Archive for the ‘NSA’ Category

Software McCarthyism – Wall Street Journal and Kaspersky Lab

Thursday, October 5th, 2017

The Verge reports this instance of software McCarthyism by the Wall Street Journal against Kaspersky Lab saying:


According to the report, the hackers seem to have identified the files — which contained “details of how the U.S. penetrates foreign computer networks and defends against cyberattacks” — after an antivirus scan by Kaspersky antivirus software, which somehow alerted hackers to the sensitive files.
… (emphasis added)

Doesn’t “…somehow alerted hackers to the sensitive files…” sound a bit weak? Even allowing for restating the content of the original WSJ report?

The Wall Street Journal reports in Russian Hackers Stole NSA Data on U.S. Cyber Defense:

Hackers working for the Russian government stole details of how the U.S. penetrates foreign computer networks and defends against cyberattacks after a National Security Agency contractor removed the highly classified material and put it on his home computer, according to multiple people with knowledge of the matter.

The hackers appear to have targeted the contractor after identifying the files through the contractor’s use of a popular antivirus software made by Russia-based Kaspersky Lab, these people said.

U.S. investigators believe the contractor’s use of the software alerted Russian hackers to the presence of files that may have been taken from the NSA, according to people with knowledge of the investigation. Experts said the software, in searching for malicious code, may have found samples of it in the data the contractor removed from the NSA.

But how the antivirus system made that determination is unclear, such as whether Kaspersky technicians programed the software to look for specific parameters that indicated NSA material. Also unclear is whether Kaspersky employees alerted the Russian government to the finding.

Investigators did determine that, armed with the knowledge that Kaspersky’s software provided of what files were suspected on the contractor’s computer, hackers working for Russia homed in on the machine and obtained a large amount of information, according to the people familiar with the matter.

The facts reported by the Wall Street Journal support guilt by association style McCarthyism but in a software context.

Here are the only facts I can glean from the WSJ report and common knowledge of virus software:

  1. NSA contractor removed files from NSA and put them on his home computer
  2. Home computer was either a PC or Mac (only desktops supported by Kaspersky)
  3. Kaspersky anti-virus software was on the PC or Mac
  4. Kaspersky anti-virus software is either active or runs at specified times
  5. Kaspersky anti-virus software scanned the home computer one or more times
  6. Hackers stole NSA files from the home computer

That’s it, those are all the facts reported in the Wall Street Journal “story,” better labeled a slander against Kaspersky Lab.

The following claims are made with no evidence whatsoever:

  1. “after identifying the files through the contractor’s use of a popular antivirus software made by Russia-based Kaspersky Lab”
  2. “believe the contractor’s use of the software alerted Russian hackers to the presence of files”
  3. “whether Kaspersky technicians programed the software to look for specific parameters”
  4. “unclear is whether Kaspersky employees alerted the Russian government to the finding”
  5. “armed with the knowledge that Kaspersky’s software provided”

The only evidence in the possession of investigators is the co-locations of the NSA files and Kaspersky anti-virus software on the same computer.

All the other beliefs, suppositions, assumptions, etc., of investigators are attempts to further the government’s current witch hunt against Kaspersky Labs.

The contractor’s computer likely also had MS Office, the home of more than a few security weaknesses. To say nothing of phishing emails, web browsers, and the many other avenues for penetration.

As far as “discovering” the contractor to get the files in question, it could have been by chance and/or the contractor bragging to a waitress about his work. We’re not talking about the sharpest knife in the drawer on security matters.

Judging hacking claims based on co-location of software is guilt by association pure and simple. The Wall Street Journal should not dignify such government rumors by reporting them.

Self-Censorship and Privilege on the Internet

Thursday, September 14th, 2017

Sloppy U.S. Spies Misused A Covert Network For Personal Shopping — And Other Stories From Internal NSA Documents by Micah Lee, Margot Williams, Talya Cooper.

From the post:

NSA agents successfully targeted “the entire business chain” connecting foreign cafes to the internet, bragged about an “all-out effort” to spy on liberated Iraq, and began systematically trying to break into virtual private networks, according to a set of internal agency news reports dating to the first half of 2005.

British spies, meanwhile, were made to begin providing new details about their informants via a system of “Intelligence Source Descriptors” created in response to intelligence failures in Iraq. Hungary and the Czech Republic pulled closer to the National Security Agency.

And future Intercept backer Pierre Omidyar visited NSA headquarters for an internal conference panel on “human networking” and open-source intelligence.

These stories and more are contained in a batch of 294 articles from SIDtoday, the internal news website of the NSA’s core Signals Intelligence Directorate. The Intercept is publishing the articles in redacted form as part of an ongoing project to release material from the files provided by NSA whistleblower Edward Snowden.

In addition to the aforementioned highlights, summarized in further detail below, the documents show how the NSA greatly expanded a secret eavesdropping partnership with Ethiopia’s draconian security forces in the Horn of Africa, as detailed in an investigation by longtime Intercept contributor Nick Turse. They describe the NSA’s operations at a base in Digby, England, where the agency worked with its British counterpart GCHQ to help direct drones in the Middle East and tap into communications through the Arab Spring uprisings, according to a separate article by Intercept reporter Ryan Gallagher. And they show how the NSA and GCHQ thwarted encryption systems used to protect peer-to-peer file sharing through the apps Kazaa and eDonkey, as explained here by Intercept technologist Micah Lee.

NSA did not comment for this article.

If you are interested in reporting based on redacted versions of twelve year old news (last half of 2005), this is the article for you.

The authors proclaim self-censorship and privilege saying:


The Intercept is publishing the articles in redacted form as part of an ongoing project to release material from the files provided by NSA whistleblower Edward Snowden.

These authors can milk their treasure trove of unredacted SIDreports, giving them an obvious advantage over other journalists.

Not as great an advantage as being white and male but it is a privilege unrelated to merit, one violates any concept of equal access.

Other reporters or members of the public notice connections unseen by the Intercept authors.

We won’t ever know since the Intercept, along with other media outlets, is quick to call foul on the privileges of others while clinging to its own.

PS: The lack of efforts by intelligence agencies to stop the SIDtoday series is silent testimony to its lack of importance. The SIDtoday series is little better than dated office gossip and not a complete (redacted) account of the same.

Meaningful intelligence reporting derails initiatives, operations, exposes criminal excesses with named defendants and holds the intelligence community accountable to the public. Not to be confused with the SIDtoday series and its like.

Potential NSA Leak Stream

Wednesday, August 2nd, 2017

The Government Accounting Office (GAO) has publicly identified a potential source of NSA technology leaks. The cumbersome title: DOD’s Monitoring of Progress in Implementing Cyber Strategies Can Be Strengthened (GAO-17-512) begins with this summary:

Officials from Department of Defense (DOD) components identified advantages and disadvantages of the “dual-hat” leadership of the National Security Agency (NSA)/Central Security Service (CSS) and Cyber Command (CYBERCOM) (see table). Also, DOD and congressional committees have identified actions that could mitigate risks associated with ending the dual-hat leadership arrangement, such as formalizing agreements between NSA/CSS and CYBERCOM to ensure continued collaboration, and developing a persistent cyber training environment to provide a realistic, on-demand training capability. As of April 2017, DOD had not determined whether it would end the dual-hat leadership arrangement.

