Another Word For It Patrick Durusau on Topic Maps and Semantic Diversity

January 30, 2019

Cyber Threats, The Modern Maginot Line … Worldwide Threat Assessment

Filed under: Cybersecurity,Hacking,Intelligence — Patrick Durusau @ 8:30 pm

Worldwide Threat Assessment of the US Intelligence Community

From the report:


China has the ability to launch cyber attacks that cause localized, temporary disruptive effects on critical infrastructure — such as disruption of a natural gas pipeline for days to weeks — in the United States.

I won’t shame the alleged author of this report by naming them.

This is a making a case for a bigger budget document and not a report to be taken seriously.

For example, I would re-write this item to read:


Any country with a budget large enough to rent earth moving equipment has the ability to cause disruptive effects on critical infrastructure — such as disruption of a natural gas pipeline for months — in the United States.

Think about the last time you heard of a contractor disrupting a gas or water main. Now improve upon that memory with the pipe being one that transports oil, natural gas or other petroleum products across state lines.

If you were planning on disrupting critical infrastructure in the US, would you fund years of iffy research and development for a cyber attack, or spend several thousand dollars on travel and equipment rental?

Cyber defense utility infrastructure is a modern Maginot Line. It’s true someone, a very stupid someone, could attack that way, but why would they in light of easier and surer methods of disruption?

No one associated with the report asked that question because it’s a collaborative budget increase document.

PS: The techniques overlooked in the Worldwide Threat Assessment are applicable to other countries as well. (Inquire for details.)

January 4, 2019

Crypto-Cash for Crypto-Cache : The Dark Overlord

Filed under: Government,Government Data,Hacking,Intelligence — Patrick Durusau @ 8:24 pm
Crypto-Cash for Crypto-Cache

This is the thedarkoverlord here to deliver a message.


Our Official Bitcoin Wallet Address: 192ZobzfZxAkacLGmg9oY4M9y8MVTPxh7U


As the world is aware, we released our first decryption key for the ‘Preview_Documents.container’ Veracrypt container that contained a small sample of documents to continue to verify the authenticity of our claims. The decryption key for this container is: *CZ4=I{YZ456zGecgg9/cCz|zNP5bZ,nCvJqDZKrq@v?O5V$FezCNs26CD;e:%N^

There’s five layers to go. Layer 1, 2, 3, 4, and fine finally Layer 5. Each layer contains more secrets, more damaging materials, more SSI, more SCI, more government investigation materials, and generally just more truth. Consider our motivations (money, specifically Bitcoin), we’re not inclined to leak the juiciest items until we’re paid in full. However, in the interest of public awareness and transparency, we’re officially announcing our tiered compensation plan. …

This press release is reviewed at: Hacker group releases ‘9/11 Papers’, says future leaks will ‘burn down’ US deep state.

Nothing explosive in the initial documents but you have to wonder why they were scrubbed from Reddit, Pastebin, and Twitter, “immediately.”

I don’t see any ethical issue with The Dark Overlord charging for these documents. We are held hostage by utility, cable, ISP, mortgage and other hostiles. It’s a proven money-making model so why the tension over it being used here?

For further details, see the press release by The Dark Overlord. Please consider contributing to fund the release of these documents.

P.S. I rather doubt any document or report is going to bring down the “deep state.” Remember that it employs hundreds of thousands of people and numerous contractors and vendors. Shutting it down would cripple local economies in a number of places. It likely exists because it is needed to exist.

September 4, 2018

Of hosting files in url minifiers [Passing < 4k operational orders]

Filed under: Compression,Hosting,Intelligence,Web Server — Patrick Durusau @ 4:56 pm

Of hosting files in url minifiers by Paul Masurel.

From the post:

Today I had an epiphany while staring at a very long url. I thought: “Url minifiers are really nice to store all of this data for free”. And then it stroke me… One can really store 4KB of arbitrary data with a url minifier system and share it for free.

Now there’s a clever thought!

Apologies for missing this when it first appeared. I can imagine several interesting uses for this insight.

Such as the passing of operational orders via a url minifier system.

Tasking the intelligence community to discover and inspect every shortened url, everyday.

I saw < 4k operational orders because the more advanced the technique, the greater the technical overhead. The base 4k is trivial.

For example, https://bit.ly/2wHB3zH, which gives a 404, but also the text:

http://www.nowhere.com/Today-is-the-day-we-smite-our-oppressors-at-the-usual-location

All I needed was a public url minifier.

Please share this post with anyone who has a need to pass < 4k operational orders or information.

Be sure to credit Paul Masurel with this discovery. Me, I find interesting use cases and applications of technology.

August 21, 2018

EPIC APP CHALLENGE [Intelligence on Intelligence Community, Street Cred, Cash Prizes]

Filed under: Contest,Intelligence — Patrick Durusau @ 7:45 pm

EPIC APP CHALLENGE

From the post:

The EPIC App Challenge is an Intelligence-Community-focused challenge for developers directed at one or more hard problems the IC is facing today. Participating in the App Challenge is a great way to show off your school or company’s developers and technical talent to 3 esteemed judges and over 1,000 attendees at the 2018 Intelligence and National Security Summit. Similar to a hackathon, teams will be competing against each other in a 10-day sprint to create the best solution to the problem involved. Instead of running the challenge on-site, teams will work from their home, office, or school to create their solutions and then present them on the kickoff day of the Summit, September 4.

There will be cash prizes given to the first, second, and third place teams, which will be announced following the keynote luncheon on the opening day of the conference.

  • Grand Prize: $3,000
  • Second Place: $2,000
  • Third Place: $1,000

Phase 1: August 24 – September 4

  • We will host a virtual kick off at 11am on Friday, August 24 to provide all teams with the problem statement, as well as answer any questions you may have. We will also provide contact information if you have any questions along the way. You will have until 8:00am on Tuesday, September 4 to work on your project. Your solution can be presented in PowerPoint or Keynote slides, a Word document, a Prezi, video, etc.

Phase 2: September 4

  • You will arrive by 8:15am to present your solution to the judges. We will kick off the event with opening remarks, and then each team will present their solution. Judging will be done science fair style. Judges will give each team approximately 15 minutes to present their solution. Judging will conclude at 11:00am. Following the round of judging, the winners will be selected and recognized on stage following the opening keynote luncheon, which begins at 11:45am.
  • Teams are allowed to leave their solutions set up the rest of the day for the 1,000+ INSS attendees to come by and see your solution.

Problem Set

The App Challenge problem will focus on anticipating events based on open source data sets that may include data for natural disasters, social unrest, cyber attacks, or disease patterns. Participants will be judged on their ability to develop anticipatory intelligence solutions based on the final judging criteria. 

Utilize a publicly available open data set (i.e., CIA World Factbook, Data.gov, more) to provide indictors and warning (i.e., anticipatory intelligence, predictive analytics, pattern recognition) for an ongoing or upcoming global event that would be relevant to National Security Interests of the United States. Your solution will be judged on two prongs: First, on the problem sets impact to national security; and, second, the technical solution and how well the proposed solution will meet that need. Further details to be provided during the kickoff on Aug. 24.

