Tag Archives: NSA

Five eye -2

Shhh… Beyond the NSA’s “Five Eyes”

The “Five Eyes” (FVEY) countries comprising of the US, UK, Canada, Australia and New Zealand are bound by a treaty for joint cooperation in signals intelligence – they don’t spy on each other but instead share the intelligence they have collected.

But the US also share with a host of other “third parties” as revealed in the recent book “No Place to Hide” by Glenn Greenwald. See the list of these countries at 1:50 of this clip.

portscanner-for-windows-7-matrix

Shhh… German Paper Reveals GCHQ’s Hacienda Program for Internet Colonization

The German news site Heise Online revealed late last week that British intelligence agency GCHQ has a “Hacienda” program to search for vulnerable systems across 27 countries that could be compromised by the British agency and its spy-counterparts in other countries, including the US, Canada, Australia and New Zealand.

Hacienda

The GCHQ reportedly used port scanning, which hackers used to find systems they can potentially penetrate, as a “standard tool” against the entire nations it targeted.

“It should also be noted that the ability to port-scan an entire country is hardly wild fantasy; in 2013, a port scanner called Zmap was implemented that can scan the entire IPv4 address space in less than one hour using a single PC,” according to Heise.

“The list of targeted services includes ubiquitous public services such as HTTP and FTP, as well as common administrative protocols such as SSH (Secure SHell protocol – used for remote access to systems) and SNMP (Simple Network Management Protocol – used for network administration).”

Hacienda27countries

The same argument holds for those who still harbor the self-comforting thought of being “nobody”, “just an ordinary law-abiding citizen”, “small potato”, etc and thus not a surveillance target: it may not be you that they are interested but the people you “know”, “work with”, “chat with”, “befriend with”, “live with”, etc.

“Using this logic, every device is a target for colonization, as each successfully exploited target is theoretically useful as a means to infiltrating another possible target” and “Firewalls are unlikely to offer sufficient protection”, said the Heise report.

Message+in+a+bottle

Shhh… New Secure NSA-Proof Chat & Messaging Solutions like Bleep and Tox

If you are looking for Skype-alternatives because you are concerned with reports of its security issues – given Skype’s alleged “background” problems and refusal to reveal its encryption method – then take comfort that there are a host of options available you’ll be spoiled with choices.

Most recently BitTorrent, best associated with making the peer-to-peer (P2P) software that allows users to download the same file from multiple sources simultaneously, has announced the launch of a pre-alpha version of its secure chat and voice-message service called BitTorrent Bleep.

Bleep

In order to counter mass surveillance and eavesdropping, Bleep enables users to make calls and send messages over the Internet without using any central server to direct traffic. What BitTorrent did was to apply the same P2P technology used for decentralized file sharing to Bleep so there is no way one could track and peep at the conversations. In essence, Bleep is a decentralized communication platform specifically designed to protect user metadata and anonymity.

And in short, every messages a user sent out is just a “Bleep” to the recipients. Sounds good? The only problem for now is that Bleep is currently limited to Windows 7 or 8 users, although there will be support for more operating systems later.

On the other hand, there is also TOX, a Free and Open Source Software (FOSS – ie. one can verify its code, unlike Skype) initiative and secure alternative to an all-in-one communication platform that guarantees full privacy and secure message delivery.

TOX

Tox takes pride in being a configuration-free P2P Skype replacement.

“Configuration-free means that the user will simply have to open the program and without any account configuration will be capable of adding people to his or her’s friends list and start conversing with them,” according to the TOX homepage.

And finally, here’s a list of ten other Skype alternatives to explore.

2Snowden-Bolshoi

Shhh… NSA Missed Snowden’s Clues

The NSA had all along claimed Snowden stole 1.7 million files but Snowden told WIRED in an exclusive interview that there were apparently much more as the agency somehow missed his “digital bread crumbs“.

“I figured they would have a hard time,” Snowden said of his evidence trail. “I didn’t figure they would be completely incapable.”

Shhh… What’s this Google’s “Project Zero”?