At first I thought it said “ass-hat” leadership and went back to check. 😉

You can read the recommendations if you are in charge of improving that situation (an unlikely outcome) or take the GAO at its word as a place to mine for leaks.

Are dual-hat arrangements “leak patterns” much like “design patterns” in programming languages?

I ask because identifying “leak patterns,” whether in software (buffer overflows) or recurrent organizational security failures, could be a real boon to hounds and hares alike.

Real Talk on Reality (Knowledge Gap on Leaking)

Friday, June 9th, 2017

Real Talk on Reality : Leaking is high risk by the grugq.

From the post:

On June 5th The Intercept released an article based on an anonymously leaked Top Secret NSA document. The article was about one aspect of the Russian cyber campaign against the 2016 US election — the targeting of election device manufacturers. The relevance of this aspect of the Russian operation is not exactly clear, but we’ll address that in a separate post because… just hours after The Intercept’s article went live the US Department of Justice released an affidavit (and search warrant) covering the arrest of Reality Winner — the alleged leaker. Let’s look at that!

You could teach a short course on leaking from this one post but there is one “meta” issue that merits your attention.

The failures of Reality Winner and the Intercept signal users need educating in the art of information leaking.

With wide spread tracking of web browsers, training on information leaking needs to be pushed to users. It would stand out if one member of the military requested and was sent an email lesson on leaking. An email that went to everyone in a particular command, not so much.

Public Service Announcements (PSAs) in web zines, as ads, etc. with only the barest of tips, is another mechanism to consider.

If you are very creative, perhaps “Mr. Bill” claymation episodes with one principle of leaking each? Need to be funny enough that viewing/sharing isn’t suspicious.

Other suggestions?

Unknown Buyers + Unknown Sellers ~= Closed Source Software

Friday, June 2nd, 2017

TurkuSec Community reports another collaborative effort to buy into the Shadow Brokers malware-of-the-month club:



“What Could Go Wrong?” is a valid question.

On the other hand, you are already spending $billions on insecure software every year.

Most of which is closed-source, meaning it may contain CIA/NSA backdoors.

A few hires in the right places and unbeknownst to the vendor, they would be distributing CIA/NSA malware.

If you credit denials of such activities by the CIA/NSA or any other government spy agency, you should stop using computers. You are a security risk to your employer.

A Shadow Brokers subscription, where 2,500 people risk $100 each for each release, on the other hand, is far safer than commercial software. If the the first release prove bogus, don’t buy a second one.

Contrast that with insecure closed source software for an OS or database that may contain CIA/NSA/etc. backdoors. You don’t get to avoid the second purchase. (You bought the maintenance package too. Am I right?)

I can’t and won’t counsel anyone to risk more than $100, but shared risk is the fundamental principle of insurance. Losses can and will happen. That’s why we distribute the risk.

That link again: https://t.co/wjMn3DjzQp.

PS: Shadow Brokers: Even a list of the names with brief descriptions might help attract people who want to share the risk of subscribing. The “big” corporations are likely too arrogant to think they need the release.

Crowd-Funding Public Access to NSA Tools!

Tuesday, May 30th, 2017

Awesome! (with a caveat below)

Shadow Brokers Response Team is creating open & transparent crowd-funded analysis of leaked NSA tools.

The group calling itself the Shadow Brokers have released several caches of exploits to date. These caches and releases have had a detrimental outcome on the Internet at large, one leak especially resulted in the now in-famous WannaCry ransomware worm – others have been used by criminal crackers to illegally access infrastructure. Many have been analysing the data to determine its authenticity and impact on infrastructure, as a community it has been expressed that the harm caused by exploits could have been mitigated against had the Shadow Brokers been paid for their disclosures.

The leaks of information seen so far have included weaponized reliable exploits for the following platforms:

  • Cisco
  • Juniper
  • Solaris
  • Microsoft Windows
  • Linux

The Shadow Brokers have announced they are offering a “monthly dump” service which requires a subscription of 100 ZCASH coins. Currently this is around £17688.29 but could change due to the fleeting nature of cryptocurrency. By paying the Shadow Brokers the cash they asked for we hope to pool resources and avert any future WannaCry type incidents. This patreon is a chance for those who may not have large budgets (SME, startups and individuals) in the ethical hacking and whitehat community to pool resources and buy a subscription for the new monthly released data.

The goal here is to raise sufficient funds from interested parties to purchase a subscription to the new data leak. We are attempting to perform the following task:

  • Raise funds to purchase 100 ZCASH coins
  • Purchase 100 ZCASH coins from a reputable exchange
  • Transfer 100 ZCASH coins to ShadowBrokers with email address
  • Access the data from the ShadowBrokers and distribute to backers
  • Perform analysis on data leak and ascertain risk / perform disclosures

The Shadow Brokers have implied that the leak could be any of the following items of interest:

  • web browser, router, handset exploits and tools
  • newer material from NSA ops disk including Windows 10 exploits
  • misc compromised network data (SWIFT or Nuclear programmes)
  • … (emphasis in original)

An almost excellent plan that with enough contributors, reduces the risk to any one person to a manageable level.

Two-hundred and fifty contributors at $100 each, makes the $25,000 goal. That’s quite doable.

My only caveat is the “…whitehat ethical hacker…” language for sharing the release. Buying a share in the release should be just that, buying a share. What participants do or don’t do with their share is not a concern.

Kroger clerks don’t ask me if I am going to use flour to bake bread for the police and/or terrorists.

Besides, the alleged NSA tools weren’t created by “…whitehat ethical hackers….” Yes? No government has a claim on others to save them from their own folly.

Any competing crowd-funded subscriptions to the Shadow Brokers release?

China Draws Wrong Lesson from WannaCry Ransomware

Tuesday, May 23rd, 2017

Chinese state media says US should take some blame for cyberattack

From the post:


China’s cyber authorities have repeatedly pushed for what they call a more “equitable” balance in global cyber governance, criticizing U.S. dominance.

The China Daily pointed to the U.S. ban on Chinese telecommunication provider Huawei Technologies Co Ltd, saying the curbs were hypocritical given the NSA leak.

Beijing has previously said the proliferation of fake news on U.S. social media sites, which are largely banned in China, is a reason to tighten global cyber governance.

The newspaper said that the role of the U.S. security apparatus in the attack should “instill greater urgency” in China’s mission to replace foreign technology with its own.

The state-run People’s Daily compared the cyber attack to the terrorist hacking depicted in the U.S. film “Die Hard 4”, warning that China’s role in global trade and internet connectivity opened it to increased risks from overseas.

China is certainly correct to demand a place at the table for China and other world powers in global cyber governance.

But China is drawing the wrong lesson from the WannaCry ransomeware attacks if that is used as a motivation for closed source Chinese software to replace “foreign” technology.

NSA staffers may well be working for Microsoft and/or Oracle, embedding NSA produced code in their products. With closed source code, it isn’t possible to verify the absence of such code or to prevent its introduction.

Sadly, the same is true if closed source code is written by Chinese programmers, some of who may have agendas, domestic or foreign, of their own.

The only defense to rogue code is to invest in open source projects. Not everyone will read every line of code but being available for being read, is a deterrent to obvious subversion of an applications security.

