GCHQ Catalog of Exploit Tools

The latest Snowden story is a catalog of exploit tools from JTRIG (Joint Threat Research Intelligence Group), a unit of the British GCHQ, for both surveillance and propaganda. It’s a list of code names and short descriptions, such as these:

GLASSBACK: Technique of getting a targets IP address by pretending to be a spammer and ringing them. Target does not need to answer.

MINIATURE HERO: Active skype capability. Provision of real time call records (SkypeOut and SkypetoSkype) and bidirectional instant messaging. Also contact lists.

MOUTH: Tool for collection for downloading a user’s files from Archive.org.

PHOTON TORPEDO: A technique to actively grab the IP address of MSN messenger user.

SILVER SPECTOR: Allows batch Nmap scanning over Tor.

SPRING BISHOP: Find private photographs of targets on Facebook.

ANGRY PIRATE: is a tool that will permanently disable a target’s account on their computer.

BUMPERCAR+: is an automated system developed by JTRIG CITD to support JTRIG BUMPERCAR operations. BUMPERCAR operations are used to disrupt and deny Internet-based terror videos or other materials. The techniques employs the services provided by upload providers to report offensive materials.

BOMB BAY: is the capacity to increase website hits/rankings.

BURLESQUE: is the capacity to send spoofed SMS messages.

CLEAN SWEEP: Masquerade Facebook Wall Posts for individuals or entire countries.

CONCRETE DONKEY: is the capacity to scatter an audio message to a large number of telephones, or repeatedely bomb a target number with the same message.

GATEWAY: Ability to artificially increase traffic to a website.

GESTATOR: amplification of a given message, normally video, on popular multimedia websites (Youtube).

SCRAPHEAP CHALLENGE: Perfect spoofing of emails from Blackberry targets.

SUNBLOCK: Ability to deny functionality to send/receive email or view material online.

SWAMP DONKEY: is a tool that will silently locate all predefined types of file and encrypt them on a targets machine

UNDERPASS: Change outcome of online polls (previously known as NUBILO).

WARPATH: Mass delivery of SMS messages to support an Information Operations campaign.

HAVLOCK: Real-time website cloning techniques allowing on-the-fly alterations.

HUSK: Secure one-on-one web based dead-drop messaging platform.

There’s lots more. Go read the rest. This is a big deal, as big as the TAO catalog from December.

I would like to post the entire list. If someone has a clever way of extracting the text, or wants to retype it all, please send it to me.

EDITED TO ADD (7/16): HTML of the entire catalog is here.

Tags: Edward Snowden, exploits, GCHQ, privacy, propaganda, surveillance

Posted on July 14, 2014 at 12:35 PM • 116 Comments

Comments

M@ • July 14, 2014 1:15 PM

Way to crowd-source the monotonous bits. I approve. 🙂

Daniel • July 14, 2014 1:26 PM

“BOMB BAY: is the capacity to increase website hits/rankings.”

Is this a fancy code name for saying they have a Fivverr account?

x11794A • July 14, 2014 1:26 PM

The “Shaping and Honeypots” section is kinda disturbing. I wonder if the services they are providing as honeypots are in widespread use, or if they are niche products targeted at “high value” targets. MOLTEN-MAGMA also purports to “perform HTTPS Man in the Middle” – I wonder what certs they use for that.

DEER STALKER: Ability to aid-geolocation of Sat Phones / GSM Phones via a silent calling to the phone.

I wonder if they have special access to force silent calls, or if that’s either an exploit or just a not-widely-known feature of telephones.

d33tah • July 14, 2014 1:31 PM

Hi,

Maybe it would be a good idea to work on this together in Google Docs. Here’s a link to a document I created in order to do this:

https://docs.google.com/document/d/1kD8TBlEGOGUhwTK1OtfOeTXgvJPoXCuEZpZt8sAY5l0/edit?usp=sharing

Slime Mold with Mustard • July 14, 2014 1:42 PM

JavaScript required to view document. Could Greenwald take a few hours to read the “Schneier on Security” blog?

I’m less and less impressed with Greenwald lately. Only that (unnamed) Greek messenger was the Hero of Marathon.

Bruce Schneier • July 14, 2014 1:42 PM

“‘BOMB BAY: is the capacity to increase website hits/rankings.’ Is this a fancy code name for saying they have a Fivverr account?”

I don’t think so. If you have the ability to inject packets into the backbone via QUANTUM, you can make that website traffic to appear to come from all over the world.

d33tah • July 14, 2014 1:45 PM

Sorry folks, forgot to grant the viewers the editing access. Please try again.

LondonBridge • July 14, 2014 2:01 PM

The more I read about these tool catalogues the less respect I have for JTRIG, ANT and the like. Half of it is based on the mere fact that they have direct access to the backbone (which reduces the attacks to little more than automated switch-flicking). The other half of the catalogue reads like a script-kiddie’s arsenal — spoofing SMS, mail bombing and defacing Facebook… I must be missing something, but is that really where the multi-billion pound budgets are going?

Anon • July 14, 2014 2:02 PM

Here’s a direct link to original PDF. Use Google Docs or other available (free) PDF to Text convertors to save as .txt: https://s3.amazonaws.com/s3.documentcloud.org/documents/1217406/jtrigall.pdf

Bruce Schneier • July 14, 2014 2:10 PM

Note that they use Tor.

Nick P • July 14, 2014 2:14 PM

The Toolset

I think the list shows they’re doing a good and thorough job with tool development. It’s about everything a TLA attacker or analyst would need. They even have more trustworthy (to them) versions of mainstream services like dead drops, wiki’s, file sharing, and so on. Quite an effective organization.

Implication for COTS Security

That they’ve compromised every layer and protocol, then integrated all that together, shows that the industry’s security promises are lies. COTS Best Practices don’t produce secure systems or networks. End of story.

Risk for Opponents of GHCQ

Tools that jumped out at me which could easily be abused for squelching dissent are:

Gestator – amplification of a given message, normally video, on popular multimedia websites (Youtube).

SLIPSTREAM – Ability to inflate page views on web sites.

UNDERPASS – Change outcome of online polls

(Modify the votes, did they mean? What person in a democracy would worry about capabilities like that? wink)

CHANGELING – Ability to spoof any email address and send email under that identity

(Plus anything similar for other mediums.)

SPACEROCKET – …insertion of media into target networks.

MOLTEN-MAGMA – CGI HTTP Proxy with ability to log all traffic and perform HTTPS Man in the Middle.

This combined with their information dominance in general make GHCQ a formidable adversary. Their opponents will be outmatched as they’ll likely depend on something GHCQ can attack or already controls. This is similar to the situation for NSA opponents. This, along with the nature of above tools, argues even more on top of other Snowden leaks for a very strong form of accountability that runs in parallel to their operations, able to inspect any of it. It’s simply too easy to use tools like this for evil, especially framing opponents for crimes. They either should be illegal or monitored probably as much as we do WMD’s.

To an expert on information warfare, these probably are worse than WMD’s as their use doesn’t leave corpses everywhere and those wielding them can potentially control politicians. Again, much like NSA’s programs. We should remember this when determining how to reform the situation.

“Note that they use Tor”

I’ve repeatedly mentioned that TLA’s, here and overseas, rely on Tor for their own sensitive operations. I’ve argued it’s a point in its favor for trustworthiness. It might not be, as NSA and GHCQ might have subverted it where only they can break it. But, it is open, under heavy scrutiny, and one of my heuristics is “lean toward trusting what they themselves trust rather than what they tell you to trust.”

Assaf • July 14, 2014 2:18 PM

Data entry costs $2/h on oDesk… just saying.

TorTor • July 14, 2014 2:19 PM

The names of individuals are redacted with black boxes in the list. But we might infer that boxes of the same size redact the same name for Tech Lead and Expert User. Not the right way to redact that info.

Memo • July 14, 2014 2:55 PM

“LUMP – A system that finds the avatar name from a SecondLife AgentID”
These guys have too much money…

xyz • July 14, 2014 3:00 PM

This is a big deal, as big as the TAO catalog from December.

I don’t thinks so. Week, just collection of code names for open source software. Or just fake. Looking forward to @Skeptical comments. For instance. Look under “Work Flow Management”: “HOME PORTAL”, “CYBER COMMAND CONSOLE” and “NAMEJACKER”, basically Nagios and pwsafe. Under “Analysis Tools”: “OUTWARD”, basically it could be any Unix like OS. And in the red “SCREAMING EAGLE” it mentions kismet.

joenonymous • July 14, 2014 3:11 PM

“if you can’t control the people, confuse the shit out of them.”

i call bullshit and disinformation on all of it.

there’s only one tool and it’s called FEAR INJECTOR…

Nicholas Weaver • July 14, 2014 3:22 PM

A few hits from me. Overall, this reads almost skiddiot like, much less professional than the ANT catalog.

NUT ALLERGY: “JTRIG Tor Web Browser- Sandbox IE replacement…” Now we already learned from the NSA that running anything but the Tor Browser Bundle through Tor is EPICFAIL. Running IE? Man, thats gotta suck.

GLASSBACK is almost certainly a spam-web-bug type effect.

They really do seem to like using Tor, eg, SILVER SPECTER is “NMAP through Tor”. Of course, its not hard to actually, you know, do that.

TRACER FIRE is office malcode/implant as a one off: PWN the computer, bring the data back.

BUMPERCAR+ is “spam the takedown interface for videos we don’t like”. Probably actually used on good targets.

I love that they have their own CAPTCHA solver service in RANA. Who’s the poor secretary stuck with the “Will break CAPTCHA for food” service.

I doubt they are using packet injection for a lot of the “hitcount increase” tools etc. Those are all horribly dioded systems. They could, but…

Clive Robinson • July 14, 2014 3:38 PM

The point needs to be made that like the US catalog these are the “over the counter” exploits, not those dealt in “brown wrappers” or from private back rooms.

That is these are in effect the bottom feeder end of the available exploits, which the –expected– release of the catalog is going to cause little harm to higher level activities which use more specialised exploits…

That is the “good stuff” is reserved for special customers and does not go in the “rough trade” catalogue.

Clive Robinson • July 14, 2014 3:53 PM

It would appear this is a text version,

https://www.documentcloud.org/documents/1217420/jtrigall.txt

versiera • July 14, 2014 3:55 PM

Is there a source for the doc that does not require javascript?

versiera • July 14, 2014 3:56 PM

@Clive Robinson, that answers my question!

Alage • July 14, 2014 3:58 PM

Note that they use TOR, rather than Tor. Tut, tut, tut… n00bs.

Benni • July 14, 2014 4:21 PM

What is interesting, apart from their affection with “second life” that they also spy on linkedIn. This is a business network. I would think the number of taliban who have a linkedin account is close to zero.

This shows that their “targets” is not a taliban, but the usual linkedIn user….

(I guess for their economic espionage they have to go to where the technology is…)

That they use tor is not surprising. Their targets do not control internet backbones and can not monitor the entire net. Against an individual, or some company tracking you, tor does an excellent job.

It would be interesting to know whether they still use tor in an environment where there is a state actor that can monitor the internet, like in china.

Benni • July 14, 2014 4:30 PM

What is:

Pod Race JTRIG’s MS-update farm?

Do they deliver their exploits via MS autoupdate?

Benni • July 14, 2014 4:39 PM

Because they often seem to target business users, they have the program

“Scrapheap challenge: perfect spoofing of emails from blackberry users”

Benni • July 14, 2014 4:51 PM

Skyscraper: production and dissemination of multimedia via the web

Clean Sweep; Masquerade facebook walls for individuals or entire countries.

Clumsy Beekeper: Some work in progress to investigate IRC effects

Godfella: generic framework for public data collection from Online Social Networks

Glassback: technique of getting a targets Ip by pretending to be a spammer and ringing them. Target does not need to answer.

Fatyak: Public data collection from LinkedIn

Birdstrike: twitter monitoring and collection

AltGrr • July 14, 2014 5:21 PM

Most of this is technically rather unimpressive, but scary because of the scale of things. Take Hacienda: A port scanning tool designed to scan an entire country or city. I could write that, lots of others here could do so as well. Running it against an entire country would be more challenging, but that’s the kind of stuff that becomes easy when given a decent budget. And this is where it becomes scary: Banners and content are pulled back on certain ports. Content is put into the EARTHLING database, and all other scanned data is sent to GNE and is available through GLOBAL SURGE and Fleximart. (Emphasis mine)

No mention of restrictions on the use of that, and it looks like everything is stored and readily available to operatives. How on earth is scanning an entire country even remotely ‘targeted’? Surely there aren’t any countries where everybody is a terrorist?

(And it’s a waste of resources, the could just buy Google, get all that info and make a profit as well)

AltGrr • July 14, 2014 5:30 PM

And LOL @ PHOTON TORPEDO: A technique to actively grab the IP address of an MSN Messenger user. I used to do that ten years ago to impress people.

roadowl • July 14, 2014 6:14 PM

@AltGrr Surely there aren’t any countries where everybody is a terrorist?

Let’s be honest.
None of this has much ado with ‘terrorism’ — even with ‘security’.
It’s a bunch of bathroom-peekers and brief-sniffers with a budget.

William Payne • July 14, 2014 6:29 PM

Out of idle interest, I wonder what this list says about the strategic objectives and goals of the organisation?

AltGrr • July 14, 2014 7:05 PM

@William Payne I wonder what this list says about the strategic objectives and goals of the organisation?

