Category Archives: Privacy

Quote of the day: Was NSA ‘hack’ an inside job?


The posting of a catalog offering the supersecret National Security Agency’s hacking tools has been blamed on Russia by the Obama administration, but America’s most respected journalist covering the NSA beat writes that rather than a Russia hack, the raid on the NSA’s family jewels was more likely an inside job.

From James Bamford, writing for Reuters:

Like a bank robber’s tool kit for breaking into a vault, cyber exploitation tools, with codenames like EPICBANANA and BUZZDIRECTION, are designed to break into computer systems and networks. Just as the bank robber hopes to find a crack in the vault that has never been discovered, hackers search for digital cracks, or “exploits,” in computer programs like Windows.

The most valuable are “zero day” exploits, meaning there have been zero days since Windows has discovered the “crack” in their programs. Through this crack, the hacker would be able to get into a system and exploit it, by stealing information, until the breach is eventually discovered and patched. According to the former NSA officials who viewed the Shadow Broker files, they contained a number of exploits, including zero-day exploits that the NSA often pays thousands of dollars for to private hacking groups.

The reasons given for laying the blame on Russia appear less convincing, however. “This is probably some Russian mind game, down to the bogus accent,” James A. Lewis, a computer expert at the Center for Strategic and International Studies, a Washington think tank, told the New York Times. Why the Russians would engage in such a mind game, he never explained.

Rather than the NSA hacking tools being snatched as a result of a sophisticated cyber operation by Russia or some other nation, it seems more likely that an employee stole them. Experts who have analyzed the files suspect that they date to October 2013, five months after Edward Snowden left his contractor position with the NSA and fled to Hong Kong carrying flash drives containing hundreds of thousands of pages of NSA documents.

So, if Snowden could not have stolen the hacking tools, there are indications that after he departed in May 2013, someone else did, possibly someone assigned to the agency’s highly sensitive Tailored Access Operations.

>snip<

[W]e now have entered a period many have warned about, when NSA’s cyber weapons could be stolen like loose nukes and used against us. It opens the door to criminal hackers, cyber anarchists and hostile foreign governments that can use the tools to gain access to thousands of computers in order to steal data, plant malware and cause chaos.

It’s one more reason why NSA may prove to be one of Washington’s greatest liabilities rather than assets.

Japan focuses on saving your privacy on the IoT


And what, pray tell, is the IoT?

It’s the Internet of Things, all those devices in your home with wireless connections to the Internet.

And to protect your privacy, only a Trumpian solution seems to work.

In other words, you’ll have to build a wall.

From the Yomiuri Shimbun:

BLOG Wall

More from the Yomiuri Shimbun:

In preparation for the spread of the internet of things [IoT], the Internal Affairs and Communications Ministry will develop a “protective wall” to safeguard home electronics connected to the internet from cyber-attacks, The Yomiuri Shimbun has learned.

There has been an increasing number of cases in which IoT devices at home are hacked and used as a base for cyber-attacks. The ministry plans to build a system, or protective wall, on the internet to prevent unauthorized operation of devices and stop them being infected with viruses, according to sources.

Development expenses totaling several hundred million yen will be incorporated in the second supplementary budget for fiscal 2016. In cooperation with electronics makers and telecommunications carriers, the ministry aims to put the system into practical use within a year or two.

It is difficult to improve the security of home electronics such as televisions, security cameras and routers by upgrading their software. While industrial IoT devices and personal computers are guarded with a protective wall or software, many consumer IoT devices are vulnerable to cyber-attacks.

The ministry plans to build a system on the internet in which access to all consumer IoT devices via the internet must go through a protective wall. Any unauthorized communication will be blocked. If there is a security problem with a consumer IoT device, a warning will be issued. The ministry aims to have the system protect existing IoT products as well.

Clinton Foundation may have been hacked, too


And if they were, we can’t wait to see what’s revealed.

From Reuters:

Bill and Hillary Clinton’s charitable foundation hired the security firm FireEye to examine its data systems after seeing indications they might have been hacked, according to two sources familiar with the matter.

So far, no message or document hacked from the New York-based Clinton Foundation has surfaced in public, the sources said.

