Category Archives: Privacy

Republicans vote to kill your last internet privacy


The Senate voted to kill it, the House will soon pass it, and Trump will sign it.

After all, there’s no corner of your life corporations shouldn’t be able to exploit, right?

Right?

From the New York Times:

Republican senators moved Thursday to dismantle landmark internet privacy protections for consumers in the first decisive strike against telecommunications and technology regulations created during the Obama administration, and a harbinger of further deregulation.

The measure passed in a 50-to-48 vote largely along party lines. The House is expected to mirror the Senate’s action next week, followed by a signature from President Trump.

The move means Verizon, Comcast or AT&T can continue tracking and sharing people’s browsing and app activity without permission, and it alarmed consumer advocates and Democratic lawmakers. They warned that broadband providers have the widest look into Americans’ online habits, and that without the rules, the companies would have more power to collect data on people and sell sensitive information.

“These were the strongest online privacy rules to date, and this vote is a huge step backwards in consumer protection writ large,” said Dallas Harris, a policy fellow for the consumer group Public Knowledge. “The rules asked that when things were sensitive, an internet service provider asked permission first before collecting. That’s not a lot to ask.”

The privacy rules were created in October by the Federal Communications Commission, and the brisk action of Congressional Republicans, just two months into Mr. Trump’s administration, foreshadowed a broader rollback of tech and telecom policies that have drawn the ire of conservative lawmakers and companies like AT&T, Verizon and Charter.

Advertisements

CIA spooks only doing what corporations do


Following up on our previous post; there’s this from New York University’s Brennan Center for Justice:

Don’t say we didn’t warn you about this one: your “smart” TV may be spying on you. Really.

According to classified documents leaked this week, the CIA found a way to hack the microphone on televisions equipped with voice control and send the audio back to headquarters. It can even record in “Fake-Off” mode – when the TV looks like it’s off but isn’t, according to notes on project “Weeping Angel.”

See, this is why we can’t have nice things.

Way back in 2014, we noticed a rather ominous waring in the novella-length privacy policy that came with our new smart TV: “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party.”

That news was bad enough, creating a big privacy problem thanks to the so-called “third-party doctrine,” a legal artifact of the pre-Internet age. It basically means you don’t have any privacy in the data you send through third parties like Google or Apple – or Samsung. We’re looking at you too, Amazon Echo.

Now, it appears the CIA has found a way to exploit this vulnerability directly. And it’s a safe bet they’re not the only ones.

To be clear, there is a big difference between tapping a phone line, bugging a hotel room, and breaking the internet – or in this case, the Internet of Things. And sometimes a cliché is worth repeating: this may be a means to an end, but it’s a hell of a means.

(Pro tip: You don’t have to connect your smart TV to the internet.)

We would also note that here at esnl, we’ve also covered the privacy threat from your television, and video game controllers as well,

That bottom line is that technology has rendered privacy virtually [pun intended] obsolete.

Chart of the day: How the CIA can spy on you


From Agence France Presse, which reports that the founder of Wikileaks said there more revelations to come, but he’s staying mum till tech companies can see what’s coming:

WikiLeaks founder Julian Assange on Thursday accused the CIA of “devastating incompetence” for failing to protect its hacking secrets and said he would work with tech companies to develop fixes for them.

“This is a historic act of devastating incompetence, to have created such an arsenal and then stored it all in one place,” Assange said.

“It is impossible to keep effective control of cyber weapons… If you build them, eventually you will lose them,” Assange said.

Assange was speaking in a press conference streamed live from Ecuador’s embassy in London, where he has been living as a fugitive from justice since 2012.

He said his anti-secrecy website had “a lot more information” about the Central Intelligence Agency’s hacking operation but would hold off on publishing it until WikiLeaks had spoken to tech manufacturers.

CIA hackers in Germany; when TV watches you


Germans were alarmed when Edward Snowden’s NSA document dump revealed that American spies were eavesdropping on their government more intensely than was the case elsewhere in Europe, and the latest WikiLeaks dump reveals that their compatriots at the CIA may be busy in Germany doing much the same.

And they might be watching them through their big screen TVs.

From Der Spiegel:

WikiLeaks says the CIA has its own cyberwar division and that around 200 experts belonging to the division are able to infiltrate computers around the world using tools specifically developed to steal data. The CIA hackers work at the agency’s headquarters in Langley, Virginia, WikiLeaks says, but adds that the agency maintains at least one base outside of the United States.

