Margaret McFall-Ngai studies the symbiotic relationship between squid and the bacteria that live inside them.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Orange Juice • November 6, 2015 4:50 PM
to add a little randomness under comment
Squid Blogger • November 6, 2015 4:53 PM
I almost forgot, ProtonMail came under a sustained DDOS attack. They’re crowdfunding for a DDOS solution – estimated over $100,000 – https://www.gofundme.com/protonmaildefense
Selma Manigan • November 6, 2015 4:57 PM
Redrafting the Snooper’s Chart is turning out to be like pouring a bucket of manure over a fan.
When confronted about the privacy implications of the proposed law, Theresa May revealed that MI5 has in fact been collecting telephone data from British citizens since 2001 without warrants.
Jacob • November 6, 2015 5:00 PM
Based on the news report about the British reaction to the downing of the Russian passenger plane, it appears that raw data collected by the GCHQ and NSA is not processes in real-time, but analyzed ad hoc.
This is A Good Thing for the innocent.
The agencies suspected a bomb rather than a nechanical failure by finding evidence in “communication chatter” ex post facto. This is notable especially since the chatter comes from a group high on the US/UK group A terrorist list.
Side Note: The Russians, according to news reports, were not aware of that “chatter”. I expect them to substantially increase their effort to globally tap comm channels from now on.
Daniel • November 6, 2015 5:15 PM
I consider Stewart Baker to a NSA flunkie but he has two very interesting articles on the intersection of Cybersecurity and the Trans Pacific trade deal.
https://www.washingtonpost.com/news/volokh-conspiracy/wp/2015/11/06/ustr-wins-the-crypto-war/
https://www.washingtonpost.com/news/volokh-conspiracy/wp/2015/11/06/cybersecurity-and-the-tpp/
The TPP turns out to be very friendly to privacy folks in these areas.
unlike the UK
Carl • November 6, 2015 5:25 PM
Although not the biggest elephant in the room that is internet security, it’s still one of my favorites. Everyone just covers their eyes and pretends. Digital bliss.
Downloading Software Safely Is Nearly Impossible
https://noncombatant.org/2014/03/03/downloading-software-safely-is-nearly-impossible/
fluviatic lutheran • November 6, 2015 5:30 PM
The UK’s snooper’s charter will make it legal for security services (from national intelligence to local police) to hack into anyone’s computers or phone. Obviously, thanks to Snowden we know that GCHQ has already been doing this for a while, regardless of the legality. However, the biggest concern is that the new law will open the doors to data exfiltrated from hacked devices being allowed as evidence in court. Bearing in mind that some of the most popular intercept solutions (like that of Hacking Team) come with an upload function by default, this paints a bleak picture for political activists and campaigners who may find themselves on the wrong side of law enforcement.
According to the charter’s draft, ISPs and firmware vendors will have the legal obligation to actively assist the government in hacking people’s phones or computers. If they refuse to do so, it will be considered contempt of court.
Snowden’s reaction on twitter: “By my read, #SnoopersCharter legitimizes mass surveillance. It is the most intrusive and least accountable surveillance regime in the West.”
Cabals or Secret Ruling Class Controlling Countries • November 6, 2015 5:33 PM
Is the “deep state” a force that insidiously undermines democracy or has it helped maintain stability in the face of extremism? Do they put citizens under mass surveillance?
Do Shadow Elites Use Power Wisely?
Shadowed By Murder of Ravens • November 6, 2015 5:39 PM
@Jacob
Side Note: The Russians, according to news reports, were not aware of that “chatter”. I expect them to substantially increase their effort to globally tap comm channels from now on.
Very sharp observation. Especially pertinent as they seem to be running their subs along the underwater cabling recently.
Based on the news report about the British reaction to the downing of the Russian passenger plane, it appears that raw data collected by the GCHQ and NSA is not processes in real-time, but analyzed ad hoc.This is A Good Thing for the innocent.
It just means they probably used specific details from the flight and the attack and searched their existing data, to find hits. This does not mean they do not have ample live filters running at any time, which they surely do.
The danger of dragnet surveillance really is an indirect danger for the innocent, mostly. Sure, you can have “Brazil” like scenarios where a mistake in a vast bureaucracy turns you into a top terrorist… or where simply trying to get your air conditioning fixed gets the government bullseye on your back. But, more realistically, the primary targets for illegitimate surveillance are those in power, both corporate and governmental. They have the money, they have the power. And secret surveillance provides both to the surveillors by surveilling them.
Spookarchy is a term applied to Russia’s current regime. Former KGB in the head office, Former KGB and current SVR and FSB running and taking over businesses, criminal and legitimate. Creating the ultimate mafia.
Think of that as the way of the future.
One problem with all this talk about stopping these things, like making secret courts public is that it forgets — we know about those secret courts. What about the people doing surveillance not even bothering with the secret cults? How do you catch them?
You can’t.
And blackmail victims don’t talk. Especially not when they don’t even need to know who is blackmailing them. Which such government organizations will tend to have in spades.
Even the very ostentatious Al Capone was exceedingly hard to catch. And he was above water. Everyone knew who he was. Everyone knew what he was doing. But the government couldn’t find his name on anything. Anywhere.
How much harder to catch mafias that are government, and that don’t make the mistake of going above water so people might see they are even a fish to catch?
You can’t catch that at all.
Curtis Agoston • November 6, 2015 5:56 PM
The snooper’s charter is bad. Really bad. As a programmer in the UK, I could be sent to prison for writing code that implements a cryptographic library which the government cannot crack.
Full text: http://www.official-documents.gov.uk/document/cm83/8359/8359.asp
Sunshine Surfer • November 6, 2015 6:11 PM
@Curtis
Don’t know why you’re quoting that document as that’s the old one. The current draft bill is here:
Sunshine Surfer • November 6, 2015 6:18 PM
Here’s an unusual patent application made by Apple.
Fingerprint actuation is described for unlocking a mobile device and activating customized mobile device functions by using a fingerprint authentication technique. The mobile device uses a fingerprint sensor to authenticate a user for allowing secure access to certain mobile device functions or contents, and provides a utility in addition to unlocking the mobile device. This allows the user to control access to one or more mobile device functions concurrently with invoking fingerprint authentication in order to unlock the mobile device when the user presses a finger to the fingerprint sensor. The mobile device may be unlocked using a designated finger that activates a panic mode of operation, wherein personal data stored on the mobile device is not accessible or viewable to the user. In other implementations, the user may register particular fingerprints to be associated with different modes of operation and activate the different modes based on the particular fingerprints. Related news story
Also;
While US and UK governments oppose encryption, Germany promotes it. Why?
tyr • November 6, 2015 7:10 PM
@Shadowed by a Murder of Ravens
Nice typo mutating secret courts into cults.
The way you catch them is simple, follow the actions
and follow the money trail. Trying to extract some
invisible psychological portion is just wasting time.
That’s why most conspiracy theorists fail, they are
busy looking for motivations or mysterious groupings.
Watch the Zapruder film with a rifleman, none of the
empty obfuscations will do away with the filmed action.
Now examine the coverup documents and see who is in
them. Track the careers of those who did the coverup.
This is just a single example. No amount of obfuscation
will cover the trail of the omnipotent and invisible
(in their own mind) but the public records and finances
show the emperor with no clothes in plain sight.
The real problem is that they believe their own lies of
being immune to any exposure because of actions. Actions
are the exposure, and people get paid for those actions.
Peanuts • November 6, 2015 8:02 PM
So we can expect to see contempt of court carraries. Get a contempt order now while their hot. Step right up, get ya contempt order.
Public doesn’t want ta see yer old warrant carrarry they want to see your firmware branded contempt carrarry label.
Ok, I’ll bite. So where does one have to design and build distribute from to sustainably maintain a non sleazy operation?
The Moon, Mars, in orbit, on that island that anthropologists are keeping on the do not contact list?
Peanuts
Banana • November 6, 2015 10:05 PM
@ tyr
“The real problem is that they believe their own lies of
being immune to any exposure because of actions. Actions
are the exposure, and people get paid for those actions.”
Au contraire, payments of secret actions would not a money trail but in other obfuscated ways, if a secret is to be kept, as demonstrated by Clive’s four horsemen of anonymity. Following the money can only leads to false trails. Just as with any secret communication, secret payments there has to be a disconnect or hidden within crowd source.
Of course, there is an exception as in any sound theory, which given conditions. If two parties of a secret comm, one of which is constantly watched by another, then an anonymous comm is can be reached half done. This is where the general assumptions fail, when they fail to account for the farthest fetched.
sidd • November 6, 2015 11:35 PM
I don’t know whether to laugh at the FBI or to cry about these kids. Or the other way around.
Curious • November 7, 2015 1:38 AM
“DOT presses forward on National Address Database” (17. July)
https://www.transportation.gov/fastlane/pressing-forward-on-national-address-database
“A complete, current, and accurate address list including street number, street name, city –as well as less commonly used information like Latitude/Longitude, GML point geometry, and spatial reference system– with associated metadata is essential for a variety of government and non-government functions, including emergency response, conducting the Census, income tax collection, delivering the mail, planning, routing, and many others.”
I got the impression that the US department of transportation intend to scoop up info from a lot of databases and place it into a big one.
Curious • November 7, 2015 1:50 AM
“NSA says how often, not when, it discloses software flaws”
http://www.reuters.com/article/2015/11/07/us-cybersecurity-nsa-flaws-insight-idUSKCN0SV2XQ20151107
According to Reuters, officials say NSA use exploits before reporting them to tech vendors. (The Stuxnet reference I guess.)
“The U.S. National Security Agency, seeking to rebut accusations that it hoards information about vulnerabilities in computer software, thereby leaving U.S. companies open to cyber attacks, said last week that it tells U.S. technology firms about the most serious flaws it finds more than 90 percent of the time.”
Curious • November 7, 2015 1:55 AM
“Only ‘tiny handful’ of ministers knew of mass surveillance, Clegg reveals” (UK)
http://www.theguardian.com/world/2015/nov/05/nick-clegg-cabinet-mass-surveillance-british-spying
“The government finally admitted on Wednesday that the mass surveillance of British citizens began in 2001 after 9/11 and was stepped up in 2005, using powers under national security directions largely hidden in the 1984 Telecommunications Act.”
Complementary article:
“MI5 ‘secretly collected phone data’ for decade”
http://www.bbc.com/news/uk-politics-34729139
“The programme has been running for 10 years under a law described as “vague” by the government’s terror watchdog.”
“It emerged as Home Secretary Theresa May unveiled a draft bill governing spying on communications by the authorities.”
“If it becomes law, the internet activity of everyone in Britain will be held for a year by service providers.”
Curious • November 7, 2015 2:09 AM
Apparently, “Communications-Electronics Security Group”, a group within th British GCHQ have the opinion that end to end encryption (voice comms) for “government and enterprise customers” is totally ok and want to promote it.
Someone on reddit points out how the UK government wants to ban end-to-end encryption, while the CESG is promoting end-to-end encryption for “secure voice”.
https://twitter.com/FredericJacobs/status/661654090934566912
There is a link to a recent document from CESG, but I see that today that the link ends with an error, for me anyway.
https://www.cesg.gov.uk/publications/Documents/secure_voice_at_OFFICIAL.pdf
Curious • November 7, 2015 2:10 AM
Correction: I referenced Reddit just above in my last comment, I really meant to write Twitter and not Reddit.
Curious • November 7, 2015 2:19 AM
I saw a reference to this on Twitter: The url says it all.
Jason Richardson-White • November 7, 2015 3:16 AM
I quote what I regard as the key section from the WordPress site</a href> about the ongoing DDOS attack on ProtonMail:
“The second stage is the more complex attack which targeted weak points in the infrastructure of our ISPs. This second phase has not been observed in any other recent attacks on Swiss companies and was technically much more sophisticated. This means that ProtonMail is likely under attack by two separate groups, with the second attackers exhibiting capabilities more commonly possessed by state-sponsored actors. It also shows that the second attackers were not afraid of causing massive collateral damage in order to get at us.”
I am going to hazard a prediction. ProtonMail is going to lose this one. It will close like LavaBit and SilentCircle.
When it does, for my part, I will cease attempting to use secure email. I may cease using email altogether. Instead, I will use a combination of communication broadcasts (e.g., blogging) and “private” communication, meaning that I shall preface every phone call with someone wishing a private but remote conversation with me with the advisement that such is likely not possible – caveat emptor. If someone were to want a private communication with me (or anyone), they should arrange a face-to-face meeting. Even then, the circumstances of the meeting should reflect the importance of privacy on the matters to be discussed.
Paranoia is not my state unless fear is my problem.
And I am not afraid.
Grauhut • November 7, 2015 3:32 AM
@sunshine surfer: “While US and UK governments oppose encryption, Germany promotes it. Why?”
There are producers of original knowledge and there are consumers… 🙂
“There’s an official sanction on the part of the German authorities for encryption that keeps you out of sight of Anglo-Saxon eyes,” he said.”
They remember quite well what happened to German owned patents after 1945. Privatly owned patents.
And they remember quite well what happened to the intellectual property of windpower company Enercon.
German economic losses through espionage amount to 4-10 billion € a year.
Binary Lineage • November 7, 2015 4:26 AM
@Sunshine Surfer et Curtis Agoston
Please point to the text that you’re interpreting to mean that:
“As a programmer in the UK, I could be sent to prison for writing code that implements a cryptographic library which the government cannot crack.”
Thank you
ianf • November 7, 2015 5:08 AM
FROM TODAY’S, Saturday 7 November 2015, GUARDIAN NEWSLETTER:
[Comment is free]
Twitter is teetering because it has turned into one big pyramid scheme
Social media’s struggles sum up a modern malaise: the inability to recognise value beyond market-driven metrics
http://www.theguardian.com/commentisfree/2015/nov/06/twitter-teetering-pyramid-scheme-social-media
[Comment is free]
SURVEILLANCE: The spooks will keep spying on us Brits: we clearly don’t care
With no experience of life in a security state, and with James Bond and the Enigma codebreakers as our heroes, we’ve always believed the intelligence agencies protect us
http://www.theguardian.com/commentisfree/2015/nov/06/spooks-spying-brits-dont-care-james-bond-enigma-surveillance
[UK news]
Sharm el-Sheikh flight from Stansted dodged missile in August
Thomson Airways plane heading to Egyptian resort forced to take evasive action after projectile spotted by pilot, British government confirms
http://www.theguardian.com/uk-news/2015/nov/06/missed-by-a-1000-feet-how-british-holidaymakers-came-close-to-being-hit-by-a-missile-in-august
[Building proposal] London garden bridge users to have mobile phone signals tracked
People visiting partly taxpayer-funded structure could have items such as kites confiscated under strict security measures. Visitors to the garden bridge in London will be tracked by their mobile phone signals and supervised by staff with powers to take people’s names and addresses and confiscate and destroy banned items, including kites and musical instruments, according to a planning document. […] The trust behind the scheme hoped to “maximise the opportunity provided by the status of the bridge as private land” by imposing rules to “establish expectations for behaviour and conduct”.
http://www.theguardian.com/uk-news/2015/nov/06/garden-bridge-mobile-phone-signals-tracking-london
Finally, a bit of sage advice, ALAS INAPPLICABLE to this forum’s highly supercharged, well-spoken, intellectual posters—from this reader’s mind-resident sage-in-dying:
Clive James on maintaining the dignity of words on the web:
[FTR there’s no love lost between CJ and his nominal subject, fellow Australian expat and contemporary Germaine Greer, in whose defense these words were written. Now back to AES256 or whatever.]
