Name (required) August 4, 2014 12:04 AM

@Anura – Bruce can decrypt a Family-size box of Alphabits before breakfast without licking the salt off first. Doesn’t that tell you how zoned-out your question is? On your knees.

Benni August 4, 2014 12:12 AM

Now DER SPIEGEL is getting is grip on the Israeli secret service:

“Wiretapped: Israel Eavesdropped on John Kerry in Mideast Talks”
SPIEGEL has learned from reliable sources that Israeli intelligence eavesdropped on US Secretary of State John Kerry during Middle East peace negotiations. In addition to the Israelis, at least one other intelligence service also listened in as Kerry mediated last year between Israel, the Palestinians and the Arab states, several intelligence service sources told SPIEGEL. Revelations of the eavesdropping could further damage already tense relations between the US government and Israel.


After noting that Merkel’s mobile was tapped, the government discussed the following measures:

summon the ambassador,
trying to get a no-attack declaration of the US government,
trying to get a no spy agreement

additionally, they thought of stopping consultations with amerikan government employees for several weeks

The question whether the free trade agreement between eu and germany which is now in discussion. should be abandoned was answered by: unlikely, but security of electronic communications should be put on topic.

Additionally they wanted to give the 5000 most important german law makers cryptophones.

Then they thought about filing a lawsuit against US at the prosecutor general, which they did several months afterwards.

And then they even thought about questioning Edward Snowden. They thought that this would only be possible in russia because of security reasons.

Stephen Morley August 4, 2014 1:00 AM

I’ve always thought the Social Share Privacy widget used on this blog is a nice idea, but the need to click twice is a little annoying and confusing to visitors unfamiliar with the widget. It tempts regular visitors to use the option to permanently enable certain buttons, which leaves them no better off with regards to tacking by those social networks.

Last week’s entry about AddThis using canvas fingerprinting to track visitors finally pushed me to create an alternative:

This code ignores the official sharing buttons altogether, instead taking advantage of the fact that each social network has a sharing URL that can be used instead. The fully standalone version is 1201 bytes.

Anonymous Coward August 4, 2014 5:17 AM

The first letters of the warning at the top of the TrueCrypt page spell out “If I want to use NSA” in Latin.

The page in spirit:

“Warning: If I want to use NSA

Use bitlocker. Here’s how to install it.”

Matija August 4, 2014 6:20 AM

Anonymization technologies such as Tor with addition of randomization mechanisms and/or principles in organizing/drowing scientific work inside predefined network of institutions have great potential in minimising conflict of interest between clients (usually corporations) and researchers (scientific institutions, acredited labs etc.). Even payment could be processed this way.

What do you think, Bruce?

AlanS August 4, 2014 8:51 AM

Stewart Baker has a go at Bruce  on the Volokh Conspiracy for quotes in a NPR story which he claims contradict earlier statements on the usefulness of crypto.  Baker’s argument is rather weak given that it hinges on a few short quotes from a piece Bruce didn’t author contrasted with other quotes taken out of context to misrepresent the argument. Another example of someone who claims to live in the “real world” latching onto almost anything to put the focus on Snowden, his “journalist allies” and “defenders” in order to distract attention from what his pals in the executive and the TLAs are up to behind the curtain.

Clive Robinson August 4, 2014 10:19 AM

@ Alan S,

Stewart Baker is an ass at the best of times, and even more so now, in that he has taken as evidence something that has already been debunked (the time line) and tossed in the trash, something he could have found out with a simple web search.

I guess Mr Baker is not the technical sophisticate he pretends to be but a second rate pen pushing ex Gov Service empire builder, with a monumental ego chip on his shoulder.

As for the quote about crypto beating the IC that has been around one way or another quite a while before 9/11 and probably long befor the US administration felt the need to create AQ (in able to prosecute OBL in his absence).

Further it is also more importantly one of the first things Ed Snowden said long before Bruce got involved….

So Mr Baker is either deliberatly stirring it up for reasons not yet clear or he is useless at doing basic web based research. And I would not rule out both, after all Bruce’s known political leanings makes him an outsider to Mr Baker and his other beltway cronies / bandits and thus the enemy on the Dubya “With us or against us metric” which the current administration still appears to be running on.

