Tag Archives: CIA

Privacy-Eye

Shhh… Spy On Spies – A New Breed of Spies

Here’s an interesting story:


Meet the privacy activists who spy on the surveillance industry

by Daniel Rivero | April 6, 2015

LONDON– On the second floor of a narrow brick building in the London Borough of Islington, Edin Omanovic is busy creating a fake company. He is playing with the invented company’s business cards in a graphic design program, darkening the reds, bolding the blacks, and testing fonts to strike the right tone: informational, ambiguous, no bells and whistles. In a separate window, a barren website is starting to take shape. Omanovic, a tall, slender Bosnian-born, Scottish-raised Londonite gives the company a fake address that forwards to his real office, and plops in a red and black company logo he just created. The privacy activist doesn’t plan to scam anyone out of money, though he does want to learn their secrets. Ultimately, he hopes that the business cards combined with a suit and a close-cropped haircut will grant him access to a surveillance industry trade show, a privilege usually restricted to government officials and law enforcement agencies.

Once he’s infiltrated the trade show, he’ll pose as an industry insider, chatting up company representatives, swapping business cards, and picking up shiny brochures that advertise the invasive capabilities of bleeding-edge surveillance technology. Few of the features are ever marketed or revealed openly to the general public, and if the group didn’t go through the pains of going undercover, it wouldn’t know the lengths to which law enforcement and the intelligence community are going to keep tabs on their citizens.

“I don’t know when we’ll get to use this [company], but we need a lot of these to do our research,” Omanovic tells me. (He asked Fusion not to reveal the name of the company in order to not blow its cover.)

The strange tactic– hacking into an expo in order to come into close proximity with government hackers and monitors– is a regular part of operations at Privacy International, a London-based anti-surveillance advocacy group founded 25 years ago. Omanovic is one of a few activists for the group who goes undercover to collect the surveillance promotional documents.

“At last count we had about 1,400 files,” Matt Rice, PI’s Scottish-born advocacy officer says while sifting through a file cabinet full of the brochures. “[The files] help us understand what these companies are capable of, and what’s being sold around the world,” he says. The brochures vary in scope and claims. Some showcase cell site simulators, commonly called Stingrays, which allow police to intercept cell phone activity within a certain area. Others provide details about Finfisher– surveillance software that is marketed exclusively to governments, which allows officials to put spyware on a target’s home computer or mobile device to watch their Skype calls, Facebook and email activity.

The technology buyers at these conferences are the usual suspects — the Federal Bureau of Investigation (FBI), the UK’s Government Communications Headquarters (GCHQ), and the Australian Secret Intelligence Service– but also representatives of repressive regimes —Bahrain, Sudan, pre-revolutionary Libya– as the group has revealed in attendees lists it has surfaced.

At times, companies’ claims can raise eyebrows. One brochure shows a soldier, draped in fatigues, holding a portable device up to the faces of a somber group of Arabs. “Innocent civilian or insurgent?,” the pamphlet asks.

“Not certain?”

“Our systems are.”

The treasure trove of compiled documents was available as an online database, but PI recently took it offline, saying the website had security vulnerabilities that could have compromised information of anyone who wanted to donate to the organization online. They are building a new one. The group hopes that the exposure of what Western companies are selling to foreign governments will help the organization achieve its larger goal: ending the sale of hardware and software to governments that use it to monitor their populations in ways that violate basic privacy rights.

The group acknowledges that it might seem they are taking an extremist position when it comes to privacy, but “we’re not against surveillance,” Michael Rispoli, head of PI’s communications, tells me. “Governments need to keep people safe, whether it’s from criminals or terrorists or what it may be, but surveillance needs to be done in accordance with human rights, and in accordance with the rule of law.”

The group is waging its fight in courtrooms. In February of last year, it filed a criminal complaint to the UK’s National Cyber Crime Unit of the National Crime Agency, asking it to investigate British technology allegedly used repeatedly by the Ethiopian government to intercept the communications of an Ethiopian national. Even after Tadesse Kersmo applied for– and was granted– asylum in the UK on the basis of being a political refugee, the Ethiopian government kept electronically spying on him, the group says, using technology from British firm Gamma International. The group currently has six lawsuits in action, mostly taking on large, yet opaque surveillance companies and the British government. Gamma International did not respond to Fusion’s request for comment on the lawsuit, which alleges that exporting the software to Ethiopian authorities means the company assisted in illegal electronic spying.

“The irony that he was given refugee status here, while a British company is facilitating intrusions into his basic right to privacy isn’t just ironic, it’s wrong,” Rispoli says. “It’s so obvious that there should be laws in place to prevent it.”

PI says it has uncovered other questionable business relationships between oppressive regimes and technology companies based in other Western countries. An investigative report the group put out a few months ago on surveillance in Central Asia said that British and Swiss companies, along with Israeli and Israeli-American companies with close ties to the Israeli military, are providing surveillance infrastructure and technical support to countries like Turkmenistan and Uzbekistan– some of the worst-ranking countries in the world when it comes to freedom of speech, according to Freedom House. Only North Korea ranks lower than them.

PI says it used confidential sources, whose accounts have been corroborated, to reach those conclusions.

Not only are these companies complicit in human rights violations, the Central Asia report alleges, but they know they are. Fusion reached out to the companies named in the report, NICE Systems (Israel), Verint Israel (U.S./ Israel), Gamma (UK), or Dreamlab (Switzerland), and none have responded to repeated requests for comment.

The report is a “blueprint” for the future of the organization’s output, says Rice, the advocacy officer. “It’s the first time we’ve done something that really looks at the infrastructure, the laws, and putting it all together to get a view on how the system actually works in a country, or even a whole region,” says Rice.

“What we can do is take that [report], and have specific findings and testimonials to present to companies, to different bodies and parliamentarians, and say this is why we need these things addressed,” adds Omanovic, the researcher and fake company designer.

The tactic is starting to show signs of progress, he says. One afternoon, Omanovic was huddled over a table in the back room, taking part in what looked like an intense conference call. “European Commission,” he says afterwards. The Commission has been looking at surveillance exports since it was revealed that Egypt, Tunisia, and Bahrain were using European tech to crack down on protesters during the Arab Spring, he added. Now, PI is consulting with some members, and together they “hope to bring in a regulation specifically on this subject by year’s end.”

***

Privacy International has come a long way from the “sterile bar of an anonymous business hotel in Luxembourg,” where founder Simon Davies, then a lone wolf privacy campaigner, hosted its first meeting with a handful of people 25 years ago. In a blog post commemorating that anniversary, Davies (who left the organization about five years ago) described the general state of privacy advocacy when that first meeting was held:

“Those were strange times. Privacy was an arcane subject that was on very few radar screens. The Internet had barely emerged, digital telephony was just beginning, the NSA was just a conspiracy theory and email was almost non-existent (we called it electronic mail back then). We communicated by fax machines, snail mail – and through actual real face to face meetings that you travelled thousands of miles to attend.”

Immediately, there were disagreements about the scope of issues the organization should focus on, as detailed in the group’s first report, filed in 1991. Some of the group’s 120-odd loosely affiliated members and advisors wanted the organization to focus on small privacy flare-ups; others wanted it to take on huge, international privacy policies, from “transborder data flows” to medical research. Disputes arose as to what “privacy” actually meant at the time. It took years for the group to narrow down the scope of its mandate to something manageable and coherent.