One of the sources and two U.S. security officials said that like hackers who targeted the Democratic National Committee, Hillary Clinton’s presidential campaign and the Democrats’ congressional fundraising committee, the hackers appear to have used “spear phishing” techniques to gain access to the foundation’s network.

These techniques include creating bogus emails or websites in an effort to gain access to Clinton Foundation staffers’ emails and then to the foundation itself.

With elections called Iceland’s Pirates may reign


Logo of Iceland's Pirate Party.

Logo of Iceland’s Pirate Party.

Iceland’s Pirate Party is drawing closer to the summit of power, as scandals sparked by the release of the Panama Papers have forced the resignations of the prime minister and forced a Panama Papered president to call elections for 29 October.

The Pirate Party, founded on a platform of digital privacy rights, has been the big winner, as Icelanders show rising discontent with traditional parties.

From the Guardian:

The Pirate party, whose platform includes direct democracy, greater government transparency, a new national constitution and asylum for US whistleblower Edward Snowden, will field candidates in every constituency and has been at or near the top of every opinion poll for over a year.

>snip<

“It’s gradually dawning on us, what’s happening,” Birgitta Jónsdóttir, leader of the Pirates’ parliamentary group, told the Guardian. “It’s strange and very exciting. But we are well prepared now. This is about change driven not by fear but by courage and hope. We are popular, not populist.”

The election, likely to be held on 29 October, follows the resignation of Iceland’s former prime minister Sigmundur Davið Gunnlaugsson, who became the first major victim of the Panama Papers in April after the leaked legal documents revealed he had millions of pounds of family money offshore.

The party’s popularity rises with scandals

A succession of scandals involving government leaders has spurred the rise of a party premised on transparency and participatory democracy.

The Iceland Monitor has been tracking the numbers:

With just three MPs in Iceland’s current parliament, support for the Pirate party in Iceland rocketed from 13% to 30% in the space of nine weeks in February-April 2015.

They peaked at 38.6% in February this year, and have been Iceland’s most popular political party for an almost unbroken period of seventeen months (all figures: MMR).

People who have been a member of the Pirate Party for at least thirty days are eligible to vote in elections and over 100 potential candidates have come forward for the constituencies of Greater Reykjavik and South Iceland.

According to the last MMR opinion poll, the Pirates could get somewhere in the region of 18-20 MPs in the next election – compared to just three currently – and be in a commanding position to try and form a government.

Here’s a look at the latest numbers in graphic form:

BLOG Iceland

The party’s leader says they’re ready for power

RT covers self-described poetician and the party’s leading figure and founder, Birgitta Jónsdóttir [previously], a former Wikileaks activist who has been a leading European advocate of privacy rights and a passionate advocate for Chelsea Manning:

Jonsdottir, a former member of the WikiLeaks team, says the Pirate Party, founded four years ago, is ready to form a government with any coalition partner that supports its agenda to bring about a “fundamental system change.”

“I look at us and I think, we are equipped to do this,” she told the Guardian.

“Actually, the fact we haven’t done it before and that we won’t have any old-school people telling us how, means we’ll do it more carefully. We will be doing things very differently.

“…we are well prepared now. This is about change driven not by fear, but by courage and hope. We are popular, not populist,” she added.

Icelanders’ distrust of politicians reached a boiling point when the Panama Papers revealed that then-Prime Minister Sigmundur David Gunnlaugsson had once owned an offshore company (now controlled by his wife) that held debt from failed Icelandic banks. Thousands of people, outraged by their PM’s alleged offshore accounts, took to the streets of Iceland’s capital in what appeared to be the largest protest in the country’s history. The scandal prompted Gunnlaugsson to resign in early April, with early general elections likely to be held in October.

More after the jump. . . Continue reading

Quote of the day: What’s sauce for the goose. . .


James Bamford is the journalist who’s done  the most to expose the inner workings of the U.S. National Security Agency, and in an essay for Reuters he puts the whole matter of those Clinton email hacks into much-needed perspective:

National attention is focused on Russian eavesdroppers’ possible targeting of U.S. presidential candidates and the Democratic Congressional Campaign Committee. Yet, leaked top-secret National Security Agency documents show that the Obama administration has long been involved in major bugging operations against the election campaigns — and the presidents — of even its closest allies.