China should have “greater urgency” to abandon closed source software, but investing in domestic closed source only replicates the mistake of investing in foreign closed source software.

Opensource projects cover every office, business and scientific need.

Chinese government support for Chinese participation in existing and new opensource projects can make these projects competitors to closed and potential spyware products.

The U.S. made the closed source mistake for critical cyber infrastructure. China should not make the same mistake.

More Dicking With The NSA

Sunday, May 21st, 2017

Privacy-focused Debian 9 ‘Stretch’ Linux-based operating system Tails 3.0 reaches RC status by Brian Fagioli.

From the post:

If you want to keep the government and other people out of your business when surfing the web, Tails is an excellent choice. The Linux-based operating system exists solely for privacy purposes. It is designed to run from read-only media such as a DVD, so that there are limited possibilities of leaving a trail. Of course, even though it isn’t ideal, you can run it from a USB flash drive too, as optical drives have largely fallen out of favor with consumers.

Today, Tails achieves an important milestone. Version 3.0 reaches RC status — meaning the first release candidate (RC1). In other words, it may soon be ready for a stable release — if testing confirms as much. If you want to test it and provide feedback, you can download the ISO now.

Fagioli covers some of the details but the real story is this:

The sooner testers (that can include you) confirm the stability, etc., of Tails Version 3.0 (RC1), the sooner it can be released for general use.

In part, the release schedule for Tails Version 3.0 (RC1) depends on you.

Your response?

Check Fagoli’s post for links to the release and docs.

How To Legally Dick With The NSA – PostgreSQL 10 Beta 1

Thursday, May 18th, 2017

The release of PostgreSQL 10 Beta 1 gives everyone an opportunity to legally dick with the NSA.

In Stop Blaming NSA For The Ransomware Attack, Patrick Tucker repeats claims by the NSA that about 80% of vulnerabilities are revealed and 20% are concealed by the NSA.

Which means if there are 10 security vulnerabilities in PostgreSQL 10 Beta 1, the NSA will keep two for themselves.

Let’s disappoint them on that score. With widespread community testing, fuzzing, etc., the NSA score on PostgreSQL 10 Beta 1 could be zero.

That won’t help vendors with 70 million lines of closed source databases (look for Mary Ann Davidson). Such databases may have true accidental vulnerabilities or ones introduced by NSA ringers.

If NSA ringers working for closed source companies sounds like tin-hat conspiracy theory, recall the NSA is barred from spying on American citizens at all. In fact, they have vehemently denied it. At least until they admitted they were lying and in fact spying on all American citizens.

Also bear in mind that the NSA was a participant in many of the covert/overt attempts by the United States to influence elections in other countries. (Dov H. Levin, as of May 18, 2017, the datasets are forthcoming. See also: Database Tracks History Of U.S. Meddling In Foreign Elections, an NPR interview that counts 80 US-backed efforts to interfere in elections.)

On the technical front, the NSA is known to have intentionally damaged a U.S. cryptography standard. NSA Efforts to Evade Encryption Technology Damaged U.S. Cryptography Standard. That report isn’t from a blog that is a continuation of a photocopied version of a mimeographed conspiracy report found in low-end coffee shops.

No, the damage to U.S. cryptography report appears in Scientific American.

I can’t honestly name one illegal, immoral, unethical, act that the NSA is not capable of.

You?

Beyond “sticking to the NSA,” database researchers and users have these PostgreSQL 10 Beta 1 features to enjoy:

The PostgreSQL Global Development Group announces today that the first beta release of PostgreSQL 10 is available for download. This release contains previews of all of the features which will be available in the final release of version 10, although some details will change before then. Users are encouraged to begin testing their applications against this latest release.

Major Features of 10

The new version contains multiple features that will allow users to both scale out and scale up their PostgreSQL infrastructure:

  • Logical Replication: built-in option for replicating specific tables or using replication to upgrade
  • Native Table Partitioning: range and list partitioning as native database objects
  • Additional Query Parallelism: including index scans, bitmap scans, and merge joins
  • Quorum Commit for Synchronous Replication: ensure against loss of multiple nodes

We have also made three improvements to PostgreSQL connections, which we are calling on driver authors to support, and users to test:

  • SCRAM Authentication, for more secure password-based access
  • Multi-host “failover”, connecting to the first available in a list of hosts
  • target_session_attrs parameter, so a client can request a read/write host

Additional Features

Many other new features and improvements have been added to PostgreSQL 10, some of which may be as important, or more important, to specific users than the above. Certainly all of them require testing. Among them are:

  • Crash-safe and replicable Hash Indexes
  • Multi-column Correlation Statistics
  • New “monitoring” roles for permission grants
  • Latch Wait times in pg_stat_activity
  • XMLTABLE query expression
  • Restrictive Policies for Row Level Security
  • Full Text Search support for JSON and JSONB
  • Compression support for pg_receivewal
  • ICU collation support
  • Push Down Aggregates to foreign servers
  • Transition Tables in trigger execution

Further, developers have contributed performance improvements in the SUM() function, character encoding conversion, expression evaluation, grouping sets, and joins against unique columns. Analytics queries against large numbers of rows should be up to 40% faster. Please test if these are faster for you and report back.

See the Release Notes for a complete list of new and changed features.

Make the lives of PostgreSQL users everywhere better and the lives of government intelligence services around the world worse!

I call that a win-win situation.

Don’t Blame NSA For Ransomware Attack!

Wednesday, May 17th, 2017

Stop Blaming NSA For The Ransomware Attack by Patrick Tucker.

Most days I think the NSA should be blamed for everything from global warming to biscuits that fail to rise.

But for leaked cyber weapons? No blame whatsoever.

Why? The answer lies in the NSA processing of vulnerabilities.

From the post:


“You’ve heard my deputy director say that in excess of 80-something percent of the vulnerabilities are actually disclosed—responsibly disclosed —to the vendors so that they can then actually patch and remediate for that,” Curtis Dukes, NSA’s former deputy national manager for national security systems, said at an American Enterprise Institute event in October. “So I do believe it’s a thoughtful process that we have here in the U.S.”

Dukes said the impetus to conceal an exploit vanishes when it is used by a criminal gang, adversarial nation, or some other malefactor.

We may choose to restrict a vulnerability for offensive purposes, like breaking into an adversary’s network, he said. But that doesn’t mean we’re not also constantly looking for signs whether another nation-state or criminal network has actually found that same vulnerability and now are using it. As soon as we see any indications of that, then that decision immediately flips, and we move to disseminate and remediate.

You may think that is a “thoughtful process” but that’s not why I suggest the NSA should be held blameless.

Look at the numbers on vulnerabilities:

80% disclosed by the NSA for remediation.

20% concealed by the NSA.

Complete NSA disclosure means the 20% now concealed, vanishes for everyone.

That damages everyone seeking government transparency.

Don’t wave your arms in the air crying “ransomware! ransomeware! Help me! Help me!,” or “Blame the NSA! “Blame the NSA.”

Use FOIA requests, leaks and cyber vulnerabilities to peel governments of their secrecy, like lettuce, one leaf at a time.

Correction to Financial Times on EsteemAudit

Tuesday, May 16th, 2017

Hackers prime second classified US cyber weapon by Sam Jones and Max Seddon.