Gus Hosein, current executive director, describes the 90’s as a time when the organization “just knew that it was fighting against something.” He became part of the loose collective in 1996, three days after moving to the UK from New Haven, Connecticut, thanks to a chance encounter with Davies at the London Economics School. For the first thirteen years he worked with PI, he says, the group’s headquarters was the school pub.

They were fighting then some of the same battles that are back in the news cycle today, such as the U.S. government wanting to ban encryption, calling it a tool for criminals to hide their communications from law enforcement. “[We were] fighting against the Clinton Administration and its cryptography policy, fighting against new intersections of law, or proposals in countries X, Y and Z, and almost every day you would find something to fight around,” he says.

Just as privacy issues stemming from the dot com boom were starting to stabilize, 9/11 happened. That’s when Hosein says “the shit hit the fan.”

In the immediate wake of that tragedy, Washington pushed through the Patriot Act and the Aviation and Transportation Security Act, setting an international precedent of invasive pat-downs and extensive monitoring in the name of anti-terrorism. Hosein, being an American, followed the laws closely, and the group started issuing criticism of what it considered unreasonable searches. In the UK, a public debate about issuing national identification cards sprung up. PI fought it vehemently.

“All of a sudden we’re being called upon to respond to core policy-making in Western governments, so whereas policy and surveillance were often left to some tech expert within the Department of Justice or whatever, now it had gone to mainstream policy,” he says. “We were overwhelmed because we were still just a ragtag bunch of people trying to fight fights without funding, and we were taking on the might of the executive arm of government.”

The era was marked by a collective struggle to catch up. “I don’t think anyone had any real successes in that era,” Hosein says.

But around 2008, the group’s advocacy work in India, Thailand and the Philippines started to gain the attention of donors, and the team decided it was time to organize. The three staff members then started the formal process of becoming a charity, after being registered as a corporation for ten years. By the time it got its first office in 2011 (around the time its founder, Davies, walked away to pursue other ventures) the Arab Spring was dominating international headlines.

“With the Arab Spring and the rise of attention to human rights and technology, that’s when PI actually started to realize our vision, and become an organization that could grow,” Hosein says. “Four years ago we had three employees, and now we have 16 people,” he says with a hint of pride.

***

“This is a real vindication for [Edward] Snowden,” Eric King, PI’s deputy director says about one of the organization’s recent legal victories over the UK’s foremost digital spy agency, known as the Government Communications Headquarters or GCHQ.

PI used the documents made public by Snowden to get the British court that oversees GCHQ to determine that all intelligence sharing between GCHQ and the National Security Administration (NSA) was illegal up until December 2014. Ironically, the court went on to say that the sharing was only illegal because of lack of public disclosure of the program. Now that details of the program were made public thanks to the lawsuit, the court said, the operation is now legal and GCHQ can keep doing what it was doing.

“It’s like they’re creating the law on the fly,” King says. “[The UK government] is knowingly breaking the law and then retroactively justifying themselves. Even though we got the court to admit this whole program was illegal, the things they’re saying now are wholly inadequate to protect our privacy in this country.”

Nevertheless, it was a “highly significant ruling,” says Elizabeth Knight, Legal Director of fellow UK-based civil liberties organization Open Rights Group. “It was the first time the [courts have] found the UK’s intelligence services to be in breach of human rights law,” she says. “The ruling is a welcome first step towards demonstrating that the UK government’s surveillance practices breach human rights law.”

In an email, a GCHQ spokesperson downplayed the significance of the ruling, saying that PI only won the case in one respect: on a “transparency issue,” rather than on the substance of the data sharing program. “The rulings re-affirm that the processes and safeguards within these regimes were fully adequate at all times, so we have not therefore needed to make any changes to policy or practice as a result of the judgement,” the spokesperson says.

Before coming on board four years ago, King, a 25-year old Wales native, worked at Reprieve, a non-profit that provides legal support to prisoners. Some of its clients are at Guantanamo Bay and other off-the-grid prisons, something that made him mindful of security concerns when the group was communicating with clients. King worried that every time he made a call to his clients, they were being monitored. “No one could answer those questions, and that’s what got me going on this,” says King.

Right now, he tells me, most of the group’s legal actions have to do with fighting the “Five Eyes”– the nickname given to the intertwined intelligence networks of the UK, Canada, the US, Australia and New Zealand. One of the campaigns, stemming from the lawsuit against GCHQ that established a need for transparency, is asking GCHQ to confirm if the agency illegally collected information about the people who signed a “Did the GCHQ Illegally Spy On You?” petition. So far, 10,000 people have signed up to be told whether their communications or online activity were collected by the UK spy agency when it conducted mass surveillance of the Internet. If a court actually forces GCHQ to confirm whether those individuals were spied on, PI will then ask that all retrieved data be deleted from the database.

“It’s such an important campaign not only because people have the right to know, but it’s going to bring it home to people and politicians that regular, everyday people are caught up in this international scandal,” King says. “You don’t even have to be British to be caught up in it. People all over the world are being tracked in that program.”

Eerke Boiten, a senior lecturer at the interdisciplinary Cyber Security Centre at the University of Kent, says that considering recent legal victories, he can’t write off the effort, even if he would have dismissed it just a year ago.

“We have now finally seen some breakthroughs in transparency in response to Snowden, and the sense that intelligence oversight needs an overhaul is increasing,” he wrote in an email to me. “So although the [British government] will do its best to shore up the GCHQ legal position to ensure it doesn’t need to respond to this, their job will be harder than before.”

“Privacy International have a recent record of pushing the right legal buttons,” he says. “They may win again.”

A GCHQ spokesperson says that the agency will “of course comply with any direction or order” a court might give it, stemming from the campaign.

King is also the head of PI’s research arm– organizing in-depth investigations into national surveillance ecosystems, in tandem with partner groups in countries around the world. The partners hail from places as disparate as Kenya and Mexico. One recently released report features testimonials from people who reported being heavily surveilled in Morocco. Another coming out of Colombia will be more of an “exposé,” with previously unreported details on surveillance in that country, he says.

And then there’s the stuff that King pioneered: the method of sneaking into industry conferences by using a shadow company. He developed the technique Omanovic is using. King can’t go to the conferences undercover anymore because his face is now too well known. When asked why he started sneaking into the shows, he says: “Law enforcement doesn’t like talking about [surveillance]. Governments don’t talk about it. And for the most part our engagement with companies is limited to when we sue them,” he laughs.

When it comes to the surveillance field, you would be hard pressed to find a company that does exactly what it says it does, King tells me. So when he or someone else at PI sets up a fake company, they expect to get about as much scrutiny as the next ambiguous, potentially official organization that lines up behind them.

Collectively, PI has been blacklisted and been led out of a few conferences over the past four years they have been doing this, he estimates.

“If we have to navigate some spooky places to get what we need, then that’s what we’ll do,” he says. Sometimes you have to walk through a dark room to turn on a light. Privacy International sees a world with a lot of dark rooms.

“Being shadowy is acceptable in this world.”

WhiteHouse-Russian-FreakingNews

Shhh… Turning the White House into a Russian House?

Photo (above) credit: http://www.freakingnews.com

Here’s a breaking news (below) from the CNN:

WhiteHouse-Russian

How the U.S. thinks Russians hacked the White House

By Evan Perez and Shimon Prokupecz, CNN
Updated 0037 GMT (0737 HKT) April 8, 2015

Washington (CNN)Russian hackers behind the damaging cyber intrusion of the State Department in recent months used that perch to penetrate sensitive parts of the White House computer system, according to U.S. officials briefed on the investigation.

