Friday Squid Blogging: Squid Salad Servers

Nice.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Posted on June 19, 2015 at 4:03 PM • 144 Comments

Comments

FernandoJune 19, 2015 4:15 PM

Last Password was hacked. Looks like despite the breach they took decent precautions to mitigate any damage. Basically you would have to have a very weak master pass to be affected assuming their claims about security measures are true:

"LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side."

AlanSJune 19, 2015 4:47 PM

This week's shootings raises some interesting issues surrounding the politics of the 'terrorism' label.

Guardian: Why don't Americans call mass shootings 'terrorism'? Racism

The excuses to call a white, male mass-killer anything but “a terrorist” are familiar – they’re part of a refrain repeated over and over again when a horrific crime intended to terrify a group of people is committed by a white man. It’s a refrain of denial....But the question, especially for white people who engage in the excuse-making, is: why are you so intent on defining situations like those in Charleston as not-terrorism?

Foreign Policy: Was the Charleston Massacre an Act of Terrorism?

But in the aftermath of 9/11, the subsequent war on terror, and two protracted ground wars carried out in the name of fighting terrorism, what exactly constitutes an act of terrorism has become a deeply contested notion in the United States, one that has become inflected by the country’s racial prejudices and the perceived connection between Islam and terrorism.

Pacific Standard: Make no mistake: The Charleston shooting was an act of terrorism

Despite the racism on display here, it’s unlikely you’ll hear Roof referred to as a terrorist by media outlets, as you would a member of the Islamic State or Boko Haram. (Though, as the Daily Beast's Dean Obeidallah points out, this case certainly meets the legal criteria.) This underscores a strange issue with how violence is talked about in America: We ascribe intent and circumstance based on skin color, racial background, and religious upbringing, rather than the act itself. White suspects are frequently described by the media as "mentally ill," a "loner," or a "brilliant" and "outstanding" young man with a bright future who somehow took a wrong turn. "Whether he was a terrorist and exactly how you define a terrorist, I don’t know," Charleston Mayor Joseph Riley told Time on Thursday. "I put him more in the [category] of the shooter of the children in Connecticut, the shooter in the movie theater—they’re deranged people."

Bernie Sanders apparently didn't have a problem calling it terrorism but not so other presidential candidates: White House hopefuls grapple with U.S violence

Avoidance of the label in this context is something of an anomaly given that in recent years the label has often been used broadly and indiscriminately: See earlier discussions on this blog:
The Continued Cheapening of the Word "Terrorism"
Mission Creep: When Everything Is Terrorism

Not quite everything apparently...

uh, MikeJune 19, 2015 5:13 PM

I'm going to go back and read, that part in _Beyond_Fear_, where polyglot societies are considered safer than conformist societies. America seems to be trying to create a counterexample.

rgaffJune 19, 2015 5:34 PM

@ AlanS

It's simple: "terrorism" is anything you want, when you want an excuse to ignore the constitution and all human rights and act like a third world dictatorship.

TimothyJune 19, 2015 5:36 PM

Regarding the LastPass hack. How do we know that the attackers didn't leave behind exploit code or other APTs on the website designed to infect visitors/users?

GregoryJune 19, 2015 5:38 PM

@Alan S

I think there is strong validity to these articles, but America does have a strong record of lone nut killers. So that will come to mind. Charlie Hebdo was clearly organized from the outset. In retrospect, some lone nut killers of the right wing have been called "terrorist", such as the serial murderer who shot the publisher of Hustler, or the perpetrators of the Oklahoma bombing.

In both later instances, however, there was some level of organization. More debatable with the serial killer (technically classified as such). He operated alone, and without guidance or cooperation with anyone else. However, he was sane and had a clear political agenda.

The Columbine killers, as another "for instance", had strong racist and Neo-Nazi beliefs, as did the serial killers who partly inspired them in the earlier 90s... but neither are generally referred to as "terrorists", partly because they were also clearly just really unbalanced teenagers.

A lot of racist organizations domestically are extremely careful in what they say, and have been under extraordinary scrutiny. Well before 911 it was a very serious offense to preach violent revolution, and any calls to violence would bring them under extreme scrutiny, at the least.

"Mass murderer", "spree killer", "serial killer" and such are all technical judgments. I am not sure what might go under "terrorist", but likely would guess it would involve some level of organization and collaboration with others who preach violence against civilians and government, as well as 'violent overthrow of the US Government'.

tyrJune 19, 2015 5:43 PM


The more we change the less it matters.


Naturally, one asks, where are the police? On discovering this
scandalous state of affairs I went to New Scotland Yard to ask that same
question. I had interviews with various officials, and after over an
hour's prevarication and elusive replies to my rather disconcerting
questions, I succeeded in eliciting the very illuminating fact that they
were unable to act without the consent of the Home Office! Why, one may
ask, is it withheld? Why should we risk our well-being by allowing
these hot-beds of conspiracy and crime to be officially protected, while
a man may be hauled before the magistrate for the heinous offence of not
having a rear-lamp to his cycle? What a comedy!

Mr Justice Ridley has rightly said: "We must make an end of spies."
Yet the fact that spies are being officially winked at can no longer be
doubted. Before me, I have fully two hundred cases reported by
responsible citizens in various parts of the country in which the
"authorities"--who seem, by the way, to have no authority at all--have
refused even to make the most superficial inquiry, or else a constable
in full uniform has been sent to interview the person under suspicion!

Le Queux


GregoryJune 19, 2015 6:02 PM

This is a bit of refreshing views coming from a fmr US Intel leader... especially on the OPM hack, where it is "holy shit", "a human being who has the capacity to reason".

'No evidence' Snowden was working for foreign power says ex-NSA boss

http://www.theregister.co.uk/2015/06/18/no_evidence_snowden_was_working_for_foreign_power_says_exnsa_boss/

Snowden Disclosures Impact

If somebody would come up to me and say 'Look, Hayden, here’s the thing: This Snowden thing is going to be a nightmare for you guys for about two years. And when we get all done with it, what you’re going to be required to do is that little 215 program about American telephony metadata – and by the way, you can still have access to it, but you got to go to the court and get access to it from the companies, rather than keep it to yourself,' I go: 'And this is it after two years? Cool!'

Snowden Worked for Foreign Power? No.

When asked if Snowden was working for a foreign power, Hayden replied that, thinking inductively as intelligence operatives are supposed to do, there was "no evidence" Snowden had defected.
On the other hand, Hayden added, if he thought about it deductively – as in Snowden is working for Russia and/or China, and how would one explain that – Hayden said he had his suspicions, but stressed that he wasn't a "deductive guy."

OPM Hack

"If I as director of CIA or NSA would have had the opportunity to grab the equivalent from the Chinese system, I would not have thought twice, I would not have asked permission, I'd have launched the Star Fleet and we'd have brought those suckers home at the speed of light," Hayden said."So this is not shame on China, this is shame on us. For not protecting that kind of information."


Older article, but I just ran into it reading the above, and had not heard of this.

My headline: Angleton's Most Paranoid Conspiracy Made Real: The Russian-Sino Espionage Conspiracy!

Their headline: Russia and China seal cyber non-hack pact
http://www.theregister.co.uk/2015/05/11/russia_china_cyber_pact_social_media/


The title says it all.

Obviously a very important treaty.

Clive RobinsonJune 19, 2015 6:15 PM

@ Alan S.,

Avoidance of the label [terrorist] in this context is something of an anomaly given that in recent years the label has often been used broadly and indiscriminately

Ahh but that was nevef "tighty whitey" or other self deciding "moraly superior" individuals.

Historicaly "terrorism" was an act commited by the "sovereign" or "head of state" via their various officers, either against their nations citizens or the citizens of another nation to ensure "compliance by fear".

A quick look at US history finds many examples of "gun boat diplomacy" which is just another self excusing way of saying "terroristic action". The current use of US drones against sovereign nations with out the nations consent is both terroristic action and atleast two war crimes, ie that of precipitating war and that of indiscriminately attacking civilians.

For the US citizenry to start thinking of terroristic activities by "tighty whitey" in his button down shirt would be a disaster. Because they would realise that most US LEAs are very much "terrorist organisations". Thus people might start asking for police officers --filmed jumping up and down on a car whilst firing indiscriminatly into it or walking up to the corpse of a man they have just shot and "planting evidence",-- to be treated not just as murders but terrorists...

That could not be contemplated as one of the reasons that such behaviour is effectivly condoned, is that to excuse it and thus not prosecute it, authorities have to paint it as "exceptional behaviour due to stress / fear etc" ie blaim the victim or individual officer not the organisation/agency and it's endemic ethos. Thus hypocrisy, lying, spin, etc is used as propaganda to keep many citizens effectivly in ignorance of just how much fear these organisations / agencies quite deliberatly foster in what they see as "problem minorities" by their quite cold and calculating use of terroristic activities to "divide and conquer".

For the authorities to even remotely consider it, it would mean that they would have to address the issue, which they dare not, as this would quickly demonstrate that it's the Police Unions etc that rule the roost not the officials or tax payers.

LessThanObviousJune 19, 2015 7:50 PM

The Internet and foreign adversaries:

We are in a age where even counties who depend on each other in the global economy are in a constant battle to steal information or cause harm to each others computer systems, with the actors sometimes being state actors and sometimes being criminal gangs or rogue individuals.

I think we can all agree that the internet would not be such a great means of global social progress if it were not global, open and free. The unrestricted flows of information and capability is key to the value the internet brings to the world.

One area we have not fully explored I think precisely because of the fear of losing the open structure we all value, is the concept of national borders. In this I mean that there will always be high value assets to protect for which there is no benefit to global access. A U.S. business that does no international trade, a federal or state or local government agency that has no international scope, grandma's PC in Toledo Ohio, these entities do not benefit from global access, yet they are constantly exposed to global risk the moment they attach to the internet. It's the attachment to the global internet that often allows the bad stuff to sneak in or the private data to sneak out.

I just have to wonder if this model where the only standard option is to allow anyone, in any country, anywhere in the world to communicate with resources for which there is no reasonable possibility of legitimate use is entirely sustainable. There needs to be an internet without borders that has little or no restrictions on the flow of information. At the same time for the sake of security and the protection of domestic assets is it possible that there needs to be another segment of the internet that does have a border? The media and politicians love to jabber about Cyber War, but few of them I think really have a grasp on what it will mean the next time in history there is a real war between 1st world nations. What we have now is not Cyber War, but we aren't very well prepared for the possibility that the real thing will ever exist. Without laying a base layer of protection into the infrastructure that doesn't need to be shared globally, the only option if it ever did come to pass would be to cut the cables (figuratively), which would do enormous harm to trade and hurt people and businesses that could have been much less affected.

Perhaps there is a time when it's appropriate to say that there are resources that need ubiquitous domestic access, but truly do not need global access. If that is true, then unfortunately we don't currently have easily available and fully developed options for protecting networks in such a way, because we have always built public infrastructure for openness in the global internet.

tyrJune 19, 2015 9:41 PM

@LTO

I'm afraid that the whole idea of having your cake stored
and eating it too is shot though with problems. Now it may
work if you dismantle most of the current Net and rebuild
it so that all it does is carry packets end to end using
total neutrality. At that point you can re-design the end
points to do the selective filtration by administration of
what they recieve. If that isn't done the question is who
do you trust to filter you ? The ISPs are fighting for the
right to censor and throttle, the IC communities are busy
sniffing packets and storing everything and they'd love to
shut anyone who notices this up. Which national government
do you want to see decide who gets what ?

The list of shortsighted nitwits who want to limit access
and are actively attempting it right now seems to be endless.
How about the movie industry or the music industry ? Look
at their track record before you decide that they get to
run the filter. Maybe Cameron in the UK (anti-crypto boy)
Harper from Canada (anti-science boy). You would be hard
pressed to find a politician that it would be safe to have
alone with your chickens, so why would you trust them to censor
your access to knowledge of the world.

There's a saying about that, if you think education is expensive
you haven't added up how much ignorance costs you. We lost a
space shuttle and crew because an administrator was too lazy
to RTFM and wanted to impress a politician with his zeal.
That's lot of money and a lot of lives that an education
might have saved.

At some point we have to get beyond the idea that you should
be placed in positions of technical authority by your ability
to snuffle up to the bung right smartly. That just pushes a
layer of mediocrity to the top and then they are paralyzed
at the idea of fixing anything. Science starts with observation
so look around, the world needs some real work done not just
moated enclaves for the super-rich to hide in hoping when it
falls they will magically survive their own self made mess.

So lets build packet sniffers for the end user systems and
apply the filtration right there. No point in waiting for the
children of Mao to take over and filter it for us.

JeffJune 19, 2015 10:04 PM

@LessThanObvious


The military are very good at this, and that is a foremost 'battle plan'. Consider, during the Cold War, they constantly updated their battle plans for "what if the Soviets invaded Western Europe" even into the late 80s. The internet was initially designed for the military, by the military, and that for sustainability.

This is why the Air Force was put in charge of cyber war. And that some time ago.

Russia or China have very much to lose in these sorts of scenarios. But both economies have a potentially grim outlook.

However, there are severe economic threats that are very real. Either created by outside forces, or simply because of bad management or global events, or a combination of both.

There are severe nation based threats. While the Middle East is relatively quiet, news wise, this is largely because of a variety of perceptional illusions effecting the case: weary of it, all have heard of ME problems all their lives; Israel is not the center of the problems; Iran *seems* to be going 'okay'; Saudi Arabia *seems* to be going 'okay'; ISIS *seems* to be relatively weak, and while the barbarities make the international news, somewhere in people's minds they scope that against 'shock and awe' and are left unimpressed. Meanwhile far worse actions by ISIS get minimal coverage, because reporting there is so extremely dangerous.

But, effectively, the long simmering multinational pseudo-'cold' civil war between the Sunni and Shia is a very hot war now. All sorts of things could go wrong in so many possible ways. And that is the jugular of the world, in many ways. Russia and China both are deeply vested in this region.

A war in Iran, a war in Saudi Arabia, a war in Israel... these are all very, very bad things. But, the region is especially volatile, and any of those possibilities could happen. People rarely expect wars. Especially when they are very war weary. Yet they can start with just one pivotal event, and this is how they always start.

North Korea always makes threats, who can ever believe them? Yet, their cyber corps are being trained in China, according to the BBC, and their attack on Sony was scarily effective. Did you see the headline today that 200K more Sony documents were released? Probably not. Sony still makes movies just fine, the Playstation remains as popular as ever. And yet, NK just learned of a Stuxnet like attack against them. They reacted so poorly to "The Interview", how are they going to react to that? What if they doxed the US Government, like they doxed Sony? What would a war like be there in North Korea?

And, meanwhile, Mexico is not going anywhere good with their cartels. Corruption has only spread and gotten worse. I have been reading "El Sicario", damned hard to find good material about what is happening right next door. Did you know that the cartels have been expanding their hold inside the military and federal police over the past two and a half decades? While maybe unlikely to explode to the US, beyond how it already has, as cartels are so money motivated, it very well could.

Then, there are a whole array of possible other problems, including "superbacteria" or a new viral adaptation that takes the global population by surprise.

JeffJune 19, 2015 10:14 PM

^Brief add:

Continuing the point about how 'cyber war' is the least of our problems, on Mexico:

Conflict could begin in Mexico by a variety of means. Recall how there was that recent escalation when 43 students were killed? What if one of the cartels did that to American students? Their cops, working for the cartels, have a very slick system of kidnapping people, holding them for ransom, torturing them, murdering them, then disposing of the bodies. That is a huge industry down there. One team does the kidnapping. Another team holds them for ransom. Another team kills them. Yet another team disposes of the bodies. Often the teams will have members who are cops, including federal cops. They wear uniforms, drive police cars, get pay, but spend their time kidnapping, killing, and otherwise aiding drug trade. Their captains work for the cartels.

They have done this to singular US agents, journalists, and civilians for a long time now. But, what if they did it to an entire team? What if some US military had to be called into a situation down there? What if a team of DEA agents had a bad dealing with a cartel? What if they kidnapped or assassinated a major politician in the US? What if they started to really spread their corruption into the US police, DHS, military...

People think, "never could be a war in Mexico again", but there definitely could be. Most wars are very difficult to predict for the masses.

0110June 19, 2015 11:26 PM

@Jeff A war with the cartels is neither imminent nor something anyone should worry about. The cartels don't make the majority of their money on kidnapping, they make it on drugs! And their main customers are Americans. So why on earth would they want to disrupt such a lucrative market?!

Without the whole drug cashflow I think we would see kidnapping of Americans much more widespread however. IMO this is part of the reason why the war on drugs will continue to endure: its part damage control.

JeffJune 20, 2015 12:46 AM

@0110

Under normal conditions, it would be a few decades. Mexico is trategically very important.

However because of the volatility of the situation, an incident could happen which could involve the US.

Remember Colombia or Nicaragua?

News on how deep and wide cartel has grown into the federal government there is absolute crap.

http://mobile.nytimes.com/2014/10/10/opinion/mexicos-deadly-narco-politics.html?referrer=&_r=0


http://www.dallasnews.com/news/state/headlines/20110430-drug-cartels-taking-over-government-roles-in-parts-of-mexico.ece

http://www.washingtonpost.com/blogs/worldviews/wp/2015/01/07/whos-in-charge-in-michoacan-mexican-government-and-militias-struggle-for-control/

http://thinkprogress.org/security/2013/02/21/1621011/mexico-drugs-disappearances/

http://www.insightcrime.org/news-analysis/mexico-govt-struggles-to-control-cartel-run-highways

Argentina, Cuba...