I can name a few things (common ones among governmental organisations mainly):
– A huge lack of focus
– A huge urge to look relevant and important
– A huge urge to make sure the entire budget is spend (and preferably increased asap)
– A huge urge to present yourself as a true expert, even though your work is mediocre
– A huge urge to make a big project out of getting everything into the same framework
– A huge urge to replace this framework with something even more amazing before it’s even completed
– A huge urge to catalog, document, index and re-index everything
– A huge urge to make create a full blow project and a team for the most trivial things
– A tendency to dazzle others with tech lingo

This leads us to the generally accepted objectives of most¹ government officials, get paid, get lots of benefits, leave early on Fridays. I all probably involves lots of meetings too.

¹If you are a government official, but not one of that type, don’t be offended. I love you, we need more people like you.

Douglas Knight • July 14, 2014 8:30 PM

Does this leak make you believe that the TAO catalog leak was also Snowden, and not a separate leaker?

rs • July 14, 2014 11:49 PM

Hope I didn’t make too many typos.

CSV of the catalog:
http://pastebin.com/p0xZAzXQ

pdkl95 • July 15, 2014 12:08 AM

BOMB BAY: is the capacity to increase website hits/rankings.

GESTATOR: amplification of a given message, normally video, on popular multimedia websites (Youtube).

While these would be useful for mass propaganda, I can of any way that artificially promoting a video so more people watch it would be useful for an intelligence organization.

About the best think I think of would be to trick a large number of people intro viewing some specific thing so HAVLOCK can replace it with an exploit that then infects a lot of people? This seem unlikely, as you could simply target whatever page is already popular. This has to be about getting people to watch the video.

SWAMP DONKEY: is a tool that will silently locate all predefined types of file and encrypt them on a targets machine

So instead of merely acting like fascists untethered from oversight, they are also going to act like the “encrypt your files; pay uss to get the decrypt keyk” blackmailing lowlifes?

Wait… I suppose they could be the blackmailers…

keith • July 15, 2014 2:11 AM

Way better names then the NSA.

Wael • July 15, 2014 2:36 AM

I would like to post the entire list. If someone has a clever way of extracting the text, or wants to retype it all, please send it to me.

Not a very clever way, but easier than typing. Save web page, export to a pdf, download an OCR (such as http://solutions.weblite.ca/pdfocrx/, run the OCR, minor sit it… This list was done last page first. Not sure it’s the whole thing, but I got bored pretty fast. And I felt I had to make up for the limerick I posted 😉 Hopefully that buys me a few more limericks 😉 If there are typos, it’s the software, not me.

Cerberus Statistics collection: Collects on-going usage information about how many users utilise JTRlG’s UIA capability, what sites are the most frequently visited etc. This is In order to provide JTRIG lnirastucture and rrservices management infonnation statistics.
JTRIG RADIANT SPLENDOUR: is a ‘Data Diode‘ connecting the CERBERUS network with GCNET
ALLIUII ARCH: JTRIG UIA via the Tor network.
ASTRAL PROJECTION: Remote GSM secure covert Internet proxy using TOR hidden services.</li
TWILIGHT ARROW: Remote GSM secure covert Internet proxy using VPN senrlces.
SPICE ISLAND: JTRlG’s new Infrastructure. FOREST WARRIOR, FRUIT BOWL, JAZZFUSION and other JTRIG systems will form part of the SPICE ISLAND
infrastructure
POISON ARROW: Sale Malware download capability.
FRUIT BOWL: CERBERUS UIA Replacement and new tools infrastructure – PrimaryDomain for Generic Userfrools Access and TOR split into 3 sub-systems.
NUT ALLERGY: JTRIG Tor web browser – Sandbox IE replacement and FRUFT BOWL
sub-system
BERRY TWISTER(+): A subsystem of FRUIT BOWL
BRANDY SNAP: JTRIG UIA contingency at Scarborough.
WIND FARM: R&D offsite facility.
CERBERUS: JTRIG’s legacy UIA desktop, soon to be replaced with FOREST WARRIOR.
BOMBAYROLL: JTRIG‘s legacy UIA standalone capability.
JAII FUSION: BOMBAY ROLL Replacement which will also incorporate new collectors – Primary Domain for Dedicated Connections split Into 3 sub-systems.
COUNTRY FILE: A sub-system OI JAIZ FUSION
TECHNO VIKING: A subsystem of JAZZ FUSION
JAII FUSION+: A subsystem of JAZZ FUSION
BUMBLEBEE DANCE: JTRIG Operational VM/TOR architecture
AIR BAG: JTRIG Laptop capability for field operations.
EXPOW: GCHQ’s UIA capability provided by JTRIG.
AXLE GREASE: The covert banking link for CPG
POD RACE: JTRIG’S MS update farm
WATCHTOWER: GCNET -> CERBERUS Export Gateway Interface System
REAPER: CERBERUS -> GCNET Import Gateway Interface System
DIAL d: External lntemet Redial and Monitor Daemon
FOREST WARRIOR: Desktop replacement for CERBERUS
DOG HANDLER: JTRI6’s development network
DIRTY DEVIL: JTRIG’S research network
MINIATURE HERO: Active sl-cype capability. Provision or real time call records (skypeout and Skypetoskype) and JTRIG Soitware bidirectional instant messaging. Also contact lists.
MOUTH: Tool for collection lor downloading a user’s files lrom Archrveorg.
MUSTANG: provides covert access to the locations or G-SM cell towers.
PHOTON TORPEDO: A technique to actively grab the IP address of an MSN messenger user
RESERVOIR: Facebook application allowing collection oi various inlormation.
SEBACIUM: An ICTR developed system to identity P2P file sharing activity of intelligence value. Logs are accessible via DIRTY RAT.
SILVER SPECTER: Allows batch I-lmap scanning over TOR
SODAWATER: A tool for regularly downloading gmail messages and forwarding them onto CERBERUS mailboxes
SPRING BISHOP: Find private photographs of targets on Facebook.
SYLVESTER: Framework for automated interaction 1 alias management on oniine social networks.
TANNER: A technical programme allowing operators to log on to a JTRIG website to grab IP addresses of Internet Cale’s
TRACER FIRE: An Office Document that grabs the targets Machine info, files, logs, etc and posts it back to GCHQ
VIEWER: A programme that (hopefully) provides advance tip off of the kidnappers IP address lor HMG personel
VIKING PILLAGE: Distributed network lor the automatic collection of encrypted/compressed data from remotely hosted JTRIG projects.
TOP HAT: A version oi the MUSTANG and DAI-ICING BEAR techniques that allows us to pull back Cell Tower and WiFi locations targeted against particular areas
AIRWOLF: YouTube prolile, comment and video collection.
ANCESIRY: Tool for discovering the creation date of yahoo selectors.
BEARTRAP: Bulk retrieval ol public BEBO proliles from member or group ID.
BIRDSONG: Automated posting of Twitter updates.
BIRDSTRIKE: Twitter monitoring and prolile collection. Click here for the User Guide.
BUGSY: Google+ collection (circles. profiles etc.)
DANCING BEAR: obtains the locations at WiFi access points
DEVILS HANDSHAKE: ECI Data Technique.
DRAGONS SNOUT: Paltalk group chat collection.
EXCALIBUR: acquires a Paltalk UID andlor email address from a Screen Name
FAT YAK: Public data collection from Linkedln.
FUSEWIRE: Provides 24.17 monitoring ol Vbulliten lorums for target postingslonline activity Also allows staggered postings to be made.
GLASSBACK: Technique or getting a targets IP address by pretending to be a spammer and ringing them. Target does not need to answer.
GODFATHER: Public data collection from Facebook.
GOODFELLA: Generic framework lor public data collection from Online Social Networks.
HACIENDA: is a port scanning tool designed to scan an entire country or city. rt uses GEOFUSION to identity IP locations. Banners and content are pulled back on certain pens. Content is put into the EARTHLING database, and all other scanned data is sent to GNE and is available through GLOBAL SURGE and Flexlmart.
ICE: is an advanced lP harvesting technique.
INSPECTOR: Tool for auditing dissemination ol VIKING PILLAGE data.
LANDING PARTY: Tool for auditing dissemination of VIKING PILLAGE data

65535 • July 15, 2014 3:13 AM

I am at the bottom of the post so I will make my observations short.

The pdf to the intercept doc can be gotten by full screen view and then clicking the pdf link. It is nice to have the pdf link in the comments [hat tip Anon]

http://s3.documentcloud.org/documents/1217406/jtrigall.pdf

“MOLTEN-MAGMA also purports to “perform HTTPS Man in the Middle” – I wonder what certs they use for that.” – x11794A

Maybe Clive can answer this but from comments from other sites it appears that all major CA’s send a copy of UK costumer’s certificates to the GCHQ when the cert is created [not with self-signed certs]. Then they do a MITM attack. I don’t know if this is true.

“Note that they use Tor.” Bruce S.

Duly noted.

“It’s simply too easy to use tools like this for evil, especially framing opponents for crimes. They either should be illegal or monitored probably as much as we do WMD’s.” [And all of his comment] – Nick P

I agree.

The crimes could be a broad spectrum – from simple Pole Slanting and DDOS attacks to extortion [political and civilian] and murder [droning innocents].

‘The point needs to be made that like the US catalog these are the “over the counter” exploits, not those dealt in “brown wrappers” or from private back rooms… the “good stuff” is reserved for special customers…’ –Clive

Given the documents are somewhat old – I concur.

“This shows that their “targets” is not a taliban, but the usual linkedIn user….” – Benni

Yes, and it means they are not dealing foreign “National Security” threats but expanding their mission to monitor average citizens. Mission creep.

“It would be interesting to know whether they still use tor in an environment where there is a state actor that can monitor the internet, like in china.” – Benni

The only way to probe the extent of Tor penetration would be to use the same monitoring tactics these spy agencies uses.

That would include monitoring on the backbone, honeypots, markers like the giggle “evercookie” or the Dart cookie and operationally traps [one could use the WWII ultra false flag traps to see if they respond to important sounding but false reports].

“Do they deliver their exploits via MS autoupdate?” – Benni

It would violate various laws but given the phrase “National Security” and NSL’s, I assume it is possible [not only with M$ but Apple, and other OS updates].

“How on earth is scanning an entire country even remotely ‘targeted’? Surely there aren’t any countries where everybody is a terrorist? (And it’s a waste of resources, the could just buy Google, get all that info and make a profit as well).” –AltGrr

Good question about “Nation Security” and its boundaries. As for Google, the NSA or GCHQ doesn’t have to buy Google – they just rent it for a certain sum of money.

“Let’s be honest. None of this has much ado with ‘terrorism’ — even with ‘security’. It’s a bunch of bathroom-peekers and brief-sniffers with a budget.” -roadowl

That is the core of the problem.

It appears to be a collection of over-funded program operators with no oversight; who have a habit of watching porno chat messages for fun [and possibly for profit… parallel extortion… err, parallel construction for law enforcement cases].

“Save web page, export to a pdf, download an OCR (such as http://solutions.weblite.ca/pdfocrx/, run the OCR…” -Wael

Nice summary!

Wael • July 15, 2014 3:26 AM

I honestly think all this crappy tools are pretty crude. Some smart people have figured out how to exploit FUD to extort money from governments, they probably repackaged some open source code (read cut it) and gave it a cool name then sold it for millions…

Wael • July 15, 2014 3:32 AM

@65535,
Thank you. Shortly after I posted it I thought: I did not read the fine print about copy rights. Not sure there are any, but too late. @Bruce Schneier will have to bail me out if I get sued 🙂

anon • July 15, 2014 3:47 AM

“CONCRETE DONKEY” is named after a weapon in the “Worms” video game series. Very strange.

Mike Amling • July 15, 2014 4:18 AM

@65535
“it appears that all major CA’s send a copy of UK costumer’s certificates to the GCHQ when the cert is created [not with self-signed certs]. Then they do a MITM attack.”

CAs get the newly created cert’s public key but not its private key. To use a cert for MITM, you’d need the private key.

st37 • July 15, 2014 4:35 AM

GCHQ could have bought these on the darknet.

Mike the goat (horn equipped) • July 15, 2014 4:43 AM

There are several CAs that provide a working root to large organizations (e.g. Geotrust had such a product called Georoot) with very little oversight. In fact, one prominent CA (now detrusted and broke after a massive incident a few years back) promoted the use of such certs to ISPs so that they could proxy SSLized connections without throwing warnings within the user’s browsers. The ostensible reason that many large organizations use such an appliance is “security” with the often used excuse that their inline security appliances are unable to monitor encrypted traffic and their endpoint security is somehow inadequate. This is obviously a very dangerous practice. Not to mention the fact that there are at least four CAs owned by companies which are effectively run by nation states which are trusted by most browsers (the trusted cert store in Windows products will give you a few specific examples, and many of these organizations don’t even offer public CA services to their own damn citizens anymore yet are still grandfathered).

Another issue is that there are still plenty of certs around which used MD5 and we know from both PoCs and actual blackhat activity that collisions can produce a “fake” yet trusted cert.

It seems pretty obvious to me that the X509 certs are irreparably broken and the CA model can’t be trusted as previous corruption shows. A decentralized “web of trust” system, if properly implemented would be far more robust and would fit in well with the decentralized ethos of the Internet. Unfortunately it appears that the Internet is becoming more and more centralized and an ever shrinking number of organizations become responsible for much of the critical infrastructure.

One stop gap measure which I am surprised that alternate browser vendors have yet to implement would be a simple OpenSSH known_hosts style solution whereby people are warned if a site they have already visited changes certificates. Sure, sites change certs for legit reasons but a bit of logic can be applied to the warnings to avoid freaking users out (for example, avoid making a scary warning if it is within or past N days of the old cert expiry or where the old cert has found its way into the CRL).

Some of the “solutions” are worse than the problem, for example the notary approach of Perspectives and Convergence where the user’s privacy is violated and essentially the notary servers have knowledge of the browsing history of HTTPS sites as it queries each site to produce its reports. I guess this problem is similar to that posed by OCSP vs the less targeted wholesale list provided by the traditional CRLs.