While the White House has said the breach only affected an unclassified system, that description belies the seriousness of the intrusion. The hackers had access to sensitive information such as real-time non-public details of the president’s schedule. While such information is not classified, it is still highly sensitive and prized by foreign intelligence agencies, U.S. officials say.

The White House in October said it noticed suspicious activity in the unclassified network that serves the executive office of the president. The system has been shut down periodically to allow for security upgrades.

The FBI, Secret Service and U.S. intelligence agencies are all involved in investigating the breach, which they consider among the most sophisticated attacks ever launched against U.S. government systems. ​The intrusion was routed through computers around the world, as hackers often do to hide their tracks, but investigators found tell-tale codes and other markers that they believe point to hackers working for the Russian government.

National Security Council spokesman Mark Stroh didn’t confirm the Russian hack, but he did say that “any such activity is something we take very seriously.”

“In this case, as we made clear at the time, we took immediate measures to evaluate and mitigate the activity,” he said. “As has been our position, we are not going to comment on [this] article’s attribution to specific actors.”

Neither the U.S. State Department nor the Russian Embassy immediately responded to a request for comment.

Ben Rhodes, President Barack Obama’s deputy national security adviser, said the White House’s use of a separate system for classified information protected sensitive national security-related items from being obtained by hackers.

“We do not believe that our classified systems were compromised,” Rhodes told CNN’s Wolf Blitzer on Tuesday.

“We’re constantly updating our security measures on our unclassified system, but we’re frankly told to act as if we need not put information that’s sensitive on that system,” he said. “In other words, if you’re going to do something classified, you have to do it on one email system, one phone system. Frankly, you have to act as if information could be compromised if it’s not on the classified system.”

To get to the White House, the hackers first broke into the State Department, investigators believe.

The State Department computer system has been bedeviled by signs that despite efforts to lock them out, the Russian hackers have been able to reenter the system. One official says the Russian hackers have “owned” the State Department system for months and it is not clear the hackers have been fully eradicated from the system.

As in many hacks, investigators believe the White House intrusion began with a phishing email that was launched using a State Department email account that the hackers had taken over, according to the U.S. officials.

Director of National Intelligence James Clapper, in a speech at an FBI cyberconference in January, warned government officials and private businesses to teach employees what “spear phishing” looks like.

“So many times, the Chinese and others get access to our systems just by pretending to be someone else and then asking for access, and someone gives it to them,” Clapper said.

The ferocity of the Russian intrusions in recent months caught U.S. officials by surprise, leading to a reassessment of the cybersecurity threat as the U.S. and Russia increasingly confront each other over issues ranging from the Russian aggression in Ukraine to the U.S. military operations in Syria.

The attacks on the State and White House systems is one reason why Clapper told a Senate hearing in February that the “Russian cyberthreat is more severe than we have previously assessed.”

The revelations about the State Department hacks also come amid controversy over former Secretary of State Hillary Clinton’s use of a private email server to conduct government business during her time in office. Critics say her private server likely was even less safe than the State system. The Russian breach is believed to have come after Clinton departed State.

But hackers have long made Clinton and her associates targets.

The website The Smoking Gun first reported in 2013 that a hacker known as Guccifer had broken into the AOL email of Sidney Blumenthal, a friend and advisor to the Clintons, and published emails Blumenthal sent to Hillary Clinton’s private account. The emails included sensitive memos on foreign policy issues and were the first public revelation of the existence of Hillary Clinton’s private email address​ now at the center of controversy: hdr22@clintonemail.com. The address is no longer in use.

Wesley Bruer contributed to this report

Snowden-JohnOliver

Shhh… Edward Snowden on John Oliver’s ‘Last Week Tonight’

Have to feel sorry for Snowden here…

Hacked

Shhh… Anatomy of a Hack – What Should You Do After You’re Hacked?

Ever wonder what happens when one’s hacked?

Here’s an insightful chilling account of how one victim attempted to trace the hacker who invaded into his onlife life and Bitcoin wallet.

Hacked-AnatomyOfAHack

Anatomy of a Hack

In the early morning hours of October 21st, 2014, Partap Davis lost $3,000. He had gone to sleep just after 2AM in his Albuquerque, New Mexico, home after a late night playing World of Tanks. While he slept, an attacker undid every online security protection he set up. By the time he woke up, most of his online life had been compromised: two email accounts, his phone, his Twitter, his two-factor authenticator, and most importantly, his bitcoin wallets.

Davis was careful when it came to digital security. He chose strong passwords and didn’t click on bogus links. He used two-factor authentication with Gmail, so when he logged in from a new computer, he had to type in six digits that were texted to his phone, just to make sure it was him. He had made some money with the rise of bitcoin and held onto the bitcoin in three protected wallets, managed by Coinbase, Bitstamp, and BTC-E. He also used two-factor with the Coinbase and BTC-E accounts. Any time he wanted to access them, he had to verify the login with Authy, a two-factor authenticator app on his phone.

Other than the bitcoin, Davis wasn’t that different from the average web user. He makes his living coding, splitting time between building video education software and a patchwork of other jobs. On the weekends, he snowboards, exploring the slopes around Los Alamos. This is his 10th year in Albuquerque; last year, he turned 40.

After the hack, Davis spent weeks tracking down exactly how it had happened, piecing together a picture from access logs and reluctant customer service reps. Along the way, he reached out to The Verge, and we added a few more pieces to the puzzle. We still don’t know everything — in particular, we don’t know who did it — but we know enough to say how they did it, and the points of failure sketch out a map of the most glaring vulnerabilities of our digital lives.

Mail.com

It started with Davis’ email. When he was first setting up an email account, Davis found that Partap@gmail.com was taken, so he chose a Mail.com address instead, setting up Partap@mail.com to forward to a less memorably named Gmail address.

Some time after 2AM on October 21st, that link was broken. Someone broke into Davis’ mail.com account and stopped the forwarding. Suddenly there was a new phone number attached to the account — a burner Android device registered in Florida. There was a new backup email too, swagger@mailinator.com, which is still the closest thing we have to the attacker’s name.

For simplicity’s sake, we’ll call her Eve.

How did Eve get in? We can’t say for sure, but it’s likely that she used a script to target a weakness in Mail.com’s password reset page. We know such a script existed. For months, users on the site Hackforum had been selling access to a script that reset specific account passwords on Mail.com. It was an old exploit by the time Davis was targeted, and the going rate was $5 per account. It’s unclear how the exploit worked and whether it has been closed in the months since, but it did exactly what Eve needed. Without any authentication, she was able to reset Davis’ password to a string of characters that only she knew.

AT&T

Eve’s next step was to take over Partap’s phone number. She didn’t have his AT&T password, but she just pretended to have forgotten it, and ATT.com sent along a secure link to partap@mail.com to reset it. Once inside the account, she talked a customer service rep into forwarding his calls to her Long Beach number. Strictly speaking, there are supposed to be more safeguards required to set up call forwarding, and it’s supposed to take more than a working email address to push it through. But faced with an angry client, customer service reps will often give way, putting user satisfaction over the colder virtues of security.

Once forwarding was set up, all of Davis’ voice calls belonged to Eve. Davis still got texts and emails, but every call was routed straight to the attacker. Davis didn’t realize what had happened until two days later, when his boss complained that Davis wasn’t picking up the phone.