Guatamala.


I like Mexico. Lived near the border, known people very well near the southern cali border, el paso, the valley in Texas...

One of the girls I went down there with introduced me to an old cartel friend of hers. Great stories. She told me how she used diplomatic plates to carry bricks across the border. Back in mid 90s was when she did that.

It is weird how Americans know so little about what is going on there. Of course journalists reporting on cartel control of government get killed... and in ways that prevent others from getting that idea.

You are right to a degree, it is about money, of course. War would not be conducive for that. But a lot of actions that could start a war would be.

Colombia's farc had their own section of Colombia for a long time. But in Mexico they are deep in government. They have areas under control, ones by the border, and the federal government.

So very rarely does anyone want a war, even those who start them. Ho chi Minh didn't want a war... saddam didn't want war.

CharlesLJune 20, 2015 2:44 AM

@ tyr

"The list of shortsighted nitwits who want to limit access
and are actively attempting it right now seems to be endless."

This "shortsightedness" mostly stem from the fact that they've failed to control information shaping of these open environments.

" If that isn't done the question is who
do you trust to filter you ? "

The question you ask has a deeper implication. An individual lacks the resources required to effectively maintain contorl because we live in a society of mutal trust and trusting by consent. The deeper implication is "art of governance" that which builds on the foundation of trust. In the modern society, there is limited maneuverability by which trust can be debased while maintaining stability.

CuriousJune 20, 2015 5:15 AM

I saw a link to the following recently, but I am not quite sure what all of this is:

Chromium (Debian browser) is said to have quietly downloaded some stuff that afaik did not show up afterwards as installed as I understand it.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786909

It looks like maybe this was fixed shortly afterwards.

I tried to find out what "Chrome Hotword Shared Module" was, but the only thing I got was that this might be a voice identification module.

CuriousJune 20, 2015 5:33 AM

(UK "Freedom of information" related news)

From a link off Slashdot, the British government is said to have a practice of deleting their emails after a period of three months, and it is clamed that this practice came in place shortly before UK came up with their "Freedom of information" act in 2005, and still being in place today in 2015 I am reading.

http://thestack.com/downing-street-deletes-emails-after-three-months-170615
http://www.independent.co.uk/news/uk/politics/downing-st-accused-of-deliberate-attempts-to-avoid-freedom-of-information-requests-as-exstaff-reveal-automated-deletion-system-10325231.html

This have me wondering, do they even create a backup of all the stuff that gets deleted?

I don't understand if the deletion of emails (and other stuff?) is supposed to work as a form of censorship or being some kind of security feature for storing email.

65535June 20, 2015 7:35 AM

@ Gregory

Hayden and his IC pals played the press like a fiddle over the Snowden files/USA Freedom Act. To add insult to injury Hayden then said he would have stolen the OPM files if he had the chance.

Gee, Mr. Hayden thanks for your help and the NSA’s help in preventing the OPM theft /s

Hayden also gloated over how he and his friends gutted the Freedom Act.

It’s quite a week for security or lack of security.

1] The OPM hack which lost 4 million records and about 48,000 SF-86 lost. Gasp, 20 year old Unix systems with COBOL – not to mention the Chinese Admins with root privilege. Great /s

2] The passage of the “USA Freedom to Spy act which the IC community manipulated politicians and the press like puppets – causing no real privacy reform. Wonderful /s


3] LastPass breach
https://krebsonsecurity.com/2015/06/password-manager-lastpass-warns-of-breach/

4] Deeply flawed Apple and Android products with remedy in sight.
https://krebsonsecurity.com/2015/06/critical-flaws-in-apple-samsung-devices/

5] Dozens of HTTPS defects in Android apps that could effect millions of users.
http://arstechnica.com/security/2015/06/game-over-https-defects-in-dozens-of-android-apps-expose-user-passwords/

6] Secret Service agent who stole $820K from Silk Road pleads guilty after Ross Ulbricht was sentenced – quite a coincidence.
http://arstechnica.com/tech-policy/2015/06/secret-service-agent-who-stole-820k-from-silk-road-pleads-guilty/

7] Then Ross Ulbricht supporters have Grand Jury attack them via a subpoena to Reason site for IP’s of said posters.

http://popehat.com/2015/06/18/did-the-department-of-justice-get-a-gag-order-silencing-reason-about-the-grand-jury-subpoena/

[and]

http://arstechnica.com/tech-policy/2015/06/are-prosecutors-using-a-gag-order-to-search-for-reason-com-commenters/

[and]

https://www.techdirt.com/articles/20150619/17175331395/confirmed-doj-obtained-gag-order-to-keep-reason-informing-affected-commenters-discussing-subpoena.shtml


8] False stories about Snowden files by UK right wing papers.
https://www.techdirt.com/articles/20150617/15573631380/sunday-times-editor-if-you-have-questions-about-our-snowden-story-address-them-to-uk-government.shtml


The only bright spot is that Bruce was right about security all along [Encryption is good and not to trust Hayden’s BS about inflated fears of Terrorism]. This is getting a little depressing so I’ll quit here.

el cabron plateadoJune 20, 2015 8:38 AM

I'm considering datacenter services from companies based in Europe (incl. Iceland) and wondering which jurisdictions are likely the most/least 'privacy friendly' - not just in the letter of the law but in actual real terms.

I accept that no location is completely secure against the provider's own employees and targeted interest from domestic agencies. I accept that network traffic outside the datacenter is intercepted anyways. For simplicity let's assume the server is not exploitable remotely. The risks I want to minimize by choice of jurisdiction are: 1) surveillance/interference within the datacenter (compromise of data, compromise of encryption keys, server take downs) 2) multi-national intelligence cooperation; 3) enforceable injunctions to surrender encryption keys.

Having excluded the UK, my current shortlist has providers with datacenters or other obvious business ties in Germany, Ireland, the Netherlands, Iceland, France, Switzerland, Italy, Austria, Romania, and Sweden. I'd appreciate comments.

Fascist NationJune 20, 2015 8:42 AM

Terrorism is causing fear in a general population with the intent to effect change in either their behavior or their government's behavior.

In the latter it never works because the government doesn't care about those they rule. It cares about itself. When guerrillas attack the government or government supporters or government benefactors government is afraid and quickly labels the guerrillas as terrorists thereby trying to align themselves with the humans they rule for their support and to further secure their holdings.

To slap the label "terrorist" onto an individual raises an interesting question: Can an individual acting on their own for their own reasons commit terrorism? Based upon my definition in the first sentence yes, it is possible.

Can a mentally ill individual acting completely on their own be labeled a terrorist? I suppose as long as they had intent and that intent was to cause fear in a given population to bring about a change in behavior of that population then absolutely.

Whether Dylann Roof turns out to be a nut job or merely a murderous asshole if press accounts are to be believed--and they should not--then he is a correctly labeled a terrorist. Alright fine, what now? He is a murderer. A mass murderer. Does being a terrorist make him any worse? Or is it just accusing him of the same thing. Dylann Roof has made himself into one of the lowest forms of human one can become: A robber of life.

el cabron plateadoJune 20, 2015 8:43 AM

oh - in my previous message I forgot I have listed one provider from Finland as well.

Slime Mold with MustardJune 20, 2015 10:27 AM

RE: Charleston Terrorism

Although I would certainly label it terrorism (Due to its political nature and clear intent to terrorize - per Lenin), the fact is that the MSM tends to take its clues from the authorities.

I would also point out that when, in November of 2009, Army Major Nidal Hassan gunned down more than 40 people (13 fatally) while shouting "Ahallu Akbar!", the Administration labeled it as "work-place violence".

I believe that decision was political, and the failure to label the Charleston incident as such may very well be political as well.

@Jeff RE: Shia V Sunni
This may be what Iran and Saudi Arabia use to stoke the masses,but actions speak louder than words. Consider that Shia Iran was, for a decade, the largest sponsor of Sunni Hamas. Also, they have been supplying the Sunni Taliban with arms since 2002, even though they notoriously persecute Shia Afgans.
Iran Backs Taliban With Cash and Arms
http://www.wsj.com/articles/iran-backs-taliban-with-cash-and-arms-1434065528

They behave as nation-states, whatever the rhetoric.

albertJune 20, 2015 11:06 AM

@Jeff,
Re: Russia, China:
Here's an interesting paper by Alfred McCoy:
http://www.tomdispatch.com/post/176007/tomgram%3A_alfred_mccoy%2C_washington%27s_great_game_and_why_it%27s_failing_/#more
I hope y'all have time to read it.
.
@Curious,
Deleting emails after three months? Why wait so long? Kill 'em right away. Deleting emails is a great idea, _if_ they can never be recovered. Imagine hosting your own mail service and your browser let you choose the emails you wanted to save to 'offline' encrypted storage. Personally, I have little use for old emails. I copy what I need, then delete.
.
@Fascist Nation,
The GOV/LE sector needs to keep those 'terrorist' counts high, for obvious reasons. This is why there are conspiracy theories about Oklahoma City, the two WTC attacks, etc. being the work of the IC. Attacks of US citizens on foreign soil are much easier to 'engineer', our ME policies guarantee an unending stream of terrorism. Clearly, Dylann Roof was mental because who wants to be a _guy_ named Dyl-Ann? There's a scary trend in the Social 'Sciences'. Current thinking indicates that anti-social behavior (e.g. murder) probably results from chemical imbalances in the brain. Ultimately, we'll have a society of drugged-up but nice folks who'll never do anything bad. Utopia!
.
I gotta go...


अनिर्वचनम्June 20, 2015 11:12 AM

Cowardly unamerican Niketh V. Velamoor is attempting to chill free speech and freedom of association

https://reason.com/blog/2015/06/19/government-stifles-speech

https://popehat.com/2015/06/08/department-of-justice-uses-grand-jury-subpoena-to-identify-anonymous-commenters-on-a-silk-road-post-at-reason-com/

Please support my charitable organization to institute a People's Camp No, indefinitely detain Velamoor and administer rectal feedings of peanut brittle to the crooked little sack of shit.

Velamoor, your courts are crooked,

http://wallstreetonparade.com/2015/03/two-prominent-judges-take-bizarre-action-in-occupy-wall-street-case/

your DoJ is crooked,

http://wallstreetonparade.com/2015/05/does-wall-street-call-the-shots-at-the-fbi/

and you personally are a chicken-shit worm on the make for a big bank job. Your district's third-world ethical standards came in handy when it was time to shut Kerik up about Tripod II
http://www.huffingtonpost.com/andrew-kreig/feds-bullied-kerik-into-4_b_469086.html

name.withheld.for.obvious.reasonsJune 20, 2015 11:22 AM

As General Hayden stated:

"If I as director of CIA or NSA would have had the opportunity to grab the equivalent from the Chinese system, I would not have thought twice, I would not have asked permission, I'd have launched the Star Fleet and we'd have brought those suckers home at the speed of light," Hayden said.

Wouldn't Hayden have instructed that OPM data be grabbed from U.S. assets? I am nearly positive that this is an "outside-inside" job...

The data breach at OPM can be used as a lever--if another federal department/agency (uh, say, NSA) spirited away a list of 4 million current clearances--consisting of the required DATA to make "something" happen has to make Hayden-like personnel...itch.

chris lJune 20, 2015 11:46 AM

@name.withheld
Hayden wouldn't have to do anything to get the data from OPM - NSA probably provides backup services for OPM. The Privacy Act statement lists such a broad set of allowable uses by the gov't that it's probably a non-issue. The release that you have to sign is so broad and there are so many gov't employees and contractors who have to sign it, that NSA could probably use it as justification for blanket collection and recording of electronic data inside the US if they ever felt like they actually needed legal justification.

@65535
re 48,000 leaked SF86 forms-- is that a new number or are you confusing the numbers from the earlier leaks? There were at least two earlier leaks of USIS data and whoever replaced them that were in the tens of thousands. The number I've seen going around for the SF86 data is about 14 million.

Clive RobinsonJune 20, 2015 11:56 AM

@ 65535,

I don’t really know how viable is attack is.

Simple answer is very.

What they are doing is a refinment of something that goes back to the 1960's and earlier.

Back when IC's were yet to become commercial items, the likes of Philips electronics were making "Norbits" for industrial "ladder logic" and one or two very basic computer circuits were made with them.

The Norbits were about an inch across a couple of inchs long and about half an inch high and had pins out the sides and realy did look like the for runner of the later 7400 DIL TTL circuits. Inside these devices were simple Resistor / Diode / Transistor basic NOR and NAND gates. They were a "reduced form factor" of the simple Resistor Transistor Logic "pull out cards" in the likes of the PDP 8 and ICL / Burrows / IBM systems.

The problem was these Norbits and earlier PCBs had many "loops" and used fairly high (+50mA) currents clocked in the 10-300Khz range in unshielded 19inch racks, and were fairly good "AM band jammers" their signals made AM band radios unusable for 50meters or more. Not that this worried the CompTechs / Operators / Programmers because the jamming signals carried usefull inteligence as an audible signal that with a little practice could be used as a "debugging" tool. Several programers are known to have written programs that would play the likes of "jingle bells"etc.

In the 1970's there was "shock horror" when it was shown that signals from Visual Display Units (VDU's) could be picked up at 100meters or more and the image displayed reconstructed. The idea was not new the UK "GPO Detector vans" used radiation from the "flyback circuits" and "local oscilator" radiation to find "unlicensed TV receivers" and other parts of the TV circuit to reconstruct the picture being watched (there is one of the vans in the London Science Museum if people want to go and look at it).

What killed this all off in the 1980's was the EMC regulations which impossed limits on just how much electromatic interferance could be issued by both domestic and industrial equipment. The likes of HP PC's were so well shielded that you could use them right next to your EMC test gear and not effect the readings, unlike a number of "analysers" and other test kit (electroiluminecsent display voltmeters were notorious for "raising the grass").

Then in the 1990's the problem came back again due to "cost cutting". Passive EMC filter components were not just physicaly large, they were comparitivly speaking of "eye wateringly" expensive costs. So some bright spark realised that the EMC masks could be beaten due to a fault in the proscribed measurment method. Thus they came up with the idea of using "spread spectrum" techniques to "spread the interferance under the EMC mask".

Thus if you know the spreading / chip code/speed you can remove it's spreading effect and the noise from a PC can be picked up from 30-150m distance with suitable antennas and phasing. However the spreading function is often turned off in the BIOS as it's believed by some to make "blue screen of death" etc incidents more frequent.

So just bringing a portable AM band receiver close to a modern PC / laptop etc it will suffer "jamming" radiated from it and just like those 50's&60's computers those signals carry information about what the computer is doing.

The trick is to make sense of the noise and convert it to usable inteligence. The way to do this as with any asynchronous signal is to send an easily discernible "preamble" that will act as a trigger signal from a matched filter.

What these researchers have done is craft carefully controled packets that act not just to provide a preamble, but also reveal the secret key, in a similar way to the "cache timing attack" against AES.

So each bit is far from a new idea, some are well over half a century old, what the researchers have done, is worked out a way to stich together these old attacks into a new and novel attack. So old "class of attack" new "instance of an attack".

Clive RobinsonJune 20, 2015 12:21 PM

@ el cabron plateado,

I'm considering datacenter services from companies based in Europe (incl. Iceland) and wondering which jurisdictions are likely the most/least 'privacy friendly' - not just in the letter of the law but in actual real terms.

The problem is not so much in "data termination equipment" but "data transmission equipment". For instance the definition in the UK RIPA allows surveillance on any termination equipment, if it's coresponding transmission equipment goes through the UK communications networks, or can be reached from UK communications networks, which in effect means any and all internet connections, phones etc in the world.

The US have as we now know a similar policy, and have the advantage that nearly all internet peering points are within their jurisdiction, either directly or indirectly (think Germany for instance).

Thus whilst a country within Europe (but not of necessity in the EU) such as Switzerland, Iceland or Eira (Southern not northern Ireland) may have not just favourable legislation but the political will to rebuff the likes of the FEYES, it may not actually help you that much. This is because they are in effect safe ports in tempestuous seas controled by the devil, and it's his domain you have to cross...

Thus not only must your data terminating equipment be resiliant to state level attacks, the transmission systems used must be immune to the likes of not just Man in the Middle attacks but the various forms of side channel attacks that can cause key bits to leak.

Whilst not impossible to do, it is neither simple or inexpensive.

You then have other areas to consider such as that of KeyMat, data backup, fault recovery, as well as End of Life considerations on equipment, and the likes of secure software updates etc... Not an endless list but it will quickly feel like it.

Nick PJune 20, 2015 1:06 PM

@ 65535

Look up TEMPEST and emanation security. Plenty of info online. NSA's site even has vendors whose sites show what protected systems look like.

Far as example, this vid causes Beethoven to play in AM through a clever leak in the monitor. Supposedly: I dont have AM radio to test it with.

name.withheld.for.obvious.reasonsJune 20, 2015 1:11 PM

During a committee hearing in Washington DC this week, where the director of Office of Personnel Management (OPM) gave testimony about the data breach disclosed earlier this week, the tenure of both congressional members and others giving testimony expressed concern about the release of "personal" information. HOW IRONIC...seems it's a-okay of the government scraps the barrel for citizens' personal information and records but it is not okay to do the same to government employees...

dabbyJune 20, 2015 1:20 PM

Surely I can't be the only one who has noticed that kde's network manager leaks traffic and DNS when using openvpn!? I first figured it out months ago, when supposedly tunneled and encrypted traffic was being picked up by my ISP and redirected or blocked. I've googled this for days and I just can't find any references to it. I've tried it under different distros, always with kde (including Fedora and openSuse) and they're all broken.

