Category Archives: Security

CIA

Shhh… CIA Stand-down in Western Europe?

The CIA has undertaken an unprecedentedly long stand-down on friendly Western European allies following the recent furor in the aftermath of an exposed German agent and accumulated impacts from the Snowden revelations in order to re-examine its strategy, according to current and former US officials, which if true would prove an unfortunate timing for the United States given its concerns about Europe’s response to Russian aggression and monitoring of European extremists in Syria.

The so-called pause means CIA officers based in Europe have to withdraw covert clandestine meetings to gather intelligence from their well-placed sources, or roping in new recruits for that matter, though they are not barred from meeting their counterparts in the host country and conduct joint operations with host country services, according to the Associated Press.

Director of National Intelligence James Clapper reportedly said Thursday that the US is assuming more risks given its pullback from spying on “specific targets”.

The stand-down was part of the fallout from the July 2 arrest of a 31-year old employee of the German intelligence service who later confessed he worked for the CIA. The CIA station chief in Berlin was (unprecedentedly) forced out of Germany a few days later, which underscored the German stance on the US who have already been stung from earlier Snowden revelations that the NSA had been tapping on the mobile phone of German Chancellor Angela Merkel.

While such halts are common after an operation was compromised they were “never this long or this deep”, which has been in effect for about 2 months now.

Now the question is, would a NSA stand-down follow? Bet not and probably never.

CIA-ClandestineOps

Shhh… CIA’s Declassified Archives – Highlight American Vulnerabilities

The US Central Intelligence Agency released on Thursday a trove of newly declassified “Studies in Intelligence” documents on its homepage.

The move was the result of a long-running lawsuit between the agency and a former employee Jeffrey Scudder – according to the Washington Post (see video clip below) – whose CIA stint includes a 2-year spell looking after the agency’s historical files which ultimately ended his CIA career after he submitted a request under the Freedom of Information Act to release records of old clandestine operations he believed should have been made public.

Amongst the 249 documents released, spanning from the 1970s to 2000s, there’s one labeled “Analyzing Economic Espionage” which attempts to examine foreign intelligence operations against US economic interests beyond the scope and threats of technological advances – including the focus on certain traits of Americans that make them vulnerable to foreign agents, ie. resulting in a threat to the US.

“Foreign intelligence services are more inclined to operate against American targets outside the US” and “some intelligence services that stop short of recruiting US citizens use intelligence operatives to elicit information from them; the targeted American is unwitting of his interlocutor’s intelligence connection”.

CIAclassified

The 7-page document listed “certain personality attributes that increase our vulnerability”:

- Americans like to talk. We tend to be sociable and gregarious, even with casual contacts. We want to be liked, especially by foreigners, because many of us are still trying to overcome an “ugly American” complex. We place a higher premium on candor than on guile, on trust than on discretion.

- Many Americans do not know foreign languages, which in some respects puts them at a disadvantage when living in foreign countries. This does not mean we are “innocents abroad,” but it may make us less likely to pick up clues of suspicious behavior. Americans who do not know the language of a given country may forget that nationals of that country in a position to overhear their conversations often do know English.

- Many Americans are ambitious, oriented toward job advancement and professional recognition. Inevitably, some morally weak individuals are willing to sacrifice personal integrity in pursuit of their career goals.

NSAmug

Shhh… The NSA Not Comfortable Being Watched?

How do NSA staffer feel about being filmed, even it’s just only in the public? Strangely, irate and very uncomfortable as 2 students found out Wednesday at the University of New Mexico’s Engineering and Science Career Fair where the NSA has set up a booth to recruit computer geeks (yes, hackers).

Source: The Intercept

Key-NZpm

Shhh… PM John Key Denied Mass Surveillance & NSA Sites in New Zealand

New Zealand Prime Minister John Key appeared before the press in Dunedin Tuesday and said he would not rule out the possibility that the American intelligence agency NSA is conducting mass surveillance on New Zealanders but rejected claims that Kiwi spies have access to such information.

Key also shot down claims made by both Edward Snowden and Glenn Greenwald Monday that the NSA had sites operating in the country but he declined to answer questions about the data collection programme X-Keyscore, citing national security concerns.

Wikileaks

Shhh… WikiLeaks Released Weaponized German Surveillance Malware (For Download) Used by Intelligence Agencies Around the World

Intelligence agencies around the world have been spying on journalists, activists and political dissidents using a surveillance malware produced by FinFisher, a German company specializing in computer intrusion systems, the exploitation of software and remote monitoring systems capable of intercepting communications and data from various devices, according to WikiLeaks which revealed Monday the latest published batch of secret documents.