RE the GCHQ catalog: some of these are particularly worrying when you consider their potential sources for their data, e.g. one that mentions sourcing information on FB that a user has marked private (implies collusion with FB or at best a vuln that allows leakage) and another that can supposedly pull out gmail data (again, same issue – if they had the target’s password they could just use imapsync or similar so I assume this is done with either G’s permission or through a vulnerability of sorts). Given the massive stick they carry I suspect that companies who refuse to comply quickly change their minds. After all, if the CEO found themselves arraigned on terror charges I can’t imagine they would survive well in a secret prison.

Clive Robinson • July 15, 2014 5:07 AM

@ Wael,

With regards copyright, I would not overly worry, because you are in now way claiming an original work (except the implied copyright of the modifications you have made as a derived work). So as a non UK citizen you have several good grounds for a defence (1) National Interest / National Security, (2) Research exemption, (3) Derived work.

Further it would be civil case not a criminal prosecution so it would be a bit difficult getting you into court or trying to enforce any potential claim against your assets that are outside of UK jurisdiction. However there are criminal offences under DORA and OSA and possibly receiving stolen goods, but past attempts during the Thatcher era failed rather embarrassingly for the UK Gov. Sadly the UK only has weak –and getting weaker– journalistic privilege unlike the US so you might have to “Do a Guardian” assuming you have a basement and dremel with grinder attachment 😉

Wael • July 15, 2014 5:10 AM

Didn’t notice that @rs had already posted the list on pastebin.com…

Wael • July 15, 2014 5:15 AM

@Clive Robinson,

assuming you have a basement and dremel with grinder attachment 😉

Basements aren’t very common in California! Hopefully @rs isn’t a UK resident 🙂

Observateur • July 15, 2014 5:43 AM

GLASSBACK: Technique of getting a targets IP address by pretending to be a spammer and ringing them. Target does not need to answer.

Could this be the explanation for the type of spam where you receive a message with only random, but intelligible text of apparently literary origin, without any payload (manhood improvement, Canuck Rx, forsaken Nigerian heirloom, etc.), or messages with pretty much the minimum number of headers, with just a line of random characters in the body. Or combinations of both.

I wondered for a long time how these could be useful to anyone.

If you can inspect packets along the way, you could easily look for the signature as the target downloads the message from a known address over a known port.

Even if you access your server over SSL, sigint techniques could still be useful.

Skeptical • July 15, 2014 6:18 AM

BREAKING… Greenwald Posts Follow-Up Story on CIA…

The Intercept has learned that the CIA spends months teaching new recruits how to pick locks, detect and evade surveillance, develop and manipulate social relationships, and live and leverage cover identities.

“Have we learned nothing since Watergate?” Greenwald asked rhetorically in a heated interview on NBC. “All of these skills and techniques can be used harmfully against peaceful activists both there in the United States and anywhere around the world.”

Social Engineering – Offline

“The CIA is essentially teaching its spies to conduct social engineering attacks offline. They’ve taken what was always a double-edged sword in the online context, and have made it in some ways more dangerous by bringing it offline,” Greenwald noted. “This is a very serious development – the KGB were known for teaching their spies things like this. We have to ask ourselves: isn’t it dangerous for a democracy to have a KGB? How far are we away, really, from the Stasi, if we’re already happily funding a KGB?

Okay, so the point of that parody:

The catalog describes tools that could plausibly be used in various legitimate operations. Let me quote Wikipedia, which cites to Greenwald heavily, for two examples:

A JTRIG operation saw GCHQ “significantly disrupt” the communications of the Taliban in Afghanistan with a “blizzard” of faxes, phone calls and text messages scheduled to arrive every minute.[2] Specific JTRIG operations also targeted the nuclear program of Iran with negative information on blogs attacking private companies, to affect business relationships and scupper business deals.[2]

Now we have a catalog naming some of the tools that would be clearly useful for such operations.

It is no more scandalous for the intelligence services to have such tools than it is for them to have master forgers or crafty listening devices, or for the military to have wings of fighter aircraft and regiments of mechanized infantry.

A scandal would involve GCHQ using these tools for illegitimate operations, such as manipulating domestic (peaceful) opposition political groups.

But there’s nothing approaching that here.

The story is a crude fuel for the narrative of runaway intelligence agencies. It lacks any facts to establish such a narrative, but it provides, breathlessly, a few pieces of information that can add color to that narrative – just as it can add color to any novels in progress out there.

It’s also written in a deliberately misleading fashion that attempts to refine that fuel for a little more power. For instance, it opens with:

The secretive British spy agency GCHQ has developed covert tools to seed the internet with false information…

Got that? They’re seeding the internet with false information. How dare they besmirch that pristine cyber wilderness of truth and honey with their fake reviews and propaganda! How will I be able to trust a review on Amazon now? Did that can of uranium for sale really deserve those 5 stars, or is the GCHQ trying to trick – those devious devils – honest consumers like me into buying uranium that doesn’t give you nearly as much bang for your rial as you hoped?

most startling methods of propaganda and internet deception

comprehensive, birds-eye view of just how underhanded and invasive this unit’s operations are

Hilarious stuff.

Less hilarious is the fact that Greenwald seems incapable of grasping the notion that using deception, disinformation, and manipulation as weapons against an Iranian nuclear program, or Taliban insurgents, or similar groups, is far preferable to more obvious and “kinetic” forms of intrusion.

Greenwald is unintentionally confirming the lack of any outstanding scandalous material every time he publishes a story like this.

At this point, if there is no unpublished material showing evidence of abuse of power, the remainder of the Snowden material should be destroyed to lower the probability of any more of it slipping into the wrong hands.

CryptAsinet • July 15, 2014 6:31 AM

One stop gap measure which I am surprised that alternate browser vendors have yet to implement would be a simple OpenSSH known_hosts style solution whereby people are warned if a site they have already visited changes certificates.

@Mike the goat (horn equipped) You’re describing a simpler version of the TACK proposal (tack.io), by Moxie Marlinspike and friends.

TACK, for pinning.

A proposal for a dynamically activated public key pinning framework that provides a layer of indirection away from Certificate Authorities, but is fully backwards compatible with existing CA certificates, and doesn’t require sites to modify their existing certificate chains.

tack.io

Nick P • July 15, 2014 7:35 AM

@ Wael

You were helping spread the classified secrets of a notorious TLA and your one worry was copyright? O.K. 😛

Pixa • July 15, 2014 7:47 AM

CONCRETE DONKEY: is the capacity to scatter an audio message to a large number of telephones, or repeatedely bomb a target number with the same message.

Pretty sure companies to “help” you make an injury claim or reclaim PPI have had this technology for years…

Winter • July 15, 2014 7:54 AM

@Skeptical
“A scandal would involve GCHQ using these tools for illegitimate operations, such as manipulating domestic (peaceful) opposition political groups.

But there’s nothing approaching that here.”

The actions below are crimes in Europe. Btw, hacking Belgacom was a crime too.

http://www.extremetech.com/extreme/177500-gchq-nsa-secretly-collected-webcam-images-from-millions-of-yahoo-users

The Guardian reports that the UK’s GCHQ spy agency (pictured above) has been using NSA systems to collect millions of still images from private webcam feeds — a good portion of which reportedly contained sexually explicit imagery. These feeds were captured through Yahoo infrastructure, but if Snowden has taught us anything, it’s that government hackers are neurotic completists; it is prudent to suspect that most or all major such services have been compromised as well.

name.withheld.for.obvious.reasons • July 15, 2014 8:18 AM

And so it begins, my speech rights as exercised on this blog may have resulted in undue scrutiny and harassment from the U.S. government. Yesterday, late afternoon, a missed call and I retrieved my voice mail. Low and behold, the IRS instructed me to contact their office in NY and I had until the end of the day. Given I am on the west coast, the “penalty” time was past almost the minute I listened to the voicemail.

Why NY, my local office isn’t relevant? Or, does the originating order/case within a preferred NY federal district court disadvantage my legal “response/defence”? Or, is an attempt to do discovery as my digital image is that of a ghost. I return the call without a lawful basis to compel and thus confirm my identity and “parallel construction” is used to render persons of political or internal institutional interest. Given that the call did not identify me (to protect my privacy is the legal reasoning in court) and the NY office contact requirement lends me to believe that the spring is compressed and the cheese is fresh. They did provide a case number but no other information.

The call came in on a line filtered by a business proxy without any link to either my personal or business activities. I can attest that we (more specifically I) have for the last fourty years worked for or with legally formed businesses, non-profits, educational institutions, and what appeared at the time a lawfully functional U.S agencies and departments.

@ Nick P
You issued a warning that hubris would be met by action and that I should avoid handing them the rope they need. What may be more interesting in how the government, given all the comm/network/system subversion running from within the government belies any veracity claim the government can assert (at least legally). But at this point I cannot afford to mount a defense at any level that keeps me out of IR scope range. I can also here the judge telling the prosecutor that the actions of a “few” agencies does nothing to undermine the integrity of the process, court, or law.

when the time one difference j

Mark T • July 15, 2014 8:40 AM

I want to know the purpose of
” Ability to artificially increase traffic to a website.”

Winter • July 15, 2014 9:07 AM

@Mark T • July 15, 2014 8:40 AM
“I want to know the purpose of
” Ability to artificially increase traffic to a website.”

Next to DDOS attacks, maybe getting a certain obscure or unpopular view in the limelights. Think Facebook/Google+ pages. Traffic through referrers can mess up many statistics.

And traffic can carry payloads, like search terms, votes, comments, etc.

unhappyApples • July 15, 2014 10:44 AM

@name.withheld

How do you know the purported IRS voicemail is not a vanilla everyday phishing attempt similar to the IRS warning of Apr 2014:

http://www.irs.gov/uac/Newsroom/IRS-Reiterates-Warning-of-Pervasive-Telephone-Scam

part of which reads:

IRS Reiterates Warning of Pervasive Telephone Scam

IR-2014-53, April 14, 2014

WASHINGTON — As the 2014 filing season nears an end, the Internal Revenue Service today issued another strong warning for consumers to guard against sophisticated and aggressive phone scams targeting taxpayers, including recent immigrants, as reported incidents of this crime continue to rise nationwide. These scams won’t likely end with the filing season so the IRS urges everyone to remain on guard.

The IRS will always send taxpayers a written notification of any tax due via the U.S. mail. The IRS never asks for credit card, debit card or prepaid card information over the telephone. For more information or to report a scam, go to http://www.irs.gov and type “scam” in the search box.

…

If you get a phone call from someone claiming to be from the IRS, here’s what you should do:

If you know you owe taxes or you think you might owe taxes, call the IRS at 1.800.829.1040. The IRS employees at that line can help you with a payment issue, if there really is such an issue.
If you know you don’t owe taxes or have no reason to think that you owe any taxes (for example, you’ve never received a bill or the caller made some bogus threats as described above), then call and report the incident to the Treasury Inspector General for Tax Administration at 1.800.366.4484.
If you’ve been targeted by this scam, you should also contact the Federal Trade Commission and use their “FTC Complaint Assistant” at FTC.gov. Please add "IRS Telephone Scam" to the comments of your complaint.

Taxpayers should be aware that there are other unrelated scams (such as a lottery sweepstakes) and solicitations (such as debt relief) that fraudulently claim to be from the IRS.

My business and unlisted phone numbers receive scam calls all the time. I’d suggest ignoring it or reporting it.

unhappyApples • July 15, 2014 10:48 AM

Skeptical wrote “Greenwald is unintentionally confirming the lack of any outstanding scandalous material every time he publishes a story like this.”

As we saw with the recent story of surveillance of Muslim American citizens, it took time to gain permission from the apparent targets to publish their names. To be trite, absence of evidence is not evidence of absence. We do not know what stories have not been published yet.

كذاب • July 15, 2014 10:53 AM

UK never submitted a reservation to the legal prohibition on war propaganda in conventional international law. Now that we know about HMG’s extensive propaganda capabilities, pending disclosures will identify the various ways that UK officials used them to make deceptive statements about the necessity for use of force in Iraq, Libya, and elsewhere. That will enhance individual officials’ legal exposure for crimes and joint state responsibility for wrongful acts (e.g. as summarized by the international criminal-law dry run in Malaysia)

http://www.globalresearch.ca/chief-prosecutor-of-the-kuala-lumpur-war-crimes-commission-v-george-w-bush-anthony-l-blair/27821

Thanks to GCHQ, Nuremberg Count One is now a slam dunk.

Mark T • July 15, 2014 10:59 AM

@unhappyApples – my wife experienced something closely resembled the IRS scam. She called the IRS in KC to confirm the agent was real. They said they weren’t allowed to confirm or deny individuals worked for the IRS. Worse, they denied contacting her and then sent her to the fraud division. She was in a panic, took off work, then locked down all credit and banking. Later that day, another person at the IRS told her “Oh, that was really us. It was just routine notice.” Sorry.

Houston • July 15, 2014 11:05 AM

@name.withheld.for.obvious.reasons, IRS does collaborate in unlawful DNI surveillance. For example, they use IVO to drive you to government websites if they need selectors. I’ve seen it done. If you aren’t sure it’s a scam, don’t phone the IRS, send your response by mail.

Wael • July 15, 2014 11:26 AM

@Nick P,

You were helping spread the classified secrets of a notorious TLA and your one worry was copyright? O.K. 😛

ROFL… Pretty strange! My defense: Geee, Judge! “classified secrets” are no longer “classified” when they are on the internet and in the news.

name.withheld.for.obvious.reasons • July 15, 2014 12:28 PM

I see this as a relatively easy way for the Feds to flush someone out. Say you have a low profile, but all the selector boxes are ticked. The compunction to use other agencies that say have an IMSI handed to them based on some deterministic and heuristic traffic across platforms and networks. The best tool for backtracking anyone on multiple nets, providers, and proxies is to match government hard data (your paper trail is small, location unknown, and a number of heuristic searches match some pseudo psychological profile–start Robo dialing.