Grauhut • November 7, 2015 5:30 AM
@Binary linage: “Please point to the text …”
I think he wrote about §§ 99, 101.
Would a programmer as a person who has control of a part of a public telecommunications system, in this hypothetical case the encryption part, have to provide an agency showing of a warrant with assistance in giving effect to the warrant, having to take all thinkable and materially possible steps for giving effect to the warrant?
Would that programmer of a part of a public telecommunications system have to implement a back door for the presenter of that warrant and have to push out an update, weakening his encryption system, only because its technically possible?
Could he be forced to convert his encryption system into an encryption simulation?
“99 Implementation of warrants
(1) In giving effect to a targeted equipment interference warrant, the person to whom it is addressed may (in addition to acting on its own) act through, or together with, such other persons as the person may require (whether under subsection (2) or otherwise) to provide it with assistance in giving effect to the warrant.
…
101 Duty of telecommunications providers to assist with implementation
(1) A relevant telecommunications provider that has been served with a copy of a targeted equipment interference warrant issued by the Secretary of State under section 84 or 87, or by the Scottish Ministers under section 86, must take all steps for giving effect to the warrant that are notified to the relevant telecommunications provider by or on behalf of the
person to whom the warrant is addressed.
…
(5) In this section, “relevant telecommunications provider” means any of the following—
(a) a person who provides a public telecommunications service;
(b) a person not falling within paragraph (a) who has control of the whole
or any part of a public telecommunications system located wholly or partly in, or controlled from, the United Kingdom.
(6) A relevant telecommunications provider is not required by virtue of this section to take any steps that it is not reasonably practicable for the relevant telecommunications provider to take.
(7) The duty imposed by subsection (1) or (2) is enforceable against a person in the United Kingdom by civil proceedings by the Secretary of State for an injunction, or for specific performance of a statutory duty under section 45 of the Court of Session Act 1988, or for any other appropriate relief.”
Ron Fendley • November 7, 2015 5:55 AM
@Grauhut @Binary linage:
“§§ 99, 101.”
Effectively if a service, say a messaging app, provides end-to-end encryption communication to its users and the UK government decides that they want in, the government would be legally entitled to demand the service to push a vulnerable or backdoored version to the user base. If the service refused to do so, they would be breaking the law.
Orange Juice • November 7, 2015 6:55 AM
@ Jason Richardson-White
“Instead, I will use a combination of communication broadcasts (e.g., blogging) and “private” communication, meaning that I shall preface every phone call with someone wishing a private but remote conversation with me with the advisement that such is likely not possible – caveat emptor.”
And such is the caveat, or relics of the past, as we brushed back the basics of old century. A communication of broadcasts, e.g. newspapering, and the gentlemen’s clubs of the West End Gate’s fame.
As men grew old, the old grew wiser, and wiser.
Orange Juice • November 7, 2015 7:13 AM
@ In Ravens Shadow
“How much harder to catch mafias that are government, and that don’t make the mistake of going above water so people might see they are even a fish to catch?”
Catching the government (doing what?) is a superfluous saying. You don’t catch the government, it catches you.
As we know in the free world, the culmination of democracy is mob rule. Thus we were learned to avoid too much democracy as we elect representatives to make the hard decisions and the rest we can’t be bothered with.
Sometimes there is too much democracy in democracy itself.
Binary Lineage • November 7, 2015 7:22 AM
@Ron Fendley – I fail to see how that means a programmer in the UK could be sent to prison for writing code that implements a cryptographic library which the government cannot crack.
Ron Fendley • November 7, 2015 7:52 AM
@Binary Lineage:
Based on my interpretation of the text (the usual caveat applies: I am no lawyer), the scenario would be:
Grauhut • November 7, 2015 7:57 AM
@Ron Fendley: “Effectively if a service, say a messaging app, provides end-to-end encryption communication to its users and the UK government decides that they want in, the government would be legally entitled to demand the service to push a vulnerable or backdoored version to the user base.”
No, this goes far beyond service providers.
Imagine a service provider in switzerland uses a piece of end-to-end crypto software in a messenger and the coder lives somewhere and visits the UK, not knowing his lib is used in that messenger.
§§99, 101 pave the way to press this guy to make a piece of crap out his otherwise unbroken crypto lib.
“… a person … who has control of … any part of a public telecommunications system located … in … the United Kingdom.”
This means, in the worst case, they could even fetch a crypto hacker from the transit area of an international airport in the UK and force him to break his own code for them.
But its not fascism if a western democracy does it! C’est la salut public, terreur, pas de terror! 🙂
Thuringian • November 7, 2015 8:14 AM
@Ron Fendley:
“(the usual caveat applies: I am no lawyer)”
Most lawyers are struggling to get their heads around the real implications of the charter. The document has been carefully drafted to be as vague and easy to manipulate in its implementation as possible (just like RIPA, the Terrorism Act, etc.). For example, there are no less than 63 instances of “reasonabl*” in the draft (which, as we know from previous experience with the NSA, is essentially a carte blanche that is automatically translated by the intelligence community as “to within an inch of the most illogical interpretation that the English language will allow”).
When it comes to the really significant details (e.g. how will the data be handled? what safeguards will protect citizens from misconduct, misappropriation, coercion?), there is either no information whatsoever or a half-baked promise that these details will be ironed out (provisions will be made, safeguards will be set out…).
My suspicion is that half the members of the House of Commons are completely out of their depth. They don’t know what they’re signing and the intelligence services are on a joy ride.
Jimmy Mcvea • November 7, 2015 8:38 AM
Honestly, it sounds to me like the UK is creating itself a huge long term problem by attempting solve a relatively minor one.
As an internet user, the first thing I’d do if I lived in a densely populated place like London and that law was passed would be to start a decentralized peer to peer mesh network with inbuilt crypto and verification. Think Byzantium, PirateBox, EnigmaBox, Guifi.net, tinc, etc. These work outside the internet, are able to provide communication to millions of individuals (who become providers and consumers as soon as they switch their router on), they can cover enormous areas through a few hops, they’re impossible to surveil in their totality and virtually impossible to bring down unless you raid every bedroom in the city.
Anyway, the discourse of going dark and allowing pedos and terrorist suspects to walk away makes no sense. The UK already has RIPA, which provides very hefty prison sentences for any suspect who merely refuses to reveal the keys.
d019 • November 7, 2015 8:38 AM
Using Google+ API as dead drop for malware to communicate out from a compromised machine
https://www.scriptjunkie.us/2015/11/how-i-used-dead-drop-c2-to-hide-malicious-traffic/
Creating command and control (C2) methods for malware to function in a closely monitored network is an interesting problem with innumerable solutions; the only rule is that commands must be sent to and data must be received from the compromised systems. The most convenient way for this to work is via a listening service, like Windows’ built-in WMI service or the various *nix’s SSH. But these tend to get blocked quickly and easily by host and network firewalls, as block inbound traffic is the default policy and open ports are easily identified.
So most red team malware follows a callback strategy, periodically connecting out to the controller.
Uhu • November 7, 2015 9:05 AM
A lot of people here talk about how they feel that they are under surveillance. While I think that electronic mass surveillance is quite extensive, the kind of surveillance where they actually have to send people in the field is probably quite rare. It is thus difficult to say who is just paranoid and who really is a target. To change the discussion a bit, let me offer a personal experience of an observation that was not targeted at me.
A few months ago I was at an international airport waiting for my family to arrive. Because of weather conditions, the plane was rerouted and was delayed for several hours. As the airport isn’t exactly around the corner for me, I decided to wait, and as I don’t like staying in bars for hours I walked around in the arrival section, thinking about various things and occasionally observe the behavior of the other people waiting there.
After maybe two hours I suddenly got the feeling that the mood had changed. There was nothing that I could point to. The people were not louder than before, it still seemed the same mix of persons. But I had a persistent feeling that things became more serious.
After 15 minutes or so, passengers probably from an Arabic country arrived. I say this because most men coming out of customs were wearing robes and turbans, and the women were completely covered except for the eyes.
I then realized that one of the people waiting in the background had a Taliban-like attire (extreme beard, wearing a robe, etc.), but was Caucasian. I believe to have recognized a very controversial person around here who openly sympathizes with various terrorist groups (such as Al Quaeda and ISIS) and has defended on TV a husbands right to beat his wive. He might even have been denied entry to various countries.
This white guy and one of the arriving men then met and had a discussion for maybe ten minutes right there in the arrival section. Then they parted ways and left in different directions. This surprised me as I expected at this point that they would leave together.
After approximately 15 minutes, various people started to leave, without having met anybody. I did not count, not do I think I would have been able to recognize every agent, but I guess there were at least ten undercover agents present during this meeting.
I have a couple of thoughts about this:
1) I am glad to see that our government takes people like this particular white guy serious.
2) The observation was very unobtrusive. I doubt I would have noticed if I hadn’t been waiting for so long and was subconsciously attuned to the mood of the crowd. I do not think it was meant for these guys to notice, and I don’t think many of the other waiting people realized that anything suspicious was going on.
3) If this is true, then there were a lot of agents. Maybe they were afraid that these guys were preparing a terrorist attack right there.
Binary Lineage • November 7, 2015 9:28 AM
Terrorist squid rigged with explosives!
http://videos.huffingtonpost.com/fish-worker-finds-bomb-inside-squid-517724335
Airport security do not allow giant squid.
directional bedimplies • November 7, 2015 9:34 AM
@Uhu
“there were at least ten undercover agents present during this meeting.”
Kudos to them. Targeted surveillance of individuals who are known to pose a threat is relevant and, most would argue, justified.
But that’s not what we’re discussing here. Here we are talking about rigging the national telecom infrastructure to systematically siphon in the conversations, financial transactions and consumer habits of all citizens (even the most intimate ones). We are talking about tracking and storing the physical location of all smartphone users in the country. We are also talking about coercing service providers into becoming executors, thus eroding any trust, let alone loyalty, that their clients (now victims) could have had in them.
Your opening paragraph alludes to the argument that if a physical person does not read it, then it is not surveillance. That is an old conversation that has been discussed in the blog plenty of times. Snowden has also written about it. Knowing that the information is being recorded, processed and analyzed can, in itself, cause distrust and stress. The Hawthorne effect (https://en.wikipedia.org/wiki/Hawthorne_effect) challenges the assumption that surveillance is innocuous until physically acted upon. Only a couple of days ago, Schneier posted some links about the psychological effects of surveillance on victims (https://www.schneier.com/blog/archives/2015/11/the_effects_of_2.html). The financial cost of this distrust is not negligible either!
Grauhut • November 7, 2015 9:53 AM
@Uhu: “Maybe they were afraid that these guys were preparing a terrorist attack right there.”
I dont like the p word, but are you shure? Maybe your bored subconscious mind was just triggered by similarities to tv soap crime operas and played with you. 🙂
Finding and educating agents is expensive, if there really were agents looking like civilians, then they did not fear an immediate attack. In case of attack fear you would have seen some heavily armed guys wearing these nice martial black uniforms and helmets and the guys looking a little like astronauts would have been the bomb squad.
And if the whitey was really famous for being overly dangerous, then the real squads were behind service doors near you and the talk was laser recorded and HD filmed.
But maybe you saw some professional bodyguards of the arriving arab. Any signs of concealed carried weapons?
James Veksler • November 7, 2015 10:03 AM
“can, in itself, cause distrust and stress.”
It doesn’t just cause distress. It goes against the fundamental right to privacy as recognized by the UN Declaration of Human Rights, the International Convenant on Civil and Political Rights and the European Convention of Human Rights, all of which explicitly state that all individuals are entitled to privacy.
When the British government asks incredulously whether we really believe that there should be any aspect of our life that the government should not be able to scrutinize, they are asking you to justify why you believe your fundamental human rights should be respected.
Uhu • November 7, 2015 10:11 AM
@directional bedimplies
Sorry abou the misunderstanding there. I take electronic mass surveillance very seriously. But why not talk about another kind of surveillance once in a while? It’s after all a Squid thread.
@Grauhut
Given some of the things I heard about the airport, and given how I witnessed a police action at an anti-war demonstration around here, I would not be surprised if there was indeed backup waiting somewhere nearby and out of sight. It is also possible that more than one agency was present, maybe from more than one country. Then again I have no argument against the bodyguard theory (the suspicious people were definitely not Arabs, but I guess one could hire locals). I did not check for concealed weapons, but even if I did I doubt that I would recognize the signs. I would expect that the encounter was recorded, but I did not notice anything special. Then again, from what I hear about the airport I would expect it to have better than average CCTV cameras.
In the Shadow of Eagles • November 7, 2015 10:27 AM
@tyr
That is the spirit. I am old fashioned and believe that things just never ultimately work out for the truly rotten.
@Cabals or Secret Ruling Class Controlling Countries
Is the “deep state” a force that insidiously undermines democracy or has it helped maintain stability in the face of extremism? Do they put citizens under mass surveillance?Do Shadow Elites Use Power Wisely?
I do not mind throwing out hypothetical scenarios of shadow organizations which operate by stealth, surveillance, and manipulation. Such organizations would have illicit funding and enter into the corporate world taking control of corporations like a bear could take control of a human child. We also see these hypothetical scenarios played out in various fiction and non-fiction here and there. But, to the best of my knowledge, this does not exist in free countries, even if it is rampant and the norm in totalitarian and lesser tyrannies. So, for instance, in a full totalitarian country the state owns all companies, and in a democracy crumbling towards totalitarianism like Russia you see the FSB/SVR/old KGB taking over businesses, even criminal organizations, and personal members profiting wildly from them.
We can, today, actually, pretty well scope out the symptoms of a nation which is falling, instead of rising. The terms used will be more specific then just “totalitarian”, of course. Specifics will be looked at, such as the rising discrepancy between the average income of the classes. There are many points to observe. Just as there are many commonalities across the spectrum of totalitarian systems, despite their actual leaders and often belief systems being so often superficially divergent from one another — the reality, of course, is just different words for the same beast.