The whistleblower website also released a list of FinFisher customers, which includes “Slovakia, Mongolia, Qatar State Security, South Africa, Bahrain, Pakistan, Estonia, Vietnam, Australia NSW Police, Belgium, Nigeria, Netherlands KLPD, PCS Security in Singapore, Bangladesh, Secret Services of Hungary, Italy and Bosnia & Herzegovina Intelligence”.

The FinFisher’s spyware is able to intercept communications and data from computers installed with the Mac OS X, Windows and Linux operating systems, as well as Android, iOS, BlackBerry, Symbian and Windows Mobile portable devices.

“FinFisher continues to operate brazenly from Germany selling weaponised surveillance malware to some of the most abusive regimes in the world. The Merkel government pretends to be concerned about privacy, but its actions speak otherwise. Why does the Merkel government continue to protect FinFisher? This full data release will help the technical community build tools to protect people from FinFisher including by tracking down its command and control centers,” said WikiLeaks founder Julian Assange.

But what makes the latest WikiLeaks release really stands out this time is that it did not simply release documents but posted the actual software for anyone to download- YES, the actual zip files containing the malware on its site but with this warning:

In order to prevent any accidental execution and infection, the following files have been renamed and compressed in password protected archives (the password is “infected”). They are weaponised malware, so handle carefully.”

Snowden-AucklandDotCom

Shhh… Snowden’s Latest Appearance – Kim Dotcom’s “Moment of Truth” Event in Auckland

Above: Edward Snowden discussed online surveillance on Kim Dotcom’s Moment of Truth event in Auckland, New Zealand on September 15. Both Julian Assange and Glenn Greenwald were also present.

The event follows up on the acknowledgement by Prime Minister John Key that the Kiwi intelligence agency Government Communications Security Bureau (GCSB) had tapped into the cable but only for the purposes of a cybersecurity programme – following his earlier denial of any allegation that the GCSB had spied on New Zealanders.

New Zealanders are now waiting for Key to explain the revelations that the GCSB operates X-Keyscore in New Zealand and conducting mass surveillance on the citizens on behalf of the NSA without their knowledge.

Watch the entire event here below:

Comcast-OnTOR

Shhh… Comcast Set Record Straight on TOR

Amidst widespread reports early this week that Comcast Corporation has been discouraging customers from using the Tor Browser, the anonymous browser favored by people like Snowden and hackers alike, Comcast – the largest broadcasting and cable company in the world by revenue – has clarified that the reports were not true and the company has not asked customers to stop using Tor or any other browser.

“We have no policy against Tor, or any other browser or software. Customers are free to use their Xfinity Internet service to visit any website, use any app, and so forth.”

See Comcast’s clarification here.

ArthurPorter

Shhh… Rogue Canadian Spies Secretly Tortured and Hanged – Arthur Porter

A handful of “rogue” Canadian spies on secret missions overseas were “tortured and hanged” though the truth was covered up and hidden from the Parliament and also the sleuths’ families, according to a tell-all book “The Man Behind the Bow Tie” by Arthur Porter (pictured above – Photo Credit: Montreal Gazette), the former head of Canada’s Security and Intelligence Review Committee (SIRC), the spy watchdog of the country’s intelligence agency CSIS (Canadian Security Intelligence Service).

ManBehindTheBowTie

These spies were found to have snapped photographs of military facilities “without the formal approval” from the CSIS in a foreign country “not exactly a close friend of Canada”, according to the Toronto Sun about the release of the new memoir by Porter, a former medical doctor (oncologist) who headed the McGill University Health Center in Montreal before his SIRC spell between 2008-2011.

“Canadians ended up losing their lives. They were tortured and hanged. We had to keep the truth of how they died from their families, telling them instead that they fell off a balcony in Dubai, for example,” according to the Toronto Sun quoting Porter from his book.

“None of these incidents ever made the papers, and they were not isolated incidents. For whatever reason, agents sometimes went rogue, a bit too James Bond, and stretched the limits of their official position”.

The Sierra Leone-born Porter, always seen in his iconic bow tie, has been a controversial figure, who resigned three months prior to his SIRC term after the National Post reportedly alleged him of business dealings with a notorious international lobbyist and his own close ties to the president of Sierra Leone.