Using the IRS to do the first phase of a HUMINT. The bonus is that the IRS has supernatural powers that allow the agency to ignore specific restrictions defined in the Bill of Rights of the constitution. Due process relegated to the most privileged. And, as many assets are “controlled” electronically it is possible for the few to screw the many like never before. Think of it in terms of how SWIFT is used to punish whole countries by the owners of the enforcement tools.

name.withheld.for.obvious.reasons • July 15, 2014 4:43 PM

@ unhappyApples

How do you know the purported IRS voicemail is not a vanilla everyday phishing attempt similar to the IRS warning of Apr 2014:

Yes, it is a scam message but it is just the type of stunt that the TLA’s would pull to flush an unknown/anonymous/anomaly from the haystack. The metadata call records could be correlated on transport, geo an IP addr, session and content data in real time. Analyzing outliers and anomalies from a series of data sets is most worrisome
e and opens a very dangerous door. Once through the door the most likely way back out means burning it down. My thinking is that the single act of collection becomes but a method that results the sum of the parts being greater than the whole. Not much has been mentioned about the very real possibility of meta-content-meta event chaining.

Monte Carlo modeling, non-linear algebraic mappings of disparate data sets could be used against a class of interesting haystack sources and could be more problematic then we might think. Parametric discrimination that resolves to one person is a most insidious and dangerous thing indeed. As it cannot be recognized even when it is observed directly. Discriminating or punishing one person as if they are a class (our anthropological perspective) is a form of discrimination (or repression) that could be nearly impossible to counter and would enslave us all. There needs to be some research done on information theory and big data that reflect Godel’s set continuum theory. I fear there be dragons.

JKL • July 15, 2014 6:00 PM

UNDERPASS is my clear fave here, for the sole reason that it is clearly an IO tool (information operations) as opposed to all these collection tools. Where’s the argument that IO actions to change online polls are “targeted” or not directed at citizens, hrm?

Nick P • July 15, 2014 6:39 PM

@ name.withheld

If you actually need to deal with IRS, go through a tax attorney and preferrably one of those who has a track record of working the system. Don’t talk to them directly. If you have to respond to this, do it in a way that doesn’t give you away and doesn’t look uncooperative. One way might be to send them a message or letter saying to mail you an official notice at the address they have on file. The message/letter would mention the phone number they called as the ID. You might even mention a concern about an IRS scam and that your business’s security policy requires you to verify identities of people claiming on the phone to be government agencies. Again, though, I’d talk to a savvy attorney and run it by them, first.

If the noose might be tightening, you have several options.

Play it calmly and defensively leveraging your positive reputation, while giving them as little as possible. And post nothing more that might ID you.
Ignore it, continue about your life, continue to voice your opinion without leaking classified information, and continue developing technical solutions people can use. You might even do this as part of the next round of NSF’s (under Epstein) secure systems funding, a DARPA grant, and so on. This is in addition to your usual business, of course. The point is your image is a long-standing member of the community who is also developing solutions to protect our military and intellectual property. TLA’s knowing your past might ignore you seeing you weren’t really a threat before and definitely aren’t anymore.
If they’re going to ruin you and it’s totally clear, you have a dangerous last resort option. This option requires you to liquidate assets, gather up everything you have that’s dangerous to them, set up a way to ensure it’s released in event something happens to you, let them know that, negotiate for them to leave you alone, and leave the country for a safer one (optionally offering to engineer stuff for them). The leverage has to be truly damaging to their mission, like our TEMPEST standards in all countries’ hands. I do not recommend this option as you’re asking them to hit you with everything they have, but it’s worth knowing about if your going to be destroyed anyway and without due process. Also, this option must be carefully prepared ahead of time and be torture/monitoring proof. I’m not going to say anything past that.

So, there’s your options. Continue practicing OPSEC for this particular persona for the rest of your life as well, assuming you continue to post here. Continue playing it safe, developing strong security tech that we can use (avoid classified I.P.), maintain a positive image in defence community if you stay there, and try not to freak out. Best of luck to you.

blunt minor • July 15, 2014 10:00 PM

Hear, hear. Only #3 is really #1. Don’t warn them, though, goodness. Everyone should amass fuck you money and a fuck you file. You can always detonate it later, when you get bored. Take this as a personal testimonial, it’s really a treat!

Figureitout • July 15, 2014 10:27 PM

name.withheld.for.obvious.reasons RE: harassing phone calls
–I would just ignore it for the time-being, a foreign-national just got a similar call and the piece of sh*t scared the person about “unpaid taxes”. Called my dad in a panicked state b/c the person wasn’t sure about all the laws here.

I’ve received similar calls (mostly about lawsuits and unpaid medical bills), even some threatening text messages…Just ignore, they’re trying to get under your skin (it’s likely the abuse we rarely hear about…just skriddies wasting resources.).

Buck • July 16, 2014 1:12 AM

Longtime lurkers may recognize my use of the phrase “so-called ‘leaks'” or some other combination of the two terms… To that, I’d say: How has no one here mentioned the intro to this wiki!?

We don’t update this page anymore, it became somewhat of a Chinese menu for effects operations. Information is now available for JTRIG staff at [1]

Yet, some of the commenters that were here before me have already probably called this out quite accurately… Yes, these tools and techniques are at least a decade old, and they likely hold little if any current operational capability against any non-third-world nations!
Such a shame that it took Greenwald and Co. so long to release these documents that are seemingly in direct correlation with their own efforts to affect public opinion…
I don’t think I’m too far off-base in suggesting that this news crew simply lack the technological capabilities to analyze/dissect/disseminate/secure this supposed mass of documents. 😉

[1] Citation Needed

name.withheld.for.obvious.reasons • July 16, 2014 3:20 AM

@ Nick P
Thanks for the comments, I talked to a friend (former CIA) about the incident and he said I’m the most paranoid person he knows. I reminded him of a black project we did and when we took over the a SAT/Imagery building I located the paranoid (probably the operations manager or security officer) by noticing that clear tape was applied to the ceiling tiles.

Seems what I’ve been stressing to others about this situation (I knew it wasn’t a tax problem), where the government tilts it energy towards critics. At the time of the aforementioned black project, I was vocally characterizing Rumsfeld as an idiot without a sense of history. Said it out load to all that got within ear-shot.

Rumsfeld’s lack of strategic thinking, the resultant destabilization of the region and the arrogant notion that we can export democracy 2.0, train new Iraqi forces in six months, and it would be all be payed for with Iraqi oil sales. Not long when after express my disgust with him and his “yes-men” I was returning from a dinner with family headed back to the reservation. At less than 10 miles from the base an explosion went off 400 meters, heading 320 degrees, as I was driving. I thought that a transformer had exploded. About 90 seconds later, another explosion about 200 meters at heading of 45 degrees. At this point I started to become concerned (the second explosion was in the vicinity of a test range). Another 150 seconds pass and an explosion within less than 60 meters and at my six. At this point I am griping the steering wheel waiting for the correctly interpolated mortar launch to hit. 180 seconds later, NCIS pulled me over for a “license plate light failure” and my concern is that something else is in store for me…

So when I received the fake call I believed to be a standard OP to flush out obscure or transparent on-line dissidents. It would be a matter of fact that TLA’s went from analyzing threats to being one. And it was easy to see why the IRS would be an effective HUMINT arm of an “internal” program. For the last two years a number of mysterious deaths, actions taken against wiki leaks, Brown, and anonymous and published of striking at hackers, human rights advocates, members of the press and organizations, etc…the sense that their must be limits to what our government is capable is yet unproven.

What I fear is the contrite and superior attitude permeated in the TLA’s since 2001. This paternal attitude is inappropriate and is debilitating to our governance in a representative democracy.

Mike the goat (horn equipped) • July 16, 2014 5:11 AM

We all need to be careful, remembering that governments are just cartels with a veneer of officialdom. I don’t believe you are being paranoid. Remember what I told you privately about information leakage from the mail app which appeared directly targeted.

Skeptical • July 16, 2014 5:53 AM

@Winter: The actions below are crimes in Europe. Btw, hacking Belgacom was a crime too.

None of which are a part of this story. This story reveals tools, all of which would be useful in various legitimate operations (some of which, as I’ve cited, have been reported on). This story reveals nothing scandalous or illegal.

@unhappyApples: As we saw with the recent story of surveillance of Muslim American citizens, it took time to gain permission from the apparent targets to publish their names. To be trite, absence of evidence is not evidence of absence. We do not know what stories have not been published yet.

Yes, and that recent story didn’t reveal anything illegal either. As far as I can tell, it was done for sheer sensationalism and perhaps to aid certain lawsuits.

This story is, frankly, worse in some ways. Greenwald reveals classified information about capabilities useful in various legitimate operations. These capabilities are not illegal; there is no evidence in the article that they were used in any illegitimate ways.

Gerard van Vooren • July 16, 2014 8:19 AM

@ Skeptical

“None of which are a part of this story. This story reveals tools, all of which would be useful in various legitimate operations (some of which, as I’ve cited, have been reported on). This story reveals nothing scandalous or illegal.”

To me it’s about what you can do with these tools. AFAIK if I personally use these tools the way they should be used, I am not really sure I am blogging here tomorrow.

For instance, the “Hacking Online Polls” tool, imagine how that being used for political campaign voting polls statistics? Or for influencing currencies?

It is good to know what the intelligence agencies are capable of.

Gerard van Vooren • July 16, 2014 8:25 AM

Adding to my previous post:

It is also more than gathering intelligence alone. These tools allow GCHQ to actively influence a target.

Clive Robinson • July 16, 2014 8:33 AM

@ Skeptical,

These capabilities are not illegal; there is no evidence in the article that they were used in any illegitimate ways.

Err, firstly quite a few are illegal if used in the UK which is where GCHQ is, likewise under European legislation at the time (and are again). But in the UK whilst it is not illegal to own a screwdriver etc in your home or have them in your toolbox, it is not legal is to use them to break into somebody elses property or to cause somebody harm. From the 1800s there was legislation brought about which enabled a police officer to take the tool off of you or even arrest you if they believed the tool was dangerous –which most are– and you could not give a good account for having it about your person or possessions. Later legislation moved the burden of proof further onto you as the individual with the “going equipped…” legislation. Most of these GCHQ tools are not harmless or legal in use, that makes them more of a lead filled cosh than tools for a legal trade. Thus it falls upon GCHQ to argue their innocence.

Skeptical • July 17, 2014 5:30 AM

@Clive Err, firstly quite a few are illegal if used in the UK…

There are many illegal acts one could commit in the UK using the tools and weapons of the intelligence services or the armed forces.

So what?

…and you could not give a good account for having it about your person or possessions. Later legislation moved the burden of proof further onto you as the individual with the “going equipped…” legislation. Most of these GCHQ tools are not harmless or legal in use

GCHQ is a government agency empowered to have these sorts of tools.

@Gerard For instance, the “Hacking Online Polls” tool, imagine how that being used for political campaign voting polls statistics? Or for influencing currencies?

Polls are conducted by phone generally, not the internet; the latter are viewed as unreliable and inaccurate. One could influence currencies, I suppose, by planting various false rumors that appear to derive from reliable sources. It would be temporary at best, of course, and it would draw the close attention of law enforcement and regulatory authorities.

It is also more than gathering intelligence alone. These tools allow GCHQ to actively influence a target.

Which is a legitimate function. Some of these tools seem, as someone pointed out above, more likely to be a part of information operations than active collection, but they likely play a role in both types of missions.

These tools have utility in counterterrorism, anti-proliferation, counterinsurgency, intelligence collection against more ordinary foreign state targets, and other legitimate missions.

By disclosing these tools and capabilities, Greenwald has merely ensured that those they would be used against will be even more vigilant against their possible use, thereby blunting their edges.

In a related vein, in my view the press must to some extent function as a watchdog. However, one must also keep in mind, as the business of journalism becomes ever more competitive, that journalists have incredibly strong incentives to publish. Their prestige, and ultimately their autonomy in their careers, rests more on what they publish than on what they withhold.

So there is also strong incentive to hold on to any “newsworthy” material even if the journalist decides that it cannot currently be published, because someday, perhaps, it can be, or someday it may become so relevant that the incentive to publish outweighs other factors.

In doing so the journalist assumes the responsibility that such material will not be acquired and misused, and that his associates and colleagues will act with similar judgment.

But that responsibility cannot be borne in the case of the Snowden material. To hold on to this material indefinitely is to ensure that it will be acquired by others. It is to ensure that the very information most in need of protection will be exposed.

Perhaps Snowden didn’t, or couldn’t, insist that the material he leaked be destroyed after journalists decided what to publish and what not to publish. If so, that was yet another mistake (assuming he truly does not want all of the material acquired by others).

Burn bags, metaphorical and otherwise, are an important part of information security as well. I strongly hope that the journalists engaged in these stories are responsible, strong-willed, and self-aware enough to use them.

cat • July 17, 2014 6:23 AM

@Skeptical I’m confused about the part where Glenn Greenwald has to carry water for “legitimate” British intelligence, “empowered” as it is to have these tools.