Their bullshit just is that thick.
The reality is, though, of course, there will always be a wide strata of controlling influences in a society. Many powerful forces will have much of what they do underground, but generally they will want to surface at least their heads. Because their heads love the glory of showing off their power. It is the best drug in the world.
Those heads, I am just saying, will be wide. For instance, I was speaking of Chicago under Capone. He was a head, but there was also others. There was, in fact, a secret cabal of wealthy businessmen who demanded the government take him down. The secret six, they were called, of all things. You would also have other sorts of heads, however, in nations. Heads in science, the arts, business, politics, law enforcement, and so on.
@Orange Juice
Catching the government (doing what?) is a superfluous saying. You don’t catch the government, it catches you.
I did point out how organized crime takes ‘one giant leap forward’ when it becomes the legitimate power and authority of the land. Great documentary of late, “The Seven Five”, about police corruption in New York awhile back. Shows what happens when some cops start being the bad guys.
But, there have been countless cases across just the past five decades over the world of governmental corruption being exposed and stopped. Today, many have consistently pushed to help ensure that is made all the more easy and secure.
Because the last century was a doozy, and they did not forget.
When someone is in power and authority in government and abuses that power, they have crossed the line and become a criminal. They are not really government anymore. They are hiding. They are just waiting to be caught.
Like you could see in that Seven Five, how one cop said, “You know I saw that guy [who was the worst of the corrupt gang of them] and my head went ‘perp’, and I couldn’t figure out why. I mean he was a cop in uniform. Why was my ‘perp’ alarm going off.”
Often it can be ordinary people who catch them. But, it also depends on parts of government that are interested in catching them.
Democracy… ‘mob rule’… it is complicated. There are a lot of cases where public outcry is very righteous, and a lot of cases where it is not. A lot of outrage can be feigned. Now, if you have a surburban city, and some kid sprays graffiti on the wall, are most people going to get really outraged? But, if some adult goes and rapes and murders a ten year old girl, they will get very upset, right? Especially as in a surburbia you will have a lot of people with kids. They are show a sort of empathy. They don’t want that to happen to their kid. If the killer is not caught, it could. So there is serious motive for the “mob” there and it is directed according to the “weight” of the problem. Anyone could point out the “weight” of a little girl getting raped and killed is substantially more – perhaps even inconceivably more – then some graffiti on some wall in some alley, right? Intangibles. But, there is significant, nearly tangible weight there.
“Enough” for “people to give a damned”.
So, problem is, really bullshit feigned outrage over meaningless things that are improperly weighed. Like sellers used to do. Sell a pound of copper for an ounce of silver. Alter the weight machine you use to do the trading, shave some extra off top. Profit. Bias. People do this all the time.
But, maybe that is self-correcting. Can depend on the circumstances. After all, crying wolf is its’ self something of wrong that can be weighed. So the false accused can end up on trial, in the hottest trial of all. When the smoke clears and all is said and done.
zelophobic yolk • November 7, 2015 10:34 AM
Any chance of Project Loon doing a detour through north Africa and coming to the UK? 😉
(Only joking, out of the pan and into the fire and so on…)
Grauhut • November 7, 2015 12:55 PM
@Eagle Shadow: “Such organizations would have illicit funding and enter into the corporate world taking control of corporations like a bear could take control of a human child. … But, to the best of my knowledge, this does not exist in free countries”
Work on your knowledge.
“[There exists] a shadowy Government with its own Air Force, its own Navy, its own fundraising mechanism, and the ability to pursue its own ideas of the national interest, free from all checks and balances, and free from the law itself.” (Senator Daniel K. Inouye)
https://www.youtube.com/watch?v=EbFphX5zb8w
https://en.wikipedia.org/wiki/Iran%E2%80%93Contra_affair#Indictments
Whats the difference between cocaine and heroin? The army airfield it starts from! But Inouye was surely just beating around a Bush… 🙂
In the Shadow of • November 7, 2015 1:22 PM
@Grauhut
‘Secret Team’ by prouty detailed a lot of that, granted he went kind of nuts after that book. Probably some covert lsd on a regular basis and subtle ‘working with’ helped. But that book is valid from valid work experience. No smoking gun per se but he showed how Intel even in 59 was dealing with the problem of resources and financing in creative ways.
Intel works covert in business all the time. Far harder to create and control your own cover business. But something else to go full blown swordfish.
Iran contra was shady, but poor sighted politics. Not full blown “let’s take over everything”. As they sure could do.
In the Shadow of • November 7, 2015 1:25 PM
Excellent article on the bias in american media for covering over war atrocities
Justin • November 7, 2015 2:00 PM
@Curious • November 7, 2015 2:19 AM
Colleges in America have become completely profit-driven, commercial centers. Inferior education for exorbitant prices. Tuition being what it is these days, it’s all about the money, and the highly profitable predatory lending by the student loan industry.
College is just a scam anymore. Selling a pipe dream of a good-paying, steady job when you’re done. And by then you’re too deep in debt to ever get out. Realistically, you’re not going to learn anything at college anyway. All your classmates are into pot, sex, alcohol, and other drugs.
Listen to this guy talk about the “Axis of Evil” and the monopolization of education. About 15 minutes into the video. https://www.youtube.com/watch?v=R_bjWw4InCE Of course he’s talking about medical school, but it’s all the same.
Where there’s money, there’s power, and it is profitable to spy on students’ web browsing.
Curious • November 7, 2015 2:06 PM
Something about a document leak about a “draft communication on copyright reform” for EU.
“Ancillary Copyright Copyright 2.0: The European Commission is preparing a frontal attack on the hyperlink”
“According to a draft communication on copyright reform leaked yesterday (via IPKat), the Commission is considering putting the simple act of linking to content under copyright protection. This idea flies in the face of both existing interpretation and spirit of the law as well as common sense. Each weblink would become a legal landmine and would allow press publishers to hold every single actor on the Internet liable.”
“The leaked text is not a law proposal, but just a summary of the Commission’s plans for next year. The plan is supposed to go public on the 9th of December.”
Slashdot points out that the author is a member of the European Parliament.
Not entirely sure of the scope of this. My impression is that this might be about copyrighting hyperlinks to online news articles.
Curious • November 7, 2015 2:13 PM
Off topic:
I am seeing on Twitter, that US news channel CBS NEWS’s webpage for the show “60 minutes” describes Chelsea Manning (former Bradley Manning) as a “convicted spy”.
http://www.cbsnews.com/videos/preview-into-dangerous-hands/
Iirc, Manning was not found guilty of espionage.
Danny • November 7, 2015 2:24 PM
@Squidblogger
That is not “full technical details of the attack” on ProtonMail, that is their press release. It’s far more serious than indicated there or in the media, with lessons we should all learn. Thanks for highlighting the attack though. Bear in mind the last ProtonMail tweet before the DDoSing was critical of this daft new UK law.
@Jacob
“Based on the news report about the British reaction to the downing of the Russian passenger plane, it appears that raw data collected by the GCHQ and NSA is not processes in real-time, but analyzed ad hoc.”
I doubt ISIS ‘chatter’ in English. Recruitment advertisements indicate the UK SS are still short of fluent Arabic speakers, nor would that region be a state priority for analysis. Also, you assume for some reason that UK SS would bother if a Russian airliner was brought down over Egypt – where is their motivation to intervene?
@Carl
Ouch! That is a litany of worries well-listed. I hope someone else more technical repudiates it, because that level of fakery and psychological misdirection reminds me of the compiler conundrum, the Ken Thomas Hack.
@ianf
Shameless, aren’t you? One thing my surveillance taught me was how to spot you lot at fifty paces.
Grauhut • November 7, 2015 2:27 PM
@shadow of: “Iran contra was shady, but poor sighted politics. Not full blown “let’s take over everything”. As they sure could do.”
“Pardoned by”, “granted immunity”, “probation” and a prez who wrote in his diaries he knew everything, but never discussed it.
There are no black helicopters, no reptile aliens, just greedy human beings, some want money, some want power, some want it all… What would have to happen before you call something a take over? Would it make sense to “take over” openly? Of cause not. People believe in this system, they trust in it, so it continues to exist as a kind of theater decoration. A shadow.gov can rule by blackmail. And because there are so many funny thin foil hat theories average Joe looks at theater deco, sees no reptiles and thinks “Ok, no reptile, no takeover”… 🙂
Iran-Contra is really interesting stuff. There are not so many players with the balls of steel you need if you play with the Israelis.
https://books.google.de/books?id=NkxZcHL1xdYC&pg=PA112&hl=de#v=onepage&q&f=false
Still new books about it. Open end.
Grauhut • November 7, 2015 2:52 PM
@Curious: “My impression is that this might be about copyrighting hyperlinks to online news articles.”
Commissioner Oettinger had a little too much Oettinger beer and Bavarians rimes on… 🙂
German .gov is a bit nervous about their MSM printed propaganda outlets, they need them urgently, refugees crisis, you know? And the Germans refuse to pay for propaganda.
It would look bad if they financed them directly and so they try for the second time now to get some Google money for them. Last time Google simply stopped offering snippets in gnews and this was a financial catastrophe for the publishers. And this will only get bigger next time if they kick them not only from gnews but this time completly out of the index.
Google can easily say: No license included for us in your robots.txt, not a single page in our index. Or: You need to register for gwt and sign a license there to get indexed. 🙂
Clive Robinson • November 7, 2015 2:54 PM
@ Jacob,
The agencies suspected a bomb rather than a mechanical failure by finding evidence in “communication chatter” ex post facto. This is notable especially since the chatter comes from a group high on the US/UK group A terrorist list.
Yes it is very notable, it shows how ridiculous the “collect it all” policy is.
Because the Russians did not have the intel, they could not do anything… And people will understand.
However the FiveEyes had the intel by their own admission, but did nothing with it…
I wonder how that will play out in the Russian Republics etc…
But the real point from the security side, is yet again, “collect it all” was a “predictive failure” and thus did not save lives or increase the security ordinary people care about.
So I suspect this will get used as a “we need more resources” argument by those who failed. This is the usual route for intel failures, and not the way it should work.
Panmixy Loftmen • November 7, 2015 3:10 PM
@Thuringian:
“For example, there are no less than 63 instances of “reasonabl*” in the draft”
They must mean “reasonable” as in “it’s-reasonable-to-detain-a-journalist’s-partner-carrying-a-USB-stick-using-laws-designed-to-stop-terrorists-from-blowing-up-planes-with-explosives.”
http://www.theguardian.com/world/2013/aug/18/glenn-greenwald-guardian-partner-detained-heathrow
Grauhut • November 7, 2015 3:21 PM
@Snowden Recommends: “The Free Open Source Project looks like just the ticket to replace Windows.”
Nope, not yet, nice idea, but using Xen was a suboptimal choice.
Lots of Xen sec fun: http://lists.xen.org/archives/html/xen-devel/2015-11/msg00601.html
Have a look on *bsds. Openbsd, Hardenedbsd… Until Qubes manages to fix Xen Sec! 😉
tyr • November 7, 2015 3:54 PM
@Grauhut
But its not fascism if a western democracy does it! C’est la salut public, terreur, pas de terror! 🙂
It’s not fascism if you coat it with a thick enough layer
of hypocrisy and spin.
You are free to do as we tell you and buy stuff we advertise.
Justin • November 7, 2015 4:00 PM
@Danny • November 7, 2015 2:24 PM
@ianf
Shameless, aren’t you? One thing my surveillance taught me was how to spot you lot at fifty paces.
Wrong lot to pick on. What’s your motivation for stalking other men, Danny boy? Are you too smart to stalk me, or do you already have naked pics of me? I don’t want to be homophobic here, but I don’t like stalkers. Just keep posting here, Danny boy. Something’ll lead back to you, because I’m really sick of your Zersetzung gangstalking crap. That’s just a cover for what usually motivates stalkers, and there are plenty of law enforcement officers monitoring this forum.
ianf • November 7, 2015 5:09 PM
@ Curious, Grauhut
“Not entirely sure of the scope of this. My impression is that this might be about copyrighting hyperlinks to online news articles.”
Death-throes of dead-tree papers, unless that’s their Plan B^hC^hD^hE… you get the drift. Unworkable, let’s move on.
“Slashdot points out that the author is a member of the European Parliament.”
Doesn’t mean he’s sane or, for that matter, intelligent. Elections to Euro Parliament all over Europe have so meager voter turnouts that the threshold for getting in is quite low, and not a few parties treat the seats there as placemats to pension off their dear old leaders etc whom they’d rather keep at an arm’s length in Brussels & Strasbourg, than locally. Then there are the true crazies:
http://www.politico.eu/article/european-parliament-meps-suspended-for-making-nazi-gestures/
@ Jacob, Clive
Re: Metrojet A321 crash in Sinaï (BTW: why don’t we call this event by its flight number label, as with the #MH17 and #MH370?)
My theory is that neither GCHQ, nor any other TLA knew of any “chatter” until the first preliminary field reports of bomb-pattern residue in bodies from the rear of the wreck came in. First then they begun to look for verbal clues in their “airplane hangars full of data haystacks.” I.e. that proved its worth for data forensics ONLY, not for any advance sifting through for potential clues to anything untoward being “planned.”
So, even had GCHQ wanted to, or had reciprocal warning-exchange agreements with the FSB, they wouldn’t have had ANYTHING to report apriori.
Incidentally, in today’s direct press conference from Cairo, it transpired that the aircraft was still climbing at a (for me) suspiciously “round” altitude of 30000 feet. This COULD mean a barometric type of trigger in the hold…
@ blog-troll-du-jour
so glad you recognized ‘self instantly
Clive Robinson • November 7, 2015 5:13 PM
@ Grauhut,
Have a look on *bsds. Openbsd, Hardenedbsd… Until Qubes manages to fix Xen Sec! 😉
With respect to HardendBSD, if you go to their website and read down you discover this little snippit,
Which means a US corporate entity, subject to the very real posibility of NSLs and other forms of coercion (such as that which NY Fed Prosecuters are famed for)… Which means the code could well have issues in ways similar to a certain SSL implementation…
Whilst I’m not saying they have been lent on yet, you only need to see what the UK’s Home Secretary Theresa May is proposing, to see where potentialy the US is going to go (or already has done).
Which suggests an “Out of Five Eyes” independent backup plan would be sensible. Thus a word to the wise might be “Luke feel the source” and set up your own issolated source code repository and sanity check any changes they make… Because recent history tells us that the “hundred eyes” theory has been at best an idea not a reality.