Several reports have surfaced the last 24 hours about Google’s “Project Zero”, essentially the online search giant’s very own in-house super-geeks team of security researchers and hackers now devoted to finding security flaws in non-Google, third-party software “across the internet”, especially zero-day flaws (newly discovered bugs) – also known as “zero-day” vulnerabilities, those hackable bugs that are exploited by criminals, state-sponsored hackers and intelligence agencies.

Now the question is, is this a Google PR stunt? Read this and that articles and decide for yourself.

Shhh… GCHQ’s Hacking Tools Leaked

The latest Snowden revelations include a leaked document that lists the cyber-spy tools and techniques used by the American NSA’s UK counterpart GCHQ, according to a BBC News report.

More disturbing point: the GCHQ apparently used its toolbox to find ways to “alter the outcome of online polls, find private Facebook photos, and send spoof emails that appeared to be from Blackberry users, among other things”.

Shhh… Guide to Safer Computing

The (Globe & Mail) Paranoid Computer User’s Guide to Privacy, Security and Encryption

A nice reference and handy guide.

Post-Snowden, the US Reaps a Security Whirlwind

Post-Snowden, the US Reaps a Security Whirlwind

From China with Love

It’s the one year anniversary of what is now known as the Snowden revelations, which appeared on June 5 and June 9 when The Guardian broke news of classified National Security Agency documents and Edward Snowden revealed himself in Hong Kong as the source of those leaks.

There is still much to decipher from the chronology of events in the aftermath and the sudden global awakening to the end of privacy. Among the impacts on the personal, business and political fronts, one interesting salient feature is the hypocritical rhetorical spats between the US and China in recent weeks, which could set the undertone for US-Sino relations for years to come.

Snowden said his biggest fear is that nothing would change following his bold decision a year ago.

You can find the entire column here.

Do You Need the World’s Most Secure Email?

Do You Need the World’s Most Secure Email?

Or is Privacy Even Possible?

Is privacy and a secure email on your wish list? How does the “most secure email program” sound to you? Or rather, is that still possible in this post-Snowden era? How about a completely secure search engine?

Find out more from my latest column here and there.

More US Cyber-Spying?

More US Cyber-Spying?

Defense Secretary Hagel Faces a Tough Time Explaining This to China

US Defense Secretary Chuck Hagel announced at the National Security Agency headquarters last Friday that the Pentagon would triple its cyber security staff – to 6,000 – over the next few years to defend against computer-based attacks.

That’s great. I wonder how Hagel is going to face the music when he visits China later this week where he expects to be grilled on the latest NSA revelations and aggressive US cyber spying. Just last month, it was revealed that the NSA has for years assessed the networks of Chinese telecommunications company Huawei, which the US House of Representatives has long advocated that US companies should avoid on the grounds of national security.

Find out more from my latest column here and there.

When the Boss Hacks

Hot Mails

There is an unspoken underlying tension in the workplace on privacy matters relating to office telephones, computers, emails, documents, CCTV cameras, etc. Employers like to think they reserve the right to probe what they consider their property while employees believe their turf is clear from invasion.

This tension is nowhere better exemplified than by reports last Thursday that operatives with US tech giant Microsoft Inc. hacked into a blogger’s Hotmail account in the course of an investigation to try to identify an employee accused of stealing Microsoft trade secrets.

And it is not uncommon in my business to encounter client complaints about potential espionage and other alleged misconduct by their employees, leading to their consideration to search the (company-owned) computers, emails, phone records, etc.

Find out more from my latest column here and there.

Coping With Offline Snoops

Latest NSA Revelations Not the End of the World

The latest NSA revelations about their ability to penetrate into computers that are not even connected to the Internet may have caused deep concerns but there are at least 2 defensive measures one can undertake.

You can find out more from my latest column here.

Cyberborgs for Cyber Wars

Creating Giants to Battle Snoops by NSA and the Likes

Size matters in the covert wars of cyber espionage – even more so when two Herculean cyber warriors merge on Wall Street. US cyber-security firm FireEye Inc. announced the acquisition of Mandiant Corp. late last week in a deal worth more than US$1 billion, generating not just an immediate surge in FireEye’s share price but a Mexican wave across the world.