From the post:

Criminal hacking groups have repurposed a second classified cyber weapon stolen from US spies and have made it available on the so-called dark web after the success of the WannaCry attack that swept across the globe on Friday.

The hacking tool, developed by the US National Security Agency and called EsteemAudit, has been adapted and is now available for criminal use, according to security analysts.

Correction:

“…is now available for criminal use…” should read:

“…is now available for widespread criminal use….”

NSA cyber weapons have always in use by criminals. The debate now is over more criminals using the same weapons.

If those weapons are used against the NSA and its co-conspirators, I don’t see a problem.

Marketing Advice For Shadow Brokers

Tuesday, May 16th, 2017

Shadow Brokers:

I read your post OH LORDY! Comey Wanna Cry Edition outlining your plans for:

In June, TheShadowBrokers is announcing “TheShadowBrokers Data Dump of the Month” service. TheShadowBrokers is launching new monthly subscription model. Is being like wine of month club. Each month peoples can be paying membership fee, then getting members only data dump each month. What members doing with data after is up to members.

TheShadowBrokers Monthly Data Dump could be being:

  • web browser, router, handset exploits and tools
  • select items from newer Ops Disks, including newer exploits for Windows 10
  • compromised network data from more SWIFT providers and Central banks
  • compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programs

More details in June.

OR IF RESPONSIBLE PARTY IS BUYING ALL LOST DATA BEFORE IT IS BEING SOLD TO THEPEOPLES THEN THESHADOWBROKERS WILL HAVE NO MORE FINANCIAL INCENTIVES TO BE TAKING CONTINUED RISKS OF OPERATIONS AND WILL GO DARK PERMANENTLY YOU HAVING OUR PUBLIC BITCOIN ADDRESS
… (emphasis in original)

I don’t know your background in subscription marketing but I don’t see Shadow Brokers as meeting the criteria for a successful subscription business. 9 Keys to Building a Successful Subscription Business.

Unless you want to get into a vulnerability as commodity business, with its attendant needs for a large subscriber base, advertising, tech support, etc., with every service layer adding more exposure, I just don’t see it. The risk of exposure is too great and the investment before profit too large.

I don’t feel much better about a bulk purchase from a major government or spy agency. The likely buyers already have the same or similar data so don’t have an acquisition motive.

Moreover, likely buyers don’t trust the Shadow Brokers. As a one time seller, Shadow Brokers could collect for the “lost data” and then release it for free in the wild.

You say that isn’t the plan of Shadow Brokers, but likely buyers are untrustworthy and expect the worst of others.

If I’m right and traditional subscription and/or direct sales models aren’t likely to work, that doesn’t mean that a sale of the “lost data” is impossible.

Consider the Wikileak strategy with the the Podesta emails.

The Podesta emails were replete with office chatter, backbiting remarks, and other trivia.

Despite the lack of intrinsic value, their importance was magnified by the release of small chunks of texts, each of which might include something important.

With each release, main stream media outlets such as the New York Times, the Washington Post, and others went into a frenzy of coverage.

That was non-technical data so a similar strategy with “lost data” will require supplemental, explanatory materials for the press.

Dumping one or two tasty morsels every Friday, for example, will extend media coverage, not to mention building public outrage that could, no guarantees, force one or more governments to pony up for the “lost data.”

Hard to say unless you try.

PS: For anyone who thinks this post runs afoul of “aiding hackers” prohibitions, you have failed to consider the most likely alternate identity of Shadow Brokers, that of the NSA itself.

Ask yourself:

Who wants real time surveillance of all networks? (NSA)

What will drive acceptance of real time surveillance of all networks? (Hint, ongoing and widespread data breaches.)

Who wants to drive adoption of Windows 10? (Assuming NSA agents wrote backdoors into the 50 to 60 million lines of code in Windows 10.)

Would a government that routinely assassinates people and overthrows other governments hesitate to put ringers to work at Microsoft? Or other companies?

Is suborning software verboten? (Your naiveté is shocking.)

WanaCrypt0r: The Wages Of False Economy

Friday, May 12th, 2017

Malware that attacks unsupported or unpatched Microsoft software started making the rounds today.

Just some of the coverage:

Malware Stolen From The NSA Cripples Computers In 74 Countries (And Counting)

Massive ransomware cyber-attack hits computers in 74 countries

Cyber-attack hits 74 countries with UK hospitals among targets – live updates

Cyberattack Hits Dozen Nations ‘Using Leaked NSA Hacking Tool’

Massive ransomware attack hits 99 countries

Criminals used leaked NSA cyberweapon in crippling ransomware attack, experts say

Global cyberattack disrupts shipper FedEx, UK health system

Hackers use leaked NSA bug in massive global cyber attack

Wanna Decrypter 2.0 ransomware attack: what you need to know

Wana Decrypt0r Ransomware Using NSA Exploit Leaked by Shadow Brokers Is on a Rampage

You will see phrases like “weapons grade malware,” “NSA exploit,” “NSA cyberweapon,” etc., and many others over the coming days.

It will be mentioned but few consequences will be seen for managers who practiced false economy, in not upgrading their Microsoft systems in a timely fashion.

It is equally unlikely that sysadmins will suffer for their failure to patch currently supported Microsoft systems in a timely manner.

Given those two likely outcomes, the next “massive global cyber attack,” is a question of when, not if. Managers will continue to practice false economies and sysadmins won’t follow good patching practices.

My suggestions:

  1. Upgrade to supported Microsoft software.
  2. Implement and audit patch application.
  3. Buy Microsoft stock.

The first two will help keep you safe and the third one will enable you to profit from the periodic panics among unsupported Microsoft software users.

Introduction: The New Face of Censorship

Saturday, May 6th, 2017

Introduction: The New Face of Censorship by Joel Simon.

From the post:

In the days when news was printed on paper, censorship was a crude practice involving government officials with black pens, the seizure of printing presses and raids on newsrooms. The complexity and centralization of broadcasting also made radio and television vulnerable to censorship even when the governments didn’t exercise direct control of the airwaves. After all, frequencies can be withheld; equipment can be confiscated; media owners can be pressured.

New information technologies–the global, interconnected internet; ubiquitous social media platforms; smart phones with cameras–were supposed to make censorship obsolete. Instead, they have just made it more complicated.

Does anyone still believe the utopian mantras that information wants to be free and the internet is impossible to censor or control?

The fact is that while we are awash in information, there are tremendous gaps in our knowledge of the world. The gaps are growing as violent attacks against the media spike, as governments develop new systems of information control, and as the technology that allows information to circulate is co-opted and used to stifle free expression.

The work of Joel Simon and the Committee to Protect Journalists is invaluable. The challenges, dangers and hazards for journalists around the world are constant and unrelenting.

I have no doubt about Simon’s account of suppression of journalists. His essay is a must read for everyone who opposes censorship, at least in its obvious forms.

A more subtle form of censorship is practiced in the United States, self-censorship.

How many stories on this theme have you read in the last couple of weeks? U.S. spy agency abandons controversial surveillance technique

Now, how many of those same stories mentioned that the NSA has a long and storied history of lying to the American public, presidents and congress?

By my count, which wasn’t exhaustive, the total is 0.