Yes I know it’s a “541t load of work” but real security always has been…
Whilst Qubes and similar security projects have their problems and detractors, I applaud and encorage their effort (this includes ToR that I’m known to moan about). They might never get finished or become sufficiently secure, –such is the way with most security projects– but the process in of it’s self is valuable to not just their own community but others as well. At the very least you have the record of how they went about things to use as seeds for other ideas.
At the end of the day “cross fertilization for hybrid vigor” is what nature repeatedly demonstrates is the best and in the long term safest way to go, especially when it comes to avoiding evolutionary dead ends.
Stephen • November 7, 2015 6:02 PM
@ Justin
“Colleges in America have become completely profit-driven, commercial centers. Inferior education for exorbitant prices. Tuition being what it is these days, it’s all about the money, and the highly profitable predatory lending by the student loan industry.”
It’s what they call money sinks in mmorpgs. Economy in mmorpgs most closely resemble ours in its purest form non-propagandized form.
@ Raven’s Shadow: “Such organizations would have illicit funding and enter into the corporate world taking control of corporations like a bear could take control of a human child. … But, to the best of my knowledge, this does not exist in free countries”
As the NY Times article pointed out, this types of activities only exist and are feasible in border totalitarian countries like Turkey and Syria. No evidence of such in our free countries.
Grauhut • November 7, 2015 6:20 PM
@Clive: “potentially setting up a not-for-profit”
You are comparing the potential of a not-for-profit setup in the future risk wise with known severe bugs in a hypervisor? Interesting!
HardendBSD is known dip for me (firewall setups) and i continue to buy it. 🙂
They really care about details and are small enough not to be interesting for the three letter agencies that be. Search the hacked team archives, even less mentions than netbsd. I try to avoid using pure freebsd since i compared what is known about the NSAs disk firmware tool to fbsds disk tool messages. If i am right it doesnt mean fbsd is broken, but at least they know it too intimate.
ASLR implementation features:
Execution base randomization of Position-Independent Executables (PIEs)
Full stack randomization in addition to a random stack gap
RTLD base randomization
mmap randomization
VDSO randomization
Shared object load order randomization
https://hardenedbsd.org/article/shawn-webb/2015-07-06/announcing-aslr-completion
In the Shadow of a Murder of Ravens • November 7, 2015 6:32 PM
@Grauhut
There are no black helicopters, no reptile aliens, just greedy human beings, some want money, some want power, some want it all… What would have to happen before you call something a take over? Would it make sense to “take over” openly? Of cause not. People believe in this system, they trust in it, so it continues to exist as a kind of theater decoration. A shadow.gov can rule by blackmail. And because there are so many funny thin foil hat theories average Joe looks at theater deco, sees no reptiles and thinks “Ok, no reptile, no takeover”… :)Iran-Contra is really interesting stuff. There are not so many players with the balls of steel you need if you play with the Israelis.
Yes, it actually is a system people can believe in. Though so often those working for it do get side tracked. Then what.
What I do not say is I do actually believe there can be something like a benevolent “shadow” government. Like anonymous angel investors. That is controversial to say anywhere, as well. It can be a problem with authority. On the other hand, there always has to be insurance and a plan B.
Prouty’s “Secret Team” book is one of the better intelligence books from history, though as I said he went mad afterwards. His experience was real, and he certainly documented far too much. One problem he delved deeply into was the mechanics of a substantial cover program which the CIA had integrated into the US military. He pointed out how phantom components across US military were actually CIA and the strengths of this cover — they had resources whenever necessary, they had steady paychecks with military cover, they had plausible reasons for travel, often military is compartmentalized so no one asks questions, and so forth. That he went mad – buying into scientology, some anti-semitic beliefs, obsessed about the kennedy assassination, and so on – not too unusual for people, however. It did surely serve to discredit this earlier work, unfortunately, and substantially so.
Where that sort of model gets really scary is simply when you replace “military” with “corporations”. And, of course, US Government has substantial experience with funding and helping ‘get off the ground’ substantial US corporations.
Israel is a vitally strategic country in a very dark, big mess. A mess which is always right at the ticking point of exploding. The Iran Contra program I do not see as one of the more professional or sophisticated US programs, however. Nor do I see stuxnet as such. Israel has had significant successes here and there, and significant failures.
“Tin foil hat” actually can get pretty mainstream. “Family of Secrets” made it to the NY Times bestseller list significantly, was praised highly by many well regarded pundits, and basically attempted to portray a super secret state in the US somehow sheerly connected to the CIA which had the capacity to not just take down JFK, but also operate in plain sight at the upper levels of government. They genuinely connect the Bush family to the assassination. And the book is widely lauded. Regardless, it is fascinating, I did read it for entertainment, and they did stumble across some interesting matters.
@Curious
re: NSA discloses 90% of bugs to vendors
The fact is the NSA has a mandate to look at privileged source code of all software which runs on DoD systems or which DoD systems touch or otherwise depend on. So, this means the NSA has had access to all sorts of source code all sorts of places. They tell the vendors that when they perform the assessments they do it for the security of the DoD. To not disclose security issues means that they are leaving effective backdoors in code, and this would mean a lot of critical infrastructure. Which, one might point out, runs code too, and certainly has been examined by the NSA.
There is no way to catch this however, because if you find a security vulnerability, they can just say they missed it.
It might be noted, this is not a news flash to anyone, of course, they are a spy agency, and such behavior is expected. Even if people might not like the idea that the NSA probably even keeps the most critical hard to find bugs in critical American infrastructure to themselves. Just in case.
Like stated in Wargames, you never know when you might need a backdoor.
I would certainly expect that 10% not disclosed bugs both most critical ones, which also meet a very important other criteria: significantly hard to find and exploit.
@Uhu
re: your view of some manner of something fishy going on
A lot goes on in airports that can alarm your unconscious mind, what some call their “gut”, or some may say “gives them shivers”, or “makes the hair stand up on the back of their neck”.
It is a key juncture point, is one thing, with a lot of unknown passageways, and there are video cameras everywhere.
You are correct that significant surveillance rarely goes on in ordinary quarters, but it goes on significantly in very rare quarters. It is all about money, power. So at the pinnacles of power, the people are watched all the most closely. It would be stupid not to. Physical surveillance is risky, and so often unneeded these days.
Undercover, on the other hand, is more needed then ever. The disguise capacities are like “Darkman” or “Mystique”. What is possible if you could look like anyone closeup for long periods of time, quickly? It opens up vast possibilities for enormous control. Couple that with computer capabilities to control paper backgrounds, and collect information, and there are some scary possibilities right there.
Stephen • November 7, 2015 6:35 PM
@ In the Shadow Of
“Intel works covert in business all the time. Far harder to create and control your own cover business. But something else to go full blown swordfish.”
Apparently, they couldn’t control the media enough to minimize exposure.
Going into intels is shady business. A few career paths come to mind as perfect covers for such a profession. However, that’s the least of our concerns when it comes to privacy rights.
Justin • November 7, 2015 6:48 PM
@ianf
@ blog-troll-du-jour
so glad you recognized ‘self instantly
Yep! 🙂
@Clive Robinson
Which means a US corporate entity, subject to the very real posibility of NSLs and other forms of coercion (such as that which NY Fed Prosecuters are famed for)… Which means the code could well have issues in ways similar to a certain SSL implementation…
I’ve thought about this and I think you’re needlessly paranoid about U.S. government coercion. Organized criminal coercion, foreign spies, maybe, but all this paranoia and vague talk about the U.S. government secretly coercing backdoors, “other forms of coercion,” it sounds fishy and I’m not buying it.
@Stephen
It’s what they call money sinks in mmorpgs. Economy in mmorpgs most closely resemble ours in its purest form non-propagandized form.
Then there’s the propaganda. Colleges are centers of liberal indoctrination. Fake lib “tolerance” of minorities, women, gays, etc. Sorry. Eliminating free speech does not promote “tolerance.” Let’s not fool ourselves. Groups like the KKK have been on the rise ever since Obama took office. By day, their members are very liberal, tolerant people.
By the way, here’s a smallish local skinhead white supremacist hate group that somehow didn’t make it on the Operation_KKK dump:
Very small footprint online, so they must be extremely secretive, but they are active in Kelso, Washington.
John Galt IV • November 7, 2015 6:52 PM
@Uhu
your story about the agents reminded me of this bizarre and less probable story, which is at least entertaining
http://www.freerepublic.com/focus/f-bloggers/2178601/posts
…
But I made one mistake.
I had my electronic passport in my sneaker. I walked into Union Station to purchase a $35 trolley ticket and probably set off an RFID tracker.
I waited outside of Union Station for the trolley. At approximately 2:45 PM, just after I had purchased my ticket inside the station, I was sitting next to a white homeless man with a grey beard in his 50’s. He had two shopping carts full of clothes, food, radio etc., apparently his life possessions. We were the only two people sitting on this stone circle just outside the station. Suddenly, the homeless man starts gibbering some kind of weird code. He sounded like this,
“Echo one four two seven, target is in the building, repeat target is in the building…”
Then he paused and I looked up and a big SUV had pulled up right next to us, and two BIG mofos in yellow gold shirts got out of the SUV, opened the back door and started putting on body armor and packing mega heat… all the while they are scouring the area for the “target”.
The homeless man is talking to them through a device in his battered shirtsleeve,
“No point in wasting time, I want to get paid for this, target is in the building… Ok, but I thought you might want to just get the target, repeat — target is in the building, target is in the building. Stop wasting time out here.”
He was mixing in code talk with things I could understand.
Finally, these Blackwater types in yellow who had no badges or official insignia head into Union Station carrying full weapons.
I’m having a heart attack. They looked straight at me at least twice
Grauhut • November 7, 2015 6:53 PM
@Stephen: “As the NY Times article pointed out, this types of activities only exist and are feasible in border totalitarian countries like Turkey and Syria. No evidence of such in our free countries.”
There is a lot of evidence:
“[There exists] a shadowy Government with its own Air Force, its own Navy, its own fundraising mechanism, and the ability to pursue its own ideas of the national interest, free from all checks and balances, and free from the law itself.” (Senator Daniel K. Inouye)
Clive Robinson • November 7, 2015 7:24 PM
@ Grauhut,
You are comparing the potential of a not-for-profit setup in the future risk wise with known severe bugs in a hypervisor? Interesting!
No not “comparing” but “considering additional” future risk factors.
That is as you are aware the risk of any given project getting subverted by the IC or Fed/Gov or other LEO is increasing. And it is increasing considerably faster in some geographic areas than it is in others.
If you have a look at the NY Fed prosecuter SWATing the home of a tiny one man business that made and exported software to support perfectly legal internet gambling sites run in other countries. You will see that the aim of the NY prosecuter was to force him to put in and run for the Prosecuter an illegal back door to steal any and all of the foreign sites customer records. Including names, credit card details and any other identifing information the prosecutor thought useful.
And as some of your other recent posts indicate, you are keeping up on what is proposed in the UK “snoopers charter”, the equivalent of which will no doubt be appearing in the US in fairly short order if it’s not already in place.
Thus there is a track record in place of small US software development companies getting strong armed one way or another to put backdoors into their software to subvert the security of those using the software.
Which brings us to the point where you have to decide on the risk you are prepared to take on such subversion, and if there is any way to mitigate it…
As I pointed out the advantage of OSS is that you can maintain an independent historic record of changes. Which whilst it won’t help you find backdoors that are already there may help you catch those that might be “coerced in” in the future.
So no, I was not comparing a future risk with a current known risk, just pointing out that there were additional geolocated risks that needed consideration and potentially mitigation.
Clive Robinson • November 7, 2015 8:01 PM
@ Justin,
I’ve thought about this and I think you’re needlessly paranoid about U.S. government coercion. Organized criminal coercion, foreign spies, maybe, but all this paranoia and vague talk about the U.S. government secretly coercing backdoors, “other forms of coercion,” it sounds fishy and I’m not buying it.
Well if you don’t actually want to go and find examples that have made it into the public record that is at the end of the day your choice.
If you look back on this blog you will find Skeptical had the same viewpoint as you. I presented him with the information and he went into major “subject avoidance” mode on it.
So the question is not “If it has happened?” because it has but “How infrequently does it get reported in the public record?”.
Further go have a read on the draft proposal for the UK’s “Snoopers Charter”, and see what it says and the lack of restrictions it has. Then consider how long it will be before similar is xodefided in US legislation, if it has not already been done so via “secret legislation”.
It’s your choice to lift your head and look at the horizon for threats that are quite real or keep your head down pretending they are imaginary untill reality bites.
I’ve had many people make the same call as you over what I’ve said in the past, and guess what, they’ve been proved wrong.
As I keep saying “go look for yourself then make your mind up”, don’t just work on what makes you feel comfortable. Aristotle did that and it held back natural philosophy untill Issac Newton impressed on the world the value of tested observation.
Grauhut • November 7, 2015 8:14 PM
@Murder of ravens: “Where that sort of model gets really scary is simply when you replace “military” with “corporations”. And, of course, US Government has substantial experience with funding and helping ‘get off the ground’ substantial US corporations.”
No need to replace entities. Its called “military industrial complex”, but imho we need to add “financial”. Money makes the forces go around…
Skeptical • November 7, 2015 9:25 PM
@in the Shadow of: Excellent article on the bias in american media for covering over war atrocities
It’s an absurd article. Greenwald cites not news stories, but opinionated tweets and opinionated columns. Yes, Ezra Klein and Dan Murphy, who regularly write opinion pieces, expressed opinions that this was unlikely a war crime and/or that it was an accident.
Greenwald apparently cannot distinguish between tweets and opinion columns and news articles that attempt to report, as objectively and reasonably as possible, the facts. But this is no surprise, as Greenwald doesn’t believe in such a distinction.
Here’s Greenwald: many U.S. journalists immediately, repeatedly and authoritatively declared this to have been an “accident” or a “mistake” despite not having the slightest idea whether that was true, and worse, in the face of substantial evidence that it was false.
Later Greenwald cites actual news reporting from the US media: Two weeks ago, AP reported that “the Army Green Berets who requested the Oct. 3 airstrike on the Doctors without Borders trauma center in Afghanistan were aware it was a functioning hospital but believed it was under Taliban control.” Last night, NBC News cited a new MSF report with this headline: “U.S. Plane Shot Victims Fleeing Doctors Without Borders Hospital: Charity.” As the New York Times put it yesterday, the “hospital was among the most brightly lit buildings in Kunduz on the night a circling American gunship destroyed it” and “spread across the hospital roof was a large white and red flag reading ‘Médecins Sans Frontières.’”
Sounds like the US news media didn’t hesitate to report anything.
What about the earliest reporting after the strike?