This merger and creation of a next-generation cyber-security firm – FireEye is a provider of security software for detecting cyber-attacks and Mandiant a specialist firm best known for emergency responses to computer network breaches – comes at a time when old-style anti-virus software took a dive, with governments, companies and private citizens across the globe hunting desperately for more effective defensive measures to fend off sophisticated hackers and state-sponsored cyber-attacks.

But the interesting and ironic twist to this FireEye and Mandiant deal is that many of Mandiant’s employees came from the US intelligence world and the Defense Department.

Please find the entire column here and there.

Shhh… the NSA’s special app for iPhones

The NSA has a special DROPOUTJEEP program for all Apple devices including the iPhones to intercept all SMS messages, collect contact lists, locate a phone (and its user/owner) and also activate the device’s microphone and camera with 100 percent success rate, according to a leaked document obtained by German magazine Der Speigel and a presentation by security researcher/independent journalist Jacob Applebaum, who said:

“[The NSA] literally claim that anytime they target an iOS device that it will succeed for implantation. Either they have a huge collection of exploits that work against Apple products, meaning that they are hoarding information about critical systems that American companies produce and sabotaging them, or Apple sabotaged it themselves. Not sure which one it is. I’d like to believe that since Apple didn’t join the PRISM program until after Steve Jobs died, that maybe it’s just that they write sh—y software. We know that’s true.”

I wrote in Sept 2012 that the NSA and Defense Information Systems Agency (the unit that manages all communications hardware needs for the Pentagon) issued their own specially developed smartphones for their top level officials. And they chose Android – no surprise now?!

Check out this NSA doc and YouTube presentation.

What Snowden Has Shown the World

The Year 2014 Equals 1 P.S.

Historians can be expected to mark June 9, 2013 as a significant date in the evolution of the surveillance and monitoring of mankind and peg 2013 alongside George Orwell’s Nineteen Eighty-Four, making 2014 officially 1PS – one year Post Snowden.

There is justification for this chronological divide. The world will be working its way out of the events of last June for years and decades to come, trying to come to grips with the astonishing ability of electronic snoopers to surreptitiously monitor the details of millions of lives.

It appears that they will continue to be able to do so despite growing knowledge of the pervasive level of this surveillance.

Please find the full column here.

The Walls that Spy

Bad news for those who say ‘If only the walls could talk’. They can.

Hotel rooms are never safe havens as spies know only too well, but warnings of the risk often fall on deaf ears, to the sorrow or sometimes embarrassment of the tenants. Two recent news stories and the episode that I describe below hopefully change the public perceptions.

The stories describe how the UK’s Government Communications Headquarters (GCHQ) has traced and wiretapped top diplomats in their hotel suites over the past three years through its secret “Royal Concierge” program, which tracked some 350 hotels across the world, according to documents exposed by the former US intelligence contractor turned fugitive Edward Snowden.

Separately, it emerged in media reports last week that US President Barack Obama takes extreme measures to ward off any threats of secret video or audio surveillance by setting up an anti-spy portable tent in his hotel suite when traveling abroad, including in allied countries that the US allegedly targeted in conducting massive surveillance against foreign leaders and citizens. That amplifies the deep US concerns about being spied upon as much as spying on its friends and risks inviting potential hypocritical labeling of the White House.

I have written previously about the risk but there is much more than meets the eye, including an interesting exchange I once had with a foreign agent about the spy trade and hotel room risks.

Please find the entire column here and there.

Security Lapse at the EU Summit

Security officials leave an easily tapped device in closed-door conferences of European leaders

In photos made public of several closed-door bilateral meetings between various European leaders last week, there were two common denominators. One was the presence of the French President Francois Hollande. The other was the VoIP phone on the desk. The question is: What is that phone doing there?

In the middle of a major brouhaha over charges that the US National Security Agency had allegedly monitored the phone conversations of foreign diplomats, the officials in those photos were speaking to each other in the presence of this easily-tapped device.

What these these photos highlight is a security lapse, thus generating many questions: What else have European countries missed and not done to better protect their leaders from American or any eavesdropping?

You can find the entire column here and there.