Google and Authy

Next, Eve set her sights on Davis’ Google account. Experts will tell you that two-factor authentication is the best protection against attacks. A hacker might get your password or a mugger might steal your phone, but it’s hard to manage both at once. As long as the phone is a physical object, that system works. But people replace their phones all the time, and they expect to be able to replace the services, too. Accounts have to be reset 24 hours a day, and two-factor services end up looking like just one more account to crack.

Davis hadn’t set up Google’s Authenticator app, the more secure option, but he had two-factor authentication enabled — Google texted him a confirmation code every time he logged in from a new computer. Call forwarding didn’t pass along Davis’ texts, but Eve had a back door: thanks to Google’s accessibility functions, she could ask for the confirmation code to be read out loud over the phone.

Authy should have been harder to break. It’s an app, like Authenticator, and it never left Davis’ phone. But Eve simply reset the app on her phone using a mail.com address and a new confirmation code, again sent by a voice call. A few minutes after 3AM, the Authy account moved under Eve’s control.

It was the same trick that had fooled Google: as long as she had Davis’ email and phone, two-factor couldn’t tell the difference between them. At this point, Eve had more control over Davis’s online life than he did. Aside from texting, all digital roads now led to Eve.

Coinbase

At 3:19AM, Eve reset Davis’s Coinbase account, using Authy and his Mail.com address. At 3:55AM, she transferred the full balance (worth roughly $3,600 at the time) to a burner account she controlled. From there, she made three withdrawals — one 30 minutes after the account was opened, then another 20 minutes later, and another five minutes after that. After that, the money disappeared into a nest of dummy accounts, designed to cover her tracks. Less than 90 minutes after his Mail.com account was first compromised, Davis’ money was gone for good.

Authy might have known something was up. The service keeps an eye out for fishy behavior, and while they’re cagey about what they monitor, it seems likely that an account reset to an out-of-state number in the middle of the night would have raised at least a few red flags. But the number wasn’t from a known fraud center like Russia or Ukraine, even if Eve might have been. It would have seemed even more suspicious when Eve logged into Coinbase from the Canadian IP. Could they have stopped her then? Modern security systems like Google’s ReCAPTCHA often work this way, adding together small indicators until there’s enough evidence to freeze an account — but Coinbase and Authy each only saw half the picture, and neither had enough to justify freezing Partap’s account.


BTC-E and Bitstamp

When Davis woke up, the first thing he noticed was that his Gmail had mysteriously logged out. The password had changed, and he couldn’t log back in. Once he was back in the account, he saw how deep the damage went. There were reset emails from each account, sketching out a map of the damage. When he finally got into his Coinbase account, he found it empty. Eve had made off with 10 bitcoin, worth more than $3,000 at the time. It took hours on the phone with customer service reps and a faxed copy of his driver’s license before he could convince them he was the real Partap Davis.

What about the two other wallets? There was $2,500 worth of bitcoin in them, with no advertised protections that the Coinbase wallet didn’t have. But when Davis checked, both accounts were still intact. BTC-e had put a 48-hour hold on the account after a password change, giving him time to prove his identity and recover the account. Bitstamp had an even simpler protection: when Eve emailed to reset Davis’s authentication token, they had asked for an image of his driver’s license. Despite all Eve’s access, it was one thing she didn’t have. Davis’ last $2,500 worth of bitcoin was safe.


Twitter

It’s been two months now since the attack, and Davis has settled back into his life. The last trace of the intrusion is Davis’ Twitter account, which stayed hacked for weeks after the other accounts. @Partap is a short handle, which makes it valuable, so Eve held onto it, putting in a new picture and erasing any trace of Davis. A few days after the attack, she posted a screenshot of a hacked Xfinity account, tagging another handle. The account didn’t belong to Davis, but it belonged to someone. She had moved onto the next target, and was using @partap as a disposable accessory to her next theft, like a stolen getaway car.

Who was behind the attack? Davis has spent weeks looking for her now — whole afternoons wasted on the phone with customer service reps — but he hasn’t gotten any closer. According to account login records, Eve’s computer was piping in from a block of IP addresses in Canada, but she may have used Tor or a VPN service to cover her tracks. Her phone number belonged to an Android device in Long Beach, California, but that phone was most likely a burner. There are only a few tracks to follow, and each one peters out fast. Wherever she is, Eve got away with it.

Why did she choose Partap Davis? She knew about the wallets upfront, we can assume. Why else would she have spent so much time digging through the accounts? She started at the mail.com account too, so we can guess that somehow, Eve came across a list of bitcoin users with Davis’ email address on it. A number of leaked Coinbase customer lists are floating around the internet, although I couldn’t find Davis’ name on any of them. Or maybe his identity came from an equipment manufacturer or a bitcoin retailer. Leaks are commonplace these days, and most go unreported.

Davis is more careful with bitcoin these days, and he’s given up on the mail.com address — but otherwise, not much about his life has changed. Coinbase has given refunds before, but this time they declined, saying the company’s security wasn’t at fault. He filed a report with the FBI, but the bureau doesn’t seem interested in a single bitcoin theft. What else is there to do? He can’t stop using a phone or give up the power to reset an account. There were just so many accounts, so many ways to get in. In the security world, they call this the attack surface. The bigger the surface, the harder it is to defend.

Most importantly, resetting a password is still easy, as Eve discovered over and over again. When a service finally stopped her, it wasn’t an elaborate algorithm or a fancy biometric. Instead, one service was willing to make customers wait 48 hours before authorizing a new password. On a technical level, it’s a simple fix, but a costly one. Companies are continuously balancing the small risk of compromise against the broad benefits of convenience. A few people may lose control of their account, but millions of others are able to keep using the service without a hitch. In the fight between security and convenience, security is simply outgunned.

3/5 11:10am ET: Updated to clarify Bitstamp security protocols.

DeptOftheInternet

Shhh… Department of the Internet: How the Government Has Taken Over Our Lives

It’s mid-week… thought I should share something light for a change: an alternative comic look into privacy and the government takeover of the internet in our daily lives.

Snowden-ACLUDavisLevin2stAmndConf4

Shhh… Snowden at the ALCU Hawaii’s Davis Levin First Amendment Conference

Here’s the video clip of Edward Snowden’s latest public appearance (via video conference) on 14 February 2015 at the The Davis Levin First Amendment Conference, to a sold-out audience at the Hawaii Convention Center in Honolulu.

Previous speakers at this event include Daniel Ellsberg, Kenneth Starr, US Supreme Court Justice Antonin Scalia, Ralph Reed, Nadine Strossen and Jay Sekulow.

BND

Shhh… List of 3,500 Spy Names sold by German Double Agent

The double agent is reportedly known as Markus R., a 32-year-old employee of Germany’s foreign intelligence agency (BND) who allegedly passed the list to a CIA contact.

Airport

Shhh… The WikiLeaks’ CIA Travel Guide

I like to share with you the latest WikiLeaks release, “CIA Travel Advice to Operatives”. Its press release is pasted below (click here for the full report).

And I find it appropriate to highlight an earlier column, Spies and the Airport Screening Machine.

Enjoy!

CIA Travel Advice to Operatives – Press Release

Today, 21 December 2014, WikiLeaks releases two classified documents by a previously undisclosed CIA office detailing how to maintain cover while travelling through airports using false ID – including during operations to infiltrate the European Union and the Schengen passport control system. This is the second release within WikiLeaks’ CIA Series, which will continue in the new year.