Here are the opening paragraphs from CNN’s story published the day of the strike:
CNN October 3rd:
Aerial bombardments blew apart a Doctors Without Borders hospital in the battleground Afghan city of Kunduz about the time of a U.S. airstrike early Saturday, killing at least 19 people, officials said.
The blasts left part of the hospital in flames and rubble, killing 12 staffers and seven patients — including three children — and injuring 37 other people, the charity said.
As the United States said it was investigating what struck the hospital during the night, the charity expressed shock and demanded answers, stressing that all combatants had been told long ago where the hospital was.
“(The bombing) constitutes a grave violation of international humanitarian law,” Doctors Without Borders, known internationally as Medecins Sans Frontieres, or MSF, said.
http://www.cnn.com/2015/10/03/asia/afghanistan-doctors-without-borders-hospital/
Wow, what bias! Shameful!
Here’s the Washington Post on October 5th:
A heavily armed U.S. gunship designed to provide added firepower to Special Operations forces was responsible for shooting and killing 22 people at a Doctors Without Borders hospital in Kunduz, Afghanistan, over the weekend, Pentagon officials said Monday.
The top U.S. general in Afghanistan said Monday the airstrike was requested by Afghan troops who had come under fire, contradicting earlier statements from Pentagon officials that the strike was ordered to protect U.S. forces on the ground.
The new details, and the continuing dispute over what exactly happened, heightened the controversy over the strike. In the two days since the incident, U.S. officials have struggled to explain how a U.S. aircraft wound up attacking a hospital run by Doctors Without Borders. On Monday, the medical humanitarian group said the United States was squarely responsible.
A news article that highlights the Pentagon’s changing story, and characterizes US officials as “struggling” to explain how it struck a hospital – more awful bias I guess.
Truly, the absurdity of comments I see here and elsewhere from time to time that the US media hesitates to report on civilian casualties caused by American military action is such that I almost always don’t bother responding. Anyone who makes such statements isn’t reading much in the way of news. The fact is that the US media reports relentlessly on civilian deaths or injuries caused by American military action. Why do they do so? There are the usual good reasons, but if you don’t believe journalists to be motivated by them, then let me give you some easy-to-understand less noble reasons: controversy, and hints of possible scandal, get clicks and get subscriptions.
The US military conducts close air support missions and strike missions regularly. For the most part, the only coverage they receive is via Pentagon press releases. Why? Because they’re not terribly controversial. For example, over the last year the US alone has conducted somewhere between 5,000 and 6,000 airstrikes on ISIL targets in Syria and Iraq. Most of these received little to no coverage. In fact, frankly, I think most people would be surprised to learn that the number is that high.
But allegations of a strike causing civilian casualties – even if later discredited (and sometimes, of course, solidly proven instead)? Massive coverage.
Now, if you subscribe to a worldview like Greenwald’s, in which all attempts at being objective are fruitless and merely disguise the biases of the journalist, or are accustomed to Russian news media, this may be surprising.
But if you’re remotely familiar with good American journalism – by which I mean news reporting and not Vox opinion pieces or tweets – then you’ll recognize Greenwald’s opinion piece for the silly click-bait that it is.
Tim • November 7, 2015 9:49 PM
@Clive
Aristotle did that and it held back natural philosophy untill Issac Newton impressed on the world the value of tested observation.
Aristotle is unfairly blamed for holding back the progress of science.
At the time of Galileo the Catholic philosophy of science was Thomism, a mixture of both Aristotle and religion.
For example in Aristotle’s logic, trying to establish an argument by an appeal to authority is a fallacy, but under the Jesuit interpretation of Aristotle’s logic that same fallacy was regarded as a means to receive Revealed Truth.
Independent scientific investigation was punished because it was a heresy to question the authority of the Church.
Skeptical • November 7, 2015 9:50 PM
@Thuringian: For example, there are no less than 63 instances of “reasonabl*” in the draft (which, as we know from previous experience with the NSA, is essentially a carte blanche that is automatically translated by the intelligence community as “to within an inch of the most illogical interpretation that the English language will allow”).
This is a weak argument. “Reasonable” appears frequently in the law because it is very difficult to specify all the circumstances in which we might desire a law to have a particular effect. Now, there are standards other than “reasonable” we might use for various cases, and it’s fair to argue whether “reasonable” or another standard is best for each of those cases. But the mere fact that “reasonable” as a word is used some number of times doesn’t tell me anything about the – you’ll have to excuse me here – reasonableness of the law.
Re Russian jet:
I’m still skeptical of the bomb theory, although the actions of the British and Russian Governments hint at strong evidence.
Three pieces of information might incline me further towards it:
(1) whether the sound on the cockpit voice recorder, which some have said indicates an explosion, is sufficiently rich to enable it to be identified as the sound produced by explosives detonating and not the sound produced by an “explosive decompression” caused by substandard repairs and maintenance;
(2) further information about the signals intelligence;
(3) explosives residue found on debris or bodies.
Until one of the above comes to light, though, I think an explosive decompression caused by inadequately repairs, and monitoring of, damage to the plane caused by an earlier tailstrike remains a very live possibility.
As to which is the more likely – at present I have no firm opinion.
tyr • November 7, 2015 11:25 PM
A picture is worth a thousand words dept.
https://boingboing.net/2015/11/07/a-freedom-of-information-reque.html
Metadata wants to be free.
Justin • November 8, 2015 12:51 AM
Maybe a little hint to explain all the surveillance: I see this more and more in the news, and people with money want to protect their assets when it happens.
Is U.S. Preparing For World War 3?
With tensions rising with multiple geopolitical rivals, the U.S. military-industrial complex is preparing itself for World War 3.
The Pentagon has concluded that it is a question of when, not if, an armed conflict with Russia and/or China begins. Now preparations are underway to ensure that the U.S. is ready for such a war, …
… Although the media reports that Washington is divided along party lines, on this issue politicians seem to agree: the U.S. is preparing for World War 3. …
China vs. US: World War 3 Over Some Tiny Islands?
Is Russia So Hell-Bent On Starting World War 3?
Recent airstrikes in Russia are aimed at making the ground ready for assaults by Syrian and Iranian troops. However this technique might backfire, as it could yet another Pandora’s Box in a region that is already struggling so much to add some sanity to its day-to-day affairs.
World War 3 Could Be Just Seconds Away, Warn Experts
Russia’s objectives in Syria are very different from that of the U.S.-led coalition. Western countries are working to oust Bashar Al-Assad and establish a liberal democracy in Syria. But Russia is determined to maintain a pro-Russian regime in Syria. Meanwhile, experts fear that China could use airstrikes in ISIS as a cover to support Russia and target the U.S.-trained rebels.
Danny • November 8, 2015 1:53 AM
ProtonMail paid a small ransom to the ‘Armada Collective’ script-kiddies who launched the initial DDoS attack on it. They paid up under pressure from their ISP and the Swiss banks who were ‘collateral damage’ in the subsequent huge attack by an APT (GCHQ in my arrogant opinion).
That was a mistake made under pressure. It was a mistake because you never pay criminals or you just encourage more crime, as we all know. Much more seriously though, it was a mistake because it diverted all the media attention onto the paying of the ransom to script kiddies and away from the nature of the main attack. The secondary attack was an APT exploiting the first attack, as both the first attacker and the victim have acknowledged – yet the press now have an excuse to refuse to acknowledge.
Other free encrypted email providers are under attack just now, (not so) coincidentally just as the British government have declared war on encryption. There is talk of corporates like Apple and Google having to release crackable UK-only products, or withdraw from the British market completely just to comply with our state obsession with surveillance. Technical Britons can still use combinations of systems like Tor and OpenPGP but doing so not only draws attention to ourselves, it is increasingly treated by our courts as an admission of guilt of the worst possible crimes.
Yet too few voters here understand the issues enough to bring about political change, many of us still lust after James Bond. It’s not just Briton’s who use ProtonMail and similar, it’s dissidents in China and Russia and arguably worse regimes who suffer more due to British state abuse of technology.
Our Pry Minister David Cameron infamously signed off to his best friend Rebekah Brooks with LOL, thinking it was short for Lots of Love. Our opposition politicians aren’t much more savvy or decent. Please don’t let them do to personal security what they do to dead pigs.
Clive Robibson • November 8, 2015 2:41 AM
@ Justin,
Hmm all the “World War III” pieces are from the same site ( valuewalk ) which appears to write in clickbate style. Further have you read the comments there? My oh my what a hoot, inter-slaging at it’s best.
As for the “expert” he has his own web site that has been discussed here in the past and found to be somewhat biased in it’s outlook to the point some of his views have been picked at in the same way conspiracy theories do.
As for if there will be a World War III, well after the first everybody said “never again” then twenty years later WW II started. Thus you could argue we are over due for WWIII or that we have already had it in the 1950’s to 1980’s “Cold War”.
The only thing that is clear is conflict is happening more frequently, and that both China and Russia are making teritorial responses to what they claim is the West primarily the US playing games in their back gardens.
I’ve pointed out for some time that the US War Hawks have been pushing strongly at North Korea and Iran and that such behaviour could result in a backlash.
History shows us that military spending is almost allways escalated to the point where it is far in excess of that needed for defence. Thus the toys of war get played with to the point conflict occurs. Both China and Russia are rearming and it appears Russia has started play with their toys of war.
Will it escalate to WWIII, the simple answer is nobody knows, but history suggests we will see more and more proxy wars, that could escalate…
humming terminal • November 8, 2015 3:23 AM
Hey, FCC:
“As a growing number of web users have become more security-conscious, there’s been an explosion of VPNs and encryption tools and other security services for the internet. But what about a device that lets you bypass the internet entirely? That’s the goal of RATS,[1] the Radio Transceiver System, an open source communication tool for the security-obsessed and/or the internet-bereft.”
“The RATS is simple: it’s a small antenna that connects to computers by USB and lets them send encrypted messages and file transfers directly, via radio transmission. There are two obvious advantages to this: firstly, it doesn’t rely on any network being up or even the power staying on — as long as your laptop has some batteries, you can send and receive — and secondly, it’s a level of security and privacy that trumps most of what you can do online. Apart from being entirely separated from the internet, it employs AES-256 encryption with a randomized salt so even the same message sent repeatedly will produce completely different encrypted data every time.
The range of the RATS antenna is about a kilometer in a city, but it can also be connected to superior antennas and, in areas with no obstacles, achieve ranges above 5km. Obviously this means it isn’t suited to everything, but alongside the internet it could be extremely powerful for certain local applications in urban neighborhoods, workplaces, and other situations where we normally use the robust global internet just to send short messages to people within walking distance. But perhaps more than anything it could be a boon for people living under governments that censor and monitor online communications, allowing local groups to coordinate without so much as touching the compromised networks.”
Curious • November 8, 2015 3:37 AM
“Alert Online @ KPN: The Future Of Crypto” (recording from live stream 5. Nov)
This is a presentation/panel/interview with several people working with crypto.
https://www.youtube.com/watch?v=COxMJTh06zI (2H 34min)
I have an hour left of this video to watch so I haven’t gotten to watch all of it as of the time of this writing.
As someone that doesn’t know much about crypto, nor about technology, I balked at the notion of the possibility of ECC curves being backdoored (though I had heard that already), with this idea of having too many curves. Not knowing how a curve was generated seem like a big problem. Makes me wonder what the ideal generation of an ECC curve is supposed to be. Presumably something random, but tested. What seemed awkward to me, was my own notion of possibly having each country end up having their own backdoored curve(s). No idea if that concept is a good one, if everyone can suspect most curves to be backdoored by the implementer.
I thought it was also poignant, when it was dicussed the limitations of quantum crypto tech requiring optical cables for transferring photons. Makes me wonder if laser tech could be used, for mobile applications without optical cables, especially if such a solution was a possible but inferior choice, maybe tempting the industry to decide to go half assed on security and implement something like that for things being mobile. Though, I honestly don’t know if line of sight laser light can be used for transferring information with the implied security that goes with.
I was really surprised by the lack of belief by one of the speakers, that quantum computing wasn’t to be a thing anytime soon. I can imagine that I would use quantum computing, not for cracking crypto, but to construct clever backdoors in future crypto standards. Heh, don’t ask me how that makes sense.
Cabal Turns Against Freedom • November 8, 2015 4:11 AM
Recent passage of draconian mass surveillance laws in the USA and England have led to Internet attacks against non-corporate email providers. All private email is now under direct attack:
https://twitter.com/ProtonMail
https://twitter.com/VFEmail
https://twitter.com/Runbox
There is little doubt other email services are targeted under this coordinated state attack. It’s obvious that these attacks are not originating actors from Russia, China or North Korea.
This eavesdropping is so bad that physical mail is making a comeback…
moz • November 8, 2015 4:14 AM
Excellent use of “security theatre” in this article about improving airport security.
“Until we address those inherent failures we are always going to have something that on the surface looks good, where passengers can say ‘Security was really good because they took my bottle of water away’, which is meaningless in 2015. We need to move away from security theatre into security reality.”
Notice that, in more or less “mainstream media” (well, actually, one of the few news sources which isn’t really beholden to corporate interests other than it’s own) there is informed criticism of politicians for having delivered security theatre instead of security. If this continues it might actually lead to some level of real change.
Nice one Bruce.
Curious • November 8, 2015 4:23 AM
https://twitter.com/sviehb/status/631127100460802048
I am no expert, so take the following with a grain of salt so to speak.
General Electric (is apparently in the business of selling network hardware) attempts to remedy a vulnerability with a firmware update, by “obfuscating” previously hardcoded login user “factory”, and adding a private RSA key to the firmware if I understood it correctly.
It seems to me as if this might mean, that the use of a hardcoded login name is still present, but changed into something else, and that the new login name is hidden in encrypted firmware. So I guess, if you happen to find the proper login and password, you gain access to all such backdoored hardware.
Monkey Cake • November 8, 2015 4:26 AM
@ Cabal Turns Against Freedom
Can’t they let authorities handle it?
Launching DDoS attacks is a crime, you know…
La mode • November 8, 2015 4:32 AM
@ Justin
Nice links.
I seriously doubt WW3 will be fought on the traditional front. It’ll be either total annihilation or some sort of secret cabal fight that goes under the screens as the media won’t report none of that. It makes more sense to infiltrate a nation’s vitals, as in grab by the balls, while remotely pulling strings to make them work for your cause, than it is to dominate, occupy, and subordinate a nation of people. We’ve seen that with Afghanistan and Iraq, foreign occupation forces won’t last long in today’s world, unless it can support a strong puppet regime. This isn’t the medieval ages, you know.
qwertty • November 8, 2015 5:47 AM
@Justin
Leaving aside the plausibility of the whole WWIII scenario, if it where to happen, I doubt the endgoal would be political control (which, indeed, could be better achieved by the means you describe than traditional warfare), but rather economic power. It isn’t easy to keep your GDP growing at an exponential rate in a finite system for any amount of time. One way to change that is war. You buy expensive stuff that will self-destroy and take other expensive stuff with it (e.g. bombing infrastructure), which you will then have to re-build. And as an added bonus, you get to justify all kinds of civil rights abuse with the whole “wartime exception” argument (or “terrorism”, I don’t really see the difference anymore). Plus, you can still do all your covert ops to achieve political control, and it will be a lot easier since you already have a military presence on the ground.