In mid-2013, the Canadian and American citizen Porter was at the center of the largest fraud investigation in Canadian history when he was arrested in Panama on alleged fraud charges relating to a kick-back scheme for the construction of the new billion-dollar hospital at the McGill University Health Center.

The release of his whistle-blowing book, to be released September 15, may raise some eyebrows considering his personal rogue history – Porter was understood to be still under arrest in Panama awaiting extradition to Canada.

NobelPeacePrize

Shhh… Norway to Arrest Nobel-nominated Snowden

The Norwegian police should arrest NSA whistle-blower and fugitive Edward Snowden if he showed up in Norway to receive the Nobel Peace Prize this December, according to a Norwegian politician.

Norwegian Right Wing Party MP Michael Tatzschner warned that bagging the prestigious prize would in no way exempt Snowden from arrest and Norway should not make a distinction between a Nobel Peace Prize winner and any other wanted American citizen.

“Norway needs to respect the agreements that we have signed,” Tatzschener told Norway’s media Dagbladet on Tuesday, with reference to international law that, given a valid US warrant, requires Norway to arrest Snowden if he arrives in the country.

MAD-Magazine-Snowden-Flee

Snowden (shown above: Photo credit to MAD magazine) has been nominated for the Peace Prize, to be announced end of the year, amid growing global support.

He was recently granted a three-year residence permit by the Russian authorities on August 1.

But the most wanted man in the world could receive Swiss asylum if he opts to travel to Switzerland to testify against the National Security Agency, according to my previous piece earlier this week.

The Swiss Attorney General has stated that Switzerland would not extradite a US citizen if the individual’s “actions constitute a political offense, or if the request has been politically motivated”.

ECHQ

Shhh… Privacy Group Took “Five Eyes” Spy Pact Inquiries to Top European Court

Privacy International, a campaigning body on issues relating to surveillance matters, has lodged on Tuesday an appeal to the European Court of Human Rights (ECHR) to publish the treaty behind the intelligence sharing amongst the “Five Eyes” after the British government declined their initial applications, which the civil liberties group branded as a violation of the right to access of information.

The Anglophone countries behind the “Five Eyes” – the US, UK, Canada, Australia and New Zealand – have a treaty that bounds them to joint cooperation in signals intelligence – they don’t spy on each other but instead share the intelligence they have collected. The Snowden revelations also revealed that the NSA shared the intelligence with a host other “third parties”.

The British Government Communications Headquarters (GCHQ), the equivalent to the American NSA, has turned down every freedom of information requests filed by Privacy International for details on how information was shared between the intelligence agencies of this global spy pact.

According to The Guardian quoting Rosa Curling of law firm Leigh Day:

“The UK’s Freedom of Information Act precludes government authorities from disclosing to the public information directly or indirectly supplied by GCHQ.

“This absolute exemption is unlawful and contrary to article 10 of the European convention on human rights, which provides for the right to freedom of expression, which includes the right to receive information.”

The ECHR, located in Strasbourg, France, is an international court set up by the European Convention on Human Rights.

NSA-NoGlennPic

Cloud Hacks More Than Just Nude Pics

Ever Thought of More Catastrophic Consequences?

The sensational invasion last week by hackers into dozens of pictures of nude Hollywood celebrities was a wardrobe malfunction on major scale, but it is time to take a more serious look beyond the alluring pictures. The world is heading for more catastrophic consequences in the cloud.

The leaks of the celebrities’ photos went viral online after hackers used new “brute force” attacks to break into the victims’ online accounts, casting the spotlight on the security of cloud computing.

But the disturbing and often overlooked question is, why are so many companies still blindly and trustingly moving ever more data into the cloud, where online access to highly confidential information related to clients, customers, employees, deals, business plans and performances and worst of all, our personal details, is left seemingly and increasingly more vulnerable?

Please refer to my entire column here.

CellPhoneTower-Fake

Shhh… Mysterious Fake Cellphone Towers Possibly New Foreign Threats

In what seems like invasion of privacy scaling to new heights, surpassing even the most dystopian state of any hardcore Orwellian, Americans found to their horror of not only having to live with NSA snoops on all their private communications when a recent Popular Science report revealed the existence of fake cellphone towers across the US that cannot be linked to any owner or operator and set up simply to connect to nearby phones, bypassing encryption to eavesdrop on calls and read text messages.