Shhh… 172 Ways to Keep Your Online Activities Secure

The NSA may now be cracking on the Tor project after the forced shutdown of Lavabit, 2 of the many tools in the arsenal of Edward Snowden and the likes. But there are many other ways to secure your online activities, including secured phone calls in case you are also concerned about eavesdropping.

Here’s a handy list of 172 tools you can use, compiled by the folks at Backgroundchecks.org .

The Demise of the Cloud

NSA Snooping Compromises the Cloud Computing Industry

Facebook CEO Mark Zuckerberg complained last week that trust in social networks and Internet companies has dived ever since cyber snooping and spying activities by the US National Security Agency began to make global headlines earlier this year.

It is no surprise. In fact, as fugitive former NSA operative Edward Snowden pointed out, the encryption system adopted by the International Organization for Standardization and its 163 member countries were actually written by the NSA, convincing proof that online platforms being used by Internet companies and the commercial world, including banks, could in fact be easily compromised by the NSA.

In other words, the NSA designed their own secret back door into the global encryption system for their convenience. So until the encryption system has been overhauled and taken away from NSA’s control, no server and no cloud service provider is secure enough to be entrusted with any confidential data.

So why then are blindly trusting companies still moving ever more data into the cloud and onto servers, where online access to highly confidential information related to clients, customers, employees, deals, business plans and performances, etc., is available to the US snoops?

You can find the entire column here.

Your Computer May Be Watching You

No Cheeze Please

If you have ever got the feeling someone was watching you while you were using your computer, tablet or smartphone, it could be because someone is. You may well be sitting there while someone, somewhere out there, is commanding your electronic device to transmit pictures of you and what you are doing.

You might assume that if you haven’t given electronic orders to the camera, it’s shut off. But this might send a chill down your back. The friendly folks at the US’s National Security Agency – the omnipresent spy agency dominating the news, and not in a good way – recently released a little two-page primer on tips to “harden” your computer against attacks.

If even the NSA doesn’t trust those Webcams, why should you?

Plus, there are reportedly now special spy apps designed for smartphones. You don’t have to be interested in them. You don’t have to buy and install these apps. More importantly, you don’t even need to know about them. Their very existence simply makes everyone highly vulnerable.

You can find the entire column here and there.

For Whom the Whistle Blows

That Whistle Could Have You Behind Bars

For Whom the Bell Tolls was a 1940 novel by Ernest Hemingway about an American in the International Brigades who blows up a bridge during the Spanish Civil War with death the ultimate sacrifice.

But what about For Whom The Whistle Blows? That informs the current debate about Bradley Manning and Edward Snowden, two Americans who risked their lives by leaking documents on US foreign policy and covert cyber-snooping activities during the US war on terrorism. Are they prisoners – one in a US army stockade and the other in exile in Moscow – of conscience?

In contrast to the contemptuous labels and espionage charges the US government slapped on the two, one a US Army private first class and the other a former government intelligence contractor, both claimed their motive was to spark public debate and promote greater transparency in US government conduct. Whistle-blowers in general have all along been quite rightly championed and heralded by the authorities, media and the general public – at least by those whose oxen are not being gored from the revelations. Such are the dichotomies of modern history.

You can find the entire column here and there.

Was Edward Snowden A Spy?

Or was Dick Cheney looking for a cheap excuse to play politics?

Edward Snowden with his sudden departure from Hong Kong for Moscow and eventually elsewhere, possibly a country hostile to the US, would reignite the question if he’s a spy or double agent.

But the allegations made last week by former US vice president Dick Cheney that the National Security Agency whistle-blower Edward Snowden could be a spy for China is off track, and he knows it, and are a deliberate public distraction as the Obama administration searches for scapegoats in the midst of defending the NSA surveillance programs with their one and only trump card.

Snowden left with his passport annulled, a warrant on his head plus criminal charges of espionage, theft and communicating classified intelligence to unauthorized persons.

But here is the dichotomy: While the corporate world is still coping with US regulations on better corporate governance practices, where does the notion of whistleblowing stand right now?

Please read the entire column here.

The Guardian Online Interview with Snowden

Check out the Guardian online interview with Edward Snowden here. Thousands of comments from readers and still counting.