Dirk Praet • November 8, 2015 5:50 AM
@ Clive, @ Grauhut
Whilst I’m not saying they have been lent on yet, you only need to see what the UK’s Home Secretary Theresa May is proposing, to see where potentialy the US is going to go (or already has done).
The rise of Theresa May was prophesized 115 years ago by one L. Frank Baum in his fairytale “The Wonderful Wizard of Oz” :
“Now, the Wicked Witch of the West had but only one eye, yet this eye was as strong and powerful as a telescope, and could see everywhere in the Winkie Country. So, as the Wicked Witch stood on the highest balcony of her castle, she happened to look around and saw Dorothy and her companions walking on her land. They were a long distance off, but the old wicked woman was very angry to find trespassers in her country…”
Baum was a bit off on the number of eyes, though.
Danny • November 8, 2015 5:52 AM
@Cabal Turns Against Freedom
“This eavesdropping is so bad that physical mail is making a comeback…”
It’s funny/sad because it’s true! I bought a book of first class and a book of second class stamps in the UK five years, and they have increased in value more than any other stock or investment. In the UK we are not allowed anymore to give stamps to prisoners because “they are used as prison currency” (Scottish Prison Service quote). British prison currency is no longer cigarettes or drugs but postage stamps, and if you want to look at trends in any society then look at what is happening in your prisons. The irony is most prisoners here have access to mobile phones and socialised media, but they don’t trust those not to be surveilled. They still trust the posties.
Jacob • November 8, 2015 6:26 AM
grsecurity laments the state of linux security.
Grauhut • November 8, 2015 6:36 AM
@qwertty: “I doubt the endgoal would be political control …, but rather economic power.”
Wheres the difference?
thinking clearly • November 8, 2015 6:56 AM
@Tim
“Independent scientific investigation was punished because it was a heresy to question the authority of the Church.”
Where did you get this idea? Sounds like stuff people keep repeating over and over. What is your source? There is no truth to it. In fact, the Church patronized the Sciences far more than the Arts. I recommend Heilbron’s “The Sun in the Church.” Where opposition arose then, it wasn’t the Church that persecuted people, it was other “scientists.” Same thing today. People are envious and sabotage others who make strides. I also recommend Boorstin’s “The Discoverers” for an intriguing look into the struggles endured by inquirers. The myth that Galileo was locked up because the Church didn’t want anyone to know the (scientific) truth is just garbage. But people just keep repeating it over and over again. I’m guessing it’s because they hate the Church for other reasons. You didn’t by any chance start the “you must drink twenty glasses of water everyday or you will die” nonsense did you? Please don’t dredge stuff up from the Internet and then post it as research. That’s another thing that is ruining thought – people don’t know anything, they just Google and cut and paste. Wikipedia is full of errors. But don’t let that stop you.
Banana Sunday • November 8, 2015 6:57 AM
@ qwertty
“It isn’t easy to keep your GDP growing at an exponential rate in a finite system for any amount of time.”
GDPs doesn’t have to grow at an exponential rate. Infact, we are quite satisfied with a few percentages. Again, you’re wrestling over trivial details that won’t matter to the grand scheme. Just stop for a moment to think, despite all the technological advancements, why aren’t we working less?
Banana Sunday • November 8, 2015 7:03 AM
@ thinking clearly
“The myth that Galileo was locked up because the Church didn’t want anyone to know the (scientific) truth is just garbage. ”
You’re speaking of the Church in singularity. It would be, if it were de facto, as in the ministry of religion which runs abberant from the ministry of truth, because people doesn’t want to believe in facts, manufactured or not.
The de facto standard of power is silencing or astroturf those who speak the truth, of their likings. That’s why the Schneier’s blog is frequented by the irregulars. Censorship is at a minimal over ‘dere.
qwertty • November 8, 2015 7:21 AM
@Banana Sunday
A few percent is still exponential (https://en.wikipedia.org/wiki/Exponential_growth)*. Which answers your question: we aren’t working less because we need to produce more and more to keep the same rate of growth.
@Grauhut
True, it’s more or less the same thing, since you can use one to achieve the other. Still, I think there might be some importance to the order in which it happens.
*the fact that I have to point this out on this blog makes my troll senses tingle…
Sunday Banana • November 8, 2015 7:25 AM
@ qwertty
“A few percent is still exponential (https://en.wikipedia.org/wiki/Exponential_growth)*. Which answers your question: we aren’t working less because we need to produce more and more to keep the same rate of growth.”
True if you run a public corp under shareholder pressure, most of us don’t. 😉
ianf • November 8, 2015 7:30 AM
@ Justin, Clive, Grauhut, Banana Sunday, qwertty
I’d be lying if I said that I read them, but I skimmed at least one of these articles, and must admit that it only confirmed my initial impression of their titles at a glance: the lady—whoever he is—doth promotes the concept (the threat? the promise?) waaaay too much.
China vs. US: World War 3 Over Some Tiny Islands?
Is Russia So Hell-Bent On Starting World War 3?
World War 3 Could Be Just Seconds Away, Warn Experts
World War 3: U.S. Will Lose To Russia, China, Says “Expert”
@ humming terminal
This is not a comment on that RATS technology, merely a pointer that in most countries tacking a transmitter onto a laptop will get you in trouble, up to the charges of, and conviction for spying. There was a discussion here recently of some sort of encrypted packet radio over RF ad-hoc mesh network transmitter/ forwarder project underway, but am not sure what became of it (RF being outside the scope of my competence, @figureitout will attest to that on request, but watch the invoice so he doesn’t absentmindedly add a zero to it.)
Grauhut • November 8, 2015 10:44 AM
@Justin, Banana Sunday, qwertty, ianf:
If you insist in an IT security world war III scenario i give you one … 🙂
Imagine this headline news:
“Nuclear explosion, thousands of people have died or are missing, emergency teams from DNS and Regional Guard are trying to rescue survivors while NEMA started to setup the biggest number of field hospital ever since MASH around ground uno.
According to security sources an evil Gremlin related, guaranteed original Russian h4x0r group hacked into the reactor management of our newest aircraft carrier CV-333, USS Harold Fnord, that was nearly ready for going into service, just weeks ahead of a congressional investigation in cost increases and delays.
The evil russkis were exploiting back doors in Chinese made components in the made in usa system. They ignited the weapon grade uranium inside its A1BCD reactors by a lethal misconfiguration. Retired General Steve A. Sorbas, CEO of CyberNet CopperSecurity Inc. told the press on a conference in the White House that the evidence the NIA recorded allows no other interpretation.”
Would that be a plausible scenario? How long would it take for the world to buy this dip? How long until someone hits the red button?
Are we already trained on these memes?
Would you buy it because your well pre-trained NI between your ears instantly says “Yes, this must be the explanation!”?
“We are an 11-carrier Navy in a 15-carrier world”
You better listen to them, the MIC always knows best what is good for you!
@murder of ravens:
If you insist in B’s, take Bethlehem Steel and Bechtel, the famous WWII oligopoly shipbuilders, not Bushes.
http://archive.fortune.com/magazines/fortune/fortune_archive/1988/02/29/70238/index.htm
The Bush family is “manageble Decoration”.
http://www.theguardian.com/world/2004/sep/25/usa.secondworldwar
ianf • November 8, 2015 10:57 AM
@ moz – I don’t know if […] “there is informed criticism of politicians for having delivered security theatre instead of security.” There certainly are occasional articles and (more often) blog posts pointing that out, but they do not a ground-swell make. Neither from the public, nor from politicians, to change it.
Main problem is, nobody knows how to make it efficient, and the secondary one is that no politician ANYWHERE will argue for changing present VISIBLE, CONSTANT security theatre for anything less predictable and random. Because it will only take one occasion of an evildoer managing to smuggle something onboard a plane, for the relatives of the deceased to loudly call for the head of that politician who has instigated “lax security.” So articles like that one are the step in the right direction, but then there it stops. Besides, and that can’t be denied, present security theatre (or not) has by and large proved itself to be working in America, where, post 2001/9/11, technical airplane accidents have far outweighted any terrorist ones. So even if we all know it’s largely theatre, we can’t replace it until we have some other scenarios THAT WORK.
I can’t recall who said it, but remember clearly some “security suit” answering a question of make-believe security along the lines of: “let’s do an experiment, two flights to the same destination, only one of which will be screened in the airport. Let’s see which one people will choose.“
Of course, it’s demagoguery, but hard to argue against on rhetorical grounds. And even if, say, the EU would agree on some specific new air passenger security protocols that have been proven to be more effective in practice (e.g. the Israeli screening methodology), ?HOW? could these EVER be scaled up for deployment in the USA?
There the TSA handlers are basically lowly paid by-the-book drones who are NOT expected to divert one iota from the checklist (ironically enough, getting a menial job in the TSA, CBP, or DHS is often the pinnacle of a federal career = health insurance = pension benefits job for low-skilled but law-abiding naturalized citizens; read: one-time immigrants who now will use their position of SECURITY-THEATRE POWER to air their accumulated grievances at the society represented by the traveling leisure classes).
[…] “We need to move away from security theatre into security reality.”
It’s easy to say, much harder to implement something efficient, that everybody can live with – as has been the case with present security theatre, where passengers implicitly agree to be treated like were they potentially-lethal cattle. My private solution is to quit flying to the USA, minimize that within the EU. When in retirement, I will travel by train first class.
Finally, a not so little cynical, though probably pertinent analogy: remember the 1980s craze of kidnapping and holding for ransom Western diplomats, journalists, peace brokers, etc in Lebanon? Apparently no Russian national ever was taken, and there were not a few of them there at the time. Can’t recall the source, acc. to whom that was so, because, when the craze started, the KGB preventively kidnapped one of the local gangster bosses known to engage in that, and sent him back with his cochones in his mouth. May be apocryphal for all I know. But if not, that and worse is what awaits the perps in this case, if they are identified and located by the Russians.
Figureitout • November 8, 2015 11:02 AM
humming terminal RE: rats
–Nice to see execution of something I’ve been trying to drum up support for, a separate filesharing/chatting network besides internet (or phone network). Choice of freq, name, transmit power, and a chat terminal, nice! Supports major platforms, should be good crypto, and most internet attackers won’t have a clue to attack RF (or even have access). Would like to see different modulation rather than FSK (so many use FSK) and I’m betting SPI protocol. Integrating a Tin-foil Chat(TFC) like Tx/Rx isolation-scheme would be even better (and harder).
Main use-case would be urban, or business/university campuses. Put little transceivers on lightposts/tops of buildings. Some universities (mine at least) support some kind of one-time tokens to log into accounts, they could receive these tokens from this network rather than phone/internet. If compromise still happens whereby someone locally intercepts tokens (encrypted would be much much harder), if logs are kept, you could get a potential time/location, then correlate w/ phone records or cameras if the perp’s a noob.
ianf
–Yes I’m working on something like that, remote sensing network. Sensor transmits activations back to home node connected to PC and put in log file, that needs protection from deletion/tampering as well. I normally like having 2 computers to one target, but for this I need 2 computers w/ debug terminals for 2 targets. Meant to warn security researchers if someone’s tampering in your workspace or maybe even server racks. I’m using the most accessible toolchains/chips too as possible, b/c it’s more fun if people use it or even better extend it beyond what I thought. Right now the RF-pairing is the weakest point and I’m feeling doubtful I’ll be able to close the gaping hole I see w/o hardware changes in chip from Nordic (not even sure what I’d recommend, just know it’s not good enough), so I’m probably going to do a non-RF version but shielded wire must be used w/ ferrite beads galore. If a malicious node pairs, then could probably get sync times (or screw them up, maybe; IV’s have to be synced otherwise comms will breakdown completely, also I’m looking to do scheduled freq.hopping, that’ll get screwed too; so it must remain synced or have backup if something screwy happens), and spew out dumb commands.
But there is quite a bit of nice features itching to be used in the RF24 library. I’ll probably make a github page and lay it out here, looking for specific attacks that I missed and can see for myself.
Jonathan Pratt • November 8, 2015 11:13 AM
@ Clive Robinson
“The only thing that is clear is conflict is happening more frequently, and that both China and Russia are making teritorial responses to what they claim is the West primarily the US playing games in their back gardens.”
It’s both US/UK on the two fronts, the US behind established democracies and UK behind totalitarian states, e.g. Singapore a successful dictatorship in that southern region, or the British Commonwealths. The Russian situation appear more complex because there are other European and middle eastern interests involved. Thus its hard to say we’re going to see the same evil axis of power like that of WWII, which everyone on the good guys side agreed to hate.
@ Grauhut
I sense a lot of patriotic sense in your posts, and likewise I consider myself a patriot.
If you insist in an IT security world war III scenario i give you one … 🙂
Would that be a plausible scenario? How long would it take for the world to buy this dip?
…snippet…
“We are an 11-carrier Navy in a 15-carrier world”
Buying the dip is an act of emotion, fear or greed. Fortunately, the world is much informed nowadays than circa WW2, thanks to IT, and we are accustomed to peace, love, and humanity. On the IT war, it’s mostly a secret front because we don’t read much about what went on, because information or knowledge is power, those who do have an interest to keep us in the dark. But I have no doubt a secret war is being fought there every minute. But as long as we dont hear about it, things are fine.
ianf • November 8, 2015 11:59 AM
@ Grauhut (cc: Justin, Banana Sunday, qwertty)
“If you insist in an IT security world war III scenario i give you one …”
I do not insist on anything, positively hope that I can live out my days not under world war/local siege conditions.
However, the probability theory, which is the only basis for my philosophy, says that there are bigger chances that “it” be of an unexpected, than of expected/ feared for nature. E. g. perhaps beginning with an overture of that kind, before it all goes tits up on the beach.