Instead of challenging this absurd account, Reuters reports the NSA reports as though it were true and fails to remind the public it is relying on a habitual liar.

Show of hands, how many readers think the Reuters staff forgot that the NSA is a hotbed of liars and cheats?

There is little cause for government censorship of US media outlets. They censor themselves before the government can even ask.

Support the Committee to Protect Journalists and perhaps their support of journalists facing real censorship will shame US media into growing a spine.

Leaking Improves Security – Secrecy Weakens It

Monday, April 24th, 2017

If you need a graphic for the point that leaking improves security – secrecy weakens it, consider this one:

Ask your audience:

Prior to the Shadow Brokers leak of the NSA’s DoublePulsar Malware, how many people were researching a counter to it?

Same question, but substitute: After the Shadow Brokers leak ….

As the headline says: Leaking Improves Security – Secrecy Weakens It.

Image originates from: Over 36,000 Computers Infected with NSA’s DoublePulsar Malware by Catalin Cimpanu.

Anyone who suggests otherwise wants you and others to be insecure.

Leak “Threatens Windows Users Around The World?”

Thursday, April 20th, 2017

Leaked NSA Malware Threatens Windows Users Around The World? by Sam Biddle.

Really? Shadow Brokers leaking alleged NSA malware “threatens users around the world?”

Hmmm, I would think that the NSA developing Windows malware is what threatens users around the world.

Yes?

Unlike the apparent industry concealment of vulnerabilities, the leaking of NSA malware puts all users on an equal footing with regard to those vulnerabilities.

In a phrase, users are better off for the NSA malware leak than they were before.

They know (or at least it has been alleged) that these leaked vulnerabilities have been patched in supported Microsoft products. By upgrading to those products, they can avoid these particular pieces of NSA malware.

Leaking vulnerabilities enables users to avoid perils themselves, in this case by upgrading, and/or to demand patches from vendors responsible for the vulnerabilities.

Do you see a downside I don’t?

Well, aside from trashing the market for vulnerabilities and gelding security agencies, neither one of which I will lose any sleep over.

OPM Farce Continues – 2016 Inspector General Report

Monday, November 21st, 2016

U.S. Office of Personnel Management – Office of the Inspector General – Office of Audits

The Office of Personnel Management hack was back in the old days when China was being blamed for every hack. There’s no credible evidence of that but the Chinese were blamed in any event.

The OMP hack illustrated the danger inherent in appointing campaign staff to run mission critical federal agencies. Just a sampling of the impressive depth of Archuleta’s incompetence, read Flash Audit on OPM Infrastructure Update Plan.

The executive summary of the current report offers little room for hope:

This audit report again communicates a material weakness related to OPM’s Security Assessment and Authorization (Authorization) program. In April 2015, the then Chief Information Officer issued a memorandum that granted an extension of the previous Authorizations for all systems whose Authorization had already expired, and for those scheduled to expire through September 2016. Although the moratorium on Authorizations has since been lifted, the effects of the April 2015 memorandum continue to have a significant negative impact on OPM. At the end of fiscal year (FY) 2016, the agency still had at least 18 major systems without a valid Authorization in place.

However, OPM did initiate an “Authorization Sprint” during FY 2016 in an effort to get all of the agency’s systems compliant with the Authorization requirements. We acknowledge that OPM is once again taking system Authorization seriously. We intend to perform a comprehensive audit of OPM’s Authorization process in early FY 2017.

This audit report also re-issues a significant deficiency related to OPM’s information security management structure. Although OPM has developed a security management structure that we believe can be effective, there has been an extremely high turnover rate of critical positions. The negative impact of these staffing issues is apparent in the results of our current FISMA audit work. There has been a significant regression in OPM’s compliance with FISMA requirements, as the agency failed to meet requirements that it had successfully met in prior years. We acknowledge that OPM has placed significant effort toward filling these positions, but simply having the staff does not guarantee that the team can effectively manage information security and keep OPM compliant with FISMA requirements. We will continue to closely monitor activity in this area throughout FY 2017.

It’s illegal but hacking the OPM remains easier than the NSA.

Hacking the NSA requires a job at Booz Allen and a USB drive.

Is Google Fancy Bear? Or is Microsoft? Factions of Fancy Bear?

Wednesday, November 2nd, 2016

Fancy Bear: Russia-linked hackers blamed for exploiting Windows zero-day flaw.

From the post:

MICROSOFT IS USING a new tactic to get people to upgrade to Windows 10 by warning that those who don’t could fall victim to Russian hackers.

The company said in a security advisory that a hacking group previously linked to the Russian government and US political hacks has exploited a newly discovered Windows zero-day flaw that was outed by Google earlier this week.

Microsoft claimed that the hacking group ‘Strontium’, more commonly known as ‘Fancy Bear’, had carried out a small number of attacks using spear phishing techniques.

Too much of a coincidence Google drops a zero-day flaw the same week it shows up in the wild from Fancy Bear?

Too much of a coincidence Windows 10 is the magic solution to an “all Windows/all the time” vulnerability?

Could Google and Microsoft be rival factions of Fancy Bear?

The super-hackers in North Korea, should be offended by the obsession with Fancy Bear. Double ditto for the Chinese warlord class hackers.

For months, years in internet time, it’s Fancy Bear this and Fancy Bear that. Your toaster on the blink, must be Fancy Bear. Your printer is jammed, must be Fancy Bear. Worried about hacking paper ballots? Must be Fancy Bear.

Despite DNI James Clapper‘s paranoid and Hillary Clinton-serving fantasies, there is more to attribution than saying a catchy name.

What’s Your NSA Number?

Tuesday, November 1st, 2016

You have heard of Erdös numbers, which are based on collaboration of mathematicians with Paul Erdös. The Erdös Number Project

The publication of (alleged) NSA hacked sites may give rise to your NSA Number. (New leak may show if you were hacked by the NSA by Dan Goodin.)

With two assumptions:

  1. The 290 IP addresses are indeed valid.
  2. The NSA did in fact hack those sites.

The top NSA Number would be 290. (I combined, sorted and deduped the IP addresses. Other counts are out there but I don’t know how they were made.)

As a first step, I ran ping on the 290 and 74 reported as “up.”

My results on the 290.

Many others avenues of server detection to pursue but a common list is a good start.

Edits/changes to my list?

Thanks!

Betraying Snowden:… [Cynical, but not odd]

Tuesday, September 20th, 2016

Betraying Snowden: There’s a special place in journalism hell for The Washington Post editorial board by Daniel Denvir.

From the post:

There is a special place in journalism hell reserved for The Washington Post editorial board now that it has called on President Barack Obama to not pardon National Security Agency whistleblower Edward Snowden.

As Glenn Greenwald wrote, it’s an odd move for a news publication, “which owes its sources duties of protection, and which — by virtue of accepting the source’s materials and then publishing them — implicitly declares the source’s information to be in the public interest.” Notably, the Post decided to “inexcusably omit . . . that it was not Edward Snowden, but the top editors of the Washington Post who decided to make these programs public,” as Greenwald added.

The Post’s peculiar justification is as follows: While the board grudgingly conceded that reporters, thanks to Snowden, revealed that the NSA’s collection of domestic telephone metadata — which “was a stretch, if not an outright violation, of federal surveillance law” — it condemns him for revealing “a separate overseas NSA Internet-monitoring program, PRISM, that was both clearly legal and not clearly threatening to privacy.”