Why the Wash Po house journalists did not fact check the story before publishing it tells a lot about how far the Wash Po has sunk from reputable journalism. In fact I’d be tempted to write to the editor and ask who slipped him a brown envelop to print this Baker nonsense.

mj12 August 4, 2014 11:05 AM

I have just run a crude scan (looped ss -ntup; ss is an utility similar to netstat) on one of my machines and haven’t noticed anything suspicious.

Jabo August 4, 2014 11:59 AM

Firefox – “committed to you, your privacy and an open Web” Yeah, right….
Back to Opera.

Jacob August 4, 2014 1:48 PM

Some tidbits from various news sites reports and public articles re the mini-war between Israel and Hamas in Gaza:

Israel could not pinpoint the whereabouts of Hamas leaders, due to the following reasons:
– They moved underground while ditching their cellphones
– Use landline telephones (I speculate using an isolated PBX) and written-note messengers to pass orders to the field units.

Israel tried the following locator trick: calling from a Gaza number to next of kin, informing him that the targetted Hamas official has died – hoping that the kin would call to verify and thus get a trace.
Didn’t work, with Hamas interior ministry publishing a warning against such a trick.

I speculate that the biggest problem of relying upon messengers to pass instructions to field units was that in a fast-changing battle environment, coupled with multiple ceasefires coming in rapid succession, some units were “outside the loop” and continued to attack during a ceasefire.
Hamas spokesman alluded to that fact, saying that they could not contact the group who snatched officer Golding, thus resulting in close to 200 deaths and many hundreds wounded in Rafah due to the “Hanibaal directive” that followed said abduction.

Nick P August 4, 2014 5:38 PM

Researchers extract audio from video imagery

The researchers essentially convert visible vibration of objects into sound that caused it. This has implications for surveillance and counter-surveillance. Now, one can’t merely turn off the audio to prevent such recording. Also, one might be identified merely because they spoke during video. If this capability gets accurate, then it may also be integrated into mass collection and analysis programs for cross-referencing. Facebook already did stuff like that with their image recognition feature, including profiling non-users in photographs.

Matija August 5, 2014 2:59 AM

@Nick P

Principle is old, very old. That’s how laser taping device works (AKA laser microphone) when you point it to the vibrating object like window (glass).

Jacob August 5, 2014 6:59 AM

@ Matija

Laser interferometer and this video acquisition are 2 different things – the first is active, and since it is normally IR in order not to draw attention, I guess that it cannot penetrate a glass window, thus can only hit a window of an outside-facing room.
The video is completely passive, and I guess that with a medium zoom lens one can tap any conversation (with appropriate objects near by) in the line of sight – be it internal room or even an open environment.

Clive Robinson August 5, 2014 8:39 AM

@ Matija,

As Jacob has pointed out there is quite a difference betwee active laser based systems and passive camera based systems.

Whilst a video signal has plenty of bandwidth to carry multiple audio signals the frame rate is usually below the usuall speach audio signal frequencies (0.3KHz-2.5KHz). Which would normaly indicate it would not be a practical system from the ordinary signals side of things. Which is why most engineers would not consider it even if they knew about laser microphones.

I suspect that this may not have been practicle even a few years ago as ADCs and the following DSPs would have either been unavailable or unaffordable.

I guess it’s a case of if you blink technology passes you by 🙂

Deriu August 5, 2014 10:32 AM

“At the moment, Firefox has no way of dealing with files that fall outside its local block and allow lists, however this will change in Firefox 32 and onwards, at least for Windows. In Firefox 32 on Windows, when files don’t have a known good publisher the browser will query Google’s Safe Browsing API with “download metadata” that’s similar to what Chrome uses in its check.”

This better be an opt-in service. If my browser dials up Google every time I download a file, I’m not going to be a happy bunny…

mj12 August 5, 2014 11:34 AM


It does already, by default, albeit not for file downloads but for site visits. Lurk up “Safebrowsing”.