Examples of data sets and technology to support the development of your solution:

  • Data sets: CIA World Factbook, Data.gov, US Census, Github, Socrata, DIUx, more
  • Indictors and warning: pattern recognition, machine learning, anticipatory intelligence, predictive analytics, etc.
  • Potential events with national security implications that could be of focus (this is not inclusive):
    • Cyber attacks
    • Natural disasters (i.e., fires, earthquakes, Tsunami)
    • Biological events (i.e., disease outbreak patterns)

Team Entry

  • Minimum of 1 person with a maximum of 5 team members
  • Participants in the EPIC App Challenge will be provided complimentary registration to the conference, as well as a complimentary ticket to the opening keynote luncheon
  • Teams must be able to attend the morning of September 4 to present your solution.
  • Cost is $50 per team to participate.

Register here!

If you want to gather intelligence on the intelligence community, here’s a cheap ($50) way to start. Not only will you discover what the intelligence community (IC) considers to be hard problems, you may come to the attention (assuming that’s desired) of members of the IC. They are further sources of what interests the IC.

Anyone up for a team using merging based on subject identity? Ping me.

January 18, 2018

Launch of DECLASSIFIED

Filed under: Government,Intelligence,Politics — Patrick Durusau @ 11:48 am

Launch of DECLASSIFIED by Mark Curtis.

From the post:

I am about to publish on this site hundreds of UK declassified documents and articles on British foreign policy towards various countries. This will be the first time such a collection has been brought together online.

The declassified documents, mainly from the UK’s National Archives, reveal British policy-makers actual concerns and priorities from the 1940s until the present day, from the ‘horse’s mouth’, as it were: these files are often revelatory and provide an antidote to the often misleading and false mainstream media (and academic) coverage of Britain’s past and present foreign policies.

The documents include my collections of files, accumulated over many years and used as a basis for several books, on episodes such as the UK’s covert war in Yemen in the 1960s, the UK’s support for the Pinochet coup in Chile, the UK’s ‘constitutional coup’ in Guyana, the covert wars in Indonesia in the 1950s, the UK’s backing for wars against the Iraqi Kurds in the 1960s, the coup in Oman in 1970, support for the Idi Amin takeover in Uganda and many others policies since 1945.

But the collection also brings together many other declassified documents by listing dozens of media articles that have been written on the release of declassified files over the years. It also points to some US document releases from the US National Security Archive.

A new resource for those of you tracking the antics of the small and the silly through the 20th and into the 21st century.

I say the “small and the silly” because there’s no doubt that similar machinations have been part and parcel of government toady lives so long as there have been governments. Despite the exaggerated sense of their own importance and the history making importance of their efforts, almost none of their names survive in the ancient historical record.

With the progress of time, the same fate awaits the most recent and current crop of government familiars. While we wait for them to pass into obscurity, you can amuse yourself by outing them and tracking their activities.

This new archive may assist you in your efforts.

Be sure to keep topic maps in mind for mapping between disjoint vocabularies and collections of documents as well as accounts of events.

December 24, 2017

Adversarial Learning Market Opportunity

The Pentagon’s New Artificial Intelligence Is Already Hunting Terrorists by Marcus Weisgerber.

From the post:

Earlier this month at an undisclosed location in the Middle East, computers using special algorithms helped intelligence analysts identify objects in a video feed from a small ScanEagle drone over the battlefield.

A few days into the trials, the computer identified objects – people, cars, types of building – correctly about 60 percent of the time. Just over a week on the job – and a handful of on-the-fly software updates later – the machine’s accuracy improved to around 80 percent. Next month, when its creators send the technology back to war with more software and hardware updates, they believe it will become even more accurate.

It’s an early win for a small team of just 12 people who started working on the project in April. Over the next year, they plan to expand the project to help automate the analysis of video feeds coming from large drones – and that’s just the beginning.

“What we’re setting the stage for is a future of human-machine teaming,” said Air Force Lt. Gen. John N.T. “Jack” Shanahan, director for defense intelligence for warfighter support, the Pentagon general who is overseeing the effort. Shanahan believes the concept will revolutionize the way the military fights.

So you will recognize Air Force Lt. Gen. John N.T. “Jack” Shanahan (Nvidia conference):

From the Nvidia conference:

Don’t change the culture. Unleash the culture.

That was the message one young officer gave Lt. General John “Jack” Shanahan — the Pentagon’s director for defense for warfighter support — who is hustling to put artificial intelligence and machine learning to work for the U.S. Defense Department.

Highlighting the growing role AI is playing in security, intelligence and defense, Shanahan spoke Wednesday during a keynote address about his team’s use of GPU-driven deep learning at our GPU Technology Conference in Washington.

Shanahan leads Project Maven, an effort launched in April to put machine learning and AI to work, starting with efforts to turn the countless hours of aerial video surveillance collected by the U.S. military into actionable intelligence.

There are at least two market opportunity for adversarial learning. The most obvious one is testing a competitor’s algorithm so it performs less well than yours on “… people, cars, types of building….”

The less obvious market requires US sales of AI-enabled weapon systems to its client states. Client states have an interest in verifying the quality of AI-enabled weapon systems, not to mention non-client states who will be interested in defeating such systems.

For any of those markets, weaponizing adversarial learning and developing a reputation for the same can’t start too soon. Is your anti-AI research department hiring?

December 12, 2017

SIGINT for Anyone

Filed under: Intelligence,Signal/Collect — Patrick Durusau @ 9:11 pm

SIGINT for Anyone – The Growing Availability of Signals Intelligence in the Public Domain by Cortney Weinbaum, Steven Berner, Bruce McClintock.

From the webpage:

This Perspective examines and challenges the assumption that signals intelligence (SIGINT) is an inherently governmental function by revealing nongovernmental approaches and technologies that allow private citizens to conduct SIGINT activities. RAND researchers relied on publicly available information to identify SIGINT capabilities in the open market and to describe the intelligence value each capability provides to users. They explore the implications each capability might provide to the United States and allied governments.

The team explored four technology areas where nongovernmental SIGINT is flourishing: maritime domain awareness; radio frequency (RF) spectrum mapping; eavesdropping, jamming, and hijacking of satellite systems; and cyber surveillance. They then identified areas where further research and debate are needed to create legal, regulatory, policy, process, and human capital solutions to the challenges these new capabilities provide to government.

This was an exploratory effort, rather than a comprehensive research endeavor. The team relied on unclassified and publicly available materials to find examples of capabilities that challenge the government-only paradigm. They identified ways these capabilities and trends may affect the U.S. government in terms of emerging threats, policy implications, technology repercussions, human capital considerations, and financial effects. Finally, they identified areas for future study for U.S. and allied government leaders to respond to these changes.

More enticing than a practical guide to SIGINT, this report should encourage NGOs to consider SIGINT.

I say “consider” SIGINT because small organizations can’t measure intelligence success by the quantity of under-used/unexplored data on hand. Some large government do, cf. 9/11.

Where SIGINT offers a useful addition to other intelligence sources, it should be among the data feeds into an intelligence topic map.

December 9, 2017

Shopping for the Intelligence Community (IC) [Needl]

Filed under: Government,Intelligence — Patrick Durusau @ 10:54 am

The holiday season in various traditions has arrived for 2018!