JeffJune 20, 2015 1:33 PM

@slime mold with mustard

This may be what Iran and Saudi Arabia use to stoke the masses,but actions speak louder than words. Consider that Shia Iran was, for a decade, the largest sponsor of Sunni Hamas. Also, they have been supplying the Sunni Taliban with arms since 2002, even though they notoriously persecute Shia Afgans.

It is far more probable then a 'cyber war' scenario where the American military utilizes their capacity to shut down global access to the American internet.

This is what I am saying.


As documented in 'Syriana', the book, not the movie (which had little basis on fact, bizarrely)... Iran used a cover of Sunni terrorists to attack American targets in Lebanon. They won. America largely moved out, and Hezbollah was formed and built up, until how it is today, a very strong force.

Iran was expanding their effective territory, of course... and have been very busy to do this...

I understand what you are saying, 'as they act like nation states', in context of what you are saying, 'we can expect them to operate reasonably and in accordance with their corporate responsibilities, where war and invasion is very much against what they want, or even economic damage, and many other such considerations'.

I will also point out I am not coming from a viewpoint where I am blind to the rhetoric of war hawks who desperately want an invasion of Iran. I am also not blind to the general Western bias that in many major instances, and consistently, the threat and actual posture of Iran has been moved from gesturing towards friendliness and distorted into a war posture.

As a nation state they are still dealing with delusions which guide their national policy -- just as I - or, I am sure, you - could point out Western delusions over the issues.

Does Iran really need to expand through out the Middle East, and if so, why? And, does Sunnism really need to expand through out the Middle East, and if so, why?

One issue is because of the crazy religious beliefs, there is a very strong tendency for Sunnis and Shia to not get along, and even kill each other. Both societies kill people for the most trivial of matters. And to each of them, the other religion is blasphemous, and definitely much more a reason to kill someone then the reasons they routinely kill them over.

But, does any of that, per se, really matter? Because you have a wide variety of "Wild Cards here, but these wild cards are happy, aren't they? They have families, lives, nice picket fences, nice houses, such an incredible level of living that they look at Western society and scoff.

In what horrible, miserable states do Westerners live! ISIS goes so far as to not just book burn, or reject such matters as 'man landing on the moon' as obvious Western propaganda... but they destroy Western style toilets with their overly fancy flushing capacities and reliance on such diabolical technology as toilet paper.

And, ISIS here, is one very bad possible wild card.

But, there are many others.

You also have some very dangerous, deep beliefs laying in the minds and hearts of not a few. It is an inflammatory situation. Maybe no one will throw a match in just the right place. Or, maybe they will. There are, unfortunately, many right places.

Sunnis are horrifically murdering Shia, and Shia are horrifically murdering Sunnis. That is very much ongoing and has been escalating for many years.

In the West, people get very involved over sports. They have their favorite sports teams, and do not like to see them lose. Yes, of course, this is also the case in the Middle East, but my point is that they are seeing their fellow brothers and sisters of faith and hearing of them getting massacred and in intentionally provocative and horrible ways. And that is much more motivating then getting upset when your sports team loses. Far more so.


All of this is not even including beliefs which are deeply held, regarding Israel, America, and the West... I only pointed out, that as they do have a belief system which sees material reward as a reward from God and evidence of God's favor... that they must feel really, really in a bind, because everything they know about those enemies is their standard of living is so very much better then their own. And both belief systems believe in eventual global domination, where, in many cases, that is by their own hands... and their own capacity to intellectually understand what 'God's will' is, which one can conjecture is either completely delusional, or at best, extremely far removed from reality'.


Yes, many factors here could also be applied to the West, and the history of the West. And many apologies could be made from history. You can also look to issues like pure, basic, nation state greed involved. How valuable it could be for Iran to expand and have safe traffic from Persian homeshore to the Mediterranean through Iraq, through Syria, through Lebanon. And how close they are!

Russia was, reasonable, in that view, in invading Afghanistan. The ocean access would have been invaluable for them, as a nation.

But, the history and mindset here of the West is only a whole bunch of other fiery wild cards to throw into this whole combustible mess!

JeffJune 20, 2015 2:06 PM

@albert

Re: Russia, China: Here's an interesting paper by Alfred McCoy: http://www.tomdispatch.com/post/176007/tomgram%3A_alfred_mccoy%2C_washington%27s_great_game_and_why_it%27s_failing_/#more I hope y'all have time to read it.

Albert, I read it, but at the core of each message, are messages I have heard before, in various books or articles.

It actually makes me want to say, 'nation state' behavior is well mysterious to the individual, but a very strange and probably highly effective way to understand it is to put yourself in charge of a nation via simulators, and see what actions you are prone to do. For instance, Civilization series, Galactic Civilizations, Total War series, etc.

More importantly, consider how you feel and react in these scenarios.

It certainly does not just effect people who are in charge. It effects vast numbers of people, for varying reasons. If you have veterans in your family, it will definitely effect you. I would suggest it is not unlike a phantom limb syndrome. That is people start to personalize these many phantom limbs. It is, of course, a phantom limb syndrome in reverse. But it remains very true and a real matter for people.

It is also like gaming. It is like sports. It is like family. It is an odd form of empathy, to be sure, but with the empathy is also a sense of expansion of self.

So, it is naturally very appealing of people.

So....

If people want to expand their sense of self, why don't they consider themselves people of the world, and consider all people as equally valuable.

I find this effects people who have responsibilities and power, those in charge. But, it effects those all across government. And it effects those who have veterans in their family. Or who have been veterans their own selves. Most strongly.

Whereas, if you look at, say, social workers, therapists, school teachers... they are going to be very empathic and feel very connected to people they work with, but not very much focused on global events, and in general, won't have a strong tendency to view their nation as some kind of massive, personal construct to which they are somehow connected.

And is expanding the self, really the same thing as expanding consciousness? To some degree, I think, unfortunately, it is. "Unfortunately", in this context. Because fortunately, we have the strong capacity to socialize and work with others, to enjoy their company, and find our lives and even our own consciousness expanded because of it.

Obviously, for geopolitical analysis, one needs to be far more detached. However, also obviously, someone hired for geopolitical analysis typically will be employed by organizations and individuals who have "selfish" (national) reasons for hiring them. So, in order to - in any way - establish rapport with them, so they can even hear them - at all - they have to speak from their listener's subjective viewpoints.

Otherwise, they entirely fail.

And, many, unfortunately, do not understand this distinction, and completely fall into the subjective reality of their employers. So, their analysis is entirely worthless, being biased from a subjective perspective that refuses to consider all possibilities a more objective viewpoint would provide.


MuppetJune 20, 2015 3:38 PM

@AlanS You quote the fucking Guardian…

Jeeze. Hook, line and sinker.

K

albertJune 20, 2015 3:40 PM

@Jeff,
It must be my nature to be 'detached' then.
.
Brzezinski and Kissinger have been talking about 'Americas Eurasia Plan' for, well, decades now. I listen to what they say. Do I like these guys or their policies? No. But at the end of the day, these are the policies that have been, and will continue to be, implemented. They are designed to ensure American hegemony.
.
Most folks I know care little about geopolitics. They may care about who's gonna be the next Mayor, Governor, or President. I want them to at least know who the Great Playwrights are, not just the Actors. All nations have their own Great Plans. Most work together with others whose geopolitical aims complement theirs.
.
You know all this.
.
I happen to find it interesting. I wonder what would happen if everyone knew who's behind the Curtain. Their plans are no secret.
.
...

SkepticalJune 20, 2015 3:53 PM


@AlanS: This week's shootings raises some interesting issues surrounding the politics of the 'terrorism' label.

No, it doesn't. The column in The Guardian literally made me wince.

Indeed, frankly anyone remotely familiar with the OKC bombing and its aftermath, would find that column ridiculous. Anyone familiar with Eric Rudolph, who no one disputed was a terrorist, or the approach to abortion clinic bombers would find that column ridiculous. Still more so would anyone familiar with the history of terrorism in the United States.

Here is a list of domestic terrorist organizations in the United States. I see no evidence a tendency to excuse terrorism based upon skin color.

Here is the US Justice Department on current domestic terrorism threats: Current domestic terrorism threats include animal rights extremists, eco-terrorists, anarchists, antigovernment extremists such as “sovereign citizens” and unauthorized militias, Black separatists, White supremacists, anti-abortion extremists, and other unaffiliated disaffected Americans, including “lone wolfs.” Domestic terrorism cases often involve firearms, arson or explosive offenses, crimes relating to fraud, and threats and hoaxes. Source: Department of Justice.

I don't see any tendency there to dismiss terrorist acts committed by white persons as somehow "not terrorism" either.

My personal opinion, given what has been reported about the shooter's motivations, is that there is enough here, were the individual to be prosecuted by the federal government, to support the addition of terrorism charges. Indeed, see this mass shooting in 2012 for a similar event that was obviously labeled an act of terrorism, among other things.

The "terrorism" angle has received less attention than the fact that this was a horrific hate crime simply because the latter is more salient in this case. We view this less as an instance of what generally falls into the problem of terrorism than as an instance of racially motivated violence. As I said, it's actually both, but the latter, for obvious historical reasons, has more salience for most people than does the terrorism angle.

The opinion of The Guardian columnist is, in this case, awful at best. Were I less generous I'd call her column - and any others like it - the product of either crass opportunism or monumental stupidity. In actuality it's probably the result of a very human indulgence in easy moral indignation combined with enormous biases in perspective.

AlanSJune 20, 2015 4:34 PM

@Skeptical

Your post is OTT. And you missed the point of my post. I do agree that the Guardian post wasn't very good. It was the first one I came across and then looked for other commentary. I could have probably dropped it.

@Muppet

Sorry, couldn't find anything in the Daily Mail. Can't please everyone.


@Clive, Gregory, rgaff

I think what's interesting is not so much what is and isn't 'terrorism' as how the term is used and for what purposes, what it reveals and what it hides. Beverly Gage has a nice history of how sociologists, historians and others have made use of the term in their work on various types of state and non-state political violence in the US. “Terrorism and the American Experience,” Journal of American History, June 2011 (PDF).

Raul loungin in the BarcaloungerJune 20, 2015 5:00 PM

Yeah anyone remotely familiar with the OKC bombing knows that terror is excused not based on skin color but based on the terrorist's status as a CIA cutout, in this case Andreas Strassmeir

http://whowhatwhy.org/2015/04/23/exclusive-oklahoma-city-bombing-breakthrough-part-2-of-2/

Or in the case of WTC, Ali Mohamed

http://www.dhra.mil/perserec/osg/terrorism/mohamed.htm

Or in the case of 9/11, Abdulazzi al-Hiijjii

http://whowhatwhy.org/2013/06/05/fbi-knew-about-saudi-911-hijacker-ties-but-lied-to-protect-national-security/

Everybody knows if you want to excuse terror attacks on blacks you just get a cop to do them.

JeffJune 20, 2015 5:52 PM

@albert

It must be my nature to be 'detached' then.

Oh, explains why I focused on that topic... was wondering about that. Though, would wonder if not something you have practiced, as well as having a natural tendency towards that direction.

Wide variety of areas where that sort of capacity to detach is very important.

Brzezinski and Kissinger have been talking about 'Americas Eurasia Plan' for, well, decades now. I listen to what they say. Do I like these guys or their policies? No. But at the end of the day, these are the policies that have been, and will continue to be, implemented. They are designed to ensure American hegemony.

Yes, exactly. These things are important to understand why nations operate in the way they do, understanding it is one thing, believing in it and taking it in as one's own subjective viewpoint entirely is completely something else.

I suppose, if it reminds me of anything, it is like with the mythos of the serial killer hunter. Where they "get into the heads" of the serial killer, and so can figure out more about "who they are", and "what they may do next".

Very good talent for writers, researchers, psychologists, therapists, and... geopolitical analysts... and all sorts more.

It is an art. And it has a considerable amount of potential to it.

I am watching "iZombie"... had great score at Rotten Tomatoes, but was very skeptical. Not the best show, but it is interesting, and in a line of recent shows... basically, this spin of a zombie, when they eat their brains, they become the person, gain all their attributes, way of thinking, even remember their memories.

(My son was watching, bizarrely, "The Cobbler", around the same time I started on this... exact same theme... the cobbler makes shoes and wears them, then becomes that person.)

Sense8 just came out... similar theme it seems, though I stopped watching it because it became too preachy and self-aware, pretentious, I felt.

But... temporarily becoming someone else, is not very good, lol, unless you can also crack out of it. That you know what you are doing.

And why.

Most folks I know care little about geopolitics. They may care about who's gonna be the next Mayor, Governor, or President. I want them to at least know who the Great Playwrights are, not just the Actors. All nations have their own Great Plans. Most work together with others whose geopolitical aims complement theirs.


Education can be difficult. Not everyone has a reason to learn something. Or they have reasons why they do not want to learn.

On these sorts of subjects, it could interfere with their everyday life, "why do I need to know this", or it could interfere even more directly, "if I believe this, then I will lose rapport with my primary social groups and have to find an entirely new set of friends", and that kind of thing. :/

Sometimes that have emotionally invested in one way, which contradicts other ways. They would see walking another path as "giving up" on the path they just walked, and will not do it.

I happen to find it interesting. I wonder what would happen if everyone knew who's behind the Curtain. Their plans are no secret.

I have no idea what will happen.

If it is anything like what I have been through, then it will be extremely traumatic for everyone.

I just finished this series - won't name it, spoilers, though you may not be into such artistic endeavors - but the adults were kept in painful mystery, an incomplete world. It was nightmarish for them. The children, however, were told the shocking truth about their shared reality. They were told not to tell the parents. Because the parents had their deep misconceptions about the world.

And the students were told a story, "One kid, Chris, went straight home and told his parents who were very vexed by the mystery. His dad told his mom, and they packed for a vacation. They opened the car window and kept the garage door closed. They started the car, and in fifteen minutes they were all dead."

Children are flexible about reality. But adults tend very much not to be. How often does a conservative turn left, or a liberal turn right, or they leave all that behind altogether? How often do people explore one angle of matters, and not explore others? And even when they do, so often, it is in just one area. In all other areas, they are oblivious to it. Because it serves purposes for them.

They effectively stay indoors, and never really go anywhere else. Their life is seen as permanent, they never travel and stay in hotels, and even if they do, they are not really going anywhere new, they are just taking their old place with them. They want to adapt objective reality to their subjective reality, and never the other way around, but definitely, not always, at all times. Because they hate objective reality.

Dreams are great, but in context of reality. People can't even control their own dreams (night or day), because they don't know what better place they could ever possibly go to.

I don't either, not really, but I search for it, find clues, and following the paths the clues take me.

gordoJune 20, 2015 7:43 PM

"Just a fun map of the first autocomplete guess you get when you type a state name in google."

The United States of Autocomplete

December 3 2010 5:45pm-6:00pm

The Floatingsheep Blog has been running since 2009.

http://www.floatingsheep.org/

TOP FLOATING SHEEP MAPS

Mapping Racist Tweets
The Beer Belly of America
The Price of Weed
The Great American Pizza Map
Church vs Beer? on Twitter
Mapping Christianity
The Geography of Hate
Visualizing the Abortion Debate
Church, bowling, guns and strip clubs
Google's Geographies of Religion

CharlesLJune 20, 2015 8:11 PM

@ Raul loungin in the Barcalounger

"Everybody knows if you want to excuse terror attacks on blacks you just get a cop to do them."

Racial motivations are by and large a divide and conquer tactic. While racial tensions exist among certain communities in the USA, acts of racial violence are mostly perpetrated by individual's whim rather than coordinated group efforts. The "brotherhood" attitude of LEO plays into it after the facts, but it is reasonable to expect people to operate in close "circles" within any organization be it public service or cooperations. This is to be distinguished from "terroristic" behaviors. At the end of day, animal instincts were not naturally de-selected, thus we all have our emotions or "pet peeves" which occasionally gone out of manage.

@ el cabron plateado

"I accept that no location is completely secure against the provider's own employees"

There is, to me, a myth much like that of popular internet "vice" providers such as pop corns. Laws are always shaping in a way to force them out of playing field. For many, setting sail is a dream of freedom, as one is in control of the sail, and the sea is generally large enough so as not to get into each other's paths hence "societal rage." But when the sea is clobbered by fishing nets and maritime mines, it is an unlevelled playing field that simply cannot be maneuvered. Unless you have something to hide, it is often best to stay in the radar. That said, I'd be interested to read if you found a good way out. :)

65535June 20, 2015 9:06 PM

@ chris l

“ is that a new number or are you confusing the numbers from the earlier leaks?”

It’s the old number that was believed to be confirmed. The new number is anywhere from “a lot” to “all of them.” There have been at least two breaches as I understand. I used the lower number.


@ Clive

“The trick is to make sense of the noise and convert it to usable inteligence. The way to do this as with any asynchronous signal is to send an easily discernible "preamble" that will act as a trigger signal from a matched filter.What these researchers have done is craft carefully controled packets that act not just to provide a preamble, but also reveal the secret key, in a similar way to the "cache timing attack" against AES.”

Wow, that sounds like a viable attack. Can the attack be carried out remotely?