The United States is, by far, the world’s most aggressive nation when it comes to cyberspying and cyberwarfare. The National Security Agency has been eavesdropping on foreign cities, politicians, elections and entire countries since it first turned on its receivers in 1952. Just as other countries, including Russia, attempt to do to the United States. What is new is a country leaking the intercepts back to the public of the target nation through a middleperson.

There is a strange irony in this. Russia, if it is actually involved in the hacking of the computers of the Democratic National Committee, could be attempting to influence a U.S. election by leaking to the American public the falsehoods of its leaders. This is a tactic Washington used against the Soviet Union and other countries during the Cold War.

In the 1950s, for example, President Harry S Truman created the Campaign of Truth to reveal to the Russian people the “Big Lies” of their government. Washington had often discovered these lies through eavesdropping and other espionage.

Today, the United States has morphed from a Cold War, and in some cases a hot war, into a cyberwar, with computer coding replacing bullets and bombs. Yet the American public manages to be “shocked, shocked” that a foreign country would attempt to conduct cyberespionage on the United States.

Read the rest.

Hollywood seeks a kill switch on your videos


Following up on today’s earlier Headlines of the day, Cory Doctorow of Boing Bong documents the latest corporate move to track and control your media use:

20 years ago, Congress ordered the FCC to begin the process of allowing Americans to buy their pay TV boxes on the open market (rather than every American household spending hundreds of dollars a year renting a trailing-edge, ugly, energy-inefficient, badly designed box that is increasingly the locus of networked attacks that expose both the home LAN and the cameras and mics that are more and more likely to be integrated into TVs and decoder boxes) — now, at last, the FCC is doing something about it.

Right from the get-go, the entertainment industry has hated this: the pay TV companies want to keep that sweet $200+/year/customer paycheck rolling in, and the studios want to keep DRM intact, allowing them to continue to restrict the features in your home theater, far beyond anything that copyright allows (and since removing DRM, even for legal reasons, is legally fraught, these restrictions gain the force of law, even though Congress has never passed a copyright law giving rightsholders the power to control those uses).

Now, the Copyright Office (one of the most thoroughly captured agencies in the federal government) has jumped into the fray, taking the legally nonsensical — and drastically anti-public-interest — position that copyright gives the rightsholder the power to minutely control the public’s conduct while they are in the presence of a copyrighted work.

For example, I was once in a digital TV DRM standards meeting where the MPA’s rep argued vehemently for a flag that would cause a set-top box to switch off any outputs that led to a remote screen (for example, a wireless retransmitter that let you watch TV that was being decoded in your living room on a set that was in your bedroom). He argued that “being able to watch a TV show in one room that’s being received in another room has value, and if it has value, we should be able to charge for it.” He made similar arguments about limiting the length of time that a viewer could pause a show, arguing that while a 15-minute pause to go to the bathroom could be had for free, longer pauses (say, to settle a crying baby, cook dinner, or helping your kids with their homework) should be monetizable.

This is the view that the Copyright Office has endorsed. It’s wrong as a matter of law — copyright does not give rightsholders the privilege of “minutely specifying” (Hollywood’s term!) the experience of viewing, listening, reading or playing. It’s also a disaster as a matter of public policy. The Copyright Office should know better.

Read the rest.

Headline of the day: Charges of battery to ensue?


From the Guardian [more here]:

Your battery status is being used to track you online

Battery status indicators are being used to track devices, say researchers from Princeton University – meaning warnings of privacy exposure have come to pass

UPDATE: Another piece of technology that’s equally ominous, via the Intercept:

Microsoft Pitches Technology That Can Read Facial Expressions at Political Rallies

  • At one exhibit, titled “Realtime Crowd Insights” a small camera scanned the room, while a monitor displayed the captured image. Every five seconds, a new image would appear with data annotated for each face – an assigned serial number, gender, estimated age, and any emotions detected in the facial expression. When I approached, the machine labeled me “b2ff,” and correctly identified me as a 23-year-old male.
  • It interpreted my facial expression as “neutral,” with a bit of “surprise.”
  • “Realtime Crowd Insights” is an Application Programming Interface (API), or a software tool that connects web applications to Microsoft’s cloud computing services. Through Microsoft’s emotional analysis API – a component of Realtime Crowd Insights – applications send an image to Microsoft’s servers. Microsoft’s servers then analyze the faces, and return emotional profiles for each.