GSMinterceptor-USmap

As many as 17 such fake cellphone towers have been discovered in July alone, with more expected to be found, according to the map above charted out in August by ESD America CEO Les Goldsmith and phone technology expert.

What’s more disturbing is that most of the fake towers are set up near US military bases which prompts the question if these were US or foreign government interceptors.

These interceptors are radio-equipped devices to overcome the onboard encryption on our phones, Android or iOS alike. Their target is actually another operating system hidden behind every phone called the baseband processor, which channels the communications between the core OS and the cellphone towers.

And these towers are unlikely to belong to the NSA as the agency can simply go the local phone carriers to suck up all the metadata, as the Snowden revelations have revealed.

It would be interesting to keep an eye on the US Federal Communications Commission which The Washington Post announced early August that it is investigating into the use and misuse of surveillance technology by criminal networks and foreign intelligence.

Memo-Merkel

Shhh… A Memo to Merkel: “Dubious” Intelligence About Russian “Invasion” of Ukraine

It was revealed that prior to the NATO Summit on September 4-5, German Chancellor Angela Merkel received a memo from a group of US intelligence veterans (with names disclosed) warning about the reliability of Ukrainian and US media claims regarding a Russian “invasion”.

According to the veterans from the Veteran Intelligence Professionals for Sanity (VIPS), the ” accusations of a major Russian “invasion” of Ukraine appear not to be supported by reliable intelligence. Rather, the “intelligence” seems to be of the same dubious, politically “fixed” kind used 12 years ago to “justify” the U.S.-led attack on Iraq”.

You can find the entire memo below.

1Memo4Merkel

2Memo4Merkel

3Memo4Merkel

4Memo4Merkel

5Memo4Merkel

internet-undersea-cable

Shhh… NSA Ready for Google’s “Faster” Trans-Pacific Undersea Internet Cable

You can imagine the NSA getting impatient over free lunches following the announcement last month about Google’s proposed underseas fiber optic cable that will span the Pacific Ocean from the US west coast to Japan starting mid-2016.

The new cable dubbed “Faster” to transmit 60 terabits per second will be “easy to tap for sure”, according to a former NSA official quoted in a report by online news portal VentureBeat.

Google will cough out US$300 million to join hands with several parties – including China Mobile International, China Telecom Global, Global Transit, KDDI and SingTel – for the project which “could have big implications for Google on the public-cloud front and also for mobile needs”.

The involvement of some of these Google’s partners in this undertaking would blow the socks off many in the intelligence communities.

Intelligence agencies tapping into undersea cables have been well documented. The NSA’s British counterparts GCHQ, for example, have “Tempora” that could collect up to 21 million gigabytes of data every 24 hours as previously revealed by Edward Snowden, according to VentureBeat.

Apart from tapping communications, undersea cables are also left vulnerable exactly where they are.

scubaDivers-CutCables

Media reports had it that the Egyptian Armed Forces have arrested 3 scuba divers who tried to cut and sabotage an undersea internet cable in the Mediterranean.

Meanwhile lawyers representing the US government are in court hearings at the 2nd US Circuit Court of Appeals in Manhattan this week to defend the government’s bulk collection of telephone records from millions of Americans. Please stay tune.

Drone

Shhh… New US Drone Base in the Sahara

The government of Niger has given the Pentagon the greenlight to set up a new and second drone base in the West African nation – in one of the most remote places along an ancient caravan crossroads in the middle of the Sahara, at the mud-walled desert city of Agadez.

This base, its third in the region, will allow the US military to fly unarmed drones along a desert corridor that connects northern Mali and southern Libya which allows the drones to zero on a key route for arms traffickers, drug smugglers and Islamist fighters migrating across the Sahara, according to a report by online news portal Stuff in New Zealand based on sources from Nigerian and US officials.

This move allows the Pentagon “track Islamist fighters who have destabilized parts of North and West Africa. It also advances a little-publicized US strategy to tackle counter-terrorism threats alongside France, the former colonial power in that part of the continent,” according to Stuff.

A document from the US Department of Justice dated July 16, 2010 was released to justify US drone killings.

USdronesSahara

The picture above reveals the American and French military presence in the Sahara region, courtesy of The Washington Post.

DigitalGlobe-Pool

Shhh… The Most Powerful Eye Watching From Above is Now a Commercial Satellite

The fear that the military and intelligence agencies won’t be the only ones spying on us from the sky has now become a reality.

