13-BerlinGermany
Photo: He switched off the lights in a staff quarters at the end of the day in Berlin, Germany.

2CCTVhack11-BakerSt-London
Photo: A quiet part of Baker Street in London, England.

2CCTVhack17-SanFelipeCHILE
Photo: A busy gardener in San Felipe, Chile.

2CCTVhack9-AustinUSA
Photo: No one’s home in Austin, USA.

2CCTVhack16-LoPradoCHILE
Photo: Home in Lo Prado, Chile.

2CCTVhack20-KawasakiJPN
Photo: Home in Kawasaki, Japan.

SeattleTimes

Shhh… FBI’s Mock-Up As Newspaper to Hack Suspect’s Computer

Previously on Shhh-cretly, we reported how the FBI could legally impersonate someone’s identity to create a phony Facebook account in that person’s name without that person’s knowledge in order to reach out to suspected criminals – and separately the NSA also disguised itself as Facebook servers in order to gain access to the computers of intelligence targets.

Well the buck doesn’t stop there. It turned out that the FBI, in the spirits of catching suspects, was also involved in planting fake news stories: The editor of The Seattle Times found out only last week that the FBI made a mock-up of the publication’s website in 2007 in order to spread spyware onto the computer of a suspect.

The FBI is reportedly defending its right to rely on such tactics to prevent “possible act of violence” – and let’s not forget FBI director James Comey is not impressed with Apple and Google phones being “too secure” and he’s been busy making his rounds pressurizing the Congress to force Apple and Google to do away with their new default smartphone encryption so that the bureau can access those devices, in the namesake of law enforcement of course.

Or do you think the bureau has gone well overboard and beyond its restraints?

DigitalFingerprint

Shhh… Micah Lee on Snowden & Smuggling (Secrets) Tricks

Check out this excellent piece from Glenn Greenwald’s The Intercept on how Edward Snowden first contacted Laura Poitras and smuggled his truckloads of NSA secret documents to her with Micah Lee as the middleman.

MicahLee

Photo (above) credit: Micah Lee & Wired

Snowden-014

Shhh… Snowden Awarded Russian Private Literary Prize

Former NSA contractor-turned-fugitive Edward Snowden has bagged another award earlier this week on Monday: a private literary prize from the Zinovyev Institute, a private foundation for the study of creative writings of Russian writer and philosopher Alexander Zinovyev.

Snowden was not in attendance to receive the award given his need to keep a low profile since his asylum in Russia in August last year though he has been appearing actively at various events globally via live broadcast.

Snowden, a 2014 Nobel Peace Prize nominee, also received the Right Livelihood Award 2014 in late September.

NSAmonkeyBiz

Shhh… More NSA Shakeup Following Another Conflict of Interest?

More personnel problems at the National Security Agency…

Another conflict of interest matter has led the agency’s top spy Teresa Shea to leave her position as director of signals intelligence (SIGINT), which the NSA said last week was a “routine” transition “planned well before recent news articles”.

Shea as the SIGINT head was behind some of the most controversial mass surveillance programs disclosed by former NSA contractor Edward Snowden.

The shakeup followed a recent BuzzFeed report (below) on the financial interests of Shea and her husband James Shea. The latter was a contractor with a SIGINT “contracting and consulting” company – Telic Networks – registered to the couple’s home. He is also the vice president of another SIGINT contractor – DRS Signals Solutions – that “appears to do business with the NSA”. The sleuth Shea herself had also incorporated an “office and electronics” business at her home.

These headlines came hot on the heels of recent reports on former NSA director Keith Alexander, who had business dealings with potential conflicts of interest during and after his NSA reign in March. Furthermore, a recent Reuters report found Alexander also hired another top NSA official, chief technology officer Patrick Dowd, to work at his new cyber-security company when Dowd was still on NSA payroll.

Find out more from the following Buzzfeed report:

Exclusive: Shakeup At NSA After BuzzFeed News Reports On Potential Conflict Of Interest

Top National Security Agency official Teresa Shea is leaving her position after BuzzFeed News reported on her and her husband’s financial interests. The move comes as the NSA faces more questions about the business dealings of its former director Keith Alexander, and potential ethics conflicts. This post has been updated to include a response from the NSA.

posted on Oct. 24, 2014, at 12:28 p.m.