@ Nick P

I have read about the TEMPEST thing by capturing signals from the video cable. I have actually seen the same results of a cheaply unshielded CRT show'g its contents on a TV screen in the UHF range.

This current attack seems much more accurate with COTS parts [probably trivial for the NSA]. I just wonder if the attack can be carried out from a long distance.

Nick PJune 20, 2015 10:10 PM

@ 65535

Email the authors. Ask them at what distance with what levels of cost or bulky equipment. They might have some estimates. Always wise to get estimates at the least.

Clive RobinsonJune 21, 2015 12:44 AM

@ 65535,

Wow, that sounds like a viable attack. Can the attack be carried out remotely?

It depends which bit you are tallking about.

Sending the target the files that cause the sync preamble can be sent surreptitiously from any point "upstream" of the user simply by injecting it into an appropriate download stream. It can also be done quite obviously by just sending the target the file via the usuall delivery mechanism.

The "sensing head" part is "local" to the target but it's results can be sent anywhere in the world where a communication path can be established. Think of it like the modern equivalent of the old "harmonica or infinity bug" --supposadly developed by the Mafia to spy on the Feds and their opposition-- the application the researchers developed for the "smart phone connected to an AM band radio audio output" could be easily modified to "do an ET" and phone home or act as a "store and forward" so that it can be called up.

It could also be sufficiently miniaturized rather more than the researchers "pitabread" example[1], and just affixed to the underside of your work top table. And I suspect it won't be long before somebody developed an Internet of Things (IoT) version, if they have not already.

You could also put the sensor in a laptop power supply addaptor, and just send out the information via "Home mains networking" or short hop HF through UHF bugging device to a couple of Km wih little or no difficulty as you have an inbuilt power source and antenna...

It is when all is said and done just another "end run" attack, just like putting a miniture WiFi CCTV camera in the "smoke detector" in a hotel room where it can see what the weary business traveler types in on the keyboard when downloading their email etc.

It's why there is "One heck of a lot more" to "air gapping" than even most security gurus realise. As has been observed before "security is hard" and as I've remarked in the past to Nick P, prior to the release of the TAO catalogue and Ed Snowden revelations "I don't think I could reliably protect a border crossing laptop against a State Level attack"... And I would treat the claims of any one who said they could with deep suspicion, because consumer grade computers and network connected devices are just not designed in any way to be made secure.

[1] Think of the bits inside of a "Mobile Broadband Dongle"(MBD), it would not take any kind of genius to "augment" one to act as an appropriate EM detector as an extra function, likewise the Near Field Conectivity(NFC) in dongles and now being built into mobile phones as standard would be ideal as sensing heads. It is something I've been thinking about off and on for a few years due to some work I was asked to do for an organisation that was contracting services to a state level organisation. Oh and as the Chinese make by far the majority of the MBDs NFCs and almost certainly the IoT devices as well, we might well not be talking "in the future tense" it might well have happened already...

GregoryJune 21, 2015 12:56 AM

@AlanS

I think what's interesting is not so much what is and isn't 'terrorism' as how the term is used and for what purposes, what it reveals and what it hides.

That is typically the sort of thing I look at, though I do not find the usage of the term very mysterious. It is a word which has had a lot of built up understandings behind it in many societies. These understandings are a shortcut to a really large structure. I do not think people really understand that structure very well, consciously.

You could look at that structure and consider all of the very many diverse events which are connected to it. It even can be connected back towards the Cold War, the Second World War, and to such disparate issues as "Snowden". Whether you believe or not that Snowden "aided terrorists" does not matter on that front, the fact is not believing it connects it to that structure, anyway. This is, of course, not discussing the far more obvious components of that structure, like the world shaking event of 911, Desert Storm, the history of instability in the Middle East, and the many deep opinions on Israel and America and the West and Islam, and so on.

I actually do not consider any of that as anything but a diversion.

There are minor diversions people have seen: optical illusions, sleight of hands... but, what they tend to be unaware of is that human beings are creatures of focus. And whatever they are focused on, it opens a big blind spot for what they are not focused on.

And you can throw in to that big, gigantic mess of diversion such things as the rise of technology, as well as the very vast majority of religion and politics. Technology and the very diverting function of it in societies, especially more wealthy societies.

Natural disasters, manmade disasters, wars, possibilities of wars, conspiracies even -- I consider all diversions.

On the deepest level of usage, a person can actually be consciously diverted away from chronic and acute pain. They can literally separate from their entire identity, or any knowledge of their past. There really is no limit there. They can be diverted away from the most basic areas they normally are completely aware of, deeply aware of, and have been for all of their life.

This is also a time when they badly want diversions.

In general usage, this level of diversion is most useful so that other matters can get done. If you ask someone for something when they are highly focused on something else, they won't tend to ask many questions, if any at all. They are distracted, and want to get back to what they are focused on as quickly as possible.

As for closing this opening, I would just say "nature" or "the universe" or "their own selves" are the core source behind the diversion. And keep that at that. I will state I am not in the slightest worried about any global event that is on top of the news everyday. Or, in the news, at all. Something similar in terms of interests.


GregoryJune 21, 2015 1:05 AM

@Leisuresuit Larry

Amusing name.

I believe that his skepticism is well placed, but he underestimates Snowden's capacities.

I do, sometimes, point out Snowden wasn't very old, wasn't very experienced, wasn't very high up the ladder... but only rhetorically. He did it himself. And he is far more competent, I think, then what people understand.

He was not working for the US, he was not working for Russia.

Yet, I will point out that I was jumping onto that article to find McAfee say something completely stupid. I was wrong. His skepticism is very well placed, even if his estimate of Snowden is undershot. And substantially so.

McAfee probably is doing just what I do, however. It is very easy to "fill in the blanks" when someone performs very dubious actions and makes very dubious statements.

"Thinking" very often is not about forcing your self to come to "this" or "that" conclusion, but listening to all opinions, and at least attempting to consider alternative possibilities no one else has brought up. Wherein lies the actual possibility of independent thought.

CuriousJune 21, 2015 4:23 AM

Me being someone that don't know much about elliptic curve cryptography, I couldn't help but wondering if maybe there could perchance be some kind of hypothetical vulnerability: if both ends of an eliptic curve, somehow, by function, code or tweak of hardware, ended up, not at infinity, but instead turned to the left and adjoined into a closed loop, into a (maybe huge) circle going around the left side of the "basic" ECC curve that I have seen curl around origo on images from EEC on the internet. That way, any line drawn between three points on the curce would hit a fourth point "off grid" so to speak, as I imagine. Only thing that makes somewhat sense to me at this point in time, would be to interfere with the calculation of the function for creating points for an elliptic curve, if a slight alteration of any given ellptic curve function doesn't make good sense.

And without having a concrete idea for proposing some sensible problem, I also can't help but imagine how it might perhaps be a bad thing, if one somehow in a meaningful way could created a shape entirely enclosing the elliptic curve and the grid it was drawn on (for example the shape of a paralellogram), so that when skewed back into a square, the grid with the elliptic curve would skew predictably into some other shape, but also that there might be a new set of axis for mirroring around origo. Other shapes that came to mind were the figure eight, and some other stuff that obviously doesn't make much sense. Please forgive me if all of this sounds really idiotic and pointless to you professionals. :P

I wish someone could write the "ultimate" guide for understanding ECC, for people like me that isn't a cryptographer, mathematician, a computer scientist, nor a security researcher, so that I could see the obvious benefit with regard to security in the way ECC is implemented as an ideal and also try get some understanding for intuitively knowing what would in ways make curves in general insecure in their ideal implementation. I think I think I understand that the calculations for using ECC is basicly all math, but seeing an image of a curves for ECC seem so mystical and fragile to me.

Clive RobinsonJune 21, 2015 5:06 AM

@ Gregory, Leisuresuit Larry,

It actually does not matter if Ed Snowden is "a soft person" or if he is "a good or bad person" the answer to those is based on the POV of the individual observer and any agenda they may be running thus it's mainly time wasting fluff.

What matters is what he revealed to journalists and what they have subsequently revealed to the public, thus the testability and verifiability of the documents we have seen.

So far I've seen way more evidence that corroborates the revelations than not, and in ways that would be difficult to consistently fake.

Thus on balance I led credence to the actual revelations (but not the commentry as it's usually agenda led).

Thus I take things on a case by case basis with the actual documents and try not to be influanced by other documnts or opinion unless it can be seen to be in effect evidenced based. Although it's difficult at times to do this it's the best way we have to do things.

keinerJune 21, 2015 5:08 AM

@el cabron plateado

Sweden is deep inside the rectum of both UK and US, the do the spying on Russia for them (and much more). They have a really big datacenter just to copy each and every emalil, phonecall whatever they can get for the Five Eyes. Do you really think Facebook needs an oversized datacenter close to the ploar circle "for data storage in Europe"?

Maybe Switzerland is a (limited) option, forget about the rest

CuriousJune 21, 2015 6:10 AM

Windows 10 have/will have an app for sharing your wifi network with other users of Windows 10:

http://www.howtogeek.com/219700/what-is-wi-fi-sense-and-why-does-it-want-your-facebook-account/

"Wi-Fi Sense is designed to automatically share Wi-Fi passphrases between friends, eliminating the need for handing them over the old-fashioned way and typing them in by hand. Whether or not you want to connect to Facebook and share Wi-Fi connections amongst your friends is up to you. If you don’t want your friends sharing your Wi-Fi network, you’ll have to label it with “_optout”."

gordoJune 21, 2015 8:01 AM

The Sunday Times
Scotland Yard told: look into Snowden
Tom Harper, Richard Kerbaj and Tim Shipman Published: 21 June 2015
http://www.thesundaytimes.co.uk/sto/news/uk_news/Defence/article1571812.ece
[Most of the story is hidden behind a paywall]

Full text here, at Median Lens Message Board:

http://members5.boardhost.com/medialens/thread/1434869533.html

From the story:

It is understood that intelligence chiefs were furious that the accuracy of the claims was confirmed to The Sunday Times by Downing Street and, later, to the BBC. (par. 5)

A comment on Craig Murray's blog, from Mr. Murray, a couple of days ago, about "source" of last week's story:

Craig 18 Jun, 2015 - 3:05 pm


ResDis

You know less than you think you know. Private briefings from the press departments of ministries are never attributed to individuals, but to “spokesman” ie “a foreign office spokesman.” In theory and often in practice, these civil servants will not knowingly lie.

The only “spokesman” attribution from the Sunday Times is to No. 10 saying that nobody was harmed as a result of Snowden’s revelations.

Nothing else is from “spokesman” it is from “source”. That means someone in the ministry but not the media department – and it is a very fair bet it is Special Advisers.

I face a dilemma. A very good Home Office source has told me who the Sunday Times primary source was. But I am the opposite of Martin Ivens, I am a good, scrupulous journalist and I have put it to the alleged source who absolutely denies it. This is the sort of dilemma real journalists – ie not the Sunday Times – face about how to publish in these circumstances. Down in London trying to sort this out.

There is no evidence of any kind that the Russians and Chinese have deciphered the Snowden Files. Asking to disprove the negative is ridiculous. There is evidence there are nothing like the 1.2 million files the Sunday Times is claiming.

https://www.craigmurray.org.uk/archives/2015/06/the-apotheosis-of-murdochian-corporatism-martin-ivers/

ThothJune 21, 2015 8:37 AM

@Curious
For short term, ban Windows 10 machines on your network by only allowing a whitelist of machines to operate in your network (not Windows 10 or WiFi password sharing devices). Trusted whitelists would be the best.

Long term scenario is to have multiple access points to a switch/router setup. A set of sensitive network area zones (you may classify them) or a unclassified free for all network access AP. For the classified networks, you operate purely on whitelists and probably even drill down to Deep Packet Inspection and Defense In-depth if you are comfortable.

The endpoint machines should have control over all the classification and not mix them if you really want higher assurance security.

If you are just trying to stay ahead of script kiddies threat models, then you are better off making a public AP and a private AP (very simplified view) as a long term goal and for a short term goal, you just operate off device whitelisting.

Clive RobinsonJune 21, 2015 10:53 AM

@ gordo,

I just tried to get on Craig Murray's blog... (1700BST) however it appears to be refusing all connections...

May be nothing, may be something --it might be the don't upset Rupert "the bear faced liar" Murdoch effect or not-- I'll try again later.

Clive RobinsonJune 21, 2015 11:08 AM

ON Topic :-)

@ Bruce,

Hmm out sized squid "sporks", not sure how long your hands would stay clean if you used both the spoon and fork function.

I think they would look better in red as agitated Humboldt or "red devils"

Speaking of "red devils" did you hear this news,

http://www.bbc.co.uk/news/uk-england-cumbria-33209713

Oh and spot the year they were formed.

Clive RobinsonJune 21, 2015 11:32 AM

@ gordo,

From the SunTim artical,

He [Snowden] eventually fled to Moscow to seek the protection of Vladimir Putin, the Russian president, after America cancelled his passport

Err, I have the vague memory that the US canceled Ed Snowdens pasport after he left Hong Kong for Russia, and that is why he got stuck in limbo in the Moscow transit area for quite a period of time..

Oh and of course no mention of the US illegaly forcing down a diplomatically protected plane, just because they thought Snowden might be on it...

Rupert "the bare faced lier" Murdoch, is trying embarrassingly hard to suck up to politicos in the US and UK. It's kind of sad that the UK Parliment don't lock him up for provably lying to them over the illegal activities on several newspapers he owns, and thus put the geriatric old fart out of all our miseries...

Mind you Rupert was quite happy "to burn" quite a few of his junior journalists just to save not just his skin but that of the spousal abuser Rebecca Brooks who he had taken quite a deep fancy to, much to the horror of his less than bright children.

meJune 21, 2015 11:41 AM

One story that has been strongly suppressed this past week is the use of a FOXCONN signing key by duqu2. This permitted its persistent port redirector driver to be installed on 64bit windows machines. The driver was signed Feb 2015.

It is the *fourth* signing key these guys have used.

En vanlig svenneJune 21, 2015 12:04 PM

@keiner
Sweden is deep inside the rectum of both UK and US, to do the spying on Russia for them (and much more).

+1 on that.

GregoryJune 21, 2015 12:24 PM

@gordo

Very different writing style then the original article. No blathering on about domestic political issues vaguely effecting intelligence, no absurd posturing, and no bizarre transitioning between describing sources.

Kind of a mix between an official press release and a clean AP or Reuters story. There are still significant problems.

It is understood that intelligence chiefs were furious that the accuracy of the claims was confirmed to The Sunday Times by Downing Street and, later, to the BBC.

It is... understood? Odd and very vague way to present such an important statement. Details?

Understood by who? How? Did some Joe yell at the "reporter" at a coffee shop? "Reporter" in quotes, because I fail to believe this article was actually written by a reporter.

Are they going to investigate? Because this disclosure is self-evidently extremely damaging. If they had pulled out a lot of officers, at the same time, then that would have given just a tiny bit more evidence who was working for the West and who was not.

Worse, in context, they are seemingly talking about "agents" who work in official capacity in the Chinese or Russian governments, ie, moles or double agents. If they were exposed, they would have to be taken out of the country or they very well might be killed. Somehow, I kind of doubt Snowden had any sort of access to lists of moles in the Chinese and Russian government. If he had access to that, then surely so did China and Russia. They do compartmentalize such damaging data, don't they? According to this article, they do not. So, why would anyone ever work for either the US or China? They will spread the data so widely around their internal networks anyone could get access to it. That is extremely damaging news to tell the world.


Claims that Snowden's material had fallen into the hands of Russia and China were made by three independent sources across Whitehall before The Sunday Times approached No 10 for confir-mation. A source familiar with briefings to the parliamentary intelligence and security committee last week confirmed that they were aware of the situation.

This is nice. They elaborated on the overall picture they are presenting much more substantially. So, now there is a coherent timeline, and a numeric value put on sources. Also the sources are fleshed out as to specifics on where they spoke from.

However, Snowden's supporters reacted with fury, claiming that the government was trying to smear the former NSA worker and bolster support for new laws that would govern the interception of communications.

This has some truth to it. The last bit, especially. But, largely, the story made the news cycle because it was so poorly written and so dubiously attributed. Greenwald definitely had an angry reaction to it.

"You will no doubt be aware that Chinese and Russian intelligence have been able to decrypt these files. This has resulted in great potential damage to the national security of the United Kingdom," he wrote.

An assertion of truth without evidence. And how did he get this snippet of exactly what he wrote?

Looking upwards in the file, this is a "former" somebody, and another snippet of exactly what was written was included in the report. Sources, please? Did they write this as an editorial to a newspaper published somewhere? Or was this, as it is presented, a private letter written from a former official to officials who are current? So, who leaked this?

Also, this statement inserts in the following phrase out of order, "no doubt be aware", "be aware [of the truth of this claim]" and "have no doubt [of the truth of this claim]". Not that this is not a saying which is used by people, but it does have in it embedded assertions of truth and attempts to persuade of truth without providing evidence.

He eventually fled to Moscow to seek the protection of Vladimir Putin, the Russian president, after America cancelled his passport.

Snowden was en route to Iceland or South America (I forget but can look it up), when his papers were cancelled by the US Government and so he was stuck in Russia.

The article attempts to portray Snowden here as a Russian agent. If he was, why would Russia need the file, or to break it?

So, they imply. Which shows they are biased.

Government sources would not say whether they believe Russia and China stole Snowden's data, or whether he voluntarily handed it over in order to remain at liberty in Hong Kong and Moscow.