Benni August 5, 2014 1:34 PM

Funny twitter account of someone who posts internal documents about the government spyware finfisher

documents are for example

Cyber solutions for the fight against crime (17 pages)
FinSpy 3.00 – User Manual – 2011-06-05, from Stephan Oelkers (127 pages)
FinSpyPC 4.51 (HotFix for 4.50) Release Notes – 2014-04-14 (14 pages)
FinSpyMobile 4.51 Release Notes – 2014-04-14 (15 pages)
Microsoft Excel:

FinFisher Price list 2014 – 2013-12-16 (updated: 2014-01-24)
FinFisher Products Extended Antivirus Test (Anti-Virus Results FinSpy PC 4.51) – 2014-04-04
Device Tests FinSpyMobile 4.51 – 2006-09-16 (updated: 2014-04-15)

Oh vey August 5, 2014 1:44 PM

“Google is receiving a live feed of my browsing history”

If you are using FF this statement is categorically untrue. Google will only see your data if and when you try to visit a site that the database considers malicious and then the only data Google sees is whatever cookies are on your machine at that time. Now, if a person is practicing safe browsing habits and using other features of FF then the actual data Google will ever see is minimal. Now, I concur that Google seeing anything at all is less than ideal. But the sky isn’t falling. As security holes go this is a small one.

BJP August 5, 2014 2:21 PM

Throwing this out for everyone’s amusement.

Mozilla Firefox bug 345345:

Those ephemeral “session” cookies you thought were only stored in-memory and expired when your browser closed? Since at least 2006 or so Firefox likes to save them on disk in case the session restore functionality decides Firefox crashed and elects to resume your session, logging you back into sites you thought you were long out of, using your old cookies.

Clive Robinson August 5, 2014 4:28 PM

@ Bruce,

Another one to add to your list of tech-&-human nature,

Oh the same site has an arricle about hacking aircraft avionics that will be presented at Black Hat, from the way it’s written we’ve heard this before, so it’s probably best to wait untill after the presentation. However I expect it will be “standing room only” as MH370 has been mentioned by some commentators.

Clive Robinson August 5, 2014 4:54 PM

OFF Topic :

Speaking of Black Hat… Did you buy a new car this year?

Did you consider what’s under the hood?

Is it lots of horses or is it just a pownie?

If it’s an Infiniti Q50 you might be hacked off to know it’s possibly the easiest to be hacked, according to some researchers,—threats/advanced-threats/the-worlds-most-hackable-cars/d/d-id/1297753

All jokes aside it appears auto manufacturers are starting to take these vulnerability issues on board. Now if only the IoT and Smart meter evangelists would take note. Oh and let’s not forget the medical implant and other medical devices manufacturers do you realy want your heart to be twitching to the beat of a drive by hacker…

Benni August 5, 2014 5:03 PM

What makes the NSA a bit sympathetic is that there is not only Snowden, but others who release documents crafted in august 2013, long after snowden left Hawaii…

Interestingly, If you fly to US

According to the documents, the government does much more than simply stop watchlisted people at airports. It also covertly collects and analyzes a wide range of personal information about those individuals –including facial images, fingerprints, and iris scans.

DTI’s efforts in Boston and Chicago are part of a broader push to obtain biometric information on the more than one million people targeted in its secret database. This includes hundreds of thousands of people who are not watchlisted.

Note that “—more than 40 percent are described by the government as having “no recognized terrorist group affiliation.” That category—280,000 people—dwarfs the number of watchlisted people suspected of ties to al Qaeda, Hamas, and Hezbollah combined.”

Mike the goat August 5, 2014 8:59 PM

Hey guys – just a ‘ping’ – have had a death in the family and been away from work and computers for a week or so. To add insult to injury our landlord appears to not have been paying their bank and we’ve been asked to leave, so we are in the middle of moving ourselves about five mile down the road. I just wanted to check in and assure everyone that I am still alive and the CIA hasn’t taken me out (yet ;-)..

Wael August 5, 2014 9:14 PM

@Mike the goat,
Sorry to hear that bud. We’re all heading there…
Glad you’re ok. I should expect you to be horn equipped for the next few days then…

Benni August 6, 2014 9:11 AM

More from finfisher:

The site of the malware developers was hacked, and the hackers have put a torrent of this online. says the data would show attacks on people in Bahrein and other things but I have not downloaded it yet.

If you want in-dept information on a government malware (note that the german authorities have bought some of the malwares from this company) then the link above is the way to go. The text is german, but it contains the downloadlinks for the data.