The two classified documents aim to assist CIA undercover officials to circumvent these systems around the world. They detail border-crossing and visa regulations, the scope and content of electronic systems, border guard protocols and procedures for secondary screenings. The documents show that the CIA has developed an extreme concern over how biometric databases will put CIA clandestine operations at risk – databases other parts of the US government made prevalent post-9/11.

How to Survive Secondary Screening without Blowing your CIA Cover

The CIA manual “Surviving Secondary”, dated 21 September 2011, details what happens in an airport secondary screening in different airports around the world and how to pass as a CIA undercover operative while preserving one’s cover. Among the reasons for why secondary screening would occur are: if the traveller is on a watchlist (noting that watchlists can often contain details of intelligence officials); or is found with contraband; or “because the inspector suspects that something about the traveler is not right”.

The highlighted box titled “The Importance of Maintaining Cover––No Matter What” at the end of the document provides an example of an occasion when a CIA officer was selected for secondary screening at an EU airport. During the screening his baggage was swiped and traces of explosives found. The officer “gave the cover story” to explain the explosives; that he had been in counterterrorism training in Washington, DC. Although he was eventually allowed to continue, this example begs the question: if the training that supposedly explained the explosives was only a cover story, what was a CIA officer really doing passing through an EU airport with traces of explosives on him, and why was he allowed to continue?

The CIA identifies secondary screening as a threat in maintaining cover due to the breadth and depth of the searches, including detailed questioning, searches of personal belongings and electronic databases and collection of biometrics “all of which focus significant scrutiny on an operational traveler”.

The manual provides advice on how best to prepare for and pass such a process: having a “consistent, well-rehearsed, and plausible cover”. It also explains the benefits of preparing an online persona (for example, Linked-In and Twitter) that aligns with the cover identity, and the importance of carrying no electronic devices with accounts that are not for the cover identity, as well as being mentally prepared.

CIA Overview of EU Schengen Border Control

The second document in this release, “Schengen Overview”, is dated January 2012 and details guidelines for border officials in the EU’s Schengen zone and the threats their procedures might pose in exposing the “alias identities of tradecraft-conscious operational travelers”, the CIA terminology for US spies travelling with false ID during a clandestine operation. It outlines how various electronic systems within Schengen work and the risks they pose to clandestine US operatives, including the Schengen Information System (SIS), the European fingerprint database EURODAC (European Dactyloscopie) and FRONTEX (Frontières extérieures) – the EU agency responsible for easing travel between member states while maintaining security.

While Schengen currently does not use a biometric system for people travelling with US documents, if it did this “would increase the identity threat level” and, the report warns, this is likely to come into place in 2015 with the EU’s Entry/Exit System (EES). Currently, the Visa Information System (VIS), operated by a number of Schengen states in certain foreign consular posts, provides the most concern to the CIA as it includes an electronic fingerprint database that aims to expose travellers who are attempting to use multiple and false identities. As use of the VIS system grows it will increase the “identity threat for non-US-documented travelers”, which would narrow the possible false national identities the CIA could issue for undercover operatives.

WikiLeaks’ Editor-in-Chief Julian Assange said: “The CIA has carried out kidnappings from European Union states, including Italy and Sweden, during the Bush administration. These manuals show that under the Obama administration the CIA is still intent on infiltrating European Union borders and conducting clandestine operations in EU member states.”

Both documents are classified and marked NOFORN (preventing allied intelligence liaison officers from reading it). The document detailing advice on maintaining cover through secondary screening also carries the classification ORCON (originator controlled) and specifically allows distribution to Executive Branch Departments/Agencies of the US government with the appropriate clearance, facilitating clandestine operations by the other 16 known US government spy agencies. Both documents were produced by a previously unknown office of the CIA: CHECKPOINT, situated in the Identity Intelligence Center (i2c) within the Directorate of Science and Technology. CHECKPOINT specifically focuses on “providing tailored identity and travel intelligence” including by creating documents such as those published today designed specifically to advise CIA personnel on protecting their identities while travelling undercover.

MichaelHayden

Shhh… Michael Hayden on the Senate’s CIA Interrogation Report

Photo (above) credit: CIA

I like to share this POLITICO MAGAZINE exclusive interview with former CIA Director (May 30, 2006 – February 12, 2009) Michael Hayden on the release of the US Senate’s report.

Michael Hayden Is Not Sorry
The Senate report rakes Bush’s former CIA director over the coals. He fires back in an exclusive interview.

By MICHAEL HIRSH
December 09, 2014

Though the CIA’s “enhanced interrogation” program long predated his takeover of the agency in 2006, former Director Michael Hayden has found himself at the center of the explosive controversy surrounding the Senate Intelligence Committee’s executive summary of its still-classified report on torture. In a long, impassioned speech on the floor Tuesday, Committee Chair Dianne Feinstein cited Hayden’s testimony repeatedly as evidence that the CIA had not been forthright about a program that the committee majority report called brutal, ineffective, often unauthorized “and far worse than the CIA represented to policymakers and others.” She publicly accused Hayden of falsely describing the CIA’s interrogation techniques “as minimally harmful and applied in a highly clinical and professional manner.” In an interview with Politico Magazine National Editor Michael Hirsh, Hayden angrily rebuts many of the report’s findings.

Michael Hirsh: The report concludes, rather shockingly, that Pres. George W. Bush and other senior officials—including Defense Secretary Donald Rumsfeld for a time and Secretary of State Colin Powell—were not aware of many details of the interrogation programs for a long period. According to CIA records, it concludes, no CIA officer including Directors George Tenet and Porter Goss briefed the president on the specific enhanced interrogation techniques before April 2006. Is that true?

Michael Hayden: It is not. The president personally approved the waterboarding of Abu Zubaydah [in 2002]. It’s in his book! What happened here is that the White House refused to give them [the Senate Intelligence Committee] White House documents based upon the separation of powers and executive privilege. That’s not in their report, but all of that proves that there was dialogue was going on with the White House. What I can say is that the president never knew where the [black] sites were. That’s the only fact I’m aware that he didn’t know.

Hirsh: The report directly challenges your truthfulness, repeatedly stating that your testimony on the details of the programs –for example on whether the interrogations could be stopped at any time by any CIA participant who wanted them halted— is “not congruent with CIA records.” Does that mean you weren’t telling the truth?

Hayden: I would never lie to the committee. I did not lie.

Hirsh: Does it mean that you, along with others at senior levels, were misled about what was actually going on in the program?

Hayden: My testimony is consistent with what I was told and what I had read in CIA records. I said what the agency told me, but I didn’t just accept it at face value. I did what research I could on my own, but I had a 10-day window in which to look at this thing [the committee’s request for information]. I was actually in Virginia for about 30 hours and studied the program for about three before I went up to testify. I was trying to describe a program I didn’t run. The points being made against my testimony in many instances appear to be selective reading of isolated incidents designed to prove a point where I was trying to describe the overall tenor of the program. I think the conclusions they drew were analytically offensive and almost street-like in their simplistic language and conclusions. The agency has pushed back rather robustly in its own response.

Hirsh: You seem upset.