Washington Post opposition to a pardon for Edward Snowden isn’t odd at all.

Which story generates more PR for the Washington Post:

  1. The Washington Post, having won a Pulitzer prize due to Edward Snowden, joins a crowd calling for his pardon?
  2. The Washington Post, having won a Pulitzer prize due to Edward Snowden, opposes his being pardoned?

It’s not hard to guess which one generates more ad-views and therefore the potential for click-throughs.

I have no problems with the disclosure of PRISM, save for Snowden having to break his word as a contractor to keep his client’s secrets, well, secret.

No one could be unaware that the NSA engages in illegal and immoral activity on a daily basis before agreeing to be employed by them.

Although Snowden has done no worse than his former NSA employers, it illustrates why I have no trust in government agencies.

If they are willing to lie for what they consider to be “good” reasons to you, then they are most certainly willing to lie to me.

Once it is established that an agency, take the NSA for example, has lied on multiple occasions, on what basis would you trust them to be telling the truth today?

Their assurance, “we’re not lying this time?” That seems rather tenuous.

Same rule should apply to contractors who lie to or betray their clients.

Hackers Say They Hacked NSA-Linked Group… (Fact or Fantasy?)

Monday, August 15th, 2016

Hackers Say They Hacked NSA-Linked Group, Want 1 Million Bitcoins to Share More by Lorenzo Franceschi-Biccierai.

From the post:

A mysterious hacker or hackers going by the name “The Shadow Brokers” claims to have hacked a group linked to the NSA and dumped a bunch of its hacking tools. In a bizarre twist, the hackers are also asking for 1 million bitcoin (around $568 million) in an auction to release more files.

“Attention government sponsors of cyber warfare and those who profit from it!!!!” the hackers wrote in a manifesto posted on Pastebin, on GitHub, and on a dedicated Tumblr. “How much you pay for enemies cyber weapons? […] We find cyber weapons made by creators of stuxnet, duqu, flame.”

The hackers referred to their victims as the Equation Group, a codename for a government hacking group widely believed to be the NSA.

What is the first thing that strikes you as dodgy about this claimed hack?

If you had a hacking weapons from the NSA, wouldn’t you first approach other national governments?

The NSA would still hear about it but the buyers would be doing their best to keep sale and hack secret as well.

Here? The alleged hackers have painted a target on their backs and “chump” on anyone who parts with any bitcoins for a release of the alleged weapons.

The best to hope for is the alleged hackers aren’t prosecuted for fraud as a result of any online auction.

They shouldn’t be. Buying allegedly stolen property and being cheated isn’t a crime, it’s a valuable lesson.

No ‘Raiders of the Lost Ark’ Stockpile? You Are Still In Danger!

Saturday, August 6th, 2016

NSA denies ‘Raiders of the Lost Ark’ stockpile of security vulnerabilities by Alex Hern.

From the post:

America’s National Security Agency (NSA) spends upwards of $25m in a year buying previously undisclosed security vulnerabilities – known as zero days, because that’s the length of time the target has had to fix them – but the large investment may not result in as much of a collection of hacking capabilities as is widely assumed.

Jason Healey, a senior research scholar at Columbia University and director at the Atlantic Council policy thinktank, argues that the true number of zero days stockpiled by the NSA is likely in the “dozens”, and that the agency only adds to that amount by a very small amount each year. “Right now it looks like single digits,” he says, adding that he has “high confidence in this assessment.”

One key piece of evidence comes from the NSA itself, which in 2015 claimed that 91% of vulnerabilities it procured were eventually disclosed to the vendors whose products were at risk. Of the other 9%, at least some of those weren’t disclosed because they were fixed before they could be, the agency adds.

Similarly, the White House has revealed that in one year since the current disclosure policy was implemented, it reviewed about 100 software vulnerabilities discovered by the NSA to determine if they should be disclose, and “kept only about two”. Healey adds that in the autumn of 2014, he was personally told that every single vulnerability which had come up for review had been disclosed.

No amount of factual reporting is likely to dispel the myth of an NSA horde of zero days.

However, the Verizon 2016 Data Breach Investigations Report makes it clear that zero days aren’t the main source of hacking danger:

verizon-2016-460

That’s not an error! Vulnerabilities prior to 1999 are still in use.

You can spend your days discussing rumors of the latest zero day or you can insist that IT follow a verified application of patches process.

How effective is patching known vulnerabilities?

The top 10 internal vulnerabilities accounted for over 78 percent of all internal vulnerabilities during 2015. All 10 internal vulnerabilities are directly related to outdated patch levels on the target systems. (2016 NTT Group, Global Threat Intelligence Report, page 5. Emphasis in original.)

Routine patching can reduce your internal vulnerabilities by 78% (on average).

That’s a clear, actionable, measurable requirement.

Call up your IT department, ask for a list of all the software in your enterprise and a list of patches that have been applied to each instance and those waiting to be applied (as per the vendor).

Remember, a data breach maybe ITs “fault,” but it may be your job that is at risk.

PS: One of earliest uses of topic maps was to track software on a university network.

Anonymous Video – USA -> NSA

Thursday, August 4th, 2016

While amusing, the topic of this video is deadly serious.

The NSA, firmly, albeit misguidedly, believes:

The United States today faces very real, very grave national security threats. Extremism and international terrorism flourish in too many areas of the world, threatening our warfighters, our allies and our homeland. Regional conflicts can have serious effects on U.S. national interests. Hostile foreign governments and terrorists trade in, or seek to acquire, weapons of mass destruction and/or the materials to produce them. Tons of illegal drugs are smuggled into our country each year.

The newest threats we face, and perhaps the fastest growing, are those in cyberspace. Cyber threats to U.S. national and economic security increase each year in frequency, scope and severity of impact. Cyber criminals, hackers and foreign adversaries are becoming more sophisticated and capable every day in their ability to use the Internet for nefarious purposes.

As a nation, we are dependent on the Internet – we use it for everything. We communicate online, bank and shop online, and store much of our personal information there. In business, education and government, we all count on having ready access to the Internet and its many capabilities as we go about our daily routines. The Internet opens up new worlds to users.

But while cyberspace offers great opportunities, it also comes with vulnerabilities. Our information networks and technology are constantly at risk from a variety of bad actors using a multitude of techniques – remote hacking intrusions, the placement of malware, spearphishing and other means of gaining access to networks and information.

Some of these bad actors are criminals motivated by profit, particularly in the areas of identity theft and other forms of financial cybercrime. The cost of cybercrime – already in the billions of dollars – rises each year.

But cyber threats also come from nation states and other actors who seek to exploit information to gain an advantage over the United States. They might seek an economic advantage, or to gain insight into our military or foreign policy. Denial of service attacks disrupt business and undermine confidence.

Terrorists and extremist groups today use the power of the Internet, especially social media, to spread their messages of hate and intolerance, and to recruit new members, often targeting vulnerable young people. The global reach of cyberspace and the complexity of its networks provide bad actors ample places to hide, safe from the reach of international law.