Mike the goat • July 17, 2014 6:25 AM

Skeptical: IMO the press have been incredibly responsible with the information they obtained via Snowden, going as far as redacting the names of individuals who they feel might be endangered and even in the case of several of the documents redacting the names of companies whose products are mentioned. The former is understandable and probably is an extension of the existing norm of a journalist going to some effort to protect not just their source but innocents (well, depending on who’s opinion you seek) named in papers that are just doing their jobs and aren’t necessarily integral to the story. The latter seems to be pushing it – if these appliances are backdoored then they deserve to be named, shamed and their companies should be ruined for abusing the trust of their customers and selling them out to shadowy government spooks operating outside the very Constitution they are supposed to protect. Greenwald’s excuse was that those named in the list were just ‘examples’ and that the actual number of payloaded firewall/VPN appliances is far greater, which just doesn’t fly. If you’re going to be a journalist, then at least have the kahoonies to tell the full story to the best of your ability. A partial list is better than nothing.

That said — and excuse my jaded attitude — journalism hasn’t really been about protecting and informing the public for a very, very long time. It is political… and the consolidated nature of the modern newspaper company makes it even more so. Public interest is but a side effect of selling papers and p*ssing off those whose political ideology conflicts with the owner of the whole cabal.

Clive Robinson • July 17, 2014 12:53 PM

@ Skeptical,

GCHQ is a government agency empowered to have these sorts of tools

That statment alone shows how poor you knowledge of UK and EU law is. GCHQ is no more “empowered to have these sorts of tools” than anyone else, you realy should know this and not make those sort of faux grandiose statments. Secondly you say,

There are many illegal acts one could commit in the UK using the tools and weapons of the intelligence services or the armed forces. So what?

The “so what” again shows a gulf in your understanding. Neither GCHQ or the Armed Forces of the UK are “empowered” to use thes tools against the citizens of the UK, nor for that matter does EU legislation have exemptions for one EU state to use them against another, it does however have mechanisms by which redress by citizens of one EU state may seek and obtain redress against other EU states that uses such tools against them. As some of these tools only use is to modify evidence they are not allowed for used by law enforcment organisations either.

name.withheld.for.obvious.reasons • July 17, 2014 1:22 PM

@ Skeptical

Which is a legitimate function. Some of these tools seem, as someone pointed out above, more likely to be a part of information operations than active collection, but they likely play a role in both types of missions.

These tools have utility in counterterrorism, anti-proliferation, counterinsurgency, intelligence collection against more ordinary foreign state targets, and other legitimate missions.

I’m sorry but this line of thinking does more then suggest mere skepticism, this is clearly a position that limits the range of possibilities to only the legitimate use of these types of “TOOLS”.

I recently posted about an incident where I was “targeted” by unknown defenders of the U.S. position respecting Iraq. My constant drum beat calling out Rumsfeld et al as fools and idiots was not treated with an Oxford style debate. Mortar rounds that were labeled “Justified use in the U.S. on U.S. targets is permitted.” left launch tubes three times–my reaction to being “targeted” has me quite doubtful that we have any responsible actors at the top of the corrupt pyramid of power.

If you are so naive as to believe that good, or bad, actors is a dividing line in human behavior within the context of any power structure, I have several underground bridges to sell you. You can’t seem them, but they are there–trust me.

Oh, and journalism–if there had actually been a few journalists (less than a handful of “media” organizations in this country support journalism) I wouldn’t have been targeted by the cheerleaders of idiocy.

You seriously need to “up your game”, if your attempting to be skeptical, it is either a very poor exercise or you need to review the definition of the word (OED).

name.withheld.for.obvious.reasons • July 17, 2014 1:46 PM

@ Skeptical
To short circuit your lame response; list of journalistic publications/media outlets:

DAILY- “The Christian Science Monitor”, Democracy Now, the Guardian, The News Hour

WEEKLY- Front Line (PBS)

MONTHLY- “Foreign Affairs”

Oh, and for anyone that would like to see a journalist in action, I recommend Jeremy Paxim (sp?) (BBC 4 I believe). I leave the exercise to identify a legitimate journalist to you–I’m not your source–educate yourself.

Any fool that believes that ABS, CBS, CNN, FOXNUDES, or NBC are anything other than tools for propagandists is sadly ill equipped to make or speak to issues in any informed way. The same for the LA and NY Times, the Washington Post, San Jose Mercury News, and almost every other news print organization.

Skeptical • July 18, 2014 11:59 PM

@cat: I’m confused about the part where Glenn Greenwald has to carry water for “legitimate” British intelligence, “empowered” as it is to have these tools.

Because he aspires to be a responsible journalist who genuinely cares about the security of liberal democracies?

Because no one who argues and writes the way he does could possibly fail to fathom the importance of such security to the functioning of institutions that protect individual rights?

No one is asking him to cover up scandals or illegal activities. The question is whether he should report classified information that does not reveal illegal activity and that is legitimately classified.

@Mike: Public interest is but a side effect of selling papers and p*ssing off those whose political ideology conflicts with the owner of the whole cabal.

You may be interested in this article, What Drives Media Slant? Evidence from US Daily Newspapers, by Matthew Gentzkow (who won the John Bates Clark Medal) and Jesse Shapiro.

It argues that media slant is actually better explained by the slant of the purchasing customers than by the preferences of the owners. It adduces a fair amount of statistical evidence in support of the finding.

@name.withheld: I’m sorry but this line of thinking does more then suggest mere skepticism, this is clearly a position that limits the range of possibilities to only the legitimate use…

The article doesn’t report any illegal use, however. There is nothing in it that would support the inference that they are being illegally used.

@Clive: GCHQ is no more “empowered to have these sorts of tools” than anyone else…

Does the development and/or acquisition of these tools fall within the legal mission of GCHQ?

Yes.

Was the development and/or acquisition of these tools duly authorized?

Undoubtedly.

Is there any law forbidding the development and/or acquisition of these tools?

No.

It surprises me that you would suggest it’s illegal for them to have these tools.

Gerard van Vooren • July 19, 2014 5:05 AM

“The article doesn’t report any illegal use, however.”

Is it a necessity to only report illegal things? This is about that people are being informed of what GCHQ is capable of.

“There is nothing in it that would support the inference that they are being illegally used.”

Well, you buy or develop a tool for not being used???

But still… (repeating myself)

When I use the tools the way they should be used I most likely end up behind bars for a long time. Just look at what happened with Aaron Schwartz.

However millions use these and other tools for a decade now. The result? Zero “terrorists” caught. This is by far the most ineffective, useless and cost expensive government sponsored activity ever!

Unless it has other purposes of course.

“One death is a tragedy; one million is a statistic.” — Joseph Stalin

That is what is going on. US gov is above the law. G.W. Bush committed treason for deliberately breaking at least 2 amendments and he lied about it all over. Now millions of people are actively breaking the law. No-one of these guys are facing the law, except when they break rank of course.

Snowden wants a fair trail, but the US doesn’t want that.

The same with Thomas Drake.

The smell of it is just too much. I bet even Mike Rowe can’t handle that smell.

Wael • July 19, 2014 6:58 AM

@Gerard van Vooren,

Well, you buy or develop a tool for *not* being used?

Happens all the time in government “organizations”…

The smell of it is just too much. I bet even Mike Rowe can’t handle that smell.

— Warning, not for the faint of heart —
Oh, man! That doesn’t say much 😉 What Mike Rowe does is a child’s game compared to what
Bear Grylls in Man Versus Wild does. I can’t find the clip where he does something really disgusting and says “That was an atrocious stink”.

_{PS: Sometimes “copy video URL at current time” spares you the commercials and points you at

the exact location you want to share…}

Nick P • July 19, 2014 11:31 AM

@ Skeptical

re show illegal use

We already covered this in the NSA side of the debate. This, like many of their leaks, is basically a catalog of capabilities. Do you read the auto magazines expecting to see which cars each getaway driver preferred? Do your Best Buy adds give a list of hacking use cases with each computer? Do your Home Depot adds show which sociopaths used which tools?

Expecting evidence of criminal activities to come with catalogs and PowerPoints on general capabilities is absurd. You don’t expect it anywhere else. The only use cases you could expect are a few legitimate one’s to justify the tools’ effectiveness, common inside and outside government. The point of these documents is to show what they can do and might be doing to their targets. Who they’re targeting is a separate issue with only circumstantial evidence being inferred from the catalog-type slides.

Skeptical • July 19, 2014 9:04 PM

@Nick P: This, like many of their leaks, is basically a catalog of capabilities. Do you read the auto magazines expecting to see which cars each getaway driver preferred? Do your Best Buy adds give a list of hacking use cases with each computer? Do your Home Depot adds show which sociopaths used which tools?

Unless publication reports illegal activity of sufficient magnitude to justify the harm done, properly classified material ought not be published.

It’s that simple.

Greenwald’s “adversarial journalism” is, at its core, nothing more than the naive importation of the norms of an attorney into the very different realm of journalism. But journalism occurs outside the controlled atmosphere of a courtroom; there is no judge, no developed body of caselaw, no enforced written procedures, to regulate what information is revealed and how it is characterized. With that greater freedom comes greater responsibility. To an extent, Greenwald obviously realizes this, and has exercised some discretion. Yet he still falls prey to unpersuasive illusions of his old slogans. To determine what to report, and what not to report, one must obtain as clear a picture as possible of reality; to do that, one must approach matters with the attitude of a scientist, not a lawyer; one must be open to listening to experts associated with, in one’s mind, “the other side,” and one must incorporate those views rationally.

This is all by way of saying that when it comes to legitimately classified material, the default ethical position is not simply “publish.” There is no avoiding a careful weighing of all factors – including input from government sources.

Nick P • July 19, 2014 11:12 PM

@ Skeptical

“Unless publication reports illegal activity of sufficient magnitude to justify the harm done, properly classified material ought not be published.”

Classification of material should not happen unless the activity is legal and knowledge of it threatens national security. That’s the law. We know that NSA, particularly, classified many harmless things (maybe majority) by default and Snowden leaks show they routinely lied to Congress/America. That might qualify for using classification to conceal wrongdoing, a felony. They also decide what’s “proper” without any checks outside that system. (That most of Congress had no clue what was going on supports that.) So, your rule is a grey area at best.

The other problem with your assessment is that the news organizations have repeatedly worked with countries whose information they have. They’ve redacted many things on request and some automatically as it could cause unnecessary harm. You’re quick to pretend that didn’t happen, point at Greenwald’s questionable tactics. Yet, you keep playing down problems revealed with NSA. You haven’t called their leadership or any personnel traitors for breaking the law. You haven’t called schemes like their State Secrets immunity from prosecution plea a threat to checks and balances. You deceive with terms like ‘courts’ and ‘case law’ knowing that black project information typically can’t enter a court and these organizations’ management virtually never do prison time for anything they do. You also haven’t called for imprisonment or even termination of all the personnel who simply shunned or retaliated against internal reports of corruption from the likes of Binney.

If you’re not pushing DOD’s agenda here, it’s amazing that you have so little to say about all the huge [criminal] issues with NSA, miss out on obvious problems with your recommendations (eg black program court immunity), and still manage to catch every little possibility when looking at Greenwald/Snowden. The fact is that nobody following your advice could’ve informed anyone or changed anything. Everyone before Snowden tried with almost no effect on anything. Yet, when Snowden showed the scope of what they’re doing, even Congressmen are debating the issue when they previously knew nothing about it. You give the next leaker a sure way to accomplish the same thing within the straight-jacket of the classification system and the very corrupt partnership of Pentagon and private industry. Then, and only then, should anyone think you’re view of Snowden’s actions (including alternative paths) should merit any consideration.

Skeptical • July 20, 2014 7:30 AM

@Nick P: Classification of material should not happen unless the activity is legal and knowledge of it threatens national security. That’s the law. We know that NSA, particularly, classified many harmless things (maybe majority) by default and Snowden leaks show they routinely lied to Congress/America. That might qualify for using classification to conceal wrongdoing, a felony. They also decide what’s “proper” without any checks outside that system. (That most of Congress had no clue what was going on supports that.) So, your rule is a grey area at best.

These are separate issues.

Regardless of whether you think that the NSA committed criminal acts, not every leak of classified information is justified.

Where that information is legitimately, repeat, legitimately classified, and where it publishing it does not reveal illegal activity of sufficient magnitude to justify the harm done by publication, then the information should not be published.

A catalog of capabilities does not demonstrate any illegal activity whatsoever, and it is obviously legitimately classified.

Therefore it ought not be published.

What one may think of other things that the NSA, or GCHQ, have done is irrelevant.

Actually I said that Greenwald obviously realizes that some things do need to be redacted, and has exercised some discretion.

But not enough.

Yet, you keep playing down problems revealed with NSA.

The article did not reveal any problems with the NSA, or GCHQ. It simply revealed legitimately classified information.

I am talking about the article in the post, not every allegation that has been made over the last year in connection with the NSA or GCHQ.

You haven’t called their leadership or any personnel traitors for breaking the law.

Nor will I until I see persuasive evidence that they have done so. Thus far Snowden’s leaks have demonstrated that they have not. I write that without minimizing the larger policy questions that Snowden’s leaks have raised.

You haven’t called schemes like their State Secrets immunity from prosecution plea a threat to checks and balances.

Because that’s not the subject of discussion. The article in the post is.

You deceive with terms like ‘courts’ and ‘case law’ knowing that black project information typically can’t enter a court and these organizations’ management virtually never do prison time for anything they do.

Also neither the subjects of discussion nor the subjects reported on by the article in question.

You also haven’t called for imprisonment or even termination of all the personnel who simply shunned or retaliated against internal reports of corruption from the likes of Binney.

See above.

If you’re not pushing DOD’s agenda here,

Nick, I have no connection with the NSA. I have no access to classified material on any of the above subjects, nor access to anyone working in government on those issues. Everything I say here, and discuss here, derives from my personal views and thoughts.