Hayden: Yeah, I’m emotional about it. Everything here happened before I got there [to the CIA], and I’m the one she [Sen. Feinstein] condemns on the floor of the Senate? Gee, how’d that happen? I’m the dumb son of a bitch who went down and tried to lay out this program in great detail to them. I’m mentioned twice as much in there as George Tenet—but George and Porter Goss had 97 detainees during their tenure, while I had two.

Hirsh: Is there anything you think the report gets right?

Hayden: All of us are really upset because we could have used a fair and balanced review of what we did. … The agency clearly admits it was fly-by-wire in the beginning. They were making it up as they went along and it should have been more well-prepared. They’ve freely admitted that. They said that early on they lacked the core competencies required to undertake an unprecedented program of detaining and interrogating suspected terrorists around the world. But then what the committee does is to take what I said out of context. They take statements I made about the later days of the program, for example when I said it was well-regulated and there were medical personnel available, etc., and then apply it to the early days of the program, when there were not. It misrepresents what I said.

Hirsh: One of the most stunning and cited conclusions of the report is that interrogations of CIA detainees were brutal and far worse than the CIA represented to policymakers and others.

Hayden: That is untrue. And let me give you a data point. John Durham, a special independent prosecutor, over a three-year period investigated every known CIA interaction with every CIA detainee. At the end of that the Obama administration declined any prosecution. [In 2012, the Justice Department announced that its investigation into two interrogation deaths that Durham concluded were suspicious out of the 101 he examined—those of Afghan detainee Gul Rahman and Iraqi detainee Manadel al-Jamadi—would be closed with no charges.] So if A is true how does B get to be true? If the CIA routinely did things they weren’t authorized to do, then why is there no follow-up? I have copies of the DOJ reports they’re using today. The question is, is the DoJ going to open any investigation and the DoJ answer is no. You can’t have it both ways. You can’t have all this supposed documentary evidence saying the agency mistreated these prisoners and then Barack Obama’s and Eric Holder’s Department of Justice saying no, you’ve got bupkis here.

Hirsh: What about the report’s overarching conclusion that these enhanced techniques simply were not effective at getting intelligence?

Hayden: My very best argument is that I went to [then-Deputy CIA Director] Mike Morell and I said, ‘Don’t fuck with me. If this story [about the usefulness of intelligence gained from enhanced techniques] isn’t airtight then I’m not saying it to Congress.’ They came back and said our version of the story is correct. Because of this program Zubaydah begat [Khalid Sheikh Mohammed], who begat [others]. We learned a great deal from the detainees.

Hirsh: The report says that even the CIA’s inspector general was not fully informed about the programs—that in fact the CIA impeded oversight by the IG.

Hayden: The IG never told me that. The IG never reported that to Congress. Look, I’m relying on people below me. If they tell you an untruth, you get rid of them. But I never felt I was being misled, certainly not on the important contours of this program. What they [the committee] are doing is grabbing emails out of the ether in a massive fishing expedition. This is a partisan report, as you can see from the minority report out of the committee.

Hirsh: Can you sort out the discrepancy between your testimony that there were only 97 detainees in the history of the program when the report says there 119?

Hayden: We knew there were more. The high-value-target program—they don’t show up on my list if they’re at the [black] sites. And committee knew all about that. They have chapter and verse from [former CIA IG John] Helgerson about it. It’s a question of what criteria you use. When I met with my team about these discrepancies, I said, ‘You tell [incoming CIA director] Leon Panetta he’s got to change the numbers that have been briefed to Congress.’

Hirsh: The report suggests that you misrepresented what you told Congress in the briefings, telling a meeting of foreign ambassadors to the United States in 2006 that every committee member was “fully briefed.”

Hayden: I mean what are they doing—trying to score my public speeches? What’s that about? You want me to go out and score Ron Wyden’s speeches?

Hirsh: You don’t believe you’re in legal jeopardy?

Hayden: No, not at all. I didn’t do anything wrong. How could I be in legal jeopardy?

Michael Hirsh is national editor for Politico Magazine.

CIAreport-Guatanamo

The US Senate Intelligence Committee & CIA Interrogation Report – A Closer Look at the Tortures at Guantanamo Bay

CIA-guantanamo

In view of the huge trove of news coverage following the release of the long overdue and highly anticipated CIA Interrogation report (the BBC has a nice summary of the 20 key findings) by the US Senate Intelligence Committee on Tuesday, I thought it is good to (re)view this UK’s Channel 4 “Guantanamo Handbook” documentary.

It is a reenactment of the tortures at one of the most well known US military prisons in Cuba called the Guantanamo Bay detention camp, also referred to as Guantánamo, G-bay or GTMO – whereby 7 British volunteered to be detainees and subjected to selected CIA-style tortures for 48 hours.

Most notably, one volunteer who started off saying he supported the torture program as a means to gather intelligence and save lives – as per White House speaks – was the first to withdraw on medical grounds after just 10 hours, saying even though he had “strong views” earlier, he has “become more sympathetic of what’s going on there than before” and felt lucky he was “pulled” (out of the program).

Action speaks louder than words? Period.

Spies-Russia

Shhh… The Puppet Master Putin & Russia’s Escalating Spy Operations

The decision by Russian President Vladimir Putin to leave the G20 summit in Brisbane, Australia prematurely earlier this week, following a cold reception by other world leaders for his incursion into Ukraine, hit the global headlines but Putin, who bailed himself out on sleep deprivation grounds, might actually be laughing on his flight back to Moscow: his recognition of the rapidly deteriorating relations with the West and fear of being surrounded by enemies have probably justified his decision to beef up Russia’s espionage operations.

But it was probably for the same reason – the increased efforts in intelligence gathering – and its consequences that also prompted Putin to rush back to the Krelim.

According to the Russian Foreign Ministry earlier this week, Poland “made such an unfriendly and incomprehensible step” to expel some of its diplomats and subsequently:

Russia undertook adequate response measures. Several Polish diplomats have left the territory of our country for the activities not compatible with their status.

The Russian media reported last weekend that Moscow has deported former Latvian parliamentarian Aleksejs Holostovs after its intelligence agency, the Federal Security Service (FSB), alleged Holostovs of spying for both Latvia and America’s Central Intelligence Agency (CIA).

Germany’s Der Spiegel magazine also reported last weekend that a female diplomat at the German embassy in Moscow was expelled after a Russian diplomat working in Bonn was forced to leave amid media reports the latter was a spy.

There could be more to come following these sudden frenzies on the deportations of suspected Russian spies, and Russia’s (usual) tit-for-tat response, much reminiscent of the Cold War era.

And speaking of the Cold War, here’s a nice wrap up (below) from The Moscow Times about 6 spies who have defined that era.

One lasting impression I had on Robert Hanssen (below) – a former US Federal Bureau of Investigation agent who spied for Soviet and Russian intelligence services against the United States for 22 years from 1979 to 2001 – was the book Spy: The Inside Story of How FBI’s Robert Hanssen Betrayed America which described Hanssen’s initial reaction when he was eventually caught:

“What took you so long?!”

Six Spies Who Defined the Cold War Era
The Moscow Times Nov. 17 2014 21:54

AldrichAmes

1. Aldrich Ames

Plagued by drinking problems and a propensity toward extramarital affairs, Ames was lured into spying for the Soviet Union by the promise of money. Over the course of nine years, he received $4.6 million for revealing at least eight CIA sources. He was arrested in 1994 and sentenced to life imprisonment.