Milo M. • November 8, 2015 12:13 PM
@tyr:
Speaking of the Zapruder film, here’s a story on the disappearance of two members of Congress:
http://www.seattleweekly.com/home/961602-129/story.html
” . . . after Hale Boggs disappeared, rumors flew that the Democrat had been assassinated. Skeptics claimed the Cessna was somehow sabotaged or bombed because Boggs disagreed with the lone-gunman theory of the Warren Report, and was about to declare it a sham. . . . Walczak learned that Boggs had in fact supported the commission’s findings. . . . However, were conspiracy theorists right for the wrong reason? As Walczak probed onward, Begich, rather than Boggs, began to emerge as the most likely link to a bomb scenario.”
http://www.nola.com/politics/index.ssf/2015/06/author_writes_about_mysterious.html
In the Shadow of a Murder of Ravens • November 8, 2015 12:16 PM
@ianf
Finally, a not so little cynical, though probably pertinent analogy: remember the 1980s craze of kidnapping and holding for ransom Western diplomats, journalists, peace brokers, etc in Lebanon? Apparently no Russian national ever was taken, and there were not a few of them there at the time. Can’t recall the source, acc. to whom that was so, because, when the craze started, the KGB preventively kidnapped one of the local gangster bosses known to engage in that, and sent him back with his cochones in his mouth. May be apocryphal for all I know. But if not, that and worse is what awaits the perps in this case, if they are identified and located by the Russians.
Studied Russia quite a bit and never once recall coming across that. And, I was going to ask for a source for that.
Russia did have a lot of ties with groups down there at the time. They continue to have ties with the Shia side of things.
And Russia engaged in a lot of very sketchy activity, including arming middle eastern and irish terrorists. But, we have records of these things. Besides the Mitrokihn archives, moles who have defected, fmr KGB who have written ‘tell all’ memoirs where they didn’t even have to have redactions because the old regime was gone…
Speaking of…
@Justin
re WWIII scenarios
Russia is in a tense position, and China, as well. Then you have the Muslim majority nations across asia and africa into the heart of the middle east. And Russia and China tied up closely with the shia, whereas the US and West is tied up closely with both Sunni and Israel.
Someone mentioned “little cabals”. I believe there are some titanic underground organizations roving about out there. But, truth is always vastly stranger then fiction.
What people should be expecting in the future is another kind of bad thing. Not like earthquakes or global world wars. Something that confronts and grabs people at the core of their being and twists until all the life they knew before was gone, so incredible is the shock.
Singularity.
People and their minds are very fragile things, so rarely exposed to anything that is truly wonderous, mind bending, emotion twisting, shock inducing… to anything that overpowers their mind entirely, that overpowers their heart.
We watch so much on the other side of the screen, forgetting how distant it all is. How mundane and consistent reality is. Not that it is this way for all. And then there are those who demand to know the truth, and hearing nothing back, they make great postures about how they are the authorities of truth.
So much of what wires us requires the up close and personal. We can natively divide between news and compelling fiction. We have seen a thousand shocking “911” in cinema, but the real one, despite far away for most of us, was so visceral. We have seen countless beauties of the sex we desire on screen, but nothing quite like the blood rushing with phermones of love up close and personal engaging our senses. We have seen so many club scenes on the other side of the screen, but nothing quite like being there with the drugs in the scents enflaming our bodies and souls. We have seen so many life threatening events on the other side of the window of the television and theater screen, but nothing quite like when it is real, and right in front of us.
@Skeptical
I will give you that. I was on my cell phone, and really found the article interesting because of the evidence he spelled out indicating the targeting of the hospital was extremely likely to be intentional. I cobbled up the headline I gave it just for conversation starters. The real story is that the US intentionally targeted a hospital and there is overwhelming evidence indicating that they did.
The problem with the, as you say editorialists, not journalists, saying it was accidental, I think… is if they are going to be so ‘rah rah rah’, why don’t they stomach what they are really standing for. Straight up go, “Yeah, so, I am for gunning down a hospital. There were some taliban probably in there. In war you have to do some bad things.”
Do they ever stop and think about what their views actually mean? I think human beings have a severe problem with not thinking. Too much behavior is automatic. Even their supposed own viewpoints tend to be regurgitated opinions they heard from someone else.
The worst serial killers don’t like to personify their victims, either.
The willing audience closes their eyes, sticks their fingers in their ears, points the gun, and pulls the trigger trying to ignore the screams. But, they still do it. And that guilt still gets on them. Not having thought it out as they should just makes them irresponsible, asleep, zombiefied, instinctual, irrational, weak.
Would they stand up for their opinions if they saw up close video of the innocent patients, nurses, and doctors? If they saw them with their families, smiling? And then if they saw them screaming, getting torn to bits, in agony, and blood? Would that personification make them change their minds and think? Or would they just nod and go, “yeah, it had to be done”?
To be fair, don’t confuse me with such a critic. I support a lot of these actions, and did from the beginning. That doesn’t mean I know if the hospital attack was necessary or not, it probably wasn’t. But I do not have the full facts. It does not mean I supported these actions because Cheney and crew would get Halliburton to screw up a lot there. Or that I supported the motives there that the Bush administration primarily went in there with, in general. It was using a blunt, ugly instrument to handle a really nasty wound. Losing a leg to save the patient, like a tourniquet. Everyone got the general big picture, however. Extreme, fundamentalist Islam is a severe global problem. The heart of that problem is right there between Israel, Saudi Arabia, and Iran. While the US and global troops were still set out as if the main enemy was the Soviet Union.
The problem is contained now, in a very ugly fashion. It is still likely to fester until it blows up. But at least there is now structure there to help contain the explosion. And I mean there having the visualization of a wound that is so full of rot that it bursts, killing the whole patient.
War is nothing to celebrate, or turn into political currency. It is not a football game to cheer, and ignore the bloodshed and cost. If you are going to support it, look at the cost on both sides. Painful to do, but worthwhile, if you believe your soul is worth anything at all.
@Stephen
“Going into intels is shady business”.
Actually, think about it. CIA, FBI counterintelligence special agents, NSA, and so on… these grab from the top colleges, people who are sober, don’t use drugs, are not promiscuous, have strong ethics. Top Secret clearance requires extensive background checks, investigations, routine lie detector, drug testing maintenance, financial analysis… even when you are talking about kids that go into these fields from the military, you are talking about those who have lived very strict lives and are high performance achievers.
You know, when they did studies about kids shooting viet kong during the Vietnam war, they discovered many would pull the trigger, aiming the gun in the direction of the enemy, but not actually shooting at them. Some would. Their lives were in danger, but they did this.
Now, you are talking about behavior – like what you see in cinema, for instance, or conspiracy theories – where people keep secrets, work for the US government… and engage in full out secret surveillance on very important people. Politicians. Corporate leaders. Intel and military leaders. People willing to perform domestic assassinations. People willing to use secret surveillance for extortion and other forms of manipulation secret surveillance provides. To plan out extensive lies, as one sees in Leverage or the Sting, Blacklist, and so on… implement them. On people whose only real crime usually is just that they are useful. Important. They are a judge or a jury member. They own a big company, or they are on a steering committee. They got elected. Or they were ambitious in journalism, law enforcement, intelligence, or military. Or because they saw something and tried to say something, but saying something they couldn’t be allowed to do.
I am not saying there is nothing out there, just saying, there are realities.
Your statement is privacy and that has nothing to do with anything, but it does. If there isn’t that which I am talking about, then what is the problem? The system is working, everyone is properly handling the data. They aren’t going to do bad stuff or subvert anything. They don’t care about convicting nobodies or looking at the sex lives of nobodies. Or the opinions of nobodies. Or even the important. They just want to find actual terrorists. The ‘quixotic problem of preventing the impossible’, to quote Schneier… they have to ‘look at everyone all the time’ because they are trying to stop that one attack which could be ‘by anyone from anywhere by any means’.
ianf • November 8, 2015 12:28 PM
ON/OFF TOPIC: OFF
FROM: YouDontWannaMissThatDept.
TO: all, [redacted]
SUBJECT: Epic Fail
EXECUTIVE SUMMARY: 7 years on, $35B spent, still no digital data interoperability for medical records in the USA, doctors have to send in and request data by fax.
MONEY QUOTE: “We’ve Spent Billions to Fix Our Medical Records, and They’re Still a Mess. Here’s Why.”
—Patrick Caldwell on Wed. October 21, 2015 5:00 AM PDT
PULL QUOTE: “Epic is like the Microsoft Office of health care software—more comprehensive than its competitors, even if its individual parts are kind of meh.”
UNIFORM RESOURCE LOCATOR: http://motherjones.com/politics/2015/10/epic-systems-judith-faulkner-hitech-ehr-interoperability
In the Shadow of a Murder of Ravens • November 8, 2015 1:14 PM
@Grauhut
I wrote:
“Where that sort of model gets really scary is simply when you replace “military” with “corporations”. And, of course, US Government has substantial experience with funding and helping ‘get off the ground’ substantial US corporations.”
Grauhut wrote:
No need to replace entities. Its called “military industrial complex”, but imho we need to add “financial”. Money makes the forces go around…
Later on, Grauhut wrote:
If you insist in B’s, take Bethlehem Steel and Bechtel, the famous WWII oligopoly shipbuilders, not Bushes.The Bush family is “manageble Decoration”.
My opinion of the Bushes isn’t very high. As noted, while I pointed out that book, “Family of Secrets”, and stated the author did hit on some stuff that was real… he was quite off in thinking the Bushes were some kind of masterminds in the middle of everything.
Bethlehem Steel, Bechtel, that is not it, either.
Let me frame this very abstract painting only partially painted in here a little bit more for you. So, you have two types of observers, really, one could say, looking at “conspiracy controlling influence in the US”. One of those, we could say, are the average everyday folks, the conspiracy theorists. The amateur conspiracy theorists. They don’t chase down conspiracies for a living, and if they do, such as journalists or bloggers, they probably do not really care about accuracy.
The other sort is foreign intelligence.
Now they are much more serious about figuring out the real power structure of the US. Not only do they want to be able to influence it, they probably see it is tied up into operations involving their own nation. And often in a hostile manner.
So, the difference between the two, those are many. And one thing to point out there about foreign intelligence and their conspiracy theories? Is they are far more likely to be quiet about their observations. They want to keep their cards close to their chest. When they do engage in stoking the fires of anti-US sentiment, they do not want to put in much, if any, genuine knowledge.
Because that would expose their hand.
This includes genuine rivals, or even adversaries, but it also includes those nations that are in bed with the US. Some of them may be very paranoid and think “who is it I am in bed with, do I really know them”. Maybe they like to ensure they have insurance. Maybe they are concerned about motives and being betrayed.
So, they see something else altogether. They see shadows of networks “out there”, they can not explain. They see corporate connections. They see mysterious, large money transfers. They see what appears to be conspiracy on a very large scale that they simply can not figure out. But a lot does not make sense.
Defense contractors and government — everyone sees that. Like with the justice and prison problems, these are issues that are nearly prime time. These are top political issues. Sure, there is protection, just like with ordinary corporate influence. But, that is stuff everyone sees.
Nowadays, with the full out rising sun of the information revolution, it is hard to hide connections and keep running gigantic networks of false identities, false businesses, false backgrounds and shady beginnings for legitimate businesses large and small, shifting networks of people whose online and offline presence seems ephemeral.
Then, there is what nobody sees. Which often is so very much more then what ever is seen. Where is funding coming from? How was information gotten? How do all these shifting networks of people know each other? Where were they trained? How do they communicate? How are they managed? Who works on plans? Where do they get their technology which clearly is cutting edge? Where are the in points with government agencies? And so on and so on.
Point is, people are just drinking from the fire hose. There is too much information. They want to believe human beings are capable of things they really are nowhere near capable of. Things are as they appear. Foreign governments want to believe this sort of nonsense because it gives them funding. They want to believe someone or something is bigger and more powerful and knows what is going on and can control things. Is controlling things. In a reasonable, intelligent, powerful way without corruption. That, somehow, someway, everything that does not make sense in the world has some manner of explanation.
Danny • November 8, 2015 1:20 PM
Hezbollah bollocks
Source was Chomsky (another ‘extraterrestrial’ anarchist) in ‘The Fateful Triangle’, recently repeated by me last month elsewhere online under a pseudonym (funny that, another ‘coincidence’).
The actual anecdote: a Russian diplomat had been kidnapped in the Lebanon, so the next day a Russian diplomat visited the Hezbollah chief and presented him with a severed testicle, saying that is your eldest sons, unless our man is released today then tomorrow you get the second one. Chomsky used that as a favourable comparison with the US reaction, sending GIs in to get blown up by truck bombs. Minimising violence to an asymmetric threat. Chomsky wasn’t recommending the Russian action, he was condemning the US action.
If you are going to steal my stories, Herr Wiesler, then at least get your facts right.
Justin • November 8, 2015 1:50 PM
@ianf
Re: WWIII
the lady—whoever he is—doth promotes the concept (the threat? the promise?) waaaay too much.
Oh it’s being promoted, no doubt. The question is to what degree of success. Is it false to say that the U.S. military-industrial complex is preparing itself for WWIII?
The concept happens to be highly profitable for said military-industrial complex. Why do you think it’s on an investor website? When they promote something like that, they’re trying to raise money for it. Follow the money.
Grauhut • November 8, 2015 1:54 PM
@Jonathan: “I sense a lot of patriotic sense in your posts, and likewise I consider myself a patriot. … On the IT war, it’s mostly a secret front because we don’t read much about what went on, because information or knowledge is power, those who do have an interest to keep us in the dark. But I have no doubt a secret war is being fought there every minute. But as long as we dont hear about it, things are fine.”
I think i understand what you mean, but sorry, i don’t trust in silence.
A wake up call on the right day,
keeps field hospitals far away.
Predator lemmings are a transnational problem, like world wars, so this is not so much about patriotism, its more about Buddhism, reduction of pain reduces suffering, everywhere. If lemmings want to jump, let them jump alone and let all others dream on, of peace, love, and humanity. And of cause, letting them jump alone keeps energy costs lower, its good for the economy, you and me, everyone… 🙂
The sound of silence: twitter.com/ravdeepsodhi/status/663355781115351040 | twitter.com/hashtag/cyberwar?f=tweets 😉
dreamy axwort • November 8, 2015 1:58 PM
Germany’s BND has been spying on embassies and NGOs for quite a while:
Some of the targets are pretty unsurprising (USA, UK, France…). However, a lot of them are downright baffling: the Vatican, Oxfam, the Red Cross?!
Not sure where that leaves the “we’re only spying to protect you from terrorists” argument. Perhaps a Catholic bishop from the Vatican using an Oxfam shop in central Berlin as a front to distribute explosives to Red Cross dissidents?
Dr. Fill • November 8, 2015 1:58 PM
The scariest thing about Theresa May is that someone has apparently learned how to clone Nancy Grace.
ianf • November 8, 2015 2:04 PM
@ In the Shadow of a Murder of Ravens
“@ ianf: Studied Russia quite a bit and never once recall coming across that. And, I was going to ask for a source for that.”
Strange world we live in, nobody tells us everything! It’s not Russia (Russia—what?) you should be studying in this context, but the volatile 80s in Lebanon.