They separate their own wild theory into two possibilities, but the point is they present it to the reader for consideration... even though they have zero sourcing on it. It might as well be an editorial.

But, it is important, because it provides a tiny "how" they may have gotten the files. Even if it is absurd and from their own, limited imagination.

Because in all of this, there is zero "how do they know both Russia and China have the file and cracked it at the very same time".

Although Snowden never entered Britain, Macdonald said the theft and distribution of secret GCHQ documents could, in theory, lead to his prosecution in the British courts. "There are any number of offences that may be committed by someone leaking this sort of material, including under the terrorism acts," he said.

Another absurd assertion attempting to link Snowden to terrorists.

Vaz said he would also contact the chairman of the American intelligence committees in the Senate and the House of Representatives "to see whether parliament can co-ordinate our approach to the impact of Snowden on the security of our two countries". He added: "I see this as being one of the priorities for the committee over the next years."

What an imagination, I am staggered. Some Brit is telling the reporter (?) what the major conversation will be in a secret US intelligence and political committee will be over "the next few years". Further coloring in the entirely unsubstantiated story.

Literally, the story is unsubstantiated. No one has substantiated, and, in fact, they will not.

This report, at least, was much better done then the last.

He added that Snowden would one day be "universally acknowledged as a voice for positive change".

This is nice, they actually solicited an opinion from the other side as journalists should do....

Adds a tiny slice of legitimacy to the report.


BoppingAroundJune 21, 2015 12:37 PM

Curious,
This has got ugly very fast. '_nomap' for those hoping to avoid Wi-Fi location databases, now this for something else and apparently you cannot get both [A].

------------------

[A] I suppose one still can, by some sort of registry/gpedit black magic etc. I don't know for certain though.

Kyle RoseJune 21, 2015 12:46 PM

Timothy: that's why I turned off automatic updates and haven't changed my master password (and probably won't for several months). With ~100 bits of entropy to begin with, and a strong PBKDF in addition, I'm not super concerned about someone brute forcing my master password in a few months' time. I consider the danger of a hacked LastPass to be greater than the danger of leaving my password as-is for now.

GregoryJune 21, 2015 1:08 PM

@Clive Robinson

I believe the analysis you gave is the best way to analyze the situation, barring any other sources, perhaps not so available to the press.

I surely would not expect less from you.

My primary issue here, in this last thread on these subjects, has simply been: I can certainly see why press feeders are yelling about the destructiveness of Snowden's disclosures, but I am very surprised to see anyone here doing this.

Under all of their statements, one missing fact glares out for me. They have zero evidence of the destructiveness of Snowden's disclosures. Therefore, why are they bothering to argue so much about it, and in a very layered manner which distracts from this glaring lack of evidence?

Not to say I am a Snowden cheerleader. I think he is a scary effective individual, but I know a lot of scary effective individuals. The point is that if there is no evidence which is tangible, or even arguable, that Snowden's disclosures were destructive, then there is no evidence it is anything but disinformation. Is that inductive or deductive reasoning, I have no idea.

I definitely do enjoy the substantial "oxygen Snowden supplied the room for discourse", however. It is entirely entertaining, and a substantial diversion.

Hayden just well pointed out one point of destructive impact of Snowden's disclosures: leaders have been deeply harassed for two years, and their credibility has taken a distinct nosedive. But, intelligence agencies operate on credibility in a very different way then news agencies. They have much to gain by playing themselves down in some scenario, even if they must play themselves up in other scenarios.


It actually does not matter if Ed Snowden is "a soft person" or if he is "a good or bad person" the answer to those is based on the POV of the individual observer and any agenda they may be running thus it's mainly time wasting fluff.

John McAfee presents himself as a hard hearted person. Severe drug user, very likely murderer, engaged in a wide variety of mysterious 'goings on' in a foreign country. This is how he entered the debate.

That is, I am saying, in his description of Snowden he continues in that very vein. He is coloring in and creating obvious blanks for the audience to fill in which he controls 'what they fill in', and this by simply talking about Snowden. Not himself, at all.

But, there is a problem with this depiction, besides it appears forced. That is a genuinely hard hearted person is going to not be aware of this. I have never found a hard hearted person who is pure enough to see the distinction between 'soft hearted' and 'hard hearted'.

Of course, I could be forgetting someone or some statement through all the history of time.

Just there are so many and such glaring "fill in the blanks" there with McAfee, I approach such individuals with extraordinary caution. All of the claims of his very bad character I take with a distinct measure of salt. I do not enjoy it when someone asks others to color in their own considerations of who they are. It definitely would be an extremely elaborate cover, however. I have never worked at McAfee, but I do not mind stating that I certainly have had some friends who have.

I have also had very long and involved conversations with top McAfee people under the glaring video cameras of the piano bar at Caesers [Blackhat]. Altogether, I have suspicions about the company. And, like with Kaspersky, but far less obvious, this means suspicions about the founding of the company.

He had to give some level of plausibility to his extraordinary skepticism. One finds a similar level of skepticism in "Sabu's" interview with the media. I suppose it is very plausible someone who took so many drugs and escaped the authorities on such severe charges in a country, very well may simply be so disassociated from reality they may not see anyone as who they claim to be.

But, it is also very possible he does not see anyone as who they claim to be because they, their own self, is very much not who they claim to be.

GregoryJune 21, 2015 1:20 PM

@Curious, @Gregory

Curious, that is a very disturbing anti-security feature to be included, I wonder what the specifications of the system are? If it is truly open and so unencrypted wifi, then that is an abominable error.

Router security has been extremely bad, and I mean by that wired router: bad and unlikely update systems, very poorly security qa'd software, obtuse security settings and UI, backdoor passwords and usernames, and on and on. Not so horrible in one sense, someone would actually have to be 'on the wire' to attack it. Apart from the many which are internet facing. They added wireless to this mix, however, a long time ago, so now it is practically ubiquitous. That provides driveby and a whole host of new bugs. And new attacks. Many of the most severe of which are not secured. There is also a deep paucity of security systems which protect these systems, or even watch them for known vulnerabilities despite the fact that trivial signatures can be made for many of these attacks.

However, on mapping wifi, I wonder how many systems are in any major city which collect such data? Both static, at fix locations, such as off major throughfares, and dynamic, they drive around and get them. I also wonder this about stingrays not designed so much as to listen, perhaps, or gather whatever data from the communications they can, but simply to have another way to map out who is going where, and when.

Years ago, the FBI outfitted all of the cars at the Washington Moscow embassy with RFID, so any car which "drove across the bridge" would be detected. And timed for 'when they left' and 'when they came back'. Very valuable data for them to have. As DC is a very bad place to meet agents, or pick up agent's lost files. And there is just so much area of possible interest through out the surrounding states of Virginia and Maryland.

Something like that, anyway.

GregoryJune 21, 2015 2:26 PM

@gordo

Lucky I returned, it is wise to print this in full, because he plans to delete it for other purposes 'in a few hours'.

Cyber Attack On This Site to Crash MI6 Post by craig on June 14, 2015 7:59 am in Uncategorized The site is under a strong denial of service attack from a bot trying to crash it by overloading with millions of pings from multiple locations. I presume the objective is to take down the revelation of the fake MI6 Snowden story, which had been read by tens of thousands already and is now really taking off.While the copyright in that article remains mine, I grant permission for it freely to be reproduced by anybody, anywhere. I shall be grateful for multiple copies to be posted around the web so it can’t be taken down.Some extremely brilliant people have put an awful lot of time and a bit of money on the defences of this blog, making it very hard to crash even by governments, through a cloud hosting system. (OK, you got me, I don’t understand how they do it). With any luck we won’t go down, but backups on that article very welcome.This article will be deleted in an hour or so to put the MI6 lies back at top of the blog.

Paragraphing removed for space.

This is very interesting for a techno centric blog: why would anyone but British intelligence DoS the blog?

GregoryJune 21, 2015 2:41 PM

Also missed 'QN's post...

But, in double checking the post debunking the Sunday Times story at that ex-ambassador's blog, I noticed this story in the comments:

http://notes.rjgallagher.co.uk/2015/06/sunday-times-snowden-china-russia-questions.html

Maybe someone else has already posted on this, such things happen. But, this does include some very interesting information which is new to me, and maybe some other readers.

2) "forcing MI6 to pull agents out of live operations in hostile countries." This was a surprise to me because I've reviewed the Snowden documents and I've never seen anything in there naming active MI6 agents. Were the agents pulled out as a precautionary measure? Keeping in mind that the UK government does not actually know exactly what Snowden leaked, how do these officials know there were documents in there that implicated MI6 operatives and live operations in the first place?
[..] Moreover, I've seen nothing in the region of 1m documents in the Snowden archive, so I don't know where that number has come from. [...] This 1.7m figure was invented by US officials and since then it has been regurgitated repeatedly and unquestioningly by various media outlets. I've seen the trove of documents; the claim or insinuation that he leaked 1.7m is not true.

Mr Gallagher has zero reason to lie. Unless anyone can think of one which is not iterations of dogmatic assertions layered one on top of another.

1 million documents... versus 1.7 million documents. That is almost double the number of documents.

If it's not clear then why does the top line of the story say the Chinese and Russians "cracked" the documents? If Snowden just handed them over, why would they need to "crack" them?
10) "David Miranda, the boyfriend of the Guardian journalist Glenn Greenwald, was seized at Heathrow in 2013 in possession of 58,000 'highly classified' intelligence documents after visiting Snowden in Moscow."This is wrong. Miranda was detained at Heathrow after visiting Laura Poitras in Berlin. He wasn't visiting Snowden in Moscow and I think this is the first time I've ever seen this asserted. It's false.

Why are there so many asserted lies in this story, even though they are so easily verifiable in multiple cases (and not, at all, verifiable in other cases)?

In another interesting development, the Sunday Times quietly deleted the false assertion I noted above (see #10) about David Miranda having documents on his possession "after visiting Snowden in Moscow." This has been removed from the online version of the story with no correction or note, but it can still be found in the paper version, which I got a copy of. The inaccuracy was significant as it underpinned the central dubious narrative of the story — that the documents were "held" by Snowden in Moscow, the insinuation being that this was how the Kremlin was supposed to have gotten hold of them, a claim presented in the story as unquestionable fact because nameless officials "confirmed" it (without offering any evidence).

...

It's also worth noting that in Harper's interview he admits he has no idea how the Chinese and Russian governments supposedly obtained the files, yet the whole story was based on a bombshell claim that the trove of files was somehow "cracked" by Chinese and Russian government operatives (i.e. that the encryption on them was broken). As I noted above in point #9, if Snowden just handed over the files, why would these governments then need to "crack" them, unless the claim is that he handed over a set of encrypted documents?

In other words, they quoted, initially "what the government said", and yet removed this quote deciding it was false, right? Yet, the quote was the underpinning of the entire story, and if even they admit it is too false to print, then isn't the rest of the story also too false to print?


I am simply amazed one can find anyone willing to argue otherwise, that they find these stories in the least bit credible with zero argumentation of why the story is not credible. Do highly intelligent people really look at such stories with no personal analysis on them?

Very implausible I would say.

gordoJune 21, 2015 2:55 PM

@ Gregory,

Re: Writing style this v. last week's SunTim article

One possiblity: It's as Rahul said about last week's story (about 3/4 of the way through the post .... )

With the Anderson report having been released on a Wednesday, 11 June, there were only three days to get something ready for the Sunday, 14 June, edition. They, in effect, had to do what they did, quickly. Not so, this week.

GregoryJune 21, 2015 3:39 PM

@gordo

Yes, I have been contemplating on that.

Maybe you mean something else, but I mean: maybe this initial story was simply the product of a single source, and that, the very night before publishing.

This new story almost seems to attack that angle, fleshing out all the dubious details, and painting a picture which implies this is from multiple sources and sources beyond simply "an aide of David Cameron". So, that especially has me alerted.

gordoJune 21, 2015 3:55 PM

@ Clive Robinson,

I recall that the phone hacking scandal was fairly lurid.

That kind of "reporting" is exactly the reason to oppose unfettered surveillance.

Unfortunately, and I could be wrong, but last week's front page headline is all that most people will likely remember about (what they last heard about) Mr. Snowden.

Between this week and last week's stories, it'll at least be easy to see who, on the talk-show circuits, the moderators/talking-heads/experts/editorial community, etc., is using whom for talking points.

BenniJune 21, 2015 3:59 PM

The blog post on retroshare is saying something sad by the way: It shows that a capable attacker who is interested in collecting as much encrypted content as it can get, and who is in bed with internet providers also attacks retroshare:


"Retroshare has recently been “attacked” by what we think are network profiling actors who basically used the DHT to impersonate your friends and blindly relay the traffic between peers, without the ability to decrypt it. Still, such an attack would allow to progressively map the network and measure bandwidth. We contacted the abuse service of the related internet ranges but got no answer. So we implemented multiple measures to efficiently get rid of this problem:"

One can imagine who this is..... Someone who is forced to save all encrypted content it can get, and someone who finds it not much difficult to steal keys.....

Clive RobinsonJune 21, 2015 5:07 PM

@ gordo,

First off I think it's a bit more sophisticated than a ping style DDoS attack on the Craig Murray blog. The reason is I'm getting a very fast rst on an attempted connection, which makes me think it's coming from upstream of the actual blog site...

Now who do we know with those abilities in the UK...

Sadly I connect through a smart phone and the service provider kills most non http traffic deader than a dinosaur so getting even a simple ping or traceroute won't work and running any other test code is problematical.

As for the SunTim, let's just say that it's change in editorial style and decreasing circulation figures, suggests that it's becoming "an ailing beast" at best. Thus I suspect the "regular readers" are of a limited mental acuity or are "authoratarian follows", either way they are not likely to believe anything that does not pander to their entrenched preconceptions, so are of a not to disimilar type that reads the "daily fail" as well...

@ Gregory

As for "our friend in Havana" or where ever John McAfee currently is, he appears to suscribe to the "Putin Style" of self aggrandizement with a mix of "Mans Man" behaviour --that I've always found as suspect as "cross dressing"-- and some faux parody of the "Sex Drugs and Rock-n-Roll, live hard and die before you get old" lifestyle. As my father occasionaly used to comment on the likes of Punk Rock artists and similar who lived that way "Sometimes it's not only sandwiches that a picnic's short of...".

GregoryJune 21, 2015 5:33 PM

@Clive Robinson

Lol...

Yes, I was more just being silly. One has to be careful with satire however, consider that "The Prince" was initially satire, yet has well since been taken as a serious manual for "how to behave in leadership".

I do have substantial respect for artists, but I have avoided going too far in any of those paths. It is almost as if a price one must pay in such roles. It has a very old history, and I ultimately make that path by pointing to acting as the real history behind it. Drunkenness, drugs, prolific sexual activity often are difficult to resist as part of the whole package.

GregoryJune 21, 2015 5:39 PM

@gordo

Unfortunately, and I could be wrong, but last week's front page headline is all that most people will likely remember about (what they last heard about) Mr. Snowden.

I could see that maybe being the way in Britain, on the street, I suppose, as little as I can imagine of that...

But, I definitely do not believe this has in any substantial way tampered Mr Snowden's credibility, globally. Outside of Five Eyes states, definitely, he is considered very heroic.

I am not sure what the latest polls would say about Snowden, in the States, in England, in Canada, and so on... but I am sure his popularity will continue to gain. And, with it, his credibility.

Many of the now revered famous people of the past had severe problems. Many critics, including those from law enforcement and intelligence. It did not look so good for them at the time.

JustinJune 21, 2015 6:58 PM

@Gregory

I am trying to piece together what you are saying about Snowden:

I believe that his [John McAfee's] skepticism is well placed, but he underestimates Snowden's capacities.
... but I am sure his popularity will continue to gain. And, with it, his credibility.

In my view, whatever Snowden's capacities were, they are spent now. He's a wanted man, now, almost anywhere but Russia. Russia's FSB is protecting him for the time being, but they're not going to trust him with any of their secrets. Whatever harm he was going to do to the "surveillance state" is already done.

Snowden's popularity was manufactured by the media. When the media are tired of him, they will move on to something or someone else. Snowden leaked a bunch of classified documents, but nothing about the NSA we didn't really already know, more or less, if we had cared to read, say, James Bamford.

As far as his credibility is concerned, he simply hasn't made any grand claims to the public where his credibility would be at issue. However, under the auspices of the FSB, he is obviously constrained about what he might say freely, (say about Russia's surveillance apparatus, SORM etc.,) and his credibility is accordingly limited.

The fickle public may adulate Snowden now, but geopolitical events could change that rapidly. As you say, though, in a sense, it's all a diversion.

GregoryJune 21, 2015 7:12 PM

Schneier: China and Russia probably did get the Snowden leaks -- by hacking the NSA

http://boingboing.net/2015/06/20/schneier-china-and-russia-pro.html

CHINA AND RUSSIA ALMOST DEFINITELY HAVE THE SNOWDEN DOCS

[All caps from copy and paste from Wired title.]

http://www.wired.com/2015/06/course-china-russia-snowden-documents/


Cory Doctorow's Summary:

Bruce Schneier weighs in on last week's ridiculous UK government talking points memo that Murdoch's Sunday Times dutifully published as front-page news.
Schneier argues that China and Russia's spy agencies are full of infowar ninjas who've been hacking away at the NSA's repositories for years, and that there is likely a steady flow of secrets that are exfiltrated by the agencies. He says that he thinks successful hack-attacks against the NSA are much more likely than Chinese and Russian spooks coming up with some kind of magic crypto-cracking ability (especially as Snowden didn't even bring the docs with him to Russia).