The documents indicate that the CIA hacking experts are also active in the U.S. Consulate General in Frankfurt, Germany, the largest American consulate in the world. According to WikiLeaks documents, the consulate grounds also house a Sensitive Compartmented Information Facility, or SCIF, a building that is only accessible to CIA agents and officers from other U.S. intelligence agencies. These digital spies apparently work independently of each other in the facility so as not to blow their cover.

There are apparent references in the documents to trips taken to Frankfurt by these CIA hacking experts, complete with what passes for humor in the intelligence agency: “Flying Lufthansa: Booze is free so enjoy (within reason),” one of the documents reads. There is advice for ensuring privacy in the recommended hotels: “Do not leave anything electronic or sensitive unattended in your room. (Paranoid, yes but better safe than sorry.)”

One of the tools described in the documents, codename “Weeping Angel,” is specifically designed for hacking into Samsung F8000-Series smart televisions. According to the document, CIA agents are able to switch the televisions into “Fake Off,” which fools their owners into thinking it has been switched off. But the hackers are nevertheless able to use the TV’s microphone and webcam for surveillance purposes.

Chart of the day: Who’s reading your messages?


From Wikileaks, the relevant section of a CIA organizational chart organizational revealing the names of the agency departments with the power to hack into every aspect of your life should you come under their ever-watchful gaze:


Implants branch?

Sound the tinfoil hat alarm.

And just so you don’t get confused, here’s their official seal:

And the announcement. . .

Finally, from the announcement Wikileaks made today about their latest remarkable haul of top secret documents:

Today, Tuesday 7 March 2017, WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency. Code-named “Vault 7″ by WikiLeaks, it is the largest ever publication of confidential documents on the agency.

The first full part of the series, “Year Zero”, comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virgina. It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election.

Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.

“Year Zero” introduces the scope and direction of the CIA’s global covert hacking program, its malware arsenal and dozens of “zero day” weaponized exploits against a wide range of U.S. and European company products, include Apple’s iPhone, Google’s Android and Microsoft’s Windows and even Samsung TVs, which are turned into covert microphones.

Since 2001 the CIA has gained political and budgetary preeminence over the U.S. National Security Agency (NSA). The CIA found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force — its own substantial fleet of hackers. The agency’s hacking division freed it from having to disclose its often controversial operations to the NSA (its primary bureaucratic rival) in order to draw on the NSA’s hacking capacities.

By the end of 2016, the CIA’s hacking division, which formally falls under the agency’s Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other “weaponized” malware. Such is the scale of the CIA’s undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its “own NSA” with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.

In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public, including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency. The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.

Headline of the day: Say goodbye to privacy


From the New York Times, the latest bombshell from WikiLeaks:

WikiLeaks Files Describe C.I.A. Tools to Break Into Phones

  • The documents describe software tools allegedly used by the C.I.A. to break into phones, computers and TVs.
  • The release said intelligence services managed to bypass encryption on popular messaging services such as Signal, WhatsApp and Telegram.

Japan launches extreme vetting: For smart phones


Targets of the new measures will be folks who use “burner phones” whilst doing nefarious deeds, a scenario familiar to anyone who watches cop shows.

From the Yomiuri Shimbun:

The communications ministry has asked an industry organization to thoroughly verify the identities of budget smartphone users when they form a contract, it has been learned.

It is often possible to complete subscription procedures on the internet for budget smartphones, which offer lower communication charges than ordinary smartphones, and there is a rapidly growing number of cases in which smartphones are acquired with forged ID documents and then misused for crimes such as bank transfer scams.

To address this situation, the Internal Affairs and Communications Ministry will strengthen countermeasures such as implementing administrative measures against malicious smartphone providers that shirk efforts to prevent fraud, according to informed sources.

The ministry has reportedly sent a written request to the Telecom Services Association, which comprises about 50 companies selling budget smartphones, including Rakuten Inc. and Line Corp. It called on the association to enhance training for staff in charge of user subscriptions, make sure to report to the police and other relevant authorities when possible frauds are discovered, and share information about fraud methods, the sources said.

In many cases, budget smartphone subscribers verify their identities by entering their name, address and other information on a subscription website, taking a picture of their driver’s license or health insurance card with a mobile phone camera and sending the photo through the website.