Aram Roston
BuzzFeed Staff

WASHINGTON — One of the nation’s top spies is leaving her position at the National Security Agency (NSA), a spokesman confirmed Friday, amid growing disclosures of possible conflicts of interest at the secretive agency.
The shakeup comes just a month after BuzzFeed News began reporting on the financial interests of the official, Teresa Shea, and her husband.

Shea was the director of signals intelligence, or SIGINT, which involves intercepting and decoding electronic communications via phones, email, chat, Skype, and radio. It’s widely considered the most important mission of the NSA, and includes some of the most controversial programs disclosed by former contractor Edward Snowden, including the mass domestic surveillance program.

The NSA provided a statement Friday that said Teresa Shea’s “transition” from the SIGINT director job was routine and “planned well before recent news articles.” The agency indicated she would remain employed, but did not provide specifics.

The Sheas did not respond to a message left at their home telephone number.

In September, BuzzFeed News reported that a SIGINT “contracting and consulting” company was registered at Shea’s house, even while she was the SIGINT director at NSA. The resident agent of the company, Telic Networks, was listed as James Shea, her husband.

Mr. Shea is also the vice president of a major SIGINT contractor that appears to do business with the NSA. The company, DRS Signals Solutions, is a subsidiary of DRS Technologies, which itself is a subsidiary of Italian-owned Finmeccanica SPA.

Last week BuzzFeed News also reported Shea herself had incorporated an “office and electronics” business at her house, and that the company owned a six-seat airplane and a condominium in the resort town of Hilton Head, South Carolina.

Over the past month, Teresa and James Shea haven’t returned phone calls, and the NSA has declined to comment about any specifics, beyond explaining how the agency tries to address conflict of interest issues in general, and to say that “the agency takes Federal ethics laws quite seriously.”

In April, Adm. Michael Rogers took over as director of the NSA, and it was expected he might shuffle staff. One intelligence source said Shea’s departure from her job appeared to be due in part to the “optics” of a top NSA official coming under scrutiny by the press for her and her husband’s business dealings. The other said the press disclosures may have nothing to do with her leaving.

In a statement Friday, NSA spokesman Michael Halbig said that “NSA considers regular rotations of senior leaders as a catalyst for achieving diverse, fresh perspectives on the nation’s critical national security challenges.”

He added that “We value her leadership as a senior leader and look forward to her continued contribution to the mission to help defend the nation.”

Since she would no longer be director of SIGINT, presumably potential conflicts stemming from her husband’s role as a SIGINT contractor, with a SIGINT company at their home, would be alleviated.

Shea, as SIGINT director, presided over most of the NSA operations disclosed by Snowden. The most controversial of those is the mass domestic surveillance program, under which the agency collects data on virtually every phone call Americans make, domestically or overseas, from a cell phone or a landline. But other operations included disclosures that calls by the leaders of foreign allies were intercepted, and that a vast amount of electronic communications were collected from American internet companies such as Google and Yahoo.

Last week, the NSA came under increasing pressure because of the business dealings of former director Keith Alexander, who left the agency in March.

Reuters disclosed that Alexander hired another top NSA official to work at his company, even while the scientist continued to work at the NSA. Reuters said the NSA had begun a review of the unusual agreement, under which NSA Chief Technology Officer Patrick Dowd was to work 20 hours a week at Alexander’s company, Ironnet Cybersecurity, while still working for the U.S. government.

This week, after the controversy erupted, the company said Dowd would no longer work there.

AshkanSoltani

Shhh… FTC New Appointee Ashkan Soltani Irks NSA Top Guns

The US Federal Trade Commission announced last week the appointment of Ashkan Soltani as the FTC’s chief technologist starting November, where he would advise on technology and policy issues for the same agency where he had previously served as a technical expert and staff technologist.

But what made his appointment stands out was other aspects of his resume. Soltani is a renowned and outspoken security researcher and has served as a technical expert for several state attorney general. Most notably, he was recently involved in investigative journalism, as a media consultant at the Washington Post helping Barton Gellman and other reporters on the technical and security aspects of the Snowden documents – and sharing their 2014 Pulitzer Prize for Public Service – plus other spells at The Wall Street Journal and The New York Times.