JustinJune 21, 2015 7:26 PM

It looks like Cory Doctorow glossed over Schneier's first point:

First, the journalists working with the documents. I’ve handled some of the Snowden documents myself, and even though I’m a paranoid cryptographer, I know how difficult it is to maintain perfect security. It’s been open season on the computers of the journalists Snowden shared documents with since this story broke in July 2013. And while they have been taking extraordinary pains to secure those computers, it’s almost certainly not enough to keep out the world’s intelligence services.

There is a lot of evidence for this belief. ...

In my opinion Snowden and the journalists are irresponsible to think (if it was ever their intention) that they could keep this data out of the hands of the Russians and Chinese.

Nick PJune 21, 2015 8:23 PM

@ Justin, Gregory
(re Bruce on Russia/China/Snowdendoc claim)

Bruce might get more mileage in media if he uses U.S. Counterintelligence documents as a source. This report is one of more recent showing the HUMINT attacks U.S. has received over time. Most of them are government employees with some lasting for years. Plenty of the tech was as protected as Snowden tech with some possibly more so. Russians, Chinese, and others still compromised it. Combine this with reports like Mandiant's for IT side of it, then you have a solid case that these organizations have been thoroughly compromised by hackers and infiltrators going back decades. We might be better at catching them but they're sending boatloads in, too.

That Booz Allen Hamilton didn't even have commercial-grade security protecting that information would've made it *so* easy for nation-states to get it. And plenty more. That Chinese stealth fighter shows they're *still* getting the data. Bruce should leverage reports like these, along with their data, to establish more credibility on his end in front of audiences leaning in favor of defense sector. If even defense says they're compromised, then that starts shifting blame and discussion in a direction that might accomplish something.

gordoJune 21, 2015 8:24 PM

@ Gregory,

I agree with you and @ Clive Robinson that the story is for mainly local consumption.

@ Clive Robinson,

So, if I understand you correctly, those with such abilities may be making themselves known for the sake of making themselves known with some upstream, backbone-like MITM/tap/sinkhole infrastructure flexing, i.e., a variation of this capability and issues similar to these that affect Internet users, regardless the actors and jurisdictions.

Off-topic, but that got me wondering, for example, if going after, say, "ISIS on the Internet" in a manner similar to botnet take-downs would be feasible? If so, I imagine that would raise some Internet governance issues that seem to be a long way from being considered, let alone worked out.

GregoryJune 21, 2015 8:36 PM

@Justin

In my opinion Snowden and the journalists are irresponsible to think (if it was ever their intention) that they could keep this data out of the hands of the Russians and Chinese.
In my view, whatever Snowden's capacities were, they are spent now.


Justin, I really do not have an authoritative view, nor an authoritative opinion on your statements, because I have zero intelligence or counterintelligence experience. On the other hand, I can and do have what I consider to be an authoritative opinion and view in areas I do have experience in. I get the impression that you work in intelligence, and have considerable experience there.

So, you probably know more about all of this then anyone else does.

That said, we have seen no evidence Snowden's disclosures are in anyway destructive, nor even very meaningful. Much of what he exposed had already been exposed by previous whistleblowers who simply did not have his flair.

Ryan Gallagher, a journalist who has had access to all of the files, has stated that he saw no naming of names. Of course, looking at his resume, one does not know if he could properly parse the details of all of the material. He is a technology journalist, with no experience in intelligence, except from the outside.

Snowden, however, did have experience as an intelligence analyst, that is what he did. I would be surprised if he included any details of any ongoing operation which could have jeopardized the operation where undercover assets and agents were engaged. Maybe he was not a desk counterintelligence analyst who constantly pours over data to ensure it is properly scrubbed of any possibly identifying information.... but he surely was smart enough to know how to limit exposure.

I partly state this because it was Snowden, not the journalists, who were truly responsible. And as for Snowden, it was not truly him, but the awful security of the US Government which allowed this leak to happen in the first place.

If Snowden could have done that, surely the Russians and Chinese had already done it, and that before him, and so very much worse. (Which, btw, is very much the honest and accurate gist of Schneier's article.)

While I believe the US systems Snowden had access to clearly had horrible security, I do not believe they were so incredibly bad in security to have also put on that very leaky ship extremely compartmentalized data revealing sources.


But, again, "I do not know". For all I knew Snowden may have found as easy access to the true names of all international assets and agents, just as well as he discovered detailed documentation on the warrantless, domestic surveillance system.

Why don't you offer your opinion here: Do you believe that such data would be stored in such a manner that any contractor analyst would have had access to it?

If so, do you believe it is beyond the realm of possibility, that Russia and China were not already well ahead of Snowden?


GregoryJune 21, 2015 9:46 PM

@Nick P

Bruce might get more mileage in media if he uses U.S. Counterintelligence documents as a source. [...] Combine this with reports like Mandiant's for IT side of it, then you have a solid case that these organizations have been thoroughly compromised by hackers and infiltrators going back decades. We might be better at catching them but they're sending boatloads in, too.
That Booz Allen Hamilton didn't even have commercial-grade security protecting that information would've made it *so* easy for nation-states to get it. And plenty more. That Chinese stealth fighter shows they're *still* getting the data. Bruce should leverage reports like these, along with their data, to establish more credibility on his end in front of audiences leaning in favor of defense sector. If even defense says they're compromised, then that starts shifting blame and discussion in a direction that might accomplish something.

Thanks, Nick. I think the document well summarizes the 2000-2015 cases, those which have been brought to public notice, anyway. These cases have been public and made quite a splash in the news media.

I would be surprised if Bruce has read the Mandiant, VeraCode, Trustwave, and Verizon Business Consulting reports, and probably reads each new, annual issue.

I do believe he left me with a bit of an uncanny feeling, by even pointing out the two news issues which "were disclosed just last week"... and by providing a statement from an intelligence source, about the level of penetration they have, and the likely level of penetration the other folks have.

I am left thinking what do they not know... kind of scary.

But, I suppose if they only just recently noticed their "assets and agents" being targeted, then maybe there has been some recent, massive disclosure which has happened that has enabled Russia and China to simultaneously target all of these people.

Maybe they are aware of a secret penetration they do not want to make anyone else aware of, including Russia and China, but which to provide a convenient and plausible excuse for exactly what that penetration was?

I find it hard to believe that Snowden had such details in his file, and find it plausible if that much detail was there, Ryan Gallagher would have recognized at least some of it.

Maybe the penetration was just from Russia, or just from China. Russia would not know what China knows, and China would not know what Russia knows. So that could be considered to be a safe bet to make, perhaps.

Though, I am only hazarding some wild guess, and really do not know how those sorts think.

ThothJune 21, 2015 11:33 PM

@Benni, Clive Robinson, Nick P
Traffic metadata analysis and the collect it all mindset allows not just ISPs but someone sitting in the middle of the network systems (in corporate buildings or maybe the building's network lines) to tap, collect and analyze network traffic of all traffic data while mapping and reacting to traffic collection.

As we know, @Clive Robinson have talked about Fleet Broadcast methodology multiple times in the comments as the next step to thwart active mapping capabilities of HSAs or even MSAs even with simplistic laptop and cable tapping capabilities.

To drill into how to expand on @Clive Robinson's Fleet Broadcast methodology, we have to setup the protocol in a number of stages.

We have the following phase:
- Discovery
- Peer Contact
- Message Exchange

The phases above are continuous in a loop and are always constantly active.

The definition of Discovery phase during a node's startup is to broadcast itself and exchange a list of nearby nodes and build it's DHT list. For a running node, it exchanges it's own DHT list and registers a new node and continues to broadcast this information to all that is on it's DHT list. The problem here is to control how often to rely the broadcast of new nodes to prevent spamming the network to make it efficient.

The definition of Peer Contact is that once you establish a DHT, your node starts to search for your own registered friends on the network and once found, exchanges of node status, banner messages and such takes place. Friend nodes communicate over friend-based long term signed public keys so that relaying nodes will not know the contents when friends begin messaging each other (message exchange segment). New friend requests, deletion of friends and handling of your friend list are done here. What you share (Retroshare's version of shared files with friends or public folders) are a higher level view of the Peer Contact phase where you share friend based information periodically or when triggered.

The definition of Message Exchange is a low level messaging and routing procedure. One method is to simply multicast to everyone on the DHT list or to selectively broadcast to random or specific nodes on the DHT list when taking into consideration of network efficiency and spam control. Segmenting the DHT list (you may include priority queuing) into segments and do round robin (or some methods of distribution) broadcasting so as not to spam all your DHT list nodes could be a better method than an all out spam everyone on the DHT list of nodes. A node receiving a message would examine the header to check if the packet is for them (probably via some form of quick decryption assuming during Peer Contact phase, friends exchange symmetric ephemeral keys) which otherwise would drop back into Message Exchange FIFO pipelines (or maybe with priority queues) and broadcast under control to prevent spamming. The problem here is how to control not resending the exact same message multiple times (in the event you receive the same broadcast message) and also on the same side to try and prevent measuring the message in terms of fingerprinting and then tracing the message. Tactics like delayed relaying can be used to confuse attempted fingerprinting of messages. Not all messages needs to be delayed (due to lesser confidentiality classification) and system messages like protocol pings and keep-alives.

If a user message (not system message) leaves the hands of the originator, the fate of the message is left entirely to the relaying nodes. If an attacker can have the entire network in full observation, the attacker maybe able to profile the unique message time and source of emanation which despite efforts to delay the sending of message at the originator's end, will still be monitored by the attacker and noticed. Node to node communication need to include a proof of work to consistently randomize the sending of a message whenever it has been specified to do so without leaking too much information as an attempt to thwart an active HSA/MSA with full network view and control.

Another way of handling messages is to send messages in batches instead of individuals as the HSA/MSA would have to suspect the message batches instead of a single message and this makes work much harder for the attacker.

Designs have also to be considered in the event the HSA/MSA controls all surrounding nodes around the target and the security needs to withstand such attacks whereby the attackers creates message with knowledge and broadcast them so that the target mixes in his own messages and sends which now makes it very apparent of the message's originator in the face of the HSA/MSA.

GregoryJune 21, 2015 11:47 PM

http://www.wired.com/2015/06/course-china-russia-snowden-documents/

I am reminded of a comment made to me in confidence by a US intelligence official. I asked him what he was most worried about, and he replied: “I know how deep we are in our enemies’ networks without them having any idea that we’re there. I’m worried that our networks are penetrated just as deeply.”

So, this quote had me thinking: what might Russia, China, Vietnam, North Korea, Iran, Saudi Arabia, Israel be doing that the US Government would not know about?

So, like, what Rahul was saying in another post, how many actions of the US Government, over how many years, might not just be like "Psyche"? If you are unfamiliar with the television show, a man who is actually exceptionally well trained in detective observation since a child by his father, attributes his outrageous perceptive capabilities to "psychic powers" as a cover for this?

It gets to be a bit like the following paradox: have you have gotten two mirrors together, facing each other and looked at yourself in one of those mirrors? It quickly gets very convoluted and appears to go on to infinity.

For shit and giggles, let us keep this problem simple and consider: What if the US Government has known about every illegal from China in the US, and they have known about every major operation China has engaged in.

Let us say, something hypothetical here, like maybe that they have been as a dogged leopard and been constantly updating in total stealth their penetration... since say... back in the 90s... when we heard of operations with such quizzical names as "Moonlight Maze" or "Byzantine Chambers" (I forget the actual name of that operation but recall it had something to do with Byzantine mazes.)

What would this mean they would do?

If you have seen "Breach", you can probably get some inkling of an idea of their capacity. I mean, putting a super intelligent mole into what ultimately amounted to a sandbox, one so persuasive even he could not figure it out.

Just think of it: every operation they have run for how many years would actually be entirely and carefully controlled. With just enough real information to keep them itching for more, and believing it.

I would have to say, business has probably been very, very good for US Counter-intelligence.

I suppose... someone could argue that "the Chinese would never allow onto their networks connected to the internet" information about all of their illegals - or any of their illegals - to touch any of that? Right? There would be no way the US Government could have been on top of all of their espionage activities against the USG over the past... who knows how many years? Right? So, it would also be very likely Snowden did not have access to any such privileged information, either, right?

Because who is more technically advanced? The US or China?

But, isn't the reality that they are likely to have rather then air gapped systems, per se, more likely simply networks entirely unconnected to the internet? I mean, what sensitive network is going to be connected to the internet? And apart from sending paper memos, how could they possibly deal with such information in a coherent fashion, unless they were operating on some manner of connected network where, for instance, one counterintelligence analyst might be able to look at source material, edit it, and pass it on to someone else. And so on.

Of course, though, it could all be some manner of bluff. Maybe they are playing up their own capacities to such a degree they want to make China merely believe they are on top of all of their games?

I do not know. Really powerful revelation there. I am reeling at the possibilities.


65535June 22, 2015 12:15 AM

@ Nick P

“Always wise to get estimates at the least.”

Ha, funny clip.

I was under the impression that one had to be fairly to close to the laptop you were getting the keys from… But…

@ Clive Robinson

“Sending the target the files that cause the sync preamble can be sent surreptitiously from any point "upstream" of the user simply by injecting it into an appropriate download stream.”

That makes sense.

“…researchers developed for the "smart phone connected to an AM band radio audio output" could be easily modified to "do an ET" and phone home or act as a "store and forward" so that it can be called up… [1] Think of the bits inside of a "Mobile Broadband Dongle"(MBD), it would not take any kind of genius to "augment" one to act as an appropriate EM detector as an extra function, likewise the Near Field Conectivity(NFC) in dongles and now being built into mobile phones as standard would be ideal as sensing heads. It is something I've been thinking about off and on for a few years due to some work I was asked to do for an organisation that was contracting services to a state level organisation. Oh and as the Chinese make by far the majority of the MBDs NFCs and almost certainly the IoT devices as well, we might well not be talking "in the future tense" it might well have happened already...”

Wow, that is neat idea. I think it could be easily done by a state actor.

[Next, to the Snowden Doc’s deal]

In all of the documents that Bruce has used on this blog, I did not see one name – but there a couple of pictures of individuals. Further, the actual number of leakers is unknown.

My point being if Russian spies are fleeing the USA/UK or USA/UK spies are being rolled up in Russia and China I would suspect that the OPM SF-86 forms would provide more exact information than the Snowden files – and they are current. Snowden could just be a pasty to deflect people’s attention off of the real sensitive OPM SF-86 breach.

‘"They got everyone's SF-86," one Pentagon official familiar with the investigation told Military Times.’ –Military Times

http://www.militarytimes.com/story/military/2015/06/17/sf-86-security-clearance-breach-troops-affected-opm/28866125/

If China or Russia got "everyone's" SF-86 some of those people are/were still in the field [in Russia or China].

GregoryJune 22, 2015 1:05 AM

@65535

"They got everyone's SF-86," one Pentagon official familiar with the investigation told Military Times.’ –Military Times
If China or Russia got "everyone's" SF-86 some of those people are/were still in the field [in Russia or China].


Could be... could be...

Rahul stated this in this post:

The other option is plain and simple: it was a highly sophisticated ploy by intelligence, and the mistakes were intentional. In which case, the technical mistakes were intentional, designed probably to make it look like the work of politicians or political appointees, or, in general, to simply downplay their capacity and add distracting factors.
Too many factors are unknown in this case to really make much judgments.
They may have waited for situations "like the OPM hack" and significant other matters to play this card.
They may have used the Sunday Times because the Sunday Times did hack the previous administration who were of the opposing political party.


Now... let us imagine for a moment, maybe this "Rahul" figure (which is the single most popular name for a male in India at the moment) actually is not even Indian, but a very sophisticated American, deep cover, counterintelligence spy. I know, right? Unbelievable. On so many levels...

I mean, the last thing he would want to be doing is consistently filling in any blanks, am I right?

Okay, so scrap that idea. Like myself, just some totally unrelated amateur observer.


Sheesh, I could even imagine the FBI knocking on my door for this sort of speculation...

Who didn't see 'Three Days of the Condor' where some guy just 'guessed' correctly some crazy, far flung operation, and him and all of his buddies got shot for it. Cold dead. Nasty debacle.


Considering the very famous and pivotal 'Kevin Mitnick' literally used the nick 'Condor', serious, am I right?

I mean, everyone knows who Kevin Mitnick is here, right?


But, there really has been a lot of crazy stuff going on. And, that? For a long time.

Why did Sabu hack Stratfor while under such strict observation and control of the FBI? Who, btw, does have charge of counterintelligence on US soil... and, maybe, even to some, Sabu's Chicago location might just be a little suspicious. After all, wasn't NASDAQ in Chicago attacked under the Anonymous flag? And didn't China even go so far as to attack the popular time server located there? Why? Was it CNC?

Of all crazy things, why did the FBI allow, or order Sabu to attack embassies globally? Isn't that very much an intelligence sort of job? Yet, also under the FBI control and guidance he allowed such things as the Atlanta infragard to be attacked, or dox'd the Phoenix police... (or whatever, my facts may be just 'a little off'.)


And, before the FBI caught Sabu, he penetrated the defense contractor HBGary.