With it returns the vexing question: What to get for the Intelligence Community (IC)?

They have spent all year violating your privacy, undermining legitimate government institutions, supporting illegitimate governments, mocking any notion of human rights and siphoning government resources that could benefit the public for themselves and their contractors.

The excesses of your government’s intelligence agencies will be special to you but in truth, they are all equally loathsome and merit some acknowledgement at this special time of the year.

Needl is a gift for the intelligence community this holiday season and one that can keep on giving all year long.

Take back your privacy. Lose yourself in the haystack.

Your ISP is most likely tracking your browsing habits and selling them to marketing agencies (albeit anonymised). Or worse, making your browsing history available to law enforcement at the hint of a Subpoena. Needl will generate random Internet traffic in an attempt to conceal your legitimate traffic, essentially making your data the Needle in the haystack and thus harder to find. The goal is to make it harder for your ISP, government, etc to track your browsing history and habits.

…(graphic omitted)

Implemented modules:

  • Google: generates a random search string, searches Google and clicks on a random result.
  • Alexa: visits a website from the Alexa Top 1 Million list. (warning: contains a lot of porn websites)
  • Twitter: generates a popular English name and visits their profile; performs random keyword searches
  • DNS: produces random DNS queries from the Alexa Top 1 Million list.
  • Spotify: random searches for Spotify artists

Module ideas:

  • WhatsApp
  • Facebook Messenger

… (emphasis in original)

Not for people with metered access but otherwise, a must for home PCs and enterprise PC farms.

No doubt annoying but running Needl through Tor, with a list of trigger words/phrases, searches for explosives, viruses, CBW topics with locations, etc. would create festive blinking red lights for the intelligence community.

August 3, 2017

Foreign Intelligence Gathering Laws (and ethics)

Filed under: Ethics,Government,Intelligence — Patrick Durusau @ 10:47 am

Foreign Intelligence Gathering Laws from the Law Library of the Library of Congress.

From the webpage:

This report offers a review of laws regulating the collection of intelligence in the European Union (EU) and Belgium, France, Germany, Netherlands, Portugal, Romania, Sweden, and the United Kingdom. This report updates a report on the same topic issued from 2014. Because issues of national security are under the jurisdiction of individual EU Member States and are regulated by domestic legislation, individual country surveys provide examples of how the European nations control activities of their intelligence agencies and what restrictions are imposed on information collection. All EU Member States follow EU legislation on personal data protection, which is a part of the common European Union responsibility.

If you are investigating or reporting on breaches of intelligence gathering laws in “the European Union (EU) and Belgium, France, Germany, Netherlands, Portugal, Romania, Sweden, and the United Kingdom,” this will be useful. Otherwise, for the other one hundred and eighty-eight (188), you are SOL.

Other than as a basis for outrage, it’s not clear how useful intelligence gathering laws are in fact. The secrecy of intelligence operations makes practical oversight impossible and if leaks are to be credited, no known intelligence agency obeys such laws other than accidentally.

Moreover, as the U.S. Senate report on torture demonstrates, even war criminals are protected from prosecution in the name of intelligence gathering.

I take my cue from the CIA‘s position, as captured by Bob Dylan in Tweeter and the Monkey Man:

“It was you to me who taught
In Jersey anything’s legal as long as you don’t get caught.”

Disarming yourself with law or ethics in any encounter with an intelligence agency, which honors neither, means you will lose.

Choose your strategies accordingly.

May 17, 2017

Open Source Data Jeopardizing Cleared Personnel:… (School Yearbooks?)

Filed under: Government,Intelligence,Open Source Intelligence — Patrick Durusau @ 4:38 pm

Open Source Data Jeopardizing Cleared Personnel: Intelligence Operations Outsmarted by Technology by Alexander H. Georgiades.

Abstract:

The availability and accessibility of Open Source Intelligence (OSINT) combined with the information from data breaches has affected cleared personnel in the United States Intelligence Community (IC) and Department of Defense (DoD) who conduct and support intelligence operations. This information when used in conjunction with biometric detection technology at border crossings has greatly improved the likelihood of cleared personnel from the United States Government (USG) of being identified and targeted by adversaries. The shift from traditional Tactics, Techniques, and Procedures (TTPs) used by cleared personnel (either operating in an overt or covert status) during the Cold War when biometric technology was not an obstacle, has caught the United States government intelligence services off-guard when conducting sensitive missions Outside of the Continental United States (OCONUS).

The consequences of not maintaining updated software and hardware standards have already affected U.S. intelligence operations and exposed cleared personnel. The computer breach at the Office of Personnel and Management (OPM), where millions of sensitive records from cleared personnel in the private and public sectors is the most recent example. This unprecedented loss of Personally Identifiable Information (PII) has been the unfortunate wakeup call needed for decision makers in the United States government to reevaluate how they handle, collect, store, and protect the information of cleared personnel in this digital age.

The analysis of competing hypothesis and other predictive analytical methods will be used to evaluate the data available to adversaries who target cleared personnel and the intelligence operations they support. Case studies, news articles, books, government, and industry reports will be used as supporting evidence to illustrate how the growth in biometric detection technology use in conjunction with the availability of OSINT and material from data breaches adversely affect intelligence operations.

The amount of information available to adversaries is at an unprecedented level. Open source forums provide detailed information about cleared personnel and government TTPs that can be used by adversaries to unravel intelligence operations, target cleared personnel, and jeopardize USG equities (such as sources and methods) in the field. The cleared workforce must learn from mistakes of complacency and poor tradecraft in the past to develop new methodologies to neutralize the effectiveness of adversaries who use OSINT and biometric technology to their advantage.

Social media use by cleared employees who reveal too much operational information about themselves or the projects they work on is one of the gateways that can be easily closed to adversaries. Cleared personnel must be mandated to limit the amount of information they publish online. By closing the door to social media and preventing the personal and professional lives of the cleared workforce from being used to target them, adversaries would not be as effective in jeopardizing or exposing intelligence operations overseas. Increased Operational Security (OPSEC) procedures must also be mandated to protect the programs and operations these cleared personnel work on, with an emphasis on covert officers who use false personas when operating overseas.

The information bridges that were created after September 11, 2001 to increase collaboration must be reevaluated to determine if the relaxation of classified information safeguards and storage of sensitive information is now becoming detrimental to USG intelligence operations and cleared personnel.

As you know, I have little sympathy for the Intelligence Community (IC), creators of the fishbowl in which we commonly reside. Members of the IC sharing that fate, has a ring of justice to it.

This thesis offers a general overview of the problem and should be good to spark ideas of open source intelligence that can be used to corroborate or contradict other sources of intelligence.

By way of example, educational records are easy enough to edit and convincing to anyone not aware they have been edited.

On the other hand, original and digitized year books or similar contemporary resources, are not so easily manipulated.

As I say that, tracking every child from first grade through the end of their academic career, is eminently doable, with the main obstacle being acquisition of the original yearbooks.

Cross-referencing other large collections of photos and the project starts to sound useful to any number of governments, especially those worried about operatives from Western countries.

Are you worried about Western operatives?

April 24, 2017

3 Reasons to Read: Algorithms to Live By

Filed under: Algorithms,Computer Science,Intelligence — Patrick Durusau @ 7:51 pm

How Algorithms can untangle Human Questions. Interview with Brian Christian by Roberto V. Zican.