I think this is great news. Similar companies like vupen should be hacked too….

Gerard van Vooren August 7, 2014 12:20 AM

About the very disturbing news of the Gamma / Finfisher hack.

If this news is true than I would like to repeat that these guys are selling software that if being used by an ordinary user, that ordinary user can face 35 years behind bars. Yet governments use this kind of tools on a daily professional basis.

They are selling Big Brother.

And they sell it to a selected few.

Another very annoying thing is that commonly used software is seemingly on such a level of security that it is not existing.

Benni August 7, 2014 12:41 AM

In this article on Russia:

DER SPIEGEL writes that

“the reality is: The russian intercontinental missile SS-18 consists of parts where over 2/3 come from Ukraine. The turbines of the transport airoplane AN-124 and the russian army helicopters come from the Ukrainian city Saporischja and 90% of the machines from which Russia creates material for its army are bought from western countries.”

Der Spiegel has tha largest fact checking department of a newspaper worldwide, with over 50 full time fact checkers going over each article before it gets published.

In order to determine that 2/3 of the parts of an intercontinental missile comes from Ukrain, you need to know how much parts this rocket consists of and who delivers which parts. Similarly, in order to know how many percent of the machines that build russian army gear come from the west you need to have detailed insight how these things are produced.

I hereby ask DER SPIEGEL: if it has blueprints and instructions on how russian intercontinental missiles, army helicopters, and russian army gear is made, please release all this to Wikileaks for immediate publication.

Blueprints of intercontinental missiles should be completely open source.

Since only if everyone can build them, they will get banned.

Benni August 7, 2014 5:44 AM

Snowdens permission to stay in russia was extended to three years. He can even travel abroad for not longer than three months:

The question is whether he can travel to germany with that.

Snowden really should say hello on german ground to the friends at the NSA investigation comission of the german parliament

Nick P August 7, 2014 7:08 AM

@ Benni

They already said they’d grab him the moment he stepped on German soil. It was even more astonishing that they talked about the benefit of his information for Germany and them turning him over for prosecution in same story. I think you posted that. So, with that said, he should never enter Germany if he wants to be free.

Jan Doggen August 7, 2014 8:30 AM

Hey, I suddenly notice that the comment option on the blog has a ‘fill in the blank’ antispam measure. The first word that came to mind for filling in there was ‘steroids’, but that would probably not get this comment through the filter…

Benni August 7, 2014 8:44 AM

Regarding Snowden:
“They already said they’d grab him the moment he stepped on German soil.”

At the moment, this would not be legal. Snowden is, according to the german police, not on the wanted list in germany.

The german government instead sent further questions regarding the letter of the US government which wanted an extradition. The german government said that the information provided by the US is, until now, not sufficient to provide reasons for an extradition. German law forbids extraditions because of political crimes. For Snowden, extradition from germany is completely off the table.

The problem would be illegal kidnapping by CIA. But for a short stay for a hearing in parliament, there would not be any danger of this.

Benni August 7, 2014 8:46 AM

Funny article on the backdoor of 2 billion android, blackberry and iphone mobiles, where an attacker can remotely do man in the middle, collect the conversations, and manipulate the software and the settings of the phone with 1000$ equipment, and all remotely

(setting the mic on and start a transmission must be a really wanted feature for our NSA friends. Especially since with access on this level, it is questionable, whether encryption cards like those in these Merkel phones are still of use, as long as they are using blackberry, Ios or android. It maybe that they simply remotely install a surveillance software with this method which can capture the content that the mic recieves and sends this afterwards to the listening station, bypassing the card that encrypts the communication to the mobile provider. Perhaps this is why german NSA agents claimed in a german tabloid that these crypto cards in the blackberries of german parliamentarians do not affect their work)

Incredulous August 7, 2014 8:47 AM

Re: Firefox

The only way to know what your computer is up to is to sniff your connection. If you are not sniffing your connection you have no reason to think that all sorts of information is not being leaked. Do you load software, add-ons, antivirus? Do you have a smart phone? If you are not checking it is absurd to think you know where they are connecting. Skype? Crap I removed it when I found it talking all over Easter Europe when I thought it was idle.

You could put an outbound firewall on your system but I’ve never found one that is usable. The one I tried appeared to be leaking more data than the system it was supposedly protecting.