Okay, let's talk about that. That, like Stratfor, was a whole shit ton of crazy files, right? But, didn't this "HBGary Federal" division kind of ask for it? Why did HBGary, already a federal defense contractor of whom Jamie Butler was a primary - and ex-NSA - even feel a need to create a separate division so extremely distinct from the rest of HBGary?

Now, to be far, Greg was very angry about all of this, but ended up selling his company for millions.


But, forget about all of that. What about all of the truly secret ... Russian roulette style, let us just stick to 'China' here, for hypothetical reasons... operations China has been running against the US all of these years.

What if... all of these were well known to the USG all along??


What if, aside from whatever is seen in the press, or considered by the public, there has been... all along... a bunch of far more elaborate operations ongoing? Which has simply not made the press?

Would that not possibly mean that the OPM hack was allowed? And worse, so much worse, because who knows what sort of vast trails these guys are on which appears nowhere in the public domain? Only they would know.


Try to take it from their point of view: all of the hard won victories, all of the sophisticated intrigue, all of the extraordinary efforts... all just a maze. Which leads nowhere. Now, how would you react if you were in their shoes?

You simply would not believe it, that is how.

You would take it as some kind of 'black art', 'mind fuck mojo', which the Americans probably well have. Make you think you are losing, when, in fact, you are very much winning. Anyway, who among us really wants to get fired from our jobs?

Hey, boss, I am sorry, but I suddenly realized all of these resources I have been asking from you all of these years has actually been just to feed a vast and extremely powerful USG disinformation project. In fact, they want to get me up on stage and pin a medal on my chest as if I were a double agent for them all along. Is that a fuck or what? No one would concede to that.

Unless burning in shame was their masochistic idea of a 'good time'.

Never even mind the idea of getting fired or worse, getting shot so your organs can be used for others being an exceptionally 'top of the list' one.


Or, of course, the problem of conceding exceptional defeat of such a deafening and total manner that it basically would equate you to being a double agent for the Americans all along.

I am telling you, 'there is no truth, because people believe what they want to, based on their own preferences'.

How fucked up is that??? ;-)

65535June 22, 2015 1:10 AM

@ Gregory

It now appears that OPM breach is worse than first disclosed. The number breached files were 4 million and now may to leap to 14 million!

“EPIC” fail—how OPM hackers tapped the mother lode of espionage data
Two separate "penetrations" exposed 14 million people's personal info.

“…many as 3.2 million federal employees (both current federal employees and retirees) was exposed. However, new estimates in light of this week's revelations have soared, estimating as many as 14 million people in and outside government will be affected by the breach—including uniformed military and intelligence personnel. It is, essentially, the biggest potential "doxing" in history. And if true, personal details from nearly everyone who works for the government in some capacity may now be in the hands of a foreign government. This fallout is the culmination of years of issues such as reliance on outdated software and contracting large swaths of security work elsewhere (including China)… But "none of the agency's 47 major applications require PIV authentication," the Office of the Inspector General reported, a violation of an Office of Management and Budget mandate for federal systems… The agency still has systems based on Windows XP (supported under a custom support agreement with Microsoft), and many of the core systems run by the agency are based on mainframe applications that haven't been updated since their COBOL code was fixed for the Y2K bug in the late 1990s… Since multi-factor authentication and encryption were not integrated into any of OPM's 47 major applications, all an attacker had to do was to gain access to a system on the network—nearly any system.” -Arstechmica

http://arstechnica.com/security/2015/06/epic-fail-how-opm-hackers-tapped-the-mother-lode-of-espionage-data/


It appears that this is one of largest breaches in history and is bloody mess [if not the largest breach]. It very handy to blame “Snowden” for the loss of a ton of SF-86 files


GregoryJune 22, 2015 1:42 AM

@65535

It now appears that OPM breach is worse than first disclosed. The number breached files were 4 million and now may to leap to 14 million!

I am completely shocked.

I thought they had all SF86 records going back to 1986. I thought it was all 14 million in the first place.

I don't know. I am glad I am not in there, nor had ever any manner of dealings with the US Government....

I mean, it is crazy, right? They do so much hacking abroad, but zero defense? I mean, OPM did not even have any security until like 2013 or something.

I mean 'security team'.

And if true, personal details from nearly everyone who works for the government in some capacity may now be in the hands of a foreign government. This fallout is the culmination of years of issues such as reliance on outdated software and contracting large swaths of security work elsewhere (including China)

Totally crazy. Blows my mind.

he agency still has systems based on Windows XP (supported under a custom support agreement with Microsoft), and many of the core systems run by the agency are based on mainframe applications that haven't been updated since their COBOL code was fixed for the Y2K bug in the late 1990s

Wow. Just wow. I can't believe it.

Since multi-factor authentication and encryption were not integrated into any of OPM's 47 major applications, all an attacker had to do was to gain access to a system on the network—nearly any system.

What incredible bad asses. I am amazed. I have never known any Chinese hackers, but recall their awesome names, "Liu Die Yu", "Laser", "ICBM", "Lion"... fuck. They totally raped these guys. What a win.

It appears that this is one of largest breaches in history and is bloody mess [if not the largest breach]. It very handy to blame “Snowden” for the loss of a ton of SF-86 files

Oh, totally. What a cop out.


I am so very glad I never got clearance through all of those years. I was 16 way back in 86. Spent my twenties blowing trust fund money while focusing on religious searches. Skipped around high schools a lot, and ended up with a GED. Much of my fellow students were killed in a tragic bus crash when on route to a sporting event at my private school in Utah. My other private school I went to is long defunct by now. I had friends and jobs during my twenties, but barely. Very much a loner. I looked up old high school friends and friends during my twenties and could not find them. Just maybe, five. I did Facebook just for a very short bit, but decided it was too involved. All my wife's old friends, all my relatives, and all the friends from my past. I would hate if someone looked into my background. My birthdad fucked my mom before he went to Laos, and a distant cousin adopted me. He got killed. My adopted dad took me up, and ended up out of the Department of Justice into a more money making company. Lucky me, got to be raised in a pretty wealth household. Mercedes Benz, big hours, fancy lifestyle. Trust fund baby. Private schools. Didn't have to work. Talk about "capitalism".


65535June 22, 2015 1:59 AM

@ Gregory

This is a real mess.

It will take a lot of finger pointing, deflection, spin and lies to keep the government’s reputation intact. I expect the media to do most of the misinformation and spinning so be prepared for also of odd-ball stories in the near future.

JustinJune 22, 2015 2:06 AM

@Gregory

Justin, I really do not have an authoritative view, nor an authoritative opinion on your statements, because I have zero intelligence or counterintelligence experience. On the other hand, I can and do have what I consider to be an authoritative opinion and view in areas I do have experience in. I get the impression that you work in intelligence, and have considerable experience there.

For laughing out loud! Let's take a few steps back, here. Opinions and views are just that. Mine are not authoritative, and I certainly hope I never implied they were. Perhaps my views and opinions are even out of place here, and if you wish to imply that, you could certainly say so directly, but you yourself have been giving opinions on exactly the same matters I have been. If I could put it in so many words, you seem to be accusing me of being a spy (or something like that.) No. My work is entirely more mundane than that and does not relate to any of the matters I comment on this blog about. So my opinions and views are entirely unqualified. I was simply being careful to distinguish them from facts. Reader beware.

But, again, "I do not know". For all I knew Snowden may have found as easy access to the true names of all international assets and agents, just as well as he discovered detailed documentation on the warrantless, domestic surveillance system.

Why don't you offer your opinion here: Do you believe that such data would be stored in such a manner that any contractor analyst would have had access to it?

If I understand right, any documents Snowden or someone in his position would have had access to would have referred to international assets and agents by code name. No, I do not believe he would have had direct access to their true names.

If so, do you believe it is beyond the realm of possibility, that Russia and China were not already well ahead of Snowden?

This is where the OPM breach comes in. OPM has detailed information (see form SF-86 [pdf]) about backgrounds and experiences of assets and agents. The reports filed by agent code name (possibly leaked by Snowden---I'm thinking about the Manning leaks, too) may contain inadvertent clues that could be correlated to those backgrounds and experiences reported by true name on form SF-86 to the OPM. It's all part of a mosaic that potentially could be put together to uncloak the identities of spies.

If Snowden could exfiltrate that great number of documents, undoubtedly other moles could have done so for Russia and/or China. This is Bruce's point number two, which Cory Doctorow so emphasized.

On all this, I am speaking strictly as an outsider who has followed some of these leaks in the news.

Campbell SoupsJune 22, 2015 2:38 AM

@ Justin

"In my opinion Snowden and the journalists are irresponsible to think (if it was ever their intention) that they could keep this data out of the hands of the Russians and Chinese."

...

"In my view, whatever Snowden's capacities were, they are spent now."

...

The British press had pigeonholed public opinions into us (US/UK) versus them (Russia/China). Everyone knows but it kept working and working. McAfee would know. He's the kind of person. It isn't just them. The threat model includes semi- friendlies like Germany and Israel, France, both Koreas, South Americans, ISIS, Saudis, or just some trophy seeking hackers and Assange. They all have motives to go after Snowden treasure trove. Sorry if you left out.

Thus, Snowden is hardly spent. He's a global intelligence minefield.

Clive RobinsonJune 22, 2015 3:38 AM

@ 65535,

The ARS quote on the OPM technology has a wider issue than just OPM, it reflects that of US Government and their contracting out organisations since before man put his foot on the moon.

Essentially what happens is "a new politicaly inspired initiative" gets money thrown at it, which gets quickly "vampired up" by vested interests on the "pork fat greasing the wheel" principle. However the initiative also becomes some administrators empire and rapidly gets as many federal employees as the administrator can get, and as we know federal employees effectivly have benifits and tenure which longterm is very expensive, especialy when on balance they are not the brightest or best, as it's the security of the long term benifits that attracts them to federal employment.

But then the initiative gets stale for one of many reasons and political bargaining starts getting the funding cut as other new politicaly inspired initiatives get the lime light. The result is the initiative is stuck with both man power and rapidly aging technology without the funds to carry on developing the technology to address the rapidly changing technology landscape. Thus the only forward movment are "race for the bottom" changes, where to get funding a project has to show it will cost less than the existing system it's to replace... which is a variation of the rapidly self limiting "do more with less" argument for which the technology was to be the enabler. Worse it's known that such projects will fail because at the end of the day the "more with less" is limited because you have all those tenured employees you have to find "make work" for. Thus the original idea of "no more tenure" problems by employing all those contractors... But the contractors are generaly smarter than the federal employees so know this and have slightly better knowledge or can buy it in so they can work the system and contracts to get their own version of tenure often by taking IP ownership on both the systems and the data... Thus the cost to Government does not fall long term, in fact the opposit in that it usually gets rapidly gets more expensive. However the contractors don't just want to make a comfortable profit, they want to make a massive profit in as short a period of time as they can, to use this as leverage to get bought out by investors looking for high rates of return. This profit has to come from somewhere so they likewise don't spend money except where it will earn money...

As we know security is all "sunk costs" so you spend as little as you can on it, especialy when your longterm plan is to "cut and run" with a few billion in investor buyout cash in your pocket. Such short terminism makes you take gambles, so you simply don't spend anything on security on the idea that you "probably won't get attacked before the cheque clears"...

So either way in these libertarian days government IT will just not be as secure as the average home computer, and we know how bad that level of security can be... Thus is it any wonder that the Chinese, Russian's, North Korean's, that teenager down the road at number 42, uncle Tom Cobbly and all are getting into them?

Clive RobinsonJune 22, 2015 4:33 AM

@ Gregory, Justin,

If I understand right, any documents Snowden or someone in his position would have had access to would have referred to international assets and agents by code name. No, I do not believe he would have had direct access to their true names.

I guess neither of you have had any involvment with computer forensics and file meta-data?

What you get with power point slides and PDF documents is rather more than you see due to all sorts of interesting data getting hidden away in the file meta-data.

Various "official" organisations have been caught out in the past when they failed to redact such files properly.

All of those files that Ed Snowden obtained will have meta-data, but others also had "contact names and numbers" which were redacted by the journalists. Which is indicative that those making the original files were not in any way practicing even minimum OpSec on the files creation.

Not having access to the original files, I can not say just how many items of real or identifing names numbers or other information there is in the files. Nor if such meta-data information there is relates in any way to field officers or their agents active or past.

However what I do know is that all IC agencies make biographies of every person they can who might even be faintly related to another countries IC agencies. So all diplomats, armed forces personnel, civil servants, their families and friends, that have ever appeared in any kind of distributed document will be collected collated and cross referenced. The documents will include, all honours, promotions and postings lists, court lists and judjments, property and company registers, academic papers and records, conferance spaakers and attendee lists, newspapers, journals, trade promotions and marketing information, school and college photos year books and magazines, and these days social networking sites. So much so that a foreign and possibly hostile nations IC may know more about many individuals, than the individuals can remember themselves.

Oh and various UK politicians have publicaly stated that databases of this sort of information should be kept on all UK citizens with wide access to companies and organisations, supposadly for the citizens protection against ID theft, and to stop the citizens misrepresenting themselves to employers and organisations. Of course these databases will be centraly held with about the same level of security as the US OPM records... As Bruce had pointed out publicaly on a number of occasions, the more central these databases become, the more of a crutch they become to the collective stupidity/idiocy of organisations, thus the more desirable they become to criminals and foreign nations...

Vadim LebedevJune 22, 2015 6:06 AM

About OPM hack: It seems that the hackers had root access to database holding
the data. Given that, i think that the fact that hackers retrieved the data is only smaller half of the problem. The bigger half is that they probably were able to modify the data to facilitate infiltration of agents into US governement services.

gordoJune 22, 2015 10:44 AM

Quote:

"In other words, ... either the net must be broken up into governable chunks or the net becomes government." – Dan Geer

LessThanObviousJune 22, 2015 1:37 PM

@tyr

I think unfortunately you have it nailed, in that it's those said "shortsighted nitwits" would ruin any attempt to change the paradigm in some respects. If we ever allow any restrictions that aren't imposed only by the parties responsible for the endpoints, they will find a way to inject policy and business interests that shouldn't be part of fundamental security practice.

My thoughts are more along the lines of end point operators having the ability to easily opt out of global interconnection, not for any intermediary to decide anything on their behalf.

tyrJune 22, 2015 4:23 PM


@gordo
I first read that as ISIS not USIS and had a vision of the
ME filled with scribbling warrior wannabees filling out
forms. We need to have some humour about security or the
abysmal business as usual will cause us depression.

@LTO
Securing the end points works if there is no centralized
insertion point in between. Currently the MITM capability
is with large organizations but the whole history of the
Net means that it'll be in the hands of script kiddies
and 4th world countries real soon. One other thing that
might work is a timestamp on packets. Then you do a compare
against arrival time. If you don't like the results dump
the packet. This would make the nation state actors have
to invest in highspeed supercomps to do their attacks and
they would become targetted instead of random haystack
turning.

@all

On the humour of the day. The thoughts of the government
with the biggest military and intelligence budgets the
world has ever see running COBOL on MS XP without geniuses
like Spandam Alexander and Starfleet Hayden noticing the
vulnerability is priceless comedy.
Maybe a little less classification of toilet paper and
post-its and a lot more transparency would actually make
government more secure in reality.
There's nothing new about this and I know some nonshareable
stuff that is pure horror, suffice to say that closing the
barn door works a lot better before the horse is gone.

I'm sure the government will store your keys just as well
as they have secured their personnel records. The VA
laptop fiasco didn't teach them anything.

Clive RobinsonJune 22, 2015 5:15 PM

@ Bruce,

You might like this,

http://www.reuters.com/article/2015/06/21/us-poland-lot-cybercrime-idUSKBN0P10X020150621

The hackers caused quite a few problems for air travelers.

They attacked the airlines computers that deal with flight plans and scheduling rather than anything to do with the plane or it's avionics.

Whilst nobody appears to have been physically harmed or killed, their lives were significantly disrupted, and almost certainly some passangers would have thought "if there's nothing to stop them attacking these computers, what's stoping them attacking other aircraft related computers?"

To which the answer is probably "nothing" for computers involved with maintenance and other operations...

65535June 22, 2015 6:33 PM

@ Clive

‘The result is the initiative is stuck with both man power and rapidly aging technology without the funds to carry on developing the technology to address the rapidly changing technology landscape. Thus the only forward movment are "race for the bottom" changes…As we know security is all "sunk costs" so you spend as little as you can on it, especialy when your longterm plan is to "cut and run" with a few billion in investor buyout cash in your pocket. Such short terminism makes you take gambles, so you simply don't spend anything on security on the idea that you "probably won't get attacked before the cheque clears"’

The government does seem to be in a race for the bottom. The OPM has now crashed through the bottom and still descending. If all of the SF-86 forms were doxed it would be a new low.

Nick PJune 22, 2015 6:37 PM

re ARS article on OPM hack

Reading through the Ars article and comments was fun. Several were smart enough to figure out why replacing the applications is a stupid idea: the cost & risk of essentially reverse engineering then reingineering the legacy apps are way too high for OPM. This is common among government and private sector organizations. So, they should've used security practice to protect & audit access to them instead. That's their failure. One commenter nicely phrased the probable result:

"With this much personal information, the perpetrators are going to be able to take spear phishing to a whole new level"

Also, the Dept of Interior's National Business Center was actually a doing an amazing job in IT by many metrics per this case study. Relative to most businesses or government organizations, that is. I'd like to see a Google level of innovation in government entities but will settle for NBC's. ;) Clearly, though, they could benefit from hiring some security engineers.

