Post Tagged with: "security"

How GCHQ Uses Online Deception to Discredit Hacktivists

How GCHQ Uses Online Deception to Discredit Hacktivists

Glenn Greenwald reports on more documents from Edward Snowden’s cache, this batch on how GCHQ uses online deception and other tactics to discredit hacktivists and possibly other political activists:

Among the core self-identified purposes of JTRIG are two tactics: (1) to inject all sorts of false material onto the internet in order to destroy the reputation of its targets; and (2) to use social sciences and other techniques to manipulate online discourse and activism to generate outcomes it considers desirable. To see how extremist these programs are, just consider the tactics they boast of using to achieve those ends: “false flag operations” (posting material to the internet and falsely attributing it to someone else), fake victim blog posts (pretending to be a victim of the individual whose reputation they want to destroy), and posting “negative information” on various forums. [...]

Government plans to monitor and influence internet communications, and covertly infiltrate online communities in order to sow dissension and disseminate false information, have long been the source of speculation. Harvard Law Professor Cass Sunstein, a close Obama adviser and the White House’s former head of the Office of Information and Regulatory Affairs, wrote a controversial paper in 2008 proposing that the US government employ teams of covert agents and pseudo-”independent” advocates to “cognitively infiltrate” online groups and websites, as well as other activist groups.

Sunstein also proposed sending covert agents into “chat rooms, online social networks, or even real-space groups” which spread what he views as false and damaging “conspiracy theories” about the government. Ironically, the very same Sunstein was recently named by Obama to serve as a member of the NSA review panel created by the White House, one that – while disputing key NSA claims – proceeded to propose many cosmetic reforms to the agency’s powers (most of which were ignored by the President who appointed them).

Full Story: The Intercept: How Covert Agents Infiltrate the Internet to Manipulate, Deceive, and Destroy Reputations

What’s more, the GCHQ admit in one of the docs that this activity has nothing to do with terrorism or even national security.

See also:

Obama advisor suggests “cognitive infiltration”

DARPA Looks to “Counteract” Propaganda in Social Networks

February 24, 2014 Comments are Disabled
Private companies are building their own spy agencies

Private companies are building their own spy agencies

Here’s the description of a talk that happened at Belfer Center for Science and International Affairs:

In today’s world, businesses are facing increasingly complex threats to infrastructure, finances, and information. The government is sometimes unable to share classified information about these threats. As a result, business leaders are creating their own intelligence capabilities within their companies.

This is not about time honored spying by businesses on each other, or niche security firms, but about a completely new use of intelligence by major companies to support their global operations.

The panelists examine the reasons for private sector intelligence: how companies organize to obtain it, and how the government supports them. “Is this a growing trend?” “How do companies collaborate in intelligence?” “How does the government view private intelligence efforts?” “How do private and government intelligence entities relate to one another?” “What does this all mean for the future of intelligence work?”

Belfer Center for Science and International Affairs: Intelligence in the Private Sector

I’d love to find out more, or find a transcript or video of the talk.

(Thanks Tim Maly)

February 13, 2014 Comments are Disabled
We shouldn’t be protecting ourselves. We should be protecting each other.

We shouldn’t be protecting ourselves. We should be protecting each other.

Tim Maly on self-defense in the security state:

“Protect yourself.”

This may well be the defining motto of our times. No one is to be trusted; it’s a dangerous world out there and if you can’t be bothered to take basic steps…

Well, everyone gets what’s coming sooner or later.

The watchword is self-reliance. They’re coming to take what’s yours, so you’d better be ready. Federate your email, buy a generator, make sure you’ve got good locks, and for God’s sake, carry a handgun. There are monsters in the streets and some idiot is arming them.

But how to defend against the errors of the masses unwilling to take care of themselves? Every message in my outbox is in some fool’s inbox; plain as day, as if I’d sent it straight to PRISM myself. NSA-proof? Not without a massive shift of collective action undertaken by a society of people who’ve spent the past decade or so dumping as many photos, feelings, and fantasies online as time and bandwidth would allow. Why not? I certainly did. It’s nice to have friends.

Full Story: Weird Future: NSA-Proof Your Email! Consider your Man Card Re-Issued. Never be Afraid Again.

August 19, 2013 1 comment
Fearing Leakers, Russia Reverts to Typewriters

Fearing Leakers, Russia Reverts to Typewriters

USA Today reports:

“After the scandal with the spread of secret documents by WikiLeaks, the revelations of Edward Snowden, reports of listening to Dmitry Medvedev during his visit to the G20 summit in London, the practice of creating paper documents will increase,” an unidentified FSO source tells Izvestia.