RobertHanssen

2. Robert Hanssen

Also motivated by the siren’s song of money, Hanssen worked for both the Soviet Union and Russia. He was suspected of acting as a double agent on a number of occasions, but was only arrested in 2001 while dropping off a garbage bag full of information in a park near Washington D.C. The failure to identify him for several decades was described by the U.S. Justice Department as “possibly the worst intelligence disaster in U.S. history.” Hanssen was sentenced to life imprisonment.

DmitriPolyakov

3. Dmitri Polyakov

Both Hanssen and Ames reportedly exposed Polyakov’s work as a CIA agent. A Soviet major general and a high-ranking GRU military intelligence officer, Polyakov served as a CIA informant for 25 years, ultimately becoming one of the best sources for the agency, providing information on the growing rift between the Soviet Union and China. He was arrested by the KGB in 1986, sentenced to death and executed in 1988. According to CIA officers who worked with him, he provided the information out of principle, not for money.

KimPhilby

4. Kim Philby

Philby was the most successful member of the Cambridge Five, a group of British spies who — driven by their socialist beliefs — defected to the Soviet Union. Philby was MI-6’s director for counter-espionage operations. In particular, he was responsible for fighting Soviet subversion activities in Western Europe. After arousing suspicion that he might be a defector, Philby was dismissed from his post and from MI-6 overall in 1956. He fled to the Soviet Union in 1963, where he lived until his death from heart failure in Moscow in 1988.

OlegGordievsky

5. Oleg Gordievsky

After growing disenchanted with the KGB and the Soviet Union, Gordievsky, a KGB colonel, became a longtime high-ranking spy for MI-6. In 1982, he was promoted to manage Soviet espionage in Britain as a resident in the London Embassy. He was called back to Moscow on suspicion of working for a foreign power, but the British managed to smuggle him out of the country. He has lived in England ever since.

ArkadyShevchenko

6. Arkady Shevchenko

Shevchenko was one of the highest-ranking Soviet officials to defect to the West. Working as undersecretary general of the United Nations, he became a CIA informant in 1975. Shevchenko was often referred to as a triple agent: While working as a Soviet diplomat at the UN, he was allegedly passing secrets to the U.S. In 1978 he fled to the U.S., dying of cirrhosis of the liver there in 1998.

CIA

Shhh… CIA Stand-down in Western Europe?

The CIA has undertaken an unprecedentedly long stand-down on friendly Western European allies following the recent furor in the aftermath of an exposed German agent and accumulated impacts from the Snowden revelations in order to re-examine its strategy, according to current and former US officials, which if true would prove an unfortunate timing for the United States given its concerns about Europe’s response to Russian aggression and monitoring of European extremists in Syria.

The so-called pause means CIA officers based in Europe have to withdraw covert clandestine meetings to gather intelligence from their well-placed sources, or roping in new recruits for that matter, though they are not barred from meeting their counterparts in the host country and conduct joint operations with host country services, according to the Associated Press.

Director of National Intelligence James Clapper reportedly said Thursday that the US is assuming more risks given its pullback from spying on “specific targets”.

The stand-down was part of the fallout from the July 2 arrest of a 31-year old employee of the German intelligence service who later confessed he worked for the CIA. The CIA station chief in Berlin was (unprecedentedly) forced out of Germany a few days later, which underscored the German stance on the US who have already been stung from earlier Snowden revelations that the NSA had been tapping on the mobile phone of German Chancellor Angela Merkel.

While such halts are common after an operation was compromised they were “never this long or this deep”, which has been in effect for about 2 months now.

Now the question is, would a NSA stand-down follow? Bet not and probably never.

CIA-ClandestineOps

Shhh… CIA’s Declassified Archives – Highlight American Vulnerabilities

The US Central Intelligence Agency released on Thursday a trove of newly declassified “Studies in Intelligence” documents on its homepage.

The move was the result of a long-running lawsuit between the agency and a former employee Jeffrey Scudder – according to the Washington Post (see video clip below) – whose CIA stint includes a 2-year spell looking after the agency’s historical files which ultimately ended his CIA career after he submitted a request under the Freedom of Information Act to release records of old clandestine operations he believed should have been made public.

Amongst the 249 documents released, spanning from the 1970s to 2000s, there’s one labeled “Analyzing Economic Espionage” which attempts to examine foreign intelligence operations against US economic interests beyond the scope and threats of technological advances – including the focus on certain traits of Americans that make them vulnerable to foreign agents, ie. resulting in a threat to the US.

“Foreign intelligence services are more inclined to operate against American targets outside the US” and “some intelligence services that stop short of recruiting US citizens use intelligence operatives to elicit information from them; the targeted American is unwitting of his interlocutor’s intelligence connection”.

CIAclassified

The 7-page document listed “certain personality attributes that increase our vulnerability”:

– Americans like to talk. We tend to be sociable and gregarious, even with casual contacts. We want to be liked, especially by foreigners, because many of us are still trying to overcome an “ugly American” complex. We place a higher premium on candor than on guile, on trust than on discretion.

– Many Americans do not know foreign languages, which in some respects puts them at a disadvantage when living in foreign countries. This does not mean we are “innocents abroad,” but it may make us less likely to pick up clues of suspicious behavior. Americans who do not know the language of a given country may forget that nationals of that country in a position to overhear their conversations often do know English.

– Many Americans are ambitious, oriented toward job advancement and professional recognition. Inevitably, some morally weak individuals are willing to sacrifice personal integrity in pursuit of their career goals.

AllThePresident'sMen

Shhh… Obama’s CIA Watergate?

This year August 9 marked the day Richard Milhous Nixon resigned as the 37th US President back in 1974 and the Discovery channel aptly aired its documentary “All the President’s Men Revisited” that day to mark the 40th anniversary of the Watergate.

Redford-Hoffman

I watched the 1976 classic “All the President’s Men” countless times during my newsroom days as a commercial crimes investigative reporter – and eventually won the 2005 SOPA award for one of my exposé thanks to this inspiring and fascinating “violent” movie, as Robert Redford the narrator in the documentary put it.

And I can’t help wondering: does the movie have any relevance today?

Obviously President Barack Obama is not President Nixon. The former has not been impeached like the latter. But the recent CIA spying on the Senate is exactly the present day equivalent, with some cyber elements of course, of the Watergate break-in.

Professor Bruce Ackerman of Yale University is right when he wrote that Obama “is wrong to support the limited response of his CIA director, John Brennan, who is trying to defer serious action by simply creating an “accountability panel” to consider “potential disciplinary measures” or “systemic issues.””

CIA Director John Brennan apologized to the Senate Intelligence Committee earlier this month when he admitted his agency not only spied on computers used by its staffers but also read the emails of the Senate investigators involved in investigating the controversial post 9/11 CIA interrogation and detention program.

Senate committee members were certainly not impressed even though Obama continued to support Brennan as a “man of great integrity”.

With continued failure to live up to his promise of a more transparent government, Obama is increasingly tainting his leadership to put himself in the history books for all the wrong reasons – probably not as bad as Nixon but only time will tell.

Shhh… CIA Style Manual? For Those Who Inspire to Write Like a Spy

It looks like the US intelligence agency takes writing very seriously – the picture below says it, “the security of our nation depends on it”.