Note: The contractors in comments also told how horrible they were treated despite outperforming the "lifers." One claimed to be a network support guy who had to work from a trailer outside with no network access. Lol.

gordoJune 22, 2015 7:30 PM

@ tyr,

It's so bad that the pita bread and salad appetizers can't necessarily be trusted!

Maybe those salad servers house a special kind of squid jam; look at those tentacles!

Now I'm wondering about all the desserts in the display case (top row, front and center, especially!). Those raspberry jam pi(e) squares look pretty good, too!

Goes to show that you can't be too careful in your choice of bakery!

Sympathies aside, a street waif, a bakery, a photograph, and a spy...

Cajun Steak FilletJune 22, 2015 11:51 PM

@ Clive Robinson, Justin

"I guess neither of you have had any involvment with computer forensics and file meta-data?
...
What you get with power point slides and PDF documents is rather more than you see due to all sorts of interesting data getting hidden away in the file meta-data."

A govt classified pdf distribution system would know better to strip them of original signatures and then implant its own, possibly tagged for targeted tracking. Couple blog entries up we read about all sorts of radioactive tracer tags employed by the IC, don't see why they not with digital assets classified ones.

@ Nick P

" One claimed to be a network support guy who had to work from a trailer outside with no network access. Lol."

Tricky stuff they do eh

Clive RobinsonJune 23, 2015 2:31 AM

@ 65535,

The government does seem to be in a race for the bottom. The OPM has now crashed through the bottom and still descending. If all of the SF-86 forms were doxed it would be a new low.

In any race there has to be a leader... sometimes however some are so far out infront of the pack it's difficult to see them, till they either trip over their feet or "crash and burn".

What is scary is, just as before the Ed Snowden revelations, where we knew intellectually these things were possible our "apple and pie outlook" did not allow us to believe the great US Gov could be doing that.

The OPM has revealed what we have intellectually known but did not want to believe, that US Gov ICT is a real mess, even though we knew the NSA was awfully bad, we must assume much more is yet to come into the light. I guess the only questions left are just how far this poor practice is spreed, and which poor unfortunates are going to be next on the list of having their privacy thrown away by Gov incompetence? I'm thinking that ObamaCare's ICT has all the hallmarks of a major clu5t3rf4ck about to hit the fan.

@ All,

Speaking of OPM, it can get worse... hopefully you've all taken your blood preasure meds and are sitting safely with nothing to throw or damage near by,

http://www.lawfareblog.com/turns-out-privacy-groups-are-outraged-about-opm-hack%E2%80%94-me

Clive RobinsonJune 23, 2015 3:22 AM

@ Cajun Steak Fillet,

A govt classified pdf distribution system would know better to strip them of original signatures and then implant its own, possibly tagged for targeted tracking.

You would hope... but the NSA has a very poor track record with ICTsec, after all it "thinks" Ed Snowden got away with maybe 1.7million of their highly secret documents, but realy does not have a clue. Other US Govt agencies have had a poor record on redacting electronic documents in the past, and the recent OPM leak shows that the US Govt does not learn from the past mistakes about ICTsec...

Thus my point that "there maybe" some meta-data in those documents Snowden obtained "that might" if used correctly by a suitably set up hostile nation state identify officers, "that might" have been field agents etc "that might" identify agents in those hostile nation states.

Yes it's a lot of "that might"s and I'm most definatly not saying it's the case. But it is theoreticaly possible, thus it would be sensible to err on the side of caution, and you would expect the US & UK ICs to have acted in the intervening two years.

The fact that somebody close to the UK Prime Minister is alledged --by the Sunday Times-- to be so utterly and stupidly reckless as to say this to a journalist for a cheep political trick absolutely astounds me. If it is proved not to be a compleat fabrication by the Sunday Times journalist then there are two possibilities,

1, Identification is not possible, and no movment has happened.

2, Identification is possible and movment has happened.

Either way it's still a very stupid thing to have made public, because,

If it's true, and officers and agents have been moved, then the anouncment means that any movement has significance thus cross hairs have been painted on officers and agents backs pointlessly.

If it's not true any movment of officers or those who might be agents for unconnected reasons is again going to have significance, so again cross hairs have been painted pointlessly...

It's one of the reasons the reponse to any questions about IC activities gets a "no comment" response.

As I've previously indicated I think the whole Sunday Times story is a fabrication, the only question is by whom and why.

AnonJune 23, 2015 4:09 AM

New NSA document shows that Govt attacked AV companies to collect suspicious person.
Don't provide any files to AV companies or VirusTotal, or you'll be flagged as suspicious person.

Clive RobinsonJune 23, 2015 11:44 AM

@ Jacob,

The link you post to is a PDF which is a little ironic.

What is not is that the web page uses the "WoSign CA Limited" issued certificate. Supposadly they are based in Hong Kong, however some other sources put them as being owned and run from mainland China.

There are other oddities about WoSign which has caused me to remove them from the "trusted CA" list.

JacobJune 23, 2015 1:41 PM

@Clive

I looked up WoSign. They say on their site that they are Chinese and run from China, and that they mostly cater to the Chinese market.

The only non-Chinese reference on their "Our Customers" page is Cambridge University Press, so I clicked on that Cambridge icon. I was led to this site:
https://touchstone.koolearn.com/p/splash

LOL - look at the cartificate chain and issue/expiration dates of the whole chain. Never seen anything like that.

Edit: the same weird chain is used on their main site.

BenniJune 23, 2015 4:00 PM

Wikileaks publishes secret NSA protocols. NSA targeted the entire french government:
https://wikileaks.org/nsa-france/

GCHQ jtrig also operates against common internet criminals, according to new snowden documents:
https://firstlook.org/theintercept/2015/06/22/controversial-gchq-unit-domestic-law-enforcement-propaganda/

And they infiltrate antivirus programs.
https://firstlook.org/theintercept/2015/06/22/nsa-gchq-targeted-kaspersky/

They get information on the targets by intercepting the malware reports and data from url checks, they also reverse engineering the antivirus software in order to find exploits.

Notably, neither NSA nor GCHQ have sophos on their target list... But probably thats because they have the sourcecode from this company....

BoppingAroundJune 23, 2015 4:38 PM

Now it is interesting to me as to how do the people from this noxious sphere (government high-ups, IC, etc) live, assuming they know that whatever they do may be and probably is recorded and monitored by someone.

Surely that kind of environment rubs on one's mental state? What about the unwilling participants (wives, kids, relatives etc)?

BenniJune 23, 2015 6:20 PM

Perhaps this could be a way to get a list of NSA/GCHQ/FBI/BND ip's:


Retroshare says that it was attacked by network profilers who acted as man in the middle, impersonating ones friends and relayed the encrypted data to the real persons in order to map the retroshare network. And these man in the middle are powerful enough do this in cooperation with ISP's.

Now retroshare 06 has the ability to detect "friends" that have two ip's simultaneously....

https://retroshareteam.wordpress.com/2015/06/08/version-0-6-is-out/

And then one can configure the application to add the wrong ip's to a blacklist that one can read....


Out of curiosity, I would be interested in these ip's, where they are located, for example.....

Perhaps if several people here could use retroshare for a while, and then post the IP's of these man in the middle who so eagerly want metadata from people who communicate over encrypted channels....

Perhaps this way we get an IP list of hostile government computers


BenniJune 23, 2015 7:08 PM

correction: The sentence "at have two ip's simultaneously" must mean "two IP's who have the same DHT"

Cajun Steak FilletJune 23, 2015 8:35 PM

@ Clive Robinson

"You would hope... but the NSA has a very poor track record with ICTsec, after all it "thinks" Ed Snowden got away with maybe 1.7million of their highly secret documents, but realy does not have a clue. Other US Govt agencies have had a poor record on redacting electronic documents in the past,..."

I don't think it's logical to assume these documents are kept in some sort of shared drive in free for all mode, even if on an internal wide area network. The basics of a classified system is the need to know basis. There has to be a due process managed by either the file system, network, machine, app, or a combination of, with audit loggings, by human admin. Thus, docs go thru software assisted life cycle is pretty ordinary in everyday biz, and data at rested is encrypted, so...

ThothJune 23, 2015 10:21 PM

@all
Here's a "6 degree of separation" experiment for everyone to do at their own leisure.

Draw a graph of your immediate friend/relative and map them 3 steps along the way and keep expanding another 3 steps for every node. You may use online and offline information to mine the data and see where the graph maps out.

How much information do you know previously and how much information do you now know about your environment.

If you want to computerize the process, you can use OrientDB (http://orientdb.com/orientdb/) or other graph databases to map out your results (probably encrypt the database files first via Truecrypt-like volume encryption tools) and see the expanding data.

To automate the data collection phase, you may write scripts in high level languages to gather details and feed them into your graph maps.

tyrJune 24, 2015 1:02 AM


Here's an interesting talk from Jake.

http://tsogblogsphere.blogspot.com/2015/05/jacob-appelbaum-technical-action-plan.html

One thing which he touched on lightly that needs a lot
more thought. The basic power struggle is over the basic
definition of what it means to be a human being. As the
institutions attempt to redefine this basic meaning you
are locked into the struggle without your consent by
a number of active agents and their agendas. The entire
20th century was an active hotbed of genocidal and
bizarre redefinitions of what it means to be a human.

Look at the passport, originally it was issued and used
to restrict travel from towns in Tsarist Russia as a
control method to keep serfs from escaping into some
form of freedom. Soon every nation on earth embraced it
as a way of keeping track of those who moved around.
So one of the favourite cliches of the movies became an
official demanding to see your papers so you had to
prove to them who you were. This insistence on paperwork
allowed the Germans to easily disarm the French populace
in WW2 by getting the registration records from the
French police and going to each address to collect their
weapons. Now each state ideology at the time had its own
definition of what a human being should be and how they
should act and that definition was all about who has the
power over who.

So I think we really need to take a good look at what the
tech has to say in human terms about the direction these
institutions are taking us. Particularly irritating is
the bland assumption by most that the computers and the
algorythmns are infallible. Once you insert that into
the pyramid of power it can be used to play CYA as in
the famous Milgram experiment.

I'm saying we need to start thinking about consequences
and the hidden assumptions and unspoken parts of the
surveillance apparatus not just the technical details.

@gordo

That center pastry looked like a coprolite and with
the electronics in it might be hard to chew.

ThothJune 24, 2015 2:03 AM

@Clive Robinson, Nick P, Wael, Figureitout, DIY Electronic Chip
Something interesting as a food for thought. Someone actually soldered a 14k gate processor by hand. The Mega Processor done by hand soldering.

If you need your own (security/normal) processor, you can do that. In the case for crypto-accelerators, you can make building blocks like XOR, AND, NAND and the likes for symmetric encryption. The problem comes with trying to tamper-resist the module from intrusion using hand-built or open source techniques.

Link:
- http://megaprocessor.com/index.html
- http://www.theregister.co.uk/2015/06/23/brit_mega_processor/

WaelJune 24, 2015 3:26 AM

@Thoth, et all,

Someone actually soldered a 14k gate processor by hand. The Mega Processor done by hand soldering.

How much can you do with "14,000 individual transistors"?[1] Can you compare it to the "Xilinx currently holds the "world-record" for a FPGA containing more than 20 billion transistors."? [2]

I say listen to @Nick P, and think of FPGAs :) Then again, have we identified that the CPU is the "weak link"? @Nick P hasn't posted the date as of yet :)

Also see this "dirty dozen" post, which was mainly directed towards @Clive Robinson (with the admitted mistake of attributing the Castle to him) for a non exhaustive list of "weaknesses" and follow the C-v-P discussion, which I know you have done to some extent,

As for the links you posted, I think it's a cool project (that @Figureitout can lick in a few days) but it wouldn't be the first thing that comes to mind when I think of "Security". The rules of the game, I would think, is to use off the shelf building blocks to design a hardened system. I come from the analog world, so when I see transistors, I only think: RF, amplifiers, etc... so my opinion is a little "biased"... By the way, the electromagnetic signature of such a "processor" and it's power consumption would leak too much information if you're not careful.

[1] You can actually do a "lot" with one transistor, but in a different context and domain.
[2] https://en.m.wikipedia.org/wiki/Transistor_count

Wesley ParishJune 24, 2015 5:14 AM

Now is the time for all thieves to come to the collusion of the party

http://www.theguardian.com/technology/2015/jun/22/major-internet-providers-slowing-traffic-speeds

I think I've said it before, and that this is not in fact Off Topic, but infrastructure is a major part of security. If the major US ISPs can collude - as no doubt will be seen by a careful examination of the timing of this slow-down and likewise an examination of their CxOs emails - in introducing to the US Internet user the Ultra-Slow Broadband in a hissy-fit at being told they have to treat all users the same, they can likewise collude in hiding vulnerabilities instead of fixing them, in the manner of Microsoft's verbiage concerning Internet Exploitee's diner's special of vulnerabilities that made the nineties and the noughties such a festival for malware writers.

If the US consumer watchdogs had any teeth, they would be gnashing them at this moment. But as we know, they don't.

Clive RobinsonJune 24, 2015 6:27 AM

@ Wesely Parish,

AT&T have significant "previous" on this sort of behaviour going back decades, as various court rulings have shown.

Unfortunatly the efforts to reign them in in the past have proved ineffective, even breaking them up in the past only ended up making them worse.

Interestingly not breaking up IBM had results much closer to those desired...

Perhaps loading AT&T down with vast amounts of very expensive reporting and such like requirments requiring senior staff to "sign off" on the accuracy and if found inaccurat face considerable jail sentences and striping of assets and rights might make the execs behave in a more socialy responsible way.

FigureitoutJune 24, 2015 2:48 PM

Thoth // Wael RE: the megaprocessor
--Another amazing project, definitely deserves to be in a museum (if it works, which I hope so). I don't know if I'll ever do something *that* extreme. Also I'd be a hot mess worrying about signal integrity and timing issues, and replacing parts (if these happen to you in a SoC though you're probably more screwed, no just changing parts there). Active attacks look pretty easy against such a huge thing and you'd have to physically protect 24/7...pretty sick, why I'd want it in a museum. Programmability is a big deal to me, I'm not bad ass enough to program in binary or how else he's going to do it.

So yeah there's that, I'm setting my sights on "the Katy" 68k with uClinux. Main reason is that is almost exactly what I want, a Unix shell w/ a lot of memory on a breadboard; it'd be a long time getting a shell on the megaprocessor. Combine a sampling line for PRNG, one-way I/O lines for file transfer (checked via a "file arbiter"), a good shield, good board layout w/ jumpers letting me shut off lines easily, and a clean power supply; that's close to best I can do and individual can "theoretically" evaluate themselves. That's where I run crypto I care about, and I can't deal w/ backdoored chips at this time.

gordoJune 24, 2015 3:21 PM

Jason Chaffetz: OPM data breaches may affect 32 million
David Perera | Politico | 6/24/15

That number comes from the agency’s fiscal 2016 budget proposal, in which it notes that OPM stores more personally identifiable information than any other agency.

That includes “banking information for more than 2 million annuitants and background investigations for more than 30 million people,” the budget document states.

http://www.politico.com/story/2015/06/opm-data-breach-jason-chaffetz-119374.html

Note: That's approximately 10 percent of the U.S. population.

name.withheld.for.obvious.reasonsJune 25, 2015 1:04 AM

Thoughts about recent TPA legislation and the "Partnership"

What does the Trans Pacific Partnership deliver--to you and me--NOTHING. But, for the elite zero dot one percent'rs, the ability to hold and control assets classes across multiple countries with harmonized business regulations means that money (where talking trillions of dollars in investment and equity holdings) flows into larger pools of wealth.

With less than an intellectually honest disclosure by those in positions to know better, we are left to be passive observers of our own demise. What's funny is that the "one percent" will soon find themselves looking for crumbs after the zero dot one percent'rs no longer need the acquiescence of these lesser, formerly well-to-do types.

The next group to feel the pain will be the SME types all the way to CEO of fortune 1000's. In the upper corporate suites, fortune 500, it will be top management (all you VP's, look for a new job). The upper middle class will soon join our ranks. I'm sure the former middle class, or disenfranchised, will embrace our fallen brethen when they join us in the de-leveraged, structural collapsed, U.S. economic malaise.

name.withheld.for.obvious.reasonsJune 25, 2015 3:28 AM

Iain Thomson, a writer for The Register, contributed an article latest Snowden leak and the similarity between a report I posted here summarizing my findings regarding the OIG's report on section 215. In the report I posted here, the government had documented a strange hand off where surveillance and collection began with the assumption that foreign is non-foreign, FBI reviews surveillance, pushes it back to NSA in the case it is foreign. Now Bob's your uncle...

But what people didn't take away from my report was that the government had redacted much of the report in order to hide five other bulk collection programs...and they operate outside the scope of 215. I didn't take the time to tear it down but it looks a lot like a number of different business records (data brokers, banks, e-commerce). While wearing my tinfoil hat I sense that real-time dossiers are the end product, remember a major CIA contractor, TRW, is/was a major data broker (Experian). I wonder if the Chinese would have been better served hacking the public's SF-86 forms (held by Experian, Trans Union, Check Point, et al).

BuckJune 25, 2015 6:04 AM

@name.withheld

I wonder if the Chinese would have been better served hacking the public's SF-86 forms (held by Experian, Trans Union, Check Point, et al).
No need to hack those companies. Just pay a little cash to ensure the records keep on coming...

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient, an IBM Company.