One key reason for using typewriters is that each creates its own unique “signature” that can be traced, the newspaper says.

Full Story: USA Today: Spooked by NSA, Russia reverts to paper documents

July 12, 2013 0 comments
Public Panopticon: A Collection Of Unsecured Web Cams

Public Panopticon: A Collection Of Unsecured Web Cams

Cryptogasm has found thousands of unsecured, publicly accessible webcams via Google. Lots of them are doggie day cares, some are pointed at public spaces, some are at work places and quite a few are of private residences. He’s aggregated them all, excepts ones that are pointed at children’s rooms, on a giant page.

You can view the cams here

You can also filter them by location. Here’s Oregon.

You can read more about it in this post, and the FAQ.

This reminds me of a thread from the William Gibson forum a few years ago, where someone discovered a publicly accessible remotely controllable webcam pointed at someone’s office. The forum poster tried, unsuccessfully, to communicate with the guy.

(via Metafilter)

April 18, 2013 0 comments
Counterterrorism Agency: Urban Exploration Helps Terrorism

Counterterrorism Agency: Urban Exploration Helps Terrorism

Some Places Know All the Right Things to Say

Spencer Ackerman writes:

Some people are into spelunking through the urban ruins and crevasses of unfamiliar cities. The National Counterterrorism Center has a term for these sorts of people: terrorist dupes.

“Urban Explorers (UE) — hobbyists who seek illicit access to transportation and industrial facilities in urban areas — frequently post photographs, video footage, and diagrams on line [sic] that could be used by terrorists to remotely identify and surveil potential targets,” warns the nation’s premiere all-source center for counterterrorism analysis. [...]

Urban exploration is not typically the reconnaissance mission of al-Qaida. While it’s not crazy to think that terrorists might be interested in studying an urban landscape, the vanishingly few cases of domestic terrorism in the post-9/11 era typically involved shooting up places like Fort Hood or leaving a would-be car bomb in Times Square, rather than recon from the top of a bridge or the depths of a subway tunnel. Such tips aren’t even a part of the DIY terrorism advice column in al-Qaida’s English-language webzine.

Full Story: Wired Danger Room: Urban Exploration Helps Terrorism, Counterterrorism Agency Warns

Previously:

Crack the Surface: Free Documentary Series on Urban Exploration

Government Proposes to Forbid London Urban Explorers From Speaking To Each Other for 10 Years

Photo: Nick Fisher / CC

March 19, 2013 0 comments
The State Of Leak Sites

The State Of Leak Sites

From Ars Technica:

WikiLeaks remains under a near financial blockade, its founder under effective house arrest after having been granted asylum in the Ecuadorian Embassy in London. The group has yet to release anything as substantial as last year’s “Detainee Policies”—Balkanleaks remains one of the few “leaking sites” still going strong. Its recent insurance-key move comes precisely out of the WikiLeaks playbook.

More than two years ago, a flurry of new WikiLeaks clones sprung up around the world inspired by the world’s most famous transparency-driven organization. They had all kinds of names: QuebecLeaks, BaltiLeaks, EnviroLeaks, and more. PirateLeaks (based in the Czech Republic), BrusselsLeaks (Belgium) and RuLeaks (Russia) all did not respond to Ars’ requests for comments. [...]

So how does Balkanleaks thrive where others haven’t?

Tchobanov, the site’s co-founder, boils it down to one word: Tor. It’s the open-source online anonymizing tool that’s become the de facto gold standard for hiding one’s tracks online. Balkanleaks provides instructions in Bulgarian, Serbian, Macedonian, and English, and the submission website is only available on its Tor-enabled server.

Full Story: Ars Technica Whither whistleblowing: Where have all the leaking sites gone?

The article goes on to detail the state of some other projects, including OpenLeaks and GlobalLeaks.

March 13, 2013 1 comment
Did MK-ULTRA Kill “The James Bond Of Money”?

Did MK-ULTRA Kill “The James Bond Of Money”?

Deeply weird piece by Mark Ames and Alexander Zaitchik on the murder of CIA operative/godfather of the goldbug movement Nicholas Deak, which uncovers some possible connections between the homeless woman who killed him, Lois Lang, and the CIA’s MK-ULTRA program:

Police responding to the motel room took Lang to nearby Santa Clara Valley Medical Center. For the next month, she was put under the care of Dr. Frederick Melges, a psychiatrist associated with the Stanford Research Institute. One of Dr. Melges’ main areas of research: drug-aided hypnosis. A few years after Lang was put in Melges’ care, the New York Times exposed the Stanford Research Institute as a center for CIA research into “brain-washing” and “mind-control” experiments in which unwitting subjects were dosed with hallucinogenic drugs and subjected to hypnosis. Melges, who died in 1988, is today remembered in the field for his research on the relationship between perceptions of time and mental illness.