CIAreport

Wonder if the CIA hired John le Carre to write this style guide and if the great spy novelist endorsed it if it was otherwise. Check out the 190-page manual here.

cat-writing

Oh btw you can tweet to the PR-savvy agency @CIA

Post-Snowden, the US Reaps a Security Whirlwind

Post-Snowden, the US Reaps a Security Whirlwind

From China with Love

It’s the one year anniversary of what is now known as the Snowden revelations, which appeared on June 5 and June 9 when The Guardian broke news of classified National Security Agency documents and Edward Snowden revealed himself in Hong Kong as the source of those leaks.

There is still much to decipher from the chronology of events in the aftermath and the sudden global awakening to the end of privacy. Among the impacts on the personal, business and political fronts, one interesting salient feature is the hypocritical rhetorical spats between the US and China in recent weeks, which could set the undertone for US-Sino relations for years to come.

Snowden said his biggest fear is that nothing would change following his bold decision a year ago.

You can find the entire column here.

More US Cyber-Spying?

More US Cyber-Spying?

Defense Secretary Hagel Faces a Tough Time Explaining This to China

US Defense Secretary Chuck Hagel announced at the National Security Agency headquarters last Friday that the Pentagon would triple its cyber security staff – to 6,000 – over the next few years to defend against computer-based attacks.

That’s great. I wonder how Hagel is going to face the music when he visits China later this week where he expects to be grilled on the latest NSA revelations and aggressive US cyber spying. Just last month, it was revealed that the NSA has for years assessed the networks of Chinese telecommunications company Huawei, which the US House of Representatives has long advocated that US companies should avoid on the grounds of national security.

Find out more from my latest column here and there.

Coping With Offline Snoops

Latest NSA Revelations Not the End of the World

The latest NSA revelations about their ability to penetrate into computers that are not even connected to the Internet may have caused deep concerns but there are at least 2 defensive measures one can undertake.

You can find out more from my latest column here.

The Walls that Spy

Bad news for those who say ‘If only the walls could talk’. They can.

Hotel rooms are never safe havens as spies know only too well, but warnings of the risk often fall on deaf ears, to the sorrow or sometimes embarrassment of the tenants. Two recent news stories and the episode that I describe below hopefully change the public perceptions.

The stories describe how the UK’s Government Communications Headquarters (GCHQ) has traced and wiretapped top diplomats in their hotel suites over the past three years through its secret “Royal Concierge” program, which tracked some 350 hotels across the world, according to documents exposed by the former US intelligence contractor turned fugitive Edward Snowden.

Separately, it emerged in media reports last week that US President Barack Obama takes extreme measures to ward off any threats of secret video or audio surveillance by setting up an anti-spy portable tent in his hotel suite when traveling abroad, including in allied countries that the US allegedly targeted in conducting massive surveillance against foreign leaders and citizens. That amplifies the deep US concerns about being spied upon as much as spying on its friends and risks inviting potential hypocritical labeling of the White House.

I have written previously about the risk but there is much more than meets the eye, including an interesting exchange I once had with a foreign agent about the spy trade and hotel room risks.

Please find the entire column here and there.

Security Lapse at the EU Summit

Security officials leave an easily tapped device in closed-door conferences of European leaders

In photos made public of several closed-door bilateral meetings between various European leaders last week, there were two common denominators. One was the presence of the French President Francois Hollande. The other was the VoIP phone on the desk. The question is: What is that phone doing there?

In the middle of a major brouhaha over charges that the US National Security Agency had allegedly monitored the phone conversations of foreign diplomats, the officials in those photos were speaking to each other in the presence of this easily-tapped device.

What these these photos highlight is a security lapse, thus generating many questions: What else have European countries missed and not done to better protect their leaders from American or any eavesdropping?

You can find the entire column here and there.

Was Edward Snowden A Spy?

Or was Dick Cheney looking for a cheap excuse to play politics?

Edward Snowden with his sudden departure from Hong Kong for Moscow and eventually elsewhere, possibly a country hostile to the US, would reignite the question if he’s a spy or double agent.

But the allegations made last week by former US vice president Dick Cheney that the National Security Agency whistle-blower Edward Snowden could be a spy for China is off track, and he knows it, and are a deliberate public distraction as the Obama administration searches for scapegoats in the midst of defending the NSA surveillance programs with their one and only trump card.

Snowden left with his passport annulled, a warrant on his head plus criminal charges of espionage, theft and communicating classified intelligence to unauthorized persons.

But here is the dichotomy: While the corporate world is still coping with US regulations on better corporate governance practices, where does the notion of whistleblowing stand right now?

Please read the entire column here.

The Enemies of the US

Take your pick: Edward Snowden, Internet and phone service providers, or just everybody?

The furor over the past week about how US intelligence agencies like the National Security Agency and the Federal Bureau of Investigation have for years scooped up massive loads of private communications data raises one critical and distressing question.

Who, worldwide and in the US, are the general public supposed to trust now that it seems all forms of digital and cyber communications risk being read by the American authorities? The Americans, it seems, don’t believe it’s that big a deal. By 62-34, according to the latest poll by Pew Research and the Washington Post, they say it’s more important to investigate the threats than protect their privacy. But what about the rest of the world?

The immediate acknowledgement, rather than point blank denial, of the massive clandestine eavesdropping programs is no doubt alarming even for those long suspicious of such covert undertakings. But the more disturbing part is that the official response amounts to plain outright lies.

Please read this entire Opinion Column here.

DIY Counter Espionage

Spying on Spies

The FBI probe into the scandal involving former CIA director David Petraeus and his mistress may have stolen global headlines the past week.

But there is something else the FBI knows that should warrant more attention. Something closer to those of us less exalted than the boss of the world’s most famous spy agency.

The FBI is known to have video footage, covertly taken in a hotel room somewhere in China, showing how Chinese agents broke in and swept through the belongings and laptop of an American businessman.

There were recent media reports of similar incidents. The FBI is now showing the clip as a warning to corporate security experts of major US companies.

The FBI also warned some months ago about the risks of using hotel wi-fi networks and recommended all government officials, businessmen and academic personnel take extra caution when traveling abroad.

Whilst the corporate world is often most at risks, the average citizens are also highly vulnerable, especially to electronic surveillance on home and foreign soil.

So what can one do to protect the personal data and business secrets on the computers, especially when traveling abroad?

Please read full article here and there.

Spy Game: Kids for Tricks

The First World’s Version of Child Soldiers?

It is estimated that 250,000 children are fighting in wars all over the world, recruited by force or lured by the false promise of an escape from poverty. They are living a life no child should ever lead.

But across the planet, another crop of children, living in affluence in Cupertino, California, or Knightsbridge in London, or Berlin are being recruited as child soldiers. They won’t bear arms. They won’t nudge from their posts – usually in their parents’ back bedrooms.

On Halloween, while their peers are wearing goblin costumes and going from door to door, their families might regard them as hiding in their bedrooms and staying away from trouble.

But so you thought. They may be in much bigger trouble than you could ever imagine – they could be on a Wanted List from intelligence agencies – for hire. But in their teen years, are they capable of making the moral decisions to take up spying, any more than a 12 year old peering over the sights of a Kalashnikov in Sierra Leone?

Read the full article here.

How to Beat the CIA and Protect Your Data

A little secret and long overdue column – as I have promised some weeks ago.

How about leading a cyber lifestyle without the risks of compromising your computer, privacy and precious confidential data… ie. your life?!

There’s an easy solution and you do not have to be a computer expert. But the CIA, MI6, etc, wouldn’t want you to know the trick… because you can beat those spies and hackers by going online and leaving no trace.

Read the full article here.