Just last month, a company named DigitalGlobe launched into the orbit the world’s most powerful commercial satellite, called WorldView-3, a half-billion dollars gadget that can snap sharp images of the ground at a 30-centimeter resolution.

The following video shows the launch of WorldView-3 as seen from Vandenberg Air Force Base on August 13, 2014.

The WorldView-3 is now the highest-resolution commercial satellite in space. This satellite can capture images of “not only a car, but the windshield and the direction the car is going”, almost 40% sharper than what’s currently available. In fact, its images are so sharp that because of “regulatory restrictions, we can’t yet display the 30 cm native resolution data, so we’re sharing imagery resampled to 40 cm”, according to the company – see for example the featured DigitalGlobe images above and below.

worldview3-40-cm-resolution-examples-madrid-spain-1-638

The US government is said to be DigitalGlobe’s top customer but the general public can also get to view these highly precise images later through Google Maps. In the commercial sphere, potential applications could range from mapping to corporate logistics to academic research.

Click here for some sample WorldView-3 images.

portscanner-for-windows-7-matrix

Shhh… German Paper Reveals GCHQ’s Hacienda Program for Internet Colonization

The German news site Heise Online revealed late last week that British intelligence agency GCHQ has a “Hacienda” program to search for vulnerable systems across 27 countries that could be compromised by the British agency and its spy-counterparts in other countries, including the US, Canada, Australia and New Zealand.

Hacienda

The GCHQ reportedly used port scanning, which hackers used to find systems they can potentially penetrate, as a “standard tool” against the entire nations it targeted.

“It should also be noted that the ability to port-scan an entire country is hardly wild fantasy; in 2013, a port scanner called Zmap was implemented that can scan the entire IPv4 address space in less than one hour using a single PC,” according to Heise.

“The list of targeted services includes ubiquitous public services such as HTTP and FTP, as well as common administrative protocols such as SSH (Secure SHell protocol – used for remote access to systems) and SNMP (Simple Network Management Protocol – used for network administration).”

Hacienda27countries

The same argument holds for those who still harbor the self-comforting thought of being “nobody”, “just an ordinary law-abiding citizen”, “small potato”, etc and thus not a surveillance target: it may not be you that they are interested but the people you “know”, “work with”, “chat with”, “befriend with”, “live with”, etc.

“Using this logic, every device is a target for colonization, as each successfully exploited target is theoretically useful as a means to infiltrating another possible target” and “Firewalls are unlikely to offer sufficient protection”, said the Heise report.

Message+in+a+bottle

Shhh… New Secure NSA-Proof Chat & Messaging Solutions like Bleep and Tox

If you are looking for Skype-alternatives because you are concerned with reports of its security issues – given Skype’s alleged “background” problems and refusal to reveal its encryption method – then take comfort that there are a host of options available you’ll be spoiled with choices.

Most recently BitTorrent, best associated with making the peer-to-peer (P2P) software that allows users to download the same file from multiple sources simultaneously, has announced the launch of a pre-alpha version of its secure chat and voice-message service called BitTorrent Bleep.

Bleep

In order to counter mass surveillance and eavesdropping, Bleep enables users to make calls and send messages over the Internet without using any central server to direct traffic. What BitTorrent did was to apply the same P2P technology used for decentralized file sharing to Bleep so there is no way one could track and peep at the conversations. In essence, Bleep is a decentralized communication platform specifically designed to protect user metadata and anonymity.

And in short, every messages a user sent out is just a “Bleep” to the recipients. Sounds good? The only problem for now is that Bleep is currently limited to Windows 7 or 8 users, although there will be support for more operating systems later.

On the other hand, there is also TOX, a Free and Open Source Software (FOSS – ie. one can verify its code, unlike Skype) initiative and secure alternative to an all-in-one communication platform that guarantees full privacy and secure message delivery.

TOX

Tox takes pride in being a configuration-free P2P Skype replacement.

“Configuration-free means that the user will simply have to open the program and without any account configuration will be capable of adding people to his or her’s friends list and start conversing with them,” according to the TOX homepage.

And finally, here’s a list of ten other Skype alternatives to explore.

2Snowden-Bolshoi

Shhh… NSA Missed Snowden’s Clues

The NSA had all along claimed Snowden stole 1.7 million files but Snowden told WIRED in an exclusive interview that there were apparently much more as the agency somehow missed his “digital bread crumbs“.

“I figured they would have a hard time,” Snowden said of his evidence trail. “I didn’t figure they would be completely incapable.”