If I did, I most assuredly would not be discussing these subjects.

it’s amazing that you have so little to say about all the huge [criminal] issues with NSA, miss out on obvious problems with your recommendations (eg black program court immunity),

I haven’t made any such recommendations.

and still manage to catch every little possibility when looking at Greenwald/Snowden.

Greenwald came up because Greenwald wrote the article.

The fact is that nobody following your advice could’ve informed anyone or changed anything. Everyone before Snowden tried with almost no effect on anything. Yet, when Snowden showed the scope of what they’re doing, even Congressmen are debating the issue when they previously knew nothing about it. You give the next leaker a sure way to accomplish the same thing within the straight-jacket of the classification system and the very corrupt partnership of Pentagon and private industry.

What advice is that?

Then, and only then, should anyone think you’re view of Snowden’s actions (including alternative paths) should merit any consideration.

I’d be happy to discuss my views of Snowden’s actions, and the grossly criminal and irresponsible manner in which he leaked huge volumes of appropriately classified material to various persons across the world. But if that’s what you want to discuss, let’s move that discussion to the Squid thread.

name.withheld.for.obvious.reasons • July 21, 2014 7:41 AM

@ Skeptical
If you believe you are serving the community, either the people here or others that may reference this blog I believe a self critical review is necessary. This is an exercise you must undertake. Several on this blog have attempt to draw you into a conversation and it appears everyone has failed–more specifically–it is you that have failed and have dragged a few of us with you. If this is your aim, then in fact you are succeeding (I don’t see participation as “winning” or “losing”–more like participating in society).

I dislike chastising you on the subject, there are moments of lucidity that you demonstrate but more times then not–your arguments and statements become circular or disassociated with the conversation. Maybe it’s your writing style or my reading style–but the comments here seem to have a bit of resonance.

Being argumentative just to be argumentative is an empty exercise. Serving as a ‘Lucifer’s Attorney’ however does have value. My thinking is not limited to a parametric frame (look up Minsky’s Frames) nor are my opinions and bounded rationale (I don’t have access to either the ‘perfect’ or ‘complete’ truth–and I very much doubt you have access to god’s data either).

Again, I suggest you up your game. At this point I see you as the propagandist that you blame others for (Snowden, Greenwald, etc.). As your art, as you practice it here is to pick and choose the facts, opinions, and legal rulings and law. My sense of your presence here is not clear, and probably the same applies to me, but I have not managed to rise the ire of others whom are more often then not just frustrated with addressing your comments.

Again–I refuse to become a censor–I am and will defend your right to rant all the way to the nut-house. And as always, I will continue to address your comments in a reasonable and considerate manner.

Regarding legal–I am suppose that the FISC, when it described the NSA’s behaviour, was incorrect in stating that the treatment of the court was contemptful (FISC cited multiple abuses, legal and illegal, by NSA).

Nick P • July 21, 2014 11:37 AM

@ Skeptical

A careful dodge of almost every point. Textbook sophistry.

AnonymousBloke • July 21, 2014 4:31 PM

Eh, my take on this disclosure is that the British intel services are seriously fucking up on direction. Getting diverted in their line of work, I would think is a very serious thing.

With ISIS, Ukraine & Russia, Gaza & Israel… and so much more… they should have way more serious & useful defensive work they could and should be engaged in, instead of this paranoid, really evil crap.

Very hard to justify such programs, and as for “free nations” moving more and more towards information control & propaganda they are clearly betraying their very roots as “free nations” and moving slowly, but surely towards the very same authoritarianism they claim to be struggling against.

🙂

Figureitout • July 21, 2014 10:36 PM

A careful dodge of almost every point. Textbook sophistry.
Nick P
–That’s why I don’t talk to him/her/it anymore. Insincere, won’t address your points, and mostly wasting my time. Doesn’t add any interesting technical info, doesn’t even expand well on law or politics. AlanS has much better posts in that regard. Called me crazy too when I expose deeply personal info about myself and make some remarks that I’m sure made him/her/it a little uncomfortable…

Remember that time you told him/her/it to get some evidence of harm to agents or something, I can’t remember exactly off my head. Remember how long it took him/her/it? Then the links given? LOL-worthy is all I gotta say.

Skeptical • July 22, 2014 8:27 AM

@Nick P: A careful dodge of almost every point. Textbook sophistry.

You made a series of points completely unrelated to the article in question or to the criticisms I raised. I noted where they were irrelevant to the subject at hand, and offered to continue the discussion on your points in the Squid thread. That’s neither sophistry nor dodging.

Let me try to be clear, if I haven’t been.

This article does not reveal any illegal activity. Instead it reveals legitimately classified capabilities.

Let’s assume that GCHQ has committed illegal acts, A through Z, which are reported on. A reporter then separately publishes an article on legitimately classified capabilities 1 to 50, which appear to have been used in legal, even well-advised, operations. The former (reporting on A-Z) does not justify the latter (reporting on capabilities 1 to 50).

You repeatedly reference A-Z as though that were the issue here. But it’s not.

@Anonymous Bloke: Very hard to justify such programs…

One can very easily envision justified uses for these tools. In fact some have already been reported on.

I’m frankly confused as to why some don’t see their utility in legitimate operations.

BJP • July 22, 2014 9:21 AM

@Skeptical

“I’m frankly confused as to why some don’t see their utility in legitimate operations.”

They do. They simply don’t want to admit it. They prefer their world of “it COULD do this therefore this is evidence of wrongdoing”, willfully suspending disbelief that dual use technologies may be dual use. Which makes those making such arguments just as much transparent shills as those they rail against.

Of course the spooks seeing that type’s use of encryption and thinking “they COULD be terrorists therefore this is evidence of wrongdoing” are just as simplistic and stupid, and those commenting here are perfectly capable of understanding that line of reasoning as bunk.

Neither of those two groups adds anything useful to the discussion. Just self-serving BS with a straight face to put on a show for the naive.

AnonymousBloke • July 22, 2014 10:00 AM

@Skeptical

“@Anonymous Bloke: Very hard to justify such programs…

One can very easily envision justified uses for these tools. In fact some have already been reported on.

I’m frankly confused as to why some don’t see their utility in legitimate operations.”

Some of the programs look very good. Some look like tasteless crap — script kiddy level harassment stuff. This is what people’s reactions are. Nobody thinks negatively on the cool spy tools, they see the malicious harassment stuff and go, “What are they trying to become, little devils”. Or, “script kiddies”. It is stuff that would make teenage males giggle, but would be very low impact and dangerous on multiple levels.

A better article on this, and how a lot of people are seeing it:
http://arstechnica.com/security/2014/07/ghcqs-chinese-menu-of-tools-spread-disinformation-across-internet/

I think everyone understands this.

An immediate result of hearing of it is bringing disrepute to their name and prestige. Which they maybe don’t rely on as they maybe don’t have agents. Whose going to be impressed about giving information to an agency known for causing devilish mayhem and annoyance like teenage boys?

But hey, don’t let me piss of that brit there, he might get agents to put peanut butter on my car door handle to get back at me because he disagrees with me on the quality of their program.

Not intending to insult, just offering an honest opinion.

AnonymousBloke • July 22, 2014 10:13 AM

@BJP

@Skeptical

“I’m frankly confused as to why some don’t see their utility in legitimate operations.”

“Information harassment tools:

A tool appropriately called Badger allows GCHQ to overwhelm targets with spam e-mails “to support an Information Operations campaign.”
Concrete Donkey “is the ability to scatter an audio message to a large number of telephones, or repeatedly bomb a target number with the same message.”
Cannonball is a similar “bombing” tool for SMS messages, and Pitbull targets instant messaging accounts.
For those who prefer old-school communications, Serpent’s Tongue is a fax-bomb, designed for fax broadcasting to multiple phone numbers.
Imperial Barge can connect two target phones together in a call arbitrarily, for those times when GCHQ wants to force people to talk to each other.
”

http://arstechnica.com/security/2014/07/ghcqs-chinese-menu-of-tools-spread-disinformation-across-internet/

I think what they plan to do with that sort of thing is clear. We saw it with Anonymous (no relation) and Scientology. Also seen it with frat boys who put peanut butter on car handles, or perform “tea bagging” on their drunken colleagues.

I think it is a worthwhile comment, because it is a throwback to some of the whacky, really bad idea schemes seen in WWII espionage. Sometimes very smart people fall for these ideas. And then they can’t get what the problem is. Ian Fleming, for instance, had some horrible ideas when he was working in that area.

Exploding cigars type bad ideas.

Do that kind of thing, to whom? Terrorists? Foreign intel agencies? They would be wondering if it was schoolboys or GCHQ. Maybe they would get the two confused. Are schoolboys running GCHQ?

If that sort of statement annoys you, consider: it is because of what they are plotting doing, not because of anything I have said. It is self-demeaning tactics.

A number of the projects are quite good, by contrast, for instance:

“HAVLOCK: Real-time website cloning techniques allowing on-the-fly alterations.

HUSK: Secure one-on-one web based dead-drop messaging platform.”

*(Though no idea how they implemented husk, probably a near infinite number of good online dead drop ideas possible.)

Havlock: just what would be needed for MITM attacks. Very slick idea. Smart.

I get brainstorming, but looks like they kept a lot of bad ideas on instead of dropping them at the wild brainstorming level.

BJP • July 22, 2014 10:50 AM

@AnonymousBloke

Thank you. “I think what they plan to do with that sort of thing is clear.” Very true. But what any of us THINK, on seeing a list, is not evidence of everyone’s apparent fear that GCHQ is gaslighting figureitout and those like him 24/7/365. Some here seem stuck on stupid, as though the right verbal trap will get Skeptical+others to consider this list to be “evidence” of war crimes.

I’m in complete agreement that most of these “capabilities” are little more than “we can slip some commands into existing botnet C2 channels” or “we can do the same stuff script kiddies do”. It’s completely demeaning for GCHQ to see this kind of thing touted as impressive information warfare capabilities. To the kind of suits that distribute the funds and couldn’t tell an I/O bus from a double decker bus, every last thing on there probably sounds like deep voodoo magic.

Because it’s “cyber”, people here can’t see that a “SMS bomb” or “fax bomb” or “telephone bomb” are nothing more than high-tech propaganda leaflets of the type that militaries drop on their enemies all the time? That’s the same kind of thinking that leads to the moronic laws that unnecessarily intrude on electronic activities (like fingerprinting Bitcoin business principals).

If we’re shocked that the TLAs can pull the same stupid user tricks that every 15 year old Russian botnet herder can where is the logic in assuming they occupy some sort of panopticon all-knowing all-powerful position?

AnonymousBloke • July 22, 2014 11:36 AM

@BJP

Again, very strong reasoning and points.

Unfortunately, rampant paranoia is common in computer security. Not entirely sure why. Maybe people’s minds buckle under the number of possibilities. I have seen very smart people get waylaid in these fields, coming to the most unintelligent opinions. I am not talking about some statement they make ‘off the cuff’, but things they come to deeply believe.

It is near impossible to get someone out of some paranoid conspiracy theory they have cooked up. To try directly, their mind will treat you like The Enemy. As if it were something that is part of them, as opposed to being a cancerous thought or thinking structure. Their mental immune system kicks in for the defense. No thinking involved. All automatic.

BJP • July 22, 2014 2:11 PM

@AnonymousBloke

Seems like an occupational hazard to me. Like a medical student convinced they suffer from every debilitating rare disease in the textbook, those of us in the field required to think outside typical boundaries end up hearing the hoofbeats of a network constantly under attack and we think zebras (NSA, GCHQ, PLA), not horses (autonomous botnets, script kiddies, non-state-actor organized crime, pen testers, etc).

Nobody can logic another out of an emotional position. You nailed it with the self-identification aspect. Some will defend their self-actualized, idealized image of something with more gusto than they would their physical self.

Cheers!

Skeptical • July 22, 2014 2:36 PM

BJP, AnonymousBloke – enjoyed reading your balanced exchange.

@BJP, I’m largely in complete agreement with you on the points you make, which is not to imply that you’re in complete agreement with mine.

@AnonymousBloke, even the less impressive tools might be useful in particular operations, and may have been developed or acquired for operations with a highly specific use in mind. Some of them may simply be less destructive means of achieving an intended objective.

For example, you may want to deny a particular commander’s ability to receive communications from certain sources. And perhaps you want to do this without high explosives, or sending in a unit to interfere with various cables, and so forth. Rendering his phone, email, or fax (whatever he uses) unusable with a stream of messages may accomplish the same effect with less risk and cost; it may have the additional benefit of sowing more confusion than straightforward tactics would.

Or perhaps you wish to reduce the effectiveness of a particular node in a social network without physically removing (killing or capturing) that node. Forged messages and other forms of deception may accomplish that purpose.

During the American Revolutionary War, forged messages would sometimes be inserted into British diplomatic and military pouches, intended to deceive the British as to American force size and dispositions, or to otherwise induce failures of coordination among British forces and efforts (and the British did the same). These tools seem to me to be little different.

Sure, some of the tools may not be sophisticated. But so what? They’re picking the tools for the job, not for the showcase.

Somewhat as a side-note, what really strikes me about articles like this is that their cumulative effect is to increase reliance on less precise and more lethal lines of effort. There are consequences to consider here beyond whether publication directly leads to a death, such as by naming an agent.

Put differently and by an imperfect analogy, publishing information that reduces the effectiveness of a precision guided munition may not directly cause anyone’s death, but by shifting reliance to munitions with less precision and broader lethality the indirect, but clearly connected, effect is still a net negative.

AnonymousBloke • July 22, 2014 10:30 PM

@BJP

“Seems like an occupational hazard to me. Like a medical student convinced they suffer from every debilitating rare disease in the textbook, those of us in the field required to think outside typical boundaries end up hearing the hoofbeats of a network constantly under attack and we think zebras (NSA, GCHQ, PLA), not horses (autonomous botnets, script kiddies, non-state-actor organized crime, pen testers, etc).