The entire interview is worth your study but the first question and answer establish why you should read Algorithms to Live By:

Q1. You have worked with cognitive scientist Tom Griffiths (professor of psy­chol­ogy and cognitive science at UC Berkeley) to show how algorithms used by computers can also untangle very human questions. What are the main lessons learned from such a joint work?

Brian Christian: I think ultimately there are three sets of insights that come out of the exploration of human decision-making from the perspective of computer science.

The first, quite simply, is that identifying the parallels between the problems we face in everyday life and some of the canonical problems of computer science can give us explicit strategies for real-life situations. So-called “explore/exploit” algorithms tell us when to go to our favorite restaurant and when to try something new; caching algorithms suggest — counterintuitively — that the messy pile of papers on your desk may in fact be the optimal structure for that information.

Second is that even in cases where there is no straightforward algorithm or easy answer, computer science offers us both a vocabulary for making sense of the problem, and strategies — using randomness, relaxing constraints — for making headway even when we can’t guarantee we’ll get the right answer every time.

Lastly and most broadly, computer science offers us a radically different picture of rationality than the one we’re used to seeing in, say, behavioral economics, where humans are portrayed as error-prone and irrational. Computer science shows us that being rational means taking the costs of computation — the costs of decision-making itself — into account. This leads to a much more human, and much more achievable picture of rationality: one that includes making mistakes and taking chances.
… (emphasis in original)

After the 2016 U.S. presidential election, I thought the verdict that humans are error-prone and irrational was unassailable.

Looking forward to the use of a human constructed lens (computer science) to view “human questions.” There are answers to “human questions” baked into computer science so watching the authors unpack those will be an interesting read. (Waiting for my copy to arrive.)

Just so you know, the Picador edition is a reprint. It was originally published by William Collins, 21/04/2016 in hardcover, see: Algorithms to Live By, a short review by Roberto Zicari, October 24, 2016.

April 19, 2017

Building a Keyword Monitoring Pipeline… (Think Download Before Removal)

Filed under: Intelligence,Open Source Intelligence — Patrick Durusau @ 4:50 pm

Building a Keyword Monitoring Pipeline with Python, Pastebin and Searx by Justin Seitz.

From the post:

Having an early warning system is an incredibly useful tool in the OSINT world. Being able to monitor search engines and other sites for keywords, IP addresses, document names, or email addresses is extremely useful. This can tell you if an adversary, competitor or a friendly ally is talking about you online. In this blog post we are going to setup a keyword monitoring pipeline so that we can monitor both popular search engines and Pastebin for keywords, leaked credentials, or anything else we are interested in.

The pipeline will be designed to alert you whenever one of those keywords is discovered or if you are seeing movement for a keyword on a particular search engine.

Learning of data that was posted but is no longer available, is a sad thing.

Increase your odds of grabbing data before removal by following Justin’s post.

A couple of caveats:

  • I would not use GMail, preferring a Tor mail solution, especially for tracking Pastebin postings.
  • Use and rotate at random VPN connections for your Searx setup.

Going completely dark takes more time and effort than most of us can spare, but you can avoid being like a new car dealership with search lights crossing the sky.

April 13, 2017

CIA To Silence Wikileaks? Donate/Leak to Wikileaks

Filed under: CIA,Intelligence,Wikileaks — Patrick Durusau @ 8:03 pm

CIA chief targets WikiLeaks and Julian Assange as ‘hostile,’ vows to take action by Tim Johnson.

From the post:

CIA Director Mike Pompeo on Thursday called the anti-secrecy group WikiLeaks a hostile intelligence service and said the group would soon face decisive U.S. action to stifle its disclosures of leaked material.

“It ends now,” Pompeo said in his first public remarks after 10 weeks on the job, indicating that President Donald Trump will take undefined but forceful action.

Pompeo lashed out aggressively against Julian Assange, the Australian founder of WikiLeaks – who has been holed up in the Ecuadorean embassy in London for nearly five years – calling him a narcissist and “a fraud, a coward hiding behind a screen.”

Really?

Given the perennial failure of the CIA to discover terror attacks before they happen, recognize when governments are about to fall, and maintain their own security, I can’t imagine Assange and Wikileaks are shaking in their boots.

I disagree with Wikileaks on their style of leaking, I prefer faster and unedited leaking but that’s a question of style and not whether to leak.

If, and it’s a big if, Wikileaks is silenced, the world will grow suddenly darker. Much of what Wikileaks has published would not be published by main stream media, much to the detriment of citizens around the world.

Two things you need to do:

The easy one, donate to support WikiLeaks. As often as you can.

The harder one, leak secrets to Wikileaks.

Repressive governments are pressing WikiLeaks, help WikiLeaks make a fire hose of leaks to push them back.

January 17, 2017

Raw SIGINT Locations Expanded

Filed under: Cybersecurity,Government,Intelligence,Privacy — Patrick Durusau @ 3:30 pm

President Obama has issued new rules for sharing information under Executive Order 12333, with the ungainly title: (U) Procedures for the Availability or Dissemination of Raw Signals Intelligence Information by the National Security Agency Under Section 2.3 of Executive Order 12333 (Raw SIGINT Availability Procedures).

Kate Tummarello, in Obama Expands Surveillance Powers On His Way Out by Kate Tummarello, sees a threat to “innocent persons:”

With mere days left before President-elect Donald Trump takes the White House, President Barack Obama’s administration just finalized rules to make it easier for the nation’s intelligence agencies to share unfiltered information about innocent people.

New rules issued by the Obama administration under Executive Order 12333 will let the NSA—which collects information under that authority with little oversight, transparency, or concern for privacy—share the raw streams of communications it intercepts directly with agencies including the FBI, the DEA, and the Department of Homeland Security, according to a report today by the New York Times.

That’s a huge and troubling shift in the way those intelligence agencies receive information collected by the NSA. Domestic agencies like the FBI are subject to more privacy protections, including warrant requirements. Previously, the NSA shared data with these agencies only after it had screened the data, filtering out unnecessary personal information, including about innocent people whose communications were swept up the NSA’s massive surveillance operations.

As the New York Times put it, with the new rules, the government claims to be “reducing the risk that the N.S.A. will fail to recognize that a piece of information would be valuable to another agency, but increasing the risk that officials will see private information about innocent people.”

All of which is true, but the new rules have other impacts as well.

Who is an “IC element?”

The new rules make numerous references to an “IC element,” but comes up short in defining them:

L. (U) IC element is as defined in section 3.5(h) of E.O. 12333.
(emphasis in original)

Great.

Searching for E.O. 12333 isn’t enough. You need Executive Order 12333 United States Intelligence Activities (As amended by Executive Orders 13284 (2003), 13355 (2004) and 13470 (2008)). The National Archives version of Executive Order 12333 is not amended and hence is misleading.