To meet these threats, our national leaders, military leaders, policy makers and law enforcement personnel must understand who our adversaries are, where they are, and what their capabilities, plans and intentions are. At the same time, we must ensure that we protect our own national security information from those who would do us harm. These are the capabilities that the National Security Agency provides to our nation, to our leaders and to our fellow Americans – 24 hours a day, seven days a week. [Understanding The Threat]

Surrounded by jinns and demons, known and unknown, as the only hope for Truth, Justice and the American Way, what choice does the NSA have but to use any and all means, fair and foul, to meet those threats?

As you know, I’m not a big fan of the NSA or its surveillance programs, but in researching this post, I encountered a shift in the rhetoric of the NSA.

As you can see in Understanding The Threat, the entire focus is on hazards and dangers that would justify any degree of action of lawlessness.

Contrast that with the Commitment that is preserved by the Internet Archive (December, 2015):

These are our commitments to you, our fellow citizens:

  • We will act with integrity to advance the rights, goals, and values of the Nation.
  • We will adhere to the spirit and the letter of the Constitution and the laws and regulations of the United States.
  • We will support and protect our troops in the field.
  • We will combat terrorism around the globe – when necessary, putting our lives on the line to preserve the Nation.
  • We will provide our policymakers, negotiators, ambassadors, law enforcement community, and military the vital intelligence they need to protect and defend the Nation.
  • We will defend the national security networks vital to our Nation.
  • We will be a trusted steward of public resources and place prudent judgment over expediency.
  • We will continually strive for transparency in all our review, monitoring, and decision-making processes.
  • We will be accountable for our actions and take responsibility for our decisions.
  • We will honor Open Government and Transparency mandates by making timely and accurate information available to the public, subject to valid privacy, confidentiality, security or other restrictions under existing law and policies.
  • Along with those exciting programs we partner with the Maryland STEM program.

What I find even more disturbing than the current threat statement is that it was written after mass collection of telephone data (under the Committment) was found to be useless:

A member of the White House review panel on NSA surveillance said he was “absolutely” surprised when he discovered the agency’s lack of evidence that the bulk collection of telephone call records had thwarted any terrorist attacks.

“It was, ‘Huh, hello? What are we doing here?’” said Geoffrey Stone, a University of Chicago law professor, in an interview with NBC News. “The results were very thin.”

While Stone said the mass collection of telephone call records was a “logical program” from the NSA’s perspective, one question the White House panel was seeking to answer was whether it had actually stopped “any [terror attacks] that might have been really big.”

“We found none,” said Stone.

Under the NSA program, first revealed by ex-contractor Edward Snowden, the agency collects in bulk the records of the time and duration of phone calls made by persons inside the United States.

Stone was one of five members of the White House review panel – and the only one without any intelligence community experience – that this week produced a sweeping report recommending that the NSA’s collection of phone call records be terminated to protect Americans’ privacy rights. (NSA program stopped no terror attacks, says White House panel member by Michael Isikoff.)

Shouldn’t the three hundred plus page report: Liberty and Security in a Changing World, dated 12 December 2013, result in a less paranoid, less extreme view of threats?

Pursuit of a paranoid and largely delusional view of the world, even post-exposure as paranoid and delusional, does not bode well for those subject to NSA surveillance.

Encrypt, Onionize and Erase (EOE) is your new mantra.

New Linux Journal Subscription Benefit!

Tuesday, July 12th, 2016

Benefits of a Linux Journal subscription you already know:

  1. Linux Journal, currently celebrating its 20th year of publication, is the original magazine of the global Linux community, delivering readers the advice and inspiration they need to get the most out of their Linux systems.”
  2. $29.50 (US) buys 12 issues and access to the Linux Journal archive.
  3. Linux Journal has columns written by regular columns written by Mick Bauer, Reuven Lerner, Dave Taylor, Kyle Rankin, Bill Childers, John Knight, James Gray, Zack Brown, Shawn Powers and Doc Searls.
  4. For more see the Linux Journal FAQ.

Now there is a new Linux Journal subscription benefit:

You are flagged as an extremist by the NSA

NSA Labels Linux Journal Readers and TOR and TAILS Users as Extremists by Dave Palmer.

End the constant worry, nagging anxiety, endless arguments with friends about who is being tracked by the NSA! For the small sum of $29.50 (US) you can buy your way into the surveillance list at the NSA.

I can’t think of a cheaper way to get on a watch list, unless you send threatening letters to the U.S. President, which is a crime, so don’t do it.

Step up and assume the mantle of “extremist” in the eyes of the NSA.

You would be hard pressed to find better company.

PS: Being noticed may not seem like a good idea. But the bigger the NSA haystack, the safer all needles will be.

Intelligence Suicide By Data

Wednesday, June 8th, 2016

Facing Data Deluge, Secret U.K. Spying Report Warned of Intelligence Failure by Ryan Gallagher.

From the post:


The amount of data being collected, however, proved difficult for MI5 to handle. In March 2010, in another secret report, concerns were reiterated about the agency’s difficulties processing the material it was harvesting. “There is an imbalance between collection and exploitation capabilities, resulting in a failure to make effective use of some of the intelligence collected today,” the report noted. “With the exception of the highest priority investigations, a lack of staff and tools means that investigators are presented with raw and unfiltered DIGINT data. Frequently, this material is not fully assessed because of the significant time required to review it.”

Ironic this story appears less than two (2) weeks after reports of the FBI seeking NSL (national security letter) authority to obtain email records and browsing histories.

gun_suicide_silhouette_800x600-460

I should not complain about the FBI, NSA and other government agencies committing intelligence suicide by data.

Their rapidly growing ineffectiveness shields innocents from their paranoid fantasies.

At the same time, that ineffectiveness inhibits the performance of legitimate purposes. (The FBI, once upon a time, had a legitimate purpose, some of the others, well, that’s an issue for debate.)

So we are clear, I don’t consider contracts for “butts in seats” for either contractors or agencies to be for “legitimate purposes.” I reserve the phrase “legitimate purposes” for activities that further the stated goals of the agency, not padding staffing rolls, not occupying as much office space as possible, not having the most forms or whatever other criteria functions as the measure of success in a particular agency.

Hints for federal agencies already committing intelligence suicide by data or approaching that point:

  1. What data sources have proven valuable in the past? (Reminder: Phone metadata records have not. Not ever.)
  2. What data sources, in order of historical importance, are available in case X?
  3. Assemble the data from the top performing resources

For example, if an informant has direct contact with an alleged Islamic State supporter, isn’t that the best source of evidence for their plans and thinking? Do you really need their websearch history from an internet services provider? Considering that you will ask for everyone’s web search history to avoid disclosing the particular web history you are seeking.

To be sure, vendors will sell you as much data processing and storage capacity as you care to purchase, but you won’t be any closer to stopping terrorism. Just closer to the end of your budget for the current fiscal year.

Is intelligence suicide by data a goal of your agency?

Censored SIDtoday File Release

Monday, May 16th, 2016

Snowden Archive — The SIDtoday Files

From the post:

The Intercept’s first SIDtoday release comprises 166 articles, including all articles published between March 31, 2003, when SIDtoday began, and June 30, 2003, plus installments of all article series begun during this period through the end of the year. Major topics include the National Security Agency’s role in interrogations, the Iraq War, the war on terror, new leadership in the Signals Intelligence Directorate, and new, popular uses of the internet and of mobile computing devices.