Hah, very interesting, thanks man.

That really nails it.

AnonymousBloke • July 22, 2014 11:14 PM

@Skeptical

“BJP, AnonymousBloke – enjoyed reading your balanced exchange.”

He has a very sharp mind, that sort of thing is a pleasure.

Totally off the cuff: What is this forum? Quite an unusual place in some regards. Is it like a masquerade ball, where people gather around, clink their glasses, tell mind numbingly boring stories. But, then you hear something interesting? Or perhaps some stunning woman appears?

But, in the wake of Snowden & Manning, it seems almost something very different entirely. Like a big spotlight is put on the party. This is no far, out of the way underground meeting place. It is upfront. Right by the sizzling of the fire.

“Somewhat as a side-note, what really strikes me about articles like this is that their cumulative effect is to increase reliance on less precise and more lethal lines of effort. There are consequences to consider here beyond whether publication directly leads to a death, such as by naming an agent.

By revealing methods, sources – agents – could be revealed. I think that is a very serious danger. It is not as esoteric as what you are arguing, but it is a real danger. Now intel agencies around the world have more clues to find agents.

I do think Snowden went too far in his disclosures. I think, however, the blame does not so much lay on some 29 year old dude who has never even had any agents, but on the organizations at play here. Their security is awful. We should not even be having any of these discussions because there is no way he should have been able to get – any – of this material and posted it to the world to see.

There is zero excuse for this incident to have happened. Post-Manning, they did nothing? Post-Hanssen, for that matter? Hanssen was the textbook case to say, “Do not allow unfettered access on computers to confidential material”.

No lessons learned. Not by those guys anyway.

A defense contractor. Shame. Too much money, went to their heads. They have been drinking cocktails and playing spy, while leaving the doors unmanned.

Everybody wants a scapegoat. That is fine, whatever. That at least creates, what, a culture of concern, of suspicion.

But, the bank was robbed for the thirtieth time, and no one is bothering to actually fix the problem. They are all leaving the bank to chase the robber, leaving all the loot – yet again – in plain view and easy to grab.

Maybe they have no choice? If they do not play the spin game, then everyone will consider them absolute incompetents. Maybe they wanted this information out there, not as disinformation, but as some kind of unconscious message. More likely, just plain dumb incompetence. When your leaders are much more bothered about their precious bank accounts and careers with defense contractors, who is going to lead them to be bothered about liberty, about justice?

If I wanted to get very esoteric, I could argue that this is the death of means of non-lethal warfare, as you appear to be arguing in that direction.

…

I have to come to the conclusion, I am not very worried about that. The information given here, anyway, is incredibly vague. And very trivial to guess. There are probably a lot of tools not on the list.

Maybe you think I am some kind of humanist liberal who is concerned about such things? And see non-lethal warfare as the solution? Or maybe that is towards your own inclinations, a humanist liberal of some sort?

I am not a fan of war. Because of the destruction. I am also not a fan of disease or violent crime. I am not a fan of poverty, age, and death. I am not a fan of famine.

I am an idealist. I am a dreamer.

But, none of this will stop or start anything. It is irrelevant.

People are chasing around, looking at the dirt. The sky might as well be black, because they never look up.

There are not any solutions there, no answers. Only meaninglessness. All of this is a diversion.

If you want to get to facts, here are facts: the middle east is continuing to brew. Hot. Meanwhile, Putin is going crazy, and all of the Russians (in country or out) with him. Ukraine it is. And what can anyone do about it?

Then, there is the looming instability of the dollar. And the continued mess of the financial networks of the world, from the saving grace of “de-regulation”.

Diversions, diversions, diversions. Problem with intelligence agencies of the world is they are the eyes and ears of their nations. So if you grab their attention, you can grab their hearts and minds. And who would know? They won’
t say anything.

Eyes and ears are weaknesses, not strengths. We disagree at the core on that. People are deceived by what they see and what they hear. Yet, it leads their entire bodies. If you conquer their eyes and ears, you have already conquered their whole bodies.

BJP • July 23, 2014 9:07 AM

@Skeptical, @AnonymousBloke

Thank you both for your kind words and good discussion. Prior to a little over a year ago, this place was, to me, a bit of a dark corner full of mostly esoteric security talk, with the nobody-needs-to-say-it undertones of “hostiles are doing all they can to watch you, compromise your secrets and exploit your systems”. I won’t speak for others but at the time my threat model comprised mostly organized crime and industrial/economic espionage.

The information Snowden revealed came as a visceral kick in the gut for people who never once considered that sexting over SMS just might not be the best move for personal security. With Bruce a player in the crypto field, and with crypto the only option to potentially regain that garden-of-Eden feeling of “nobody else sees what I do online”, it only made sense that more and more folks came here to commiserate over their shattered worldview.

Occasionally the stunning woman appears. Her nametag says “goto fail;” or “Heartbleed”. The cocktail party livens up. The rubes panic, while the old hands just sigh, thinking “well, I never really trusted it anyway”. The scandalized virginal youths take that as a jaded dismissal of their righteous indignation, and gin up conspiratorial reasons for why the apparently capable and competent experts aren’t screaming that the sky is falling like the kids did when they realized Snapchat didn’t actually delete those naked pictures.

Personally, I settle my mind by telling myself that if NSA disappeared tomorrow, never to be replaced, I would not change a single thing about my personal information security activities. NSA is not the problem. Neither is GCHQ nor GRU. The fact that the internet was built for friendly, allied nodes to freely exchange bits in ways beneficial to both is the problem. The fact that most online services are funded by advertising, and the advertising industry will not self-impose any boundaries to limit their intrusions on those who may not wish to be tracked in such detail is the problem. The fact that our mass market hardware and software makers are beholden to advertising to subsidize their products, and thus explicitly add more and more capabilities to intentionally leak information is the problem. The fact that Experian is still in business after selling access to their data to identity thieves is the problem. The fact that every new generation of programmers works on brand new languages and brand new frameworks and brand new devices and reproduces the exact same old security failures every time is the problem.

I am not an idealist. Wailing that the world doesn’t work how I want it to discredits my worldview except in the eyes of other impotent whiners. Information security is hard. If you want it you must work for it. No amount of regulations, international agreements, constitutional amendments, standards, or website banners is going to change that. You take responsibility for your own security or you have none.

Nick P • July 23, 2014 11:06 AM

@ BJP

Great post.

BJP • July 23, 2014 12:02 PM

Thanks Nick! I was expecting nice words from Skeptical to flush away any cred I had here like a GCHQ botnet banging on a YouTube “report abuse” button.

AnonymousBloke • July 23, 2014 12:25 PM

@BJP

Another interesting response. 🙂

I just pop in here for the people, my own self. I am interested in ‘how people respond’. One of the more fascinating things I try and find is hidden bias.

There is, for instance logic, and then there is bias which can hide logic. What spits out of the biased mouth is something that appears like logic, but when you do the math… it clearly is not.

In such a way – really not unlike echolocation – one can ‘chart the seas’, saying, ‘this here be darkness’, or ‘that there be light’. And ‘over yonder there be … dragons’.

I am a dreamer, and I am an idealist… though “whining” is not my forte. And I am powerless. I am impotent.

I simply make observations.

Even my observations on the horrid state of affairs of the US Government, are simply that. The reality, of course, is ‘who could have done anything’? So many agencies, so many agendas, only so much funding? And then, probably above all, you have two very contradictory aims: one is to hide data, and the other is to make it available. So, what happened is just what had to happen.

The contradictions there, at play, as to why it had to happen (Snowden breaking in there and leaking the data)… are simple, and need not be said. There are a few contradictions. One is the contradiction of free societies feeling a need to observe, their own selves, their own citizens. Against the contradiction of knowing that observing can change what is observed. And so, there are laws, strong laws, constitutional laws, against that very practice. From those contradictions arose one man, Snowden.

Now, in those societies, those spheres… Snowden must be scapegoated. He must be hated. Why? Because by doing so one shows one’s coworkers they will not tolerate their sort of behavior in them. And that they, themselves, are far from a Snowden. They are a part of the group.

Does any of this really mean anything? No. Not to me, anyway.

But, it may mean something to John. Or Jim. Or Cassandra. It may be their baby, and they do not want their baby cut in two.

I just get curious about those sorts of relationships. Why… does it mean something to someone.

But, of course, such curiosity is not very meaningful to my own self, while it gives a little bit of amusement, it is hardly enough to bring me out. No, I would have to admit, I only come out for some other reason. But, such things are meaningless to discuss with others.

Though, they might do well to ask their own selves, “Why? Why do you post, really? Why do you linger? What are you looking for?”

BJP • July 23, 2014 1:32 PM

@AnonymousBloke

‘though “whining” is not my forte’

I hope I did not cause any offense! I did not intend to imply you were whining, only that some seem to have more interest in loudly complaining (or perhaps in being seen to loudly complain) than in rolling up their sleeves and revising their standard procedures, tools, worldview, and threat model in accordance with new information. I don’t include you in that set.

Shared group thought symbolizes membership and shared goals just as well as, if not better than, uniforms and organization charts. There are TLA folks that can’t be seen to agree that maybe some of it needed to be leaked. There are privacy enthusiasts that can’t be seen to agree that maybe stuff like the NSA TAO catalog, GCHQ Chinese menu (keeping it semi on topic) or other legitimate espionage never should have leaked.

I’m glad not to hold a position where I need to say anything purely to keep up appearances. You make an excellent point that those here — those anywhere — would do well to understand why they do what they do. I’d like to think I encourage people to focus their efforts where they get maximal gain for minimal investment, rather than those areas where it feels good to vent. An hour spent learning how to turn off lousy backwards-compatible insecure old cipher suites in one’s browser of choice will accomplish more for their personal security than a lifetime inveighing against surveillance. A half hour understanding why Tor doesn’t do what a lot of people really wish it would do (and what a lot of other people really want you to think it can do) could save someone from a decade in prison. But that’s just my overt reason. I’m not sure of my covert reason. If I don’t know what it is, nobody else can figure it out!

Skeptical • July 24, 2014 10:03 AM

@BJP – I was expecting nice words from Skeptical to flush away any cred I had here like a GCHQ botnet banging on a YouTube “report abuse” button.

Don’t worry, next time I’ll be sure to really insult you while implying that you secretly want the terrorists to win. I may even reference your “UBL In Our Hearts Forever” screensaver.

@AnonymousBloke: There is zero excuse for this incident to have happened. Post-Manning, they did nothing? Post-Hanssen, for that matter? Hanssen was the textbook case to say, “Do not allow unfettered access on computers to confidential material”.

I agree with some of that, although there may be constraints and challenges that we’re not considering in making the “zero excuses” judgment.

Take Manning. Her acts occurred when the military was aggressively expanding and implementing concepts of net-centric warfare. Part of that would include the placement of lots of information at the fingertips of forward units, who could then pull information they think to be relevant rather than having information pushed to them on the basis of what those higher in the chain of command, and perhaps not in the field or even in theatre, deemed to be relevant.

They did this while trying to mount two counterinsurgency campaigns without enough personnel in either, while increasing other unconventional operations globally, and while tackling myriad other complex and urgent problems.

Mistakes made? Definitely. Zero excuses? The term “excuses” may not be accurate, but “reasons other than incompetence” might be.

That said… sure, it may have just been a series of inexcusable foul ups.

…If I wanted to get very esoteric, I could argue that this is the death of means of non-lethal warfare, as you appear to be arguing in that direction.

I wouldn’t go that far. But, at a high level of abstraction and subject to many exceptions and qualifications, when one reduces intelligence and information ops capabilities without reducing the perceived need for military operations, then one is increasing the probability of operations that result in greater “collateral damage” and larger numbers of mistaken strikes than might otherwise be the case.

… Diversions, diversions, diversions. Problem with intelligence agencies of the world is they are the eyes and ears of their nations. So if you grab their attention, you can grab their hearts and minds. And who would know? They won’t say anything.

The issues you mentioned (the Middle East, Ukraine, Russia) are all important. I’m not sure I understand why you think that US or British intelligence services aren’t paying attention to them, though.

AnonymousBloke • July 24, 2014 11:34 AM

@BJP

“Shared group thought symbolizes membership and shared goals just as well as, if not better than, uniforms and organization charts.”

Don’t get me started on that. I have resisted writing a long blurb here on the problem of group think. 🙂

There are TLA folks that can’t be seen to agree that maybe some of it needed to be leaked.

Criticism is critical for groups to survive, especially for groups that are analytical in nature.

It is the groups that do not have spirited disagreements where there are severe problems.

But, how can someone in such a group voice their opinion, when their opinion might equate them with being a traitor? It would put them in a very difficult spot.

So, one can see how such groups can easily evolve into corruption.

Though, this is a quick judgment on my own part. I do not consider myself an armchair quarterback. Intelligence is just one small part of the global equation I try and understand. I do think it is important, however, as intelligence can lead nations, maybe even moreso then popular sentiment.

(Noting here, my interest is in predicting the future. What will happen. How will America engage Russia over Ukraine? What will happen with ISIS and the Middle East? And so on. No practical advice for people bettering their own security. No attempt – usually – to unfetter biases I run across.)

I’m glad not to hold a position where I need to say anything purely to keep up appearances.

Keeping up appearances doesn’t get any useful information.

I don’t think Solomon worried about appearances when he suggested the baby should be cut in half.

A half hour understanding why Tor doesn’t do what a lot of people really wish it would do (and what a lot of other people really want you to think it can do) could save someone from a decade in prison.