His latest appointment has upset NSA top guns, drawing criticisms from former NSA director Michael Hayden (and CIA director from 2006 to 2009):

I’m not trying to demonize this fella, but he’s been working through criminally exposed documents and making decisions about making those documents public.

and former NSA general counsel Stewart Baker:

I don’t think anyone who justified or exploited Snowden’s breach of confidentiality obligations should be trusted to serve in government.

In the same report on these reactions, there’s an interesting reader’s comment:

Applesauce-Oath

Hayden and Baker seem to think they took a different oath: to protect the American people from “terrorists” at all costs. And maybe to profit from investing in surveillance companies“? See my earlier posts on Keith Alexander’s business ventures during and after his NSA tenure.

TimCook-Foxconn-RoadTrip

Shhh… Tim Cook in China to Discuss Data Protection & iCloud Hacks

Apple CEO Tim Cook tweeted his photo Wednesday during a China “road trip” where he visited Foxconn and also met Chinese vice premier Ma Kai in Beijing to discuss recent targeted attacks on iCloud originating from the country – The activist group GreatFire.org has reportedly alleged Chinese government involvement.

Meanwhile, Apple has published a guide on how one can verify the authenticity of the iCloud website in Safari, Chrome and Firefox.

Comey-FBI

Shhh… FBI’s Comey Hints Action Against Apple & Google Over Encryption

The FBI director James Comey has been busy making his rounds pressurizing the Congress to force Apple and Google to do away with their new default smartphone encryption.

“Perhaps it’s time to suggest that the post-Snowden pendulum has swung too far in one direction — in a direction of fear and mistrust,” Comey reportedly told the Brookings Institution in a speech last week, where he hinted that the administration might consider new laws and regulations to force companies to offer the government some ways to unlock personal data stored on the phones, such as photos, videos, emails, messages and contacts list “so that those of us in law enforcement, national security and public safety can continue to do the job you have entrusted us to do, in the way you would want us to.”

Here are some video clips to amplify his views on the subject:

BearHacker

Shhh… Sandworm Team Turned Microsoft Windows Flaw into Russian Cyber-espionage Campaign

A group of hackers known as the “Sandworm Team”, allegedly from Russia, has found a fundamental flaw in Microsoft Windows (a zero-day vulnerability impacting all supported versions of Microsoft Windows and Windows Server 2008 and 2012) and turned it into a Russian cyber-espionage campaign targeting NATO, European Union, telecommunications and energy sectors – by pulling emails and documents off computers from NATO, Ukrainian government groups, Western European government officials, and also the energy sector and telecommunications firms, according to new research from iSight Partners, a Dallas-based cybersecurity firm.

iSIGHT_Partners_sandworm_timeline_13oct2014

Photo credit: iSight Partners.

BrowseAnonymously2

Shhh… Privacy: Tor Guide on Browsing Anonymously

Here’s an interesting chart on how to use Tor to browse the web anonymously:

TorInfographics

The Tor Project is a free software and an open network that shields your online identity and thus helps you maintain privacy by defending against network surveillance:

But Tor can still be compromised and multiple layers of security is recommended:

FlashlightApp

Shhh… Top 10 Flashlight Apps Major Privacy Breach & Windfall for CyberCriminals

“I think this is bigger than Ebola right now because 500 million people are infected and they don’t know it. But it’s not them, it’s their smartphone,” said Gary Miliefsky, CEO of SnoopWall, a counterveillance software company focused on helping consumers and enterprises protect their privacy on all of their computing devices including smartphones, tablets and laptops.

“The top 10 flashlight apps today that you can download from the Google Play Store are all malware. They’re malicious, they’re spying, they’re snooping and they’re stealing.”

The personal data stolen from our smartphones – including contacts, emails, messages, bank account details, photos, video, etc – are then sold to cybercriminals in 3 countries: China, India and Russia, according to Miliefsky, a founding member of the US Department of Homeland Security who has advised two White House Administrations on cybersecurity matters.

More information below from SnoopWall press release:

SnoopWall-PR1

SnoopWall-PR2

SnoopWall-PR3

SnoopWall-PR4

SnoopWall-PR5

SnoopWall-PR6