From the amended E.0. 12333:

3.5 (h) Intelligence Community and elements of the Intelligence Community 
        refers to:
(1) The Office of the Director of National Intelligence;
(2) The Central Intelligence Agency;
(3) The National Security Agency;
(4) The Defense Intelligence Agency;
(5) The National Geospatial-Intelligence Agency;
(6) The National Reconnaissance Office; 
(7) The other offices within the Department of Defense for the collection of 
    specialized national foreign intelligence through reconnaissance programs;
(8) The intelligence and counterintelligence elements of the Army, the Navy,
    the Air Force, and the Marine Corps;
(9) The intelligence elements of the Federal Bureau of Investigation;
(10) The Office of National Security Intelligence of the Drug Enforcement
     Administration;
(11) The Office of Intelligence and Counterintelligence of the Department
      of Energy;
(12) The Bureau of Intelligence and Research of the Department of State;
(13) The Office of Intelligence and Analysis of the Department of the Treasury;
(14) The Office of Intelligence and Analysis of the Department of Homeland 
     Security;
(15) The intelligence and counterintelligence elements of the Coast Guard; and
(16) Such other elements of any department or agency as may be designated by 
     the President, or designated jointly by the Director and the head of the 
     department or agency concerned, as an element of the Intelligence Community. 

The Office of the Director of National Intelligence has an incomplete list of IC elements:

Air Force Intelligence Defense Intelligence Agency Department of the Treasury National Geospatial-Intelligence Agency
Army Intelligence Department of Energy Drug Enforcement Administration National Reconnaissance Office
Central Intelligence Agency Department of Homeland Security Federal Bureau of Investigation National Security Agency
Coast Guard Intelligence Department of State Marine Corps Intelligence Navy Intelligence

I say “incomplete” because from E.O. 12333, it is missing (with original numbers for reference):

...
(7) The other offices within the Department of Defense for the collection of 
    specialized national foreign intelligence through reconnaissance programs;
(8) The intelligence and counterintelligence elements of ..., and the 
    Marine Corps;
...
(16) Such other elements of any department or agency as may be designated by 
     the President, or designated jointly by the Director and the head of the 
     department or agency concerned, as an element of the Intelligence Community.

Under #7 and #16, there are other IC elements that are unnamed and unlisted by the Office of the DOI. I suspect the Marines were omitted for stylistic reasons.

Where to Find Raw SIGINT?

Identified IC elements are important because the potential presence of “Raw SIGINT,” beyond the NSA, has increased their value as targets.

P. (U) Raw SIGINT is any SIGINT and associated data that has not been evaluated for foreign intelligence purposes and/or minimized.
… (emphasis in original, from the new rules.)

Tummarello is justly concerned about “innocent people” but there are less than innocent people, any number of appointed/elected official or barons of industry who may be captured on the flypaper of raw SIGINT.

Happy hunting!

PS:

Warning: It’s very bad OPSEC to keep a trophy chart on your wall. 😉

IC_Circle-460

You will, despite this warning, but I had to try.

The original image is here at Wikipedia.

November 28, 2016

CIA Cartography [Comparison to other maps?]

Filed under: Cartography,Government Data,Intelligence,Maps — Patrick Durusau @ 10:15 pm

CIA Cartography

From the webpage:

Tracing its roots to October 1941, CIA’s Cartography Center has a long, proud history of service to the Intelligence Community (IC) and continues to respond to a variety of finished intelligence map requirements. The mission of the Cartography Center is to provide a full range of maps, geographic analysis, and research in support of the Agency, the White House, senior policymakers, and the IC at large. Its chief objectives are to analyze geospatial information, extract intelligence-related geodata, and present the information visually in creative and effective ways for maximum understanding by intelligence consumers.

Since 1941, the Cartography Center maps have told the stories of post-WWII reconstruction, the Suez crisis, the Cuban Missile crisis, the Falklands War, and many other important events in history.

There you will find:

Cartography Tools 211 photos

Cartography Maps 1940s 22 photos

Cartography Maps 1950s 14 photos

Cartography Maps 1960s 16 photos

Cartography Maps 1970s 19 photos

Cartography Maps 1980s 12 photos

Cartography Maps 1990s 16 photos

Cartography Maps 2000s 16 photos

Cartography Maps 2010s 15 photos

The albums have this motto at the top:

CIA Cartography Center has been making vital contributions to our Nation’s security, providing policymakers with crucial insights that simply cannot be conveyed through words alone.

President-elect Trump is said to be gaining foreign intelligence from sources other than his national security briefings. Trump is ignoring daily intelligence briefings, relying on ‘a number of sources’ instead. That report is based on a Washington Post account, which puts its credibility somewhere between a conversation overhead in a laundry mat and a stump speech by a member of Congress.

Assuming Trump is gaining intelligence from other sources, just how good are other sources of intelligence?

This release of maps by the CIA, some 160 maps spread from the 1940’s to the 2010’s, provides one axis for evaluating CIA intelligence versus what was commonly known at the time.

As a starting point, may I suggest: Image matching for historical maps comparison by C. Balletti and F. Guerrae, Perimetron, Vol. 4, No. 3, 2009 [180-186] www.e-perimetron.org | ISSN 1790-3769?

Abstract:

In cartographic heritage we suddenly find maps of the same mapmaker and of the same area, published in different years, or new editions due to integration of cartographic, such us in national cartographic series. These maps have the same projective system and the same cut, but they present very small differences. The manual comparison can be very difficult and with uncertain results, because it’s easy to leave some particulars out. It is necessary to find an automatic procedure to compare these maps and a solution can be given by digital maps comparison.

In the last years our experience in cartographic data processing was opted for find new tools for digital comparison and today solution is given by a new software, ACM (Automatic Correlation Map), which finds areas that are candidate to contain differences between two maps. ACM is based on image matching, a key component in almost any image analysis process.

Interesting paper but it presupposes a closeness of the maps that is likely to be missing when comparing CIA maps to other maps of the same places and time period.

I am in the process of locating other tools for map comparison.

Any favorites you would like to suggest?

October 16, 2016

Why I Distrust US Intelligence Experts, Let Me Count the Ways

Filed under: Government,Intelligence,Politics — Patrick Durusau @ 8:42 pm

Some US Intelligence failures, oldest to most recent:

  1. Pearl Harbor
  2. The Bay of Pigs Invasion
  3. Cuban Missile Crisis
  4. Vietnam
  5. Tet Offensive
  6. Yom Kippur War
  7. Iranian Revolution
  8. Soviet Invasion of Afghanistan
  9. Collapse of the Soviet Union
  10. Indian Nuclear Test
  11. 9/11 Attacks
  12. Iraq War (WMDs)
  13. Invasion of Afghanistan (US)
  14. Israeli moles in US intelligence, various dates

Those are just a few of the failures of US intelligence, some of which cost hundreds of thousands if not millions of lives.

Yet, you can read today: Trump’s refusal to accept intelligence briefing on Russia stuns experts.

There are only three reasons I can think of to accept findings by the US intelligence community:

  1. You are on their payroll and for that to continue, well, you know.
  2. As a member of the media, future tips/leaks depends upon your acceptance of current leaks. Anyone who mocks intelligence service lies is cut off from future lies.
  3. As a politician, the intelligence findings discredit facts unfavorable to you.

For completeness sake, I should mention that intelligence “experts” could be telling the truth but given their track record, it is an edge case.