Full Story: Salon: James Bond and the killer bag lady

It goes deeper than that, with Ames and Zaitchik speculating that it may have been Argentine gangersters with knowledge of MK-ULTRA who ordered the hit:

If Lang was tapped to whack Nicholas Deak, she was part of a long tradition. In mobster literature, insane assassins are regular characters. “Nuts were used from time to time by certain people for certain matters,” explains Jimmy Hoffa’s former right-hand man, Frank “The Irishman” Sheeran, in his memoir, “I Heard You Paint Houses.” Chuck Giancana, brother of Chicago mob boss Sam Giancana, writes that he once heard his brother say that “picking a nutcase who was also a sharpshooter” to carry out an assassination was “as old as the Sicilian hills.”

I found this bit interesting as well, though it’s more of a side note:

Meanwhile, the sunny side of Deak’s business thrived. Its retail foreign currency operation, now reconstituted under new ownership and known to the world as Thomas Cooke, became a staple at airports, its multi-packs of francs and marks symbols of every American family’s European vacation. Deak’s retail precious metals business dominated the market after the legalization of gold sales. After a series of sales and reconstitutions, it is today known as Goldline, a major sponsor of Glenn Beck and subject of a recent fraud settlement.

(via Abe Burmeister)

December 2, 2012 2 comments
John McAfee’s Last Stand

John McAfee’s Last Stand

John McAfee's Last Stand

If you’ve not heard, John McAfee, founder of McAfee Antivirus, is on the lam in Belize, wanted for murder wanted for questioning in a murder murder investigation (though Gizmodo previously quoted police in Belize saying McAfee is the prime suspect in the murder). Joshua Davis has been covering McAfee’s time Belize has published a short e-book about the fiasco:

McAfee picks a bullet off the floor and fixes me with a wide-eyed, manic intensity, his light blue eyes sparkling. “This is a bullet, right?” he says in the congenial Southern accent that has stuck with him since his boyhood in Virginia.

“Let’s put the gun down,” I tell him. I’d come here to investigate why the government of Belize was accusing him of assembling a private army and entering the drug trade. It seemed implausible that a wildly successful tech entrepreneur would disappear into the Central American jungle and become a narco-trafficker. Now I’m not so sure.

But he explains that the accusations are a fabrication. “Maybe what happened didn’t actually happen,” he says, staring hard at me. “Can I do a demonstration?”

He loads the bullet into the gleaming silver revolver and spins the cylinder.

“This scares you, right?” he says. Then he puts the gun to his head.

My heart rate kicks up; it takes me a second to respond. “Yeah, I’m scared,” I admit.

“We don’t have to do this.”

“I know we don’t,” he says, the muzzle pressed against his temple. And then he pulls the trigger.

Wired: John McAfee’s Last Stand Excerpt

Buy the e-book on Amazon.com

Update: McAfee has published a blog post claiming that was feeding Davis “as much nonsense as I could muster.” He has also posted what he claims are a recording of an ex-village councilman planning to kill him, and a letter threatening his life if he didn’t pay up $150,000.

November 16, 2012 1 comment
Researchers Hack Brainwaves to Reveal PINs, Other Personal Data

Researchers Hack Brainwaves to Reveal PINs, Other Personal Data

Yeah, I know this is really old by internet time, but I’ve been really busy with work and I’m still catching up:

A team of security researchers from Oxford, UC Berkeley, and the University of Geneva say that they were able to deduce digits of PIN numbers, birth months, areas of residence and other personal information by presenting 30 headset-wearing subjects with images of ATM machines, debit cards, maps, people, and random numbers in a series of experiments. The paper, titled “On the Feasibility of Side-Channel Attacks with Brain Computer Interfaces,” represents the first major attempt to uncover potential security risks in the use of the headsets. [...]

Emotiv and NeuroSky both have “app stores,” where users of the devices can download third-party applications. The applications use a common API for access to the EEG device. [...]

“We simulated a scenario where someone writes a malicious app, the user downloads it and trusts the app, and actively supports all the calibration steps of the device to make the software work,” said Frank. In these seemingly innocuous calibration steps, which are standard for most games and other applications using the headsets, there could be the potential to harvest personal information.

Full Story: Wired: Researchers Hack Brainwaves to Reveal PINs, Other Personal Data

The paper is available on Scribd.

I wonder if this could be used to determine passwords that users don’t consciously remember?

I’ve said before: steganograph your brain before it’s too late!

October 2, 2012 0 comments