The firefox/google connection was one of the first things I sniffed. But it is hardly a secret. There is plenty of information on removing google from firefox, which I do, although it appears to revert occasionally with updates. The answer: sniff sniff sniff.

I wrote a network monitor which runs all the time, consolidating and storing the information in a big data database. It pays particular attention to every dns query. It can also search for specific triggers and then initiate active responses like iptables updates and scans of suspicious systems connecting to mine. Since it runs off a database I can break scans down and do them over long periods, obfuscating my response. It also helps to change your ip address daily, if you can.

Benni August 7, 2014 8:56 AM

Every mobile phone gets upon connection a temporary mobile subscriber identity (TMSI). This identifies the phone together with the so called location area (LA). According to the GSM standard, the TMSI and the LA are used to initiate the connection. Whenever an SMS is sent, the provider must first find the LA of the phone. This is information is transmitted by the phone to the provider and saved in the visitor location register. To the stations in the LA of the phone, the provider broadcasts the TMSI and then the phone answers in order to identify itself to the provider and to receive the SMS. This connection process is not encrypted (that was likely a brilliant Idea of the hard working GCHQ/NSA/BND spies). Moreover, in the GSM standard we can find the following funny specification:
“The SMS Relay Layer shall discard the message without further processing if any of the following is true:
MSG_NUMBER field is set to a value other than 1
NUM_MSGS field is set to a value other than 1
NUM_FIELDS field is set to zero”
This means that an SMS can be sent such that it is discarded by the phone and the user is not notified. However, the sms is recieved nevertheless, and a secret service or a police force can use this to determine the location area from which the phone connected to the provider without the user being notified.
In a new answer, the german government wrote on the question whether they use wlan catchers that information on this is classified. So one unfortunately has to assume they indeed use these devices. However, in the same reply, the government revealed that the german domestic intelligence service “Bundesamt für Verfassungsschutz” used the SMS method described above for locating mobile phone users in 52.978 cases just in the first six months of 2014. Apart from the fact that they apparently think germany is full of terrorists, it is disturbing that one can not really determine whether one is under such kind of surveillance. There is, however, an information freedom law in germany and in fact some people had success in getting their file from the intelligence service based on that law

Nick P August 7, 2014 10:28 AM

@ Benni

CIA is a huge risk because they mainly do it at (or through) airports. A previous story showed a rendition plane was waiting in Germany for Snowden where he would’ve had to go to turn himself in. Unless Germany officially rejects extradition (unconditionally) and provides security, then Snowden is still at risk if he shows up.

Scared August 7, 2014 1:10 PM

TSA Checkpoints Vulnerable to Hacks Through Backdoors

The Transportation Security Administration, that guardian of airports for whom we have all shed shoes, jackets, and loose change, has a worrisome safety issue of its own, according to a cyber researcher for Qualys.

Two devices that may be used at airport and other security checkpoints have “backdoors”—usernames and passwords hard-coded into the equipment that a hacker could use to get into the machines, says Billy Rios, in findings he discussed yesterday at the Black Hat security conference in Las Vegas.

The time-tracking system, made by Kronos, had two back doors via hardcoded usernames and passwords. Worse, Rios found about 6,000 of the devices connected to the Internet, including one at San Francisco International Airport—which Rios says he worked with the Department of Homeland Security to get taken offline.

Ross Feinstein, a spokesman for TSA, says the agency has a rigorous certification and accreditation process for technology: “This process ensures information technology security risks are identified and mitigation plans put in place, as necessary. A majority of the equipment we utilize is not available for sale commercially or to any other entity.”

Benni August 8, 2014 10:53 AM

Now germany has sent a note to all foreign embassies in germany:

this comes after SPIEGEl revealed that there are 200 NSA spies working undercover in germany. germanys domestic secret service has asked for a list of all NSA spies in germany before, and he did not get any answer from the US.

Now the foreign ministry of germany send an official note to all foreign embassies that they should give a list of all secret service personnel to the german foreign ministry.

That is typically german. In future, before a spy will be allowed to deploy his radar bugs in germany, he will have to sign some paper, getting accredited as an official NSA spy in germany. Just that everything is in order…..

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.