Before repeating the mindless cant of “the Russians are interfering with the US election,” stop to ask your sources, “…based on what?” Opinions of all the members of the US intelligence community = one opinion. Ask for facts. No facts offered, report that instead of the common “opinion.”

August 14, 2016

Threat Intelligence Starter Resources

Filed under: Cybersecurity,Intelligence — Patrick Durusau @ 9:01 pm

Threat Intelligence Starter Resources by Amanda McKeon.

From the post:

Creating a threat intelligence capability can be a challenging undertaking, and not all companies are ready for it. Businesses that run successful threat intelligence teams generally:

  • Collect externally available data on threats and correlate it with internal events.
  • Be aware of threats driving proactive security controls.
  • Establish proactive internal hunting for unidentified threats.
  • Invest in employee and customer threat education.
  • Expand security industry peer relationships.
  • Apply methods for collecting and analyzing external threat data.

For more information, read our white paper on building an advanced threat intelligence team.

Now, if your company is just starting out with threat intelligence and doesn’t have the time or resources to dedicate an entire department to the task, there are some easy ways to begin integrating threat intelligence into your daily routine without breaking the bank.

The following resources can help build awareness of the threat landscape and prepare your company for defense.

Great starting points for collection of general threat intelligence.

Unfortunately, the elimination of repetition of the same information/reports from different sources, separation of surmises from facts, etc., remain the responsibility of the reader.

August 10, 2016

Failure of Thinking and Visualization

Filed under: Analytics,Graphics,Intelligence,Visualization — Patrick Durusau @ 9:03 pm

Richard Bejtlich posted this image (thumbnail, select for full size) with the note:

When I see senior military schools create slides like this, I believe PPT is killing campaign planning. @EdwardTufte

enemy-is-ppt

I am loathe to defend PPT but the problem here lies with the author and not PPT.

Or quite possibly with concept of “center of gravity analysis.”

Whatever your opinion about the imperialistic use of U.S. military force, 😉 , the U.S. military is composed of professional warriors who study their craft in great detail.

On the topic “center of gravity analysis,” try Addressing the Fog of COG: Perspectives on the Center of Gravity in US Military Doctrine, Celestino Perez, Jr., General Editor. A no-holds barred debate by military professionals on COG.

With or without a background on COG, how do your diagrams compare to this one?

Cooked Intel, Again (Anyone Surprised?)

Filed under: Government,Intelligence — Patrick Durusau @ 4:08 pm

ISIS Intel Was Cooked, House Panel Finds by Nancy A. Youssef and Shane Harris.

From the post:

A House Republican task force has found that officials from the U.S. military’s Central Command altered intelligence reports to portray the U.S. fight against ISIS and al Qaeda in a more positive light than lower-level analysts believed was warranted by the facts on the ground, three officials familiar with the task force’s findings told The Daily Beast.

A roughly 10-page report on the controversy is expected to be released by the end of next week, two officials said. While it contains no definitive evidence that senior Obama administration officials ordered the reports to be doctored, the five-month investigation did corroborate earlier reports that analysts felt the leaders of CENTCOM’s intelligence directorate pressured them to conclude that the threat from ISIS was not as ominous as the analysts believed, the officials said.

To paraphrase Nietzsche, “…there are no facts, only politically convenient interpretations.”

Publications that strive for accuracy should omit any claims or statements of U.S. intelligence sources unless confirmed independently by non-intelligence sources.

If you are competing for click-bait, use U.S. intelligence sources without verification.

August 3, 2016

Telephone Metadata Can Reveal Surprisingly Sensitive Personal Information

Filed under: Government,Intelligence,Privacy,Telecommunications — Patrick Durusau @ 2:58 pm

Stanford computer scientists show telephone metadata can reveal surprisingly sensitive personal information by Bjorn Carey.

The intelligence community assertion that telephone metadata only enables “connecting the dots,” has been confirmed to be a lie.

From the post:

Most people might not give telephone metadata – the numbers you dial, the length of your calls – a second thought. Some government officials probably view it as similarly trivial, which is why this information can be obtained without a warrant.

But a new analysis by Stanford computer scientists shows that it is possible to identify a person’s private information – such as health details – from metadata alone. Additionally, following metadata “hops” from one person’s communications can involve thousands of other people.

The researchers set out to fill knowledge gaps within the National Security Agency’s current phone metadata program, which has drawn conflicting assertions about its privacy impacts. The law currently treats call content and metadata separately and makes it easier for government agencies to obtain metadata, in part because it assumes that it shouldn’t be possible to infer specific sensitive details about people based on metadata alone.

The findings, reported today in the Proceedings of the National Academy of Sciences, provide the first empirical data on the privacy properties of telephone metadata. Preliminary versions of the work, previously made available online, have already played a role in federal surveillance policy and have been cited in litigation filings and letters to legislators in both the United States and abroad. The final work could be used to help make more informed policy decisions about government surveillance and consumer data privacy.

The computer scientists built a smartphone application that retrieved the previous call and text message metadata – the numbers, times and lengths of communications – from more than 800 volunteers’ smartphone logs. In total, participants provided records of more than 250,000 calls and 1.2 million texts. The researchers then used a combination of inexpensive automated and manual processes to illustrate both the extent of the reach – how many people would be involved in a scan of a single person – and the level of sensitive information that can be gleaned about each user.

From a small selection of the users, the Stanford researchers were able to infer, for instance, that a person who placed several calls to a cardiologist, a local drugstore and a cardiac arrhythmia monitoring device hotline likely suffers from cardiac arrhythmia. Another study participant likely owns an AR semiautomatic rifle, based on frequent calls to a local firearms dealer that prominently advertises AR semiautomatic rifles and to the customer support hotline of a major firearm manufacturer that produces these rifles.

One of the government’s justifications for allowing law enforcement and national security agencies to access metadata without warrants is the underlying belief that it’s not sensitive information. This work shows that assumption is not true.

See Carey’s post for the laypersons explanation of the Stanford findings or dive into Evaluating the privacy properties of telephone metadata by Jonathan Mayera, Patrick Mutchler, and John C. Mitchell, for more detailed analysis. (Thankfully open access.)

Would law enforcement and national security agencies think telephone metadata is not sensitive if hackers were obtaining it from telecommunication companies and/or from the electromagnetic field where communication signals are found?

If you were interested only in law enforcement, national security agencies and governments, a much smaller set of data for tracking and processing.

Sounds like a business opportunity, depending on what country, their degree of technology, market conditions for pro/anti government data.

U.S. government satellites collect such data but it is shared (or not) for odd and obscure reasons.

I’m thinking more along the lines of commercial transactions between willing sellers and buyers.

Think of it as a Rent-An-NSA type venture. Customers don’t want or need 24×7 rivals for power. Properly organized, they could buy as much or as little intelligence as they need. Exclusive access to some intelligence would be a premium product.

June 8, 2016

Intelligence Suicide By Data

Filed under: FBI,Government,Intelligence,NSA — Patrick Durusau @ 4:33 pm

Facing Data Deluge, Secret U.K. Spying Report Warned of Intelligence Failure by Ryan Gallagher.