I don’t think, lol, there is any circumstance where I would want someone to be encouraged to continue to commit a crime. 🙂

If they are engaged in such unthinking behavior, they will get caught one way or the other.

Anyway, just noting, I am not sure if I am so interested in individuals working out their best security practices. I do have extensive background in security, and see many errors posted. I usually do not bother to correct them. Usually this is because such advice, if right, does not matter. It won’t be treated well.

But thanks for sharing, that is an interesting perspective.

BJP • July 24, 2014 12:18 PM

@AnonymousBloke

Let’s finish up on the squid thread if you like, rather than take this one too far off the rails. But to keep this reply on topic, just as I would not assume this list of GCHQ capabilities is probative of bad faith on their part, nor would I assume appropriate usage of Tor to indicate commission of a crime. Many Tor users using it under the US Gov’s original use case of dissidents, NGO employees or others operating under repressive regimes on foreign soil may not be committing a “crime” per se but remain just as liable to be locked up and have the key thrown away. They deserve to know that it doesn’t do what the media might have them think it does.

As for not bothering to correct bad security advice because it doesn’t matter, I get that. The people trying to use Tor to purchase services from a hitman, for example, probably have plenty of other personal opsec failures such that helping them use Tor better is like bailing out a sinking boat with a thimble.

Perhaps my covert reason is that exposure to others’ security successes and failures, and thinking about how I might improve upon what they’ve done will improve my own security.

@Skeptical

Your intel is outdated. That UBL screensaver cycled out for shirtless Putin with 3D-rendered pink hearts long long ago…

AnonymousBloke • July 24, 2014 12:26 PM

@Skeptical

“I agree with some of that, although there may be constraints and challenges that we’re not considering in making the “zero excuses” judgment.”

I hate to cut you off here, but in a following response to BJP I already explained what is closer here to my “real view”. I explained how, on the otherhand, there is almost no way this could have been prevented.

I think if a person does not rigorously have the capability to argue within their own selves more then one side of any problem, then they do not have the capability to think. 🙂

I do not think I deceived anyone, however, nor was I trying to. I try and operate more like a Socrates, then a Bill O Reilly. :/ 🙂

I may or may not have a real opinion, but if I do, I certainly won’t persuade anyone by just coming out and saying it. However, in such a situation as this, I really do not, as I can not. I am not aware of all the nuts and bolts of factors at play, so how can I? I stamp a big “I do not know” on most issues, therefore.

It is thinking in process, nothing in conclusion. The smoke has hardly cleared, so any real judgments really can not be made.

Though on saying that, I have an itching feeling that both situations are right. Which means the US intel groups have one of those “impossible problems” they have to solve. A gordion knot problem.

Where there is no simple, “Just cut right through it” solution.

“The issues you mentioned (the Middle East, Ukraine, Russia) are all important. I’m not sure I understand why you think that US or British intelligence services aren’t paying attention to them, though.”

That is not what I am saying. I am merely pointing out that there is a severe weakness with intelligence agencies. Any intelligence agencies. Typically, when I think of this, I think of it in terms of Gog and MaGog. Russia and China.

(Lol! Sorry, I had to say that. 🙂 )

I just finished watching a show on Enron. The documentary. Enron’s tagline was “Ask why”. The documentary really hit at that. Because no one asked why. I was led to this by the book “Willful Blindness”. They had some first person accounts on Enron, MCI, and some of these other companies.

Comparing Enron to intelligence agencies is an excellent metaphor. People did ask “why” with Enron. Why do you not post your balance sheets as other financial companies do? Why is your financials called a “black box” which no one can understand? People were expected to just believe the hype. They kept the illusion among their selves that they were the “smartest people in the room”. So of course nobody else could understand it!

Only, we have maybe the most useful thing these days which Einstein ever said, “If you can not explain something to a small child, you do not understand it your self.” This is a QA statement. It can and should be applied to anything.

My belabored point here is that: people are not asking “why”. Or, when they do, they are stopping short. They get back something that looks like sound reasoning, but it does not feel like sound reasoning. Because it is not sound reasoning. The math does not add up, because it is sheer confabulation.

I do believe this is endemic to intelligence agencies, be they British and US, or Russia and China, be they Iranian and Israeli, or Japanese and Germany.

Consider the ISIS situation: Do you really believe Obama’s response is correct there? I surely do not. He should have immediately gone back in and bombed the shit out of ISIS. Stop the problem before it festers. How long until ISIS joins up with the Gaza situation? How long before connections are made between the Sunnis in Lebanon, Jordan, Syria, Palestine, Iraq?

All this does is give them the much needed time to regroup, rest, and strategize.

In my opinion, they should have separated Iraq up in the first place. Give the Kurds their land, the Sunnis their land, and the Shiites their land. When I heard they were not going to do this, I was aghast. I shook my head.

If I were part of a group, a TLA, as you guys say, I probably would have shoved my reasoning down deep and confused sound reasoning with lack of loyalty, maybe even feeling guilty for my doubts. Because that is what group think does to people.

I have said this before, and I will say it again: look at the big picture. Why did the US go into Iraq in the first place? I don’t think anyone can really answer that question. They stop asking why. Or they come to some biased point like, Gronk, “Duuuh, it was blood for oil”. Riiight.

But if you get down to it, the reason then may not really matter. What may matter is you divided the middle east up into a checkerboard. Persia is sandwiched by US interests and powers. You can believe they grate at that, just as if the US found Russia owning Canada and Mexico.

In summary: Intelligence agencies do not really operate as intelligently as they may appear to operate. There are larger forces at play here. And their capacity might actually be simply to have the appearance of providing a right direction, when, in fact, they are merely being led by those who can manage appearances.

All the agents in the field, all the taps on all the wires: all serve simply as a ruse. When final decisions come down, they very well may ignore the vast majority of all their hard data. You can see this time and time again in history. From Vietnam to Iraq. One of the best examples is with Stalin and his spies during WWII, when everyone was telling him “The Nazis are about to betray you”. He did not listen.

When the Nazis heard from their spies, “D-Day will happen in Norway, no, in Greece, no, in …” they listened. To their own demise.

AnonymousBloke • July 24, 2014 12:48 PM

@BJP

“Let’s finish up on the squid thread if you like, rather than take this one too far off the rails. But to keep this reply on topic, just as I would not assume this list of GCHQ capabilities is probative of bad faith on their part”

That is fine. I will simply state, I would agree with your estimate of Tor users, and having working in privacy/encryption products that exactly is what I had in mind. HOWEVER, I believe Tor is much too loud & dangerous for people behind “totalitarian curtains” to use to evade their government.

My opinion on that, however, is already well “out there”.

As a privacy/encryption activist in the past, I have considered “getting back into it all”… though I am largely simply glad to see so much independent work being performed these days, and I feel a bit like a father with a newborn baby on that. As I did get to put my influence there, as I did in several other core areas of security.

(Sometimes I see people make money of what appears to be my ideas, or acclaim… but such things simply fill me with secret pride. As there are few pleasures sweeter then keeping such secrets, which was my intention, all along. Makes me feel like some sort of mastermind, to have been able to influence people and groups and yet remain invisible all the while — which was my intention. I dare boast.)

I do ask for no comment on that, to comply with your request.

To get back on the rails of the topic:

On this release, meh. It is generic, and anyone could assume they had such tools.

On the TAO release, maybe not.

On the full disclosures in general, I think Snowden meant well. But, it does appear that the real problem is: “how do you share information so as to work with data and at the same time keep it secret”.

I doubt Snowden had access to the most hard core information, so in effect, this data may serve merely “as if” it were disinformation. Like “that is all you have”.

I do not believe Snowden was working for a foreign agency. I also believe that whomever was in charge of this dispersal of this information was at least somewhat cognizant it would not have been difficult for foreign agencies to access.

But, these are wild conjectures, and it is not an area I am privy to. Armchair quaterbacking makes me feel uncomfortable.

Clive Robinson • July 24, 2014 5:45 PM

@ BJP,

What is a crime?

I tend to view there to be three basic sets of crimes,

1, Those against persons or persons rights the majority of society believe are acts of a planed nature.
2, Those acts of breach of trust/faith of an agreement that society regards as dishonest but not criminal in nature.
3, Those acts which the majority of society in general has little or no view on but politicians find useful to criminalize for political gain/control.

It is the last set where crimes carry “example punishment” that is compleatly disproportionate to any harm they are likely to cause to actual society in that jurisdiction. For instance there are various substances where politicians decide for arbitrary and often contradictory reasons what is legal and what is not. These substances can be those some considar drugs and others don’t, such as alcohol or chatt, or even things like chewing gum. Which might at one point have been considered a “decadent or corrupting” influance on society by the usually “self appointed guardians” of society or it’s morals. Such persons are usually a cleaque of the out dated tailings of the conservative members of society that general wish to stop society evolving in one manner or another. Often what they wish to suppress an increasing number of people in the general society would consider more enlightened, just or humane.

Thus the subject becomes a “political football” with a totaly disproportionate level of rhetoric, vilification, drum banging and calls to patriotism across the political divide. Most of which leaves the average citizen bemused and wondering what the fuss is about, until legislation is made and what was tolerated or acceptable to the majority of society becomes a crime (the US 18th amendment) to be later repealed (US 21st amendment) when the cleaque are removed by society and the general consensus prevails.

Like the witholding of Free Speech such legislation is used as a political tool used to maintain a position against society in generals wishes which gives a minority unsupported power over society.

For this position to be maintained successively more punitive punishments have to be instigated to “keep society in line” or fear.

To call those acting against such legislation criminals and their actions crimes whilst technicaly true, tends to make us complicit in the repression, even when we have no wish to be.

The problem with technology is it’s benifits are agnostic, what makes fighting repression easier also tends to make repression easier to carry out.

This is one of the problems of Tor and similar anonymity networks they can be used for good or bad, not just by individual citizens but by Governments as well.

In the UK there is no doubt based on past and present reports that the various members of the IC significantly overstep their powers and duties for what are political or manipulative means.

For instance today a report was issued calling into question the behaviour of a small group of officers in the Met Police. Their job was to collect any information they could on family members of those who had died at the hands of Met Police Officers. Primary targets were those making protest at the Mets actions, it’s clear from past Met behaviour that such information would be used for “spin” or “negative briefing” to journalists and the like. Due to the fact those carrying out the investigation where other police officers we can also assume based on similar “under reporting” in the past that this report only mentions what could not be hidden thus it is reasonable to assume that this group existed with the knowledge and sanction of the most senior officers of the Met for many years.

It is this repeated findings of behaviour that is contrary to established legislation in various official entities such as the police, armed forces etc, that gives us no faith that the various Intelligence organisations are obaying UK legislation for their regulation.

The fact that I personaly have caught a UK Governmental Organisation “at it” by quite illegaly tapping the contents of my personal communications, not just the meta data, makes me have little doubt that “pushing beyond the envelope” is the norm not the exception. Thus I would reasonably expect these GOs of type one criminal activity against those citizens that are at worst carrying out type three crimes or just trying quite legaly to protect their and others rights under UK and EU legislation and International treaties.

Clive Robinson • July 24, 2014 6:25 PM

@ Skeptical,

Whilst I remember, have a look at “Angry Pirate” the use of this is illegal in the UK and most other jurisdictions. No iffs no buts no maybes, it’s illegal, further it is a breach of various international treaties the UK is signatory to. Surprisingly there are not even exceptions for National Security thus GCHQ are unwise putting it in what is almost in effect a public document.

The only legal use it could be put to is as a response to an act of war by a sovereign state (not rouge political militaries and terorists), or to prevent genocide (for which most acts are legal under the doctrine “greater humanitarian good” or more simply “the needs of the many…”).

However since tha Iraq “45 Minute” nonsense cooked up primarily by the UK&US the bar on both has been raised a lot lot higher than it was, so irrefutable hard evidence would be required –and getting that would in all probability be an illegal act as well– and they would also have to show that such action was proportianate (ie that no less harmful actions were possible to prevent the act of war/genocide progressing). It’s these issues that have unfortunatly –in many peoples view– stopped responses to the current issues in the Middle East, which have unfortunatly progressed to the point of what many consider ethnic cleansing or potentialy genocide.

AnonymousBloke • July 24, 2014 8:43 PM

@Clive Robinson

I am very sorry to hear that the Met Police have illegaly targetted you. Unfortunately, there is little to no legal recourse when such a travesty of justice happens.

This does, however, go to what I was saying: these intelligence agencies have become grossly corrupt and invariably they will lead their nations into utter disaster because of this.

Consider Hoover: Hoover had become (and I am sure always was) utterly corrupt. He was given hard evidence of the future impending disaster of Pearl Harbor. And, he pissed this away.

Had Pearl Harbor actually mattered to his survival, this would have been a mea culpa. Unfortunately, it did not.

I hate to confide in you my – perhaps – illogical summary here, that corrupt intelligence (and LE) agencies lead to blind and dangerous directions to the nations that rely on them… but… it is simple math.

They may survive a Snowden, they may survive an Iraq war, but sooner or later they most surely will hit that proverbial iceberg.

Not much consolidation for the denizens of these countries, this is true.

After all, pointing out there is a mere monkey behind the wheels does us no service, if, in fact, we our selves are in the backseat…

Sagar • July 25, 2014 6:48 AM

Hi,

I need daily news letter

Regards
Sagar K

Skeptical • July 25, 2014 9:32 AM

@Clive – There are a great many uses of the tools in the catalog that would be illegal. That’s not in question. There are also a great many uses of grenades that would be illegal, but a listing of models in use by the British Army would hardly indicate any illegal use.

If we both agree on the above sentences, then I’m not sure we disagree.

GCHQ Catalog of Exploit Tools

Comments

Leave a comment Cancel reply