Along with this batch, we are publishing the stories featured below, which explain how and why we’re releasing these documents, provide an overview of SIDtoday as a publication, report on one especially newsworthy set of revelations, and round up other interesting tidbits from the files.

There are a series of related stories with this initial release:

The Intercept is Broadening Access to the Snowden Archive. Here’s Why by Glenn Greenwald.

NSA Closely Involved in Guantánamo Interrogations, Documents Show by Cora Currier.

The Most Intriguing Spy Stories From 166 Internal NSA Reports by Micah Lee, Margot Williams.

What It’s Like to Read the NSA’s Newspaper for Spies by Peter Maass.

How We Prepared the NSA’s Sensitive Internal Reports for Release by The Intercept.

A master zip file has all the SIDtoday files released thus far.

Comments on the censoring of these files will follow.

Twitter Giveth and Taketh Away (NSA as Profit Center?)

Monday, May 16th, 2016

Twitter Giveth: GCHQ intelligence agency joins Twitter. Just about anyone can get a Twitter account these days.

Do see the GCHQ GitHub site for shared software.

Taketh Away Twitter Bars Intelligence Agencies From Using Analytics Service.

Twitter has barred Dataminr from providing services to government intelligence services.

Dataminr monitors the entire Twitter pipe and provides analytics based on that stream.

Will this result in the NSA sharing its signal detection in the Twitter stream with other intelligence agencies?

Or for that matter, the NSA could start offering commercial signal detection services across all its feeds. Make it a profit center for the government rather than a money pit.

BTW, don’t be deceived by the illusion of space between government and Twitter, or any other entity that cooperates with a national government. Take “compromised” as a given. The real questions are by who and for what purpose?

“Rule of Law” and Lauri Love

Tuesday, May 3rd, 2016

My recent post, How-To Document Conspiracies and Other Crimes raised concerns with some readers since I did not address the legal niceties of the indictment. Burden of proof, claims not facts, etc. All of which were irrelevant to my point of using “secure IRC” to document a conspiracy or other crimes.

True or false, the indictment serves to illustrate the impact of self-documenting the commission of crimes, if indeed any crimes were committed.

What prompted this post was the suggestion that I was ignoring the “rule of law” in cases such as the one involving Lauri Love.

Perhaps the hacker community is unaware that the “rule of law” is a fiction which the sovereign sets aside at its convenience.

That has always been the case but the disturbing development during the Fear of Terror era, is that abandonment of the “rule of law” has become overt policy.

Iran-Contra is an example of abandoning the “rule of law” but at least those involved were talked about as criminals.

Fast forward to post 9/11 and examples of abandoning the “rule of law” explode: FBI instructs agents to conceal information from triers of fact U.s. v. Michaud, FBI hacking (FBI uses zero day exploits), Director of National Intelligence lies to Congress (Lies, Damned Lies, and Clapper (2015)), are just a few examples. (Is anyone keeping a list of the admitted lies to triers of fact and/or Congress?)

The public and unashamed abandonment of the “rule of law” along with any notion of an independent judiciary, has a deeply corrosive effect on the legitimacy of government.

Judges where alleged crimes against the state are prosecuted, should remember the state abandoned the “rule of law” first. It has no one but itself to blame for the consequences that follow.

NSA Work/Life Balance [child porn]

Monday, May 2nd, 2016

If you haven’t seen the new intelligence careers NSA site, it deserves a look.

I do have a correction to the benefits page, which describes Work/Life Balance:

nsa-work-life

After reading: FEDS Have Found ‘Unbelievable’ Amounts of Child Porn on National Security Computers. Is This the Solution? by Aliya Sternstein, shouldn’t child porn be added to that list?

If from a security perspective, possession of child porn opens NSA staff to blackmail, I suggest they legalize possession of child porn by NSA staff.

That would remove the potential for blackmail and it would encourage longer careers at the NSA.

The NSA is very unlikely to be monitoring my blog so if you know any NSA staffers, please ping them with this post.

NSA-grade surveillance software: IBM i2 Analyst’s Notebook (Really?)

Tuesday, April 5th, 2016

I stumbled across Revealed: Denver Police Using NSA-Grade Surveillance Software which had this description of “NSA-grade surveillance software…:”


Intelligence gathered through Analyst’s Notebook is also used in a more active way to guide decision making, including with deliberate targeting of “networks” which could include loose groupings of friends and associates, as well as more explicit social organizations such as gangs, businesses, and potentially political organizations or protest groups. The social mapping done with Analyst’s Notebook is used to select leads, targets or points of intervention for future actions by the user. According to IBM, the i2 software allows the analyst to “use integrated social network analysis capabilities to help identify key individuals and relationships within networks” and “aid the decision-making process and optimize resource utilization for operational activities in network disruption, surveillance or influencing.” Product literature also boasts that Analyst’s Notebook “includes Social Network Analysis capabilities that are designed to deliver increased comprehension of social relationships and structures within networks of interest.”

Analyst’s Notebook is also used to conduct “call chaining” (show who is talking to who) and analyze telephone metadata. A software extension called Pattern Tracer can be used for “quickly identifying potential targets”. In the same vein, the Esri Edition of Analyst’s Notebook integrates powerful geo-spatial mapping, and allows the analyst to conduct “Pattern-of-Life Analysis” against a target. A training video for Analyst’s Notebook Esri Edition demonstrates the deployment of Pattern of Life Analysis in a military setting against an example target who appears appears to be a stereotyped generic Muslim terrorism suspect:

Perhaps I’m overly immune to IBM marketing pitches but I didn’t see anything in this post that could not be done with Python, R and standard visualization techniques.

I understand that IBM markets the i2 Analyst’s Notebook (and training too) as:

…deliver[ing] timely, actionable intelligence to help identify, predict, prevent and disrupt criminal, terrorist and fraudulent activities.

to a reported tune of over 2,500 organizations worldwide.

However, you have to bear in mind the software isn’t delivering that value-add but rather the analyst plus the right data and the IBM software. That is the software is at best only one third of what is required for meaningful results.

That insight seems to have gotten lost in IBM’s marketing pitch for the i2 Analyst’s Notebook and its use by the Denver police.

But to be fair, I have included below the horizontal bar, the complete list of features for the i2 Analyst’s Notebook.

Do you see any that can’t be duplicated with standard software?

I don’t.

That’s another reason to object to the Denver Police falling into the clutches of maintenance agreements/training on software that is likely irrelevant to their day to day tasks.


IBM® i2® Analyst’s Notebook® is a visual intelligence analysis environment that can optimize the value of massive amounts of information collected by government agencies and businesses. With an intuitive and contextual design it allows analysts to quickly collate, analyze and visualize data from disparate sources while reducing the time required to discover key information in complex data. IBM i2 Analyst’s Notebook delivers timely, actionable intelligence to help identify, predict, prevent and disrupt criminal, terrorist and fraudulent activities.

i2 Analyst’s Notebook helps organizations to:

Rapidly piece together disparate data

Identify key people, events, connections and patterns

Increase understanding of the structure, hierarchy and method of operation

Simplify the communication of complex data

Capitalize on rapid deployment that delivers productivity gains quickly

Be sure to leave a comment if you see “NSA-grade” capabilities. We would all like to know what those are.