From the post:


The amount of data being collected, however, proved difficult for MI5 to handle. In March 2010, in another secret report, concerns were reiterated about the agency’s difficulties processing the material it was harvesting. “There is an imbalance between collection and exploitation capabilities, resulting in a failure to make effective use of some of the intelligence collected today,” the report noted. “With the exception of the highest priority investigations, a lack of staff and tools means that investigators are presented with raw and unfiltered DIGINT data. Frequently, this material is not fully assessed because of the significant time required to review it.”

Ironic this story appears less than two (2) weeks after reports of the FBI seeking NSL (national security letter) authority to obtain email records and browsing histories.

gun_suicide_silhouette_800x600-460

I should not complain about the FBI, NSA and other government agencies committing intelligence suicide by data.

Their rapidly growing ineffectiveness shields innocents from their paranoid fantasies.

At the same time, that ineffectiveness inhibits the performance of legitimate purposes. (The FBI, once upon a time, had a legitimate purpose, some of the others, well, that’s an issue for debate.)

So we are clear, I don’t consider contracts for “butts in seats” for either contractors or agencies to be for “legitimate purposes.” I reserve the phrase “legitimate purposes” for activities that further the stated goals of the agency, not padding staffing rolls, not occupying as much office space as possible, not having the most forms or whatever other criteria functions as the measure of success in a particular agency.

Hints for federal agencies already committing intelligence suicide by data or approaching that point:

  1. What data sources have proven valuable in the past? (Reminder: Phone metadata records have not. Not ever.)
  2. What data sources, in order of historical importance, are available in case X?
  3. Assemble the data from the top performing resources

For example, if an informant has direct contact with an alleged Islamic State supporter, isn’t that the best source of evidence for their plans and thinking? Do you really need their websearch history from an internet services provider? Considering that you will ask for everyone’s web search history to avoid disclosing the particular web history you are seeking.

To be sure, vendors will sell you as much data processing and storage capacity as you care to purchase, but you won’t be any closer to stopping terrorism. Just closer to the end of your budget for the current fiscal year.

Is intelligence suicide by data a goal of your agency?

May 16, 2016

Twitter Giveth and Taketh Away (NSA as Profit Center?)

Filed under: Intelligence,NSA,Twitter — Patrick Durusau @ 9:39 am

Twitter Giveth: GCHQ intelligence agency joins Twitter. Just about anyone can get a Twitter account these days.

Do see the GCHQ GitHub site for shared software.

Taketh Away Twitter Bars Intelligence Agencies From Using Analytics Service.

Twitter has barred Dataminr from providing services to government intelligence services.

Dataminr monitors the entire Twitter pipe and provides analytics based on that stream.

Will this result in the NSA sharing its signal detection in the Twitter stream with other intelligence agencies?

Or for that matter, the NSA could start offering commercial signal detection services across all its feeds. Make it a profit center for the government rather than a money pit.

BTW, don’t be deceived by the illusion of space between government and Twitter, or any other entity that cooperates with a national government. Take “compromised” as a given. The real questions are by who and for what purpose?

May 4, 2016

“Lite” Lists of Intelligence Agencies

Filed under: Government,Intelligence — Patrick Durusau @ 1:34 pm

I referenced World Wide Intelligence (and defense) Agencies as a list of intelligence agencies, but looking at it later, it appears to be a bit “lite.”

There are one hundred and forty-five (145) agencies by my count.

I think what captured my attention is that there are no intelligence agencies for Latin or South America. Come to think of it, there are no intelligence agencies for Africa as well.

Whereas, the List of Intelligence Agencies (Wikipedia) gives a rough count of six hundred and sixty-four (664) intelligence/signal agencies.

The advantage of the World Wide Intelligence (and defense) Agencies list is that it has URLs for the agencies themselves.

The larger Wikipedia list has links to other Wikipedia pages. Useful I suppose for the social engineering required for hacking a security service but not useful as a quick list of URLs for intelligence agencies.

The Federation of American Scientists (FAS) maintains a set of webpages that start with World Intelligence and Security Agencies. Organized by country and below the country pages, the amount of details varies. Pages have been updated unevenly and should be checked before relying on the information you find.

The Crypto Museum also maintains a list of intelligence
organizations.

None of the lists appear to be “complete.”

I didn’t see any listing for the fifty (50) state police organizations in the United States. Nor any for major cities, such as Chicago which operates its own gulag.

I haven’t looked on the “Dark Web” but I assume useful lists there are fairly expensive.

Enjoy!

April 8, 2016

“No One Willingly Gives Away Power”

Filed under: Government,Intelligence,Topic Maps — Patrick Durusau @ 3:33 pm

Matthew Schofield in European anti-terror efforts hobbled by lack of trust, shared intelligence hits upon the primary reason for resistance to topic maps and other knowledge integration technologies.

Especially in intelligence, knowledge is power. No one willingly gives away power.” (Magnus Ranstorp, Swedish National Defense University)

From clerks who sort mail to accountants who cook the books to lawyers that defend patents and everyone else in between, everyone in an enterprise has knowledge, knowledge that gives them power others don’t have.

Topic maps have been pitched on a “greater good for the whole” basis but as Magnus points out, who the hell really wants that?

When confronted with a new technique, technology, methodology, the first and foremost question on everyone’s mind is:

Do I have more/less power/status with X?

A

approach loses power.

A

approach gains power.

Relevant lyrics:

Oh, there ain’t no rest for the wicked
Money don’t grow on trees
I got bills to pay
I got mouths to feed
And ain’t nothing in this world for free
No I can’t slow down
I can’t hold back
Though you know I wish I could
No there ain’t no rest for the wicked
Until we close our eyes for good

Sell topic maps to increase/gain power.

PS: Keep the line, “No one willingly gives away power” in discussions of why the ICIJ refuses to share the Panama Papers with the public.

January 13, 2016

Automatically Finding Weapons…

Filed under: Image Processing,Image Recognition,Intelligence,Open Source Intelligence — Patrick Durusau @ 8:35 pm

Automatically Finding Weapons in Social Media Images Part 1 by Justin Seitz.

From the post:

As part of my previous post on gangs in Detroit, one thing had struck me: there are an awful lot of guns being waved around on social media. Shocker, I know. More importantly I began to wonder if there wasn’t a way to automatically identify when a social media post has guns or other weapons contained in them. This post will cover how to use a couple of techniques to send images to the Imagga API that will automatically tag pictures with keywords that it feels accurately describe some of the objects contained within the picture. As well, I will teach you how to use some slicing and dicing techniques in Python to help increase the accuracy of the tagging. Keep in mind that I am specifically looking for guns or firearm-related keywords, but you can easily just change the list of keywords you are interested in and try to find other things of interest like tanks, or rockets.

This blog post will cover how to handle the image tagging portion of this task. In a follow up post I will cover how to pull down all Tweets from an account and extract all the images that the user has posted (something my students do all the time!).

This rocks!

Whether you are trying to make contact with a weapon owner who isn’t in the “business” of selling guns or if you are looking for like-minded individuals, this is a great post.

Would make an interesting way to broadly tag images for inclusion in group subjects in a topic map, awaiting further refinement by algorithm or humans.

This is a great blog to follow: Automating OSINT.

September 10, 2015

50 Spies Say ISIS Intelligence Was Cooked

Filed under: Government,Intelligence,Security — Patrick Durusau @ 10:34 am

50 Spies Say ISIS Intelligence Was Cooked by Shane Harris and Nancy A. Youssef.

From the post:

More than 50 intelligence analysts working out of the U.S. military’s Central Command have formally complained that their reports on ISIS and al Qaeda’s branch in Syria were being inappropriately altered by senior officials, The Daily Beast has learned.

The complaints spurred the Pentagon’s inspector general to open an investigation into the alleged manipulation of intelligence. The fact that so many people complained suggests there are deep-rooted, systemic problems in how the U.S. military command charged with the war against the self-proclaimed Islamic State assesses intelligence.

“The cancer was within the senior level of the intelligence command,” one defense official said.

Two other examples of “cooked” intelligence come to mind:

S. Rept. 108-301 – REPORT OF THE SELECT COMMITTEE ON INTELLIGENCE on the U.S. INTELLIGENCE COMMUNITY’S PREWAR INTELLIGENCE ASSESSMENTS ON IRAQ together with ADDITIONAL VIEWS

Some of the results from that “cooked” intelligence include a costly war with Iraq and further destabilization of the Middle East.

The Pentagon Papers (Vietnam).

The “cooked” intelligence in Vietnam resulted in human and environmental costs that have never been adequately tallied.

Anyone, inside or outside the intelligence community who acts “shocked” that intelligence is “cooked” for political ends is either demented or extraterrestrial.

Cooked intelligence is used the intelligence community to justify its existence and in government departments to further their own budgets and agendas. Why would anyone be surprised that politicians cook intelligence for their own ends?

The cult of secrecy around intelligence is what enables the cooking of intelligence. If the information collected by the NSA, CIA and others was dumped onto GitHub on a regular basis, the ability of anyone to “cook” intelligence would be greatly diminished.

Or perhaps better, if intelligence data were available to everyone, then there would be a variety of dishes of “cooked” intelligence to chose from.

For all the frothing cries of “Danger!, Danger!,” that follow every leak of classified data, have you ever seen reports of anyone being called to account based on those leaks?

Of course not! The danger to others from TS/SCI classified data serves to enhance the status of those with clearance and avoids principled disagreement because “they know something you don’t.”

And that’s true, they do know something you don’t. What is often omitted is that what they know is often of no interest to anyone.

August 23, 2015

Decoding Satellite-Based Text Messages… [Mini-CIA]

Filed under: Cybersecurity,Intelligence,Security — Patrick Durusau @ 3:27 pm

Decoding Satellite-Based Text Messages with RTL-SDR and Hacked GPS Antenna by Rick Osgood.

From the post:

[Carl] just found a yet another use for the RTL-SDR. He’s been decoding Inmarsat STD-C EGC messages with it. Inmarsat is a British satellite telecommunications company. They provide communications all over the world to places that do not have a reliable terrestrial communications network. STD-C is a text message communications channel used mostly by maritime operators. This channel contains Enhanced Group Call (EGC) messages which include information such as search and rescue, coast guard, weather, and more.

Not much equipment is required for this, just the RTL-SDR dongle, an antenna, a computer, and the cables to hook them all up together. Once all of the gear was collected, [Carl] used an Android app called Satellite AR to locate his nearest Inmarsat satellite. Since these satellites are geostationary, he won’t have to move his antenna once it’s pointed in the right direction.

You may have to ally with a neighbor who is good with a soldering iron but considering the amount of RF in the air, you should be able to become the mini-CIA for your area.

Not that the data itself may be all that interesting, but munging cellphone data with video surveillance of street traffic, news and other feeds, plus other RF sources, will hone your data handling skills.

For example, have you ever wondered how many of your neighbors obey watering restrictions during droughts? One way to find out is to create a baseline set of data for water usage (meters now report digitally) and check periodically when drought restrictions are in effect.

Nothing enlivens a town or county meeting like a color-coded chart of water cheats. (That will also exercise your mapping skills as well.)

Using topic maps will facilitate merging your water surveillance data other data, such as high traffic patterns for some locations of different cars. Or the periods of cars arriving and departing from some location.

June 10, 2015

Open Source Intelligence Techniques:… (review)

Filed under: Intelligence,Open Source Intelligence — Patrick Durusau @ 7:59 pm

Open Source Intelligence Techniques: Resources for Searching and Analyzing Online Information by CyberWarrior.

From the post:

Author Michael Bazzell has been well known and respected in government circles for his ability to locate personal information about any target through Open Source Intelligence (OSINT). In this book, he shares his methods in great detail. Each step of his process is explained throughout sixteen chapters of specialized websites, application programming interfaces, and software solutions. Based on his live and online video training at IntelTechniques.com, over 250 resources are identified with narrative tutorials and screen captures.

This book will serve as a reference guide for anyone that is responsible for the collection of online content. It is written in a hands-on style that encourages the reader to execute the tutorials as they go. The search techniques offered will inspire analysts to “think outside the box” when scouring the internet for personal information.

On the flip side, Open Source Intelligence Techniques is must reading for anyone who is charged with avoiding disclosure of information that can be matched with other open source intelligence.

How many people has your agency outed today?

June 3, 2015

Foreign Intelligence Gathering Laws

Filed under: Government,Intelligence,Law,Law - Sources,Privacy — Patrick Durusau @ 10:14 am

Foreign Intelligence Gathering Laws by Peter Roudik, Director of Legal Research, Law Library of Congress.

From the description:

This report contains information on laws regulating the collection of intelligence in the European Union, United Kingdom, France, Netherlands, Portugal, Romania, and Sweden. The report details how EU Members States control activities of their intelligence agencies and what restrictions are imposed on information collection. All EU Member States follow EU legislation on personal data protection, which is a part of the common European Union responsibility.

To the extent that you think intelligence services obey laws or if you need statute and case citations for rhetorical purposes, for the countries covered this report will be quite handy.

Whether you are in the United States or one of the countries listed in this report or elsewhere, your default assumption should be that you are under surveillance and the record light is on.

May 20, 2015

Bin Laden’s Bookshelf

Filed under: Intelligence,Security — Patrick Durusau @ 2:20 pm

Bin Laden’s Bookshelf

From the webpage:

On May 20, 2015, the ODNI released a sizeable tranche of documents recovered during the raid on the compound used to hide Usama bin Ladin. The release, which followed a rigorous interagency review, aligns with the President’s call for increased transparency–consistent with national security prerogatives–and the 2014 Intelligence Authorization Act, which required the ODNI to conduct a review of the documents for release.

The release contains two sections. The first is a list of non-classified, English-language material found in and around the compound. The second is a selection of now-declassified documents.

The Intelligence Community will be reviewing hundreds more documents in the near future for possible declassification and release. An interagency taskforce under the auspices of the White House and with the agreement of the DNI is reviewing all documents which supported disseminated intelligence cables, as well as other relevant material found around the compound. All documents whose publication will not hurt ongoing operations against al-Qa‘ida or their affiliates will be released.

From the website:

bin-laden-bookcase

The one expected work missing from Bin Laden’s library?

The Anarchist Cookbook!

Possession of the same books as Bin Laden will be taken as a sign terrorist sympathies. Weed your collection responsibly.

Older Posts »

Powered by WordPress