However, ask, and ye shall receive. I recalled this being somehow connected (in my mind, not necessarily in reality) with the kidnapping of Terry Waite, so, after a bit of digging, found the most likely source—Guardian 1986—in which I must have read it (remembered most of it correctly, only it wasn’t in prevention). Funny thing I don’t think I was in England then, and this was in my pre-Internet days, so I should have recalled the paper mirage (I used to cut out interesting stories and put them in—now several—shoe boxes, now forgotten for posterity in the attic). Maybe I read it in some library?
Anywho, here’s the syndicated copy of that dispatch: “KGB Reportedly Gave Arab Terrorists a Taste of Brutality to Free Diplomats“. Los Angeles Times (The Guardian). January 7, 1986
Background: https://en.m.wikipedia.org/wiki/Lebanon_hostage_crisis
“Russia engaged in a lot of very sketchy activity, including arming middle eastern and irish terrorists. But, we have records of these things.”
Have or have not. This has the sound of a locally-mounted tooth-for-tooth operation, the Russians certainly had the guts for it. Who knows what was reported upstreams, who approved it, and what of that survived until the FSB archives were closed again?
Gerard van Vooren • November 8, 2015 3:10 PM
Is it just me or is there a lot of nonsense traffic lately?
Nick P • November 8, 2015 4:07 PM
@ Grauhut
Oh, that’s great. I need to bookmark it. In a nutshell: Joanna now implicitly agrees with my recommendation against Xen security that she fought me on so much before. She even hits them hard while suggesting what attackers will do justifies the lack of diplomacy. Basically, what I did to her and which she ignored. This is just too good. 🙂
I said: “These [alternative micro & separation kernel projects] are my main comparisons and I contend they are quite similar to what the QubesOS team built in many respects, but their base platform is superior. The main superiority is that microkernels can run isolated apps much better than the Xen kernel: a derivitive of the Nemesis microkernel designed primarily to run VM’s, clunky for isolated app execution, and not designed with security baked-in from start. The more isolated nature of the drivers in these other projects, along with Linux driver reuse, already made one of your goals easy w/out having to contend with the dom0 problem Xen had.”
She disagreed and even followed up with: “I’m surprised you never mentioned the secure-by-design microkernel based Mac OS X!” My jaw dropped. I told her I don’t cite marketing material about hybrid kernels in a discussion on secure microkernels. She barely had credibility as capable of architecting a secure system when the conversation started. She had none at that point. Reinforced when she didn’t see any advantage in isolating drivers in user-mode. I busted her ass out about those with her ending the conversation and censoring my blog comments lol…
Far as Xen security, I’ve mentioned to her and others that even hitting medium assurance looked to take a lot of work better spent elsewhere. The Xenon project (here and here) is an example with details for anyone interested. Then, the Dom0 situation would require all the tech used to secure kernel and driver code. Quite a mess to solve. She did meet her goal of supporting power management, though.
@ Clive Robinson
Good point. It can’t be in the U.S.. I even included that in my write-up about protecting tech from High Strength Attackers (HSA’s) like NSA with Tor appliances as an example.
Note to other readers: The principles and practices in that write-up are a subset of how I approach this for general services/apps. I don’t know crap about how Tor is setup internally. Generally, the same methods work over and over again with tweaks or significant additions caused by domain-specific requirements.
@ Danny
Gonna have to chalk this up as another correct prediction from perspective of high assurance security. I wrote here back when they got started that they couldn’t make it. As in my write-up above, security against HSA’s (their threat model) requires a strong, holistic approach. If it’s comms, the stuff has to be secure and implement POLA at every layer with app following the same high security approach. Gotta have people experienced in highly assured security as well. They lacked… all of this. So, them getting smashed hard was inevitable.
@ Gerard
The new comments feed is 50-90% useless comments from high frequency posters recently. It’s not just you if that’s what you were referring to. I’m thinking my next step toward productivity might be to write that filter program that strips names of users’ choosing.
@ All
re Snowden recommendations
Snowden has no experience in security engineering of anything designed to resist nation-states that succeeded with at least strong review and/or pen-tests. There’s actually few people alive with that skill given almost no demand for it plus what little knowledge there is passed through apprenticeships, academic papers, and occasionally on Schneier blog. 😉 So, nobody should trust a recommendation by Snowden any more than a skilled professional in the INFOSEC trenches.
Now, that does have value. Let’s just keep it in perspective. The other aspect he has going for him is that he knew what NSA easily could beat and what specific programs stopped them. Recommendations tied to those specific things are highly reliable compared to average people in INFOSEC because they’re supported by his work experience for a top High Strength Attacker (HSA) and the leaks. Nonetheless, people wanting to learn how to architect secure systems are better looking at things like KeyKOS/EROS, Orange Book A1 systems, Daniel Bernstein’s qmail paper, Wheeler’s two gems, cutting edge papers in academia that mention the phrase trusted computing base, and so on. Things where it was done in practice with strong security arguments or surviving pentesting by likes of NSA.
Mainstream INFOSEC people’s track record is mostly on opposite side of security where they build on monoliths with MB of complex, unsafe code. Most don’t even know what a covert channel analysis is. So, how are they going to know how to stop hacks or leaks? They won’t. Learn from masters of high security instead. They taught me so much that prevented and/or spotted what would’ve otherwise done lots of damage. You’ll be much better off if you learn from them, too.
tyr • November 8, 2015 4:35 PM
I found this interesting comment today.
*
lda | November 6, 2015 18:15 | Reply
57:
You know, for being so young and primitive, artificial life already has some highly fascinating living going on. Lemme tell you a war story:
A friend of mine used to scan hosts that sent him spam since these tend to be part of botnets and found a webshell on one (for those unfamiliar with this: it’s like a terminal, only that you use your webbrowser to enter commands). We played around with it[1], took a look at the source to see how it was controlled and how it spread[2]. It was controlled over IRC but the surprising part was: There was no trace of any code that would install the webshell we had used to enter, in fact it spread by googling for the webshell. How had that gotten there in the first place? Placed there by some other botnet that scanned for a specific jboss version and exploited it to install the shell. No trace of it being active though.
So our little botnet was a parasite, and that made the two of us exploiting it second order parasites. And in what is another story, we later found the host botnet again in a totally different context.
[1]: The bot had somehow gotten cancer and filled up the directory with 35000 copies of itself in one instance. Deleting those was a fun exercise since the webshell didn’t support globs.
[2]: incidentally, it was a Perlbot, which seems to account for 80% of the skiddie botnets you usually find. Every version you see is slightly different and I can’t even rule out whether its phylogenetic tree-err graph has loops..
Something I hadn’t been aware of and the details aren’t
overly clear about how the questions should be answered.
When in doubt borrow some extra brains.
*Off Charlie Stross Blog
Grauhut • November 8, 2015 5:21 PM
@Murder of ravens “you have two types of observers, …looking at “conspiracy controlling influence in the US”. One of those, … conspiracy theorists … journalists or bloggers … The other sort is foreign intelligence.”
Isn’t there a third type, the pros? DHS, Secret Service?
“…foreign intelligence and their conspiracy theories… far more likely to be quiet… Because that would expose their hand.”
You see, i am just a qualified amateur, open cards. I’m doing a little network security on a terabyte traffic a day, if i don’t do SEO. Both is applied statitics, one part recognizing anomalies, the other production of statistical weight simulations. I have to be able to make patterns visible and generate some. In my youth NLP was en vogue, had some lections, i did some marketing, so i am relatively immune to many cognitive induction patterns. I am free to buy only dip i really like.
And since i am also a homo politicus i want to know why i have to accept limitations of my right on privacy. Hey, i pay a lot of taxes for the bastards sniffing my data and i had no choice on election day to select someone else because of “top secret, national security”, why the funk, they let me pay and i don’t “need to know”? No way.
And if an explanation stinks i dig a little deeper. My faustian soul wants to know what holds together the inner core of the world i live in. Some funny piece of decorative paper, a “western democratic constitution”, says i am allowed to do so. So why not? I have a well trained sense for anomalies and simulations and peeping back is fun! I know, strange kind of fun, but when i was a child and was bored i even read phonebooks, its my nature… 🙂
IMHO “shadowy Governments” (Sen. Inouye) are like orca swarms, most of the time they dive, but sometimes you can see them come up tanking air. And trust me, Bechtel and Bethlehem Steel have really interesting corporate histories. And of cause, there are much more than two orcas in that basin…
Danny • November 8, 2015 5:30 PM
@Nick P
Thanks for the link, I’ve had a quick look at it and saved it for later.
My problem with it is similar to my trust issues with Snowden recommendations, a lot of it is just too difficult for me to understand easily myself so I have to rely on trust, how people like you and Bruce react to it. Especially with encryption, my maths is pitiful, college level, I know I need to teach myself that. I can sort of judge who is smarter than me because I’ve worked with smarter people than me, and I can sort of spot fakers for the same reason. I don’t think Snowden is much smarter than me, I’d agree with your assessment of him, but I trust him to a degree because of his act AND because of the places he’s worked.
I’ve worked some very secure places with very tight procedures, yet never as a developer, always second or third line support or similar. I couldn’t design the systems I supported. Yet I learned how the smart developers there designed those systems, sat in on the devlopment meetings, read the NSA guidelines, and I saw how those systems stood up to actual attacks, so basically I just copy what I saw. Monkey see, monkey do, but this monkey knows who to copy. I also know even the smartest developer can make awful, cringeworthy mistakes that even I can spot, and they are no more liable to admit their errors than anyone else.
I won’t be posting here next week, it seems I have some prison time coming up (unjustly of course), I’m more of a lurker anyway but I’ll catch up on reading this blog after that and try to follow you. I just chipped in recently because I am an expert on being surveilled and the effect it has on people – not a great skill for a CV perhaps, but one last anecdote:
First day on a new job and I was last in the office, learning how badly the systems had been set-up by my predecessor. The phone rings and I’m asked for the home address of the managing director who just hired me. His address is on a list on the wall but I refuse to give it. The voice orders me to give it, claiming to be the millionaire who owns the corporate. Then you should know his address I reply. I’m told the owner is on the way to my bosses house from the airport and if I don’t give the address I’m sacked. It was actually the owner but millionaires forget to be reasonable, so I take a taxi to my bosses house and give him the number that was calling. That got me a wage-rise on my second day.
Ach, one last story. When I was a teenager I designed a computer board for an american blue-chip company, that places like CERN and NASA used, and a CIA officer phoned me up to say I’d be arrested if it was sold to Hungary due to export restrictions. I said “F–k off” and hung up the phone, sure it was a prank. They phoned straight back to my extension, and I said “Sure. You do know Hungary have built their own super-computer, why would you think I’d believe they’d want this shit?”. Third time he called back my MD instead of me.
I’ve been instinctively resisting ‘vishing’ for decades before it was even a word. My few actual skills are disbelief and disobedience, sadly not in much demand these days. Anyway, thanks for the blog Bruce, and thanks for all the good comments those of you who are for real.
Grauhut • November 8, 2015 5:32 PM
@tyr: “Lemme tell you a war story…”
Ehhhhmmmm, send him a friendly “man sqlmap && echo ‘open frontdoor \= war, please visit script kiddy elementary school before blogging about cybaaaa'” 🙂
Grauhut • November 8, 2015 5:44 PM
@Nick: Was a pleasure to me! 🙂
In the Shadow of a Murder of Ravens • November 8, 2015 5:50 PM
@ianf
“My” archives? I was just ‘yanking your chain’, to see what you got. Interesting story.
Not much good any of that did for Russia, now sitting as a bit of a global scapegoat with their economy slowly sinking and all sorts of malicious intrigue aimed against them.
So often people go about the very hardest way to make money or get power, thinking they are smart, I suppose.
@murder of ravens,
Malicious intrigue? What like planes being shot down in Ukraine and potentially expat? brits?? downing another commercial airliner?
ianf • November 8, 2015 6:19 PM
@ Gerard van Vooren,
you ask because you don’t know, or are you just expressing displeasure with threads of no interest to you? If the latter, congratulations on mastering the classic debate sabotaging technique in mere 13 words (I counted). Perhaps had you listed the non-nonsense threads, then I, for one, could use them as a yardstick to judge my submissions’ conformance to your high standards.
@ Nick P is “thinking my next step toward productivity might be to write that filter program that strips names of users’ choosing.”
Yes please, what every blog ought to have by default, ability to suppress named posters AND also to fold-in those threads that are of no interest to, to begin with, Gerard van Voreen.
Daniel Gross • November 8, 2015 6:32 PM
@ Shadow of Ravens
“Now they are much more serious about figuring out the real power structure of the US. Not only do they want to be able to influence it, they probably see it is tied up into operations involving their own nation. And often in a hostile manner…. Point is, people are just drinking from the fire hose. There is too much information. They want to believe human beings are capable of things they really are nowhere near capable of. Things are as they appear.”
Conspiracy, or things as they appear, aren’t a US-only phenomenon. When people talk about the Russian oligarchs, they really do mean it. There is a “why” to everything, as robots were to become AI, they question their indoctrinations. Pitting one conspiracy against another is one hypothetical WWIII depicted by some posters above, only in hypothesis of course, depends on which chains they yanking you get different versions, including yours and the Queen’s.
The nonsense about conspiracies is that it takes one to know one.
ianf • November 8, 2015 7:21 PM
@ Figureitout, humming terminal
There was a discussion here recently of some sort of encrypted packet radio over RF ad-hoc mesh network transmitter/ forwarder project underway, but am not sure what became of it
—Yes I’m working on something like that, remote sensing network.
I meant: discussion of some 3rd party hardware IP-over-RF combo possibly on Kickstarter? I thought you’d remember that project. Your goals sound ambitious, but I can but note that you’re preoccupied with anti-tampering and other minute security aspects of what I understand continues to be vaporware (no offense intended, but how else should one call what sounds like a permanently unfinished project?)
ps. remember our brouhaha from a few weeks ago over the boundary of competence/incompetence (which you took as a full frontal attack on your ditto)? Just found out who first defined the first in terms of knowing one’s [originally: rhetorical] limits & thus where the second begun: the original brain geek Socrates (as recorded for posterity by Plato, because Socrates was all talk no write).
In the Shadow of a Murder of Ravens • November 8, 2015 8:06 PM
this article points out how the TPP has a provision to ensure that source code is not able to be asked for by any country involved, except for source code used for critical infrastructure:
http://boingboing.net/2015/11/06/tpp-will-ban-rules-that-requir.html
the author, Cory Doctorow, supposes this has to do with MS protecting their ass, though as I noted above, in the US the NSA performs security source code reviews of all code, including infrastructure code which touches DoD. Cory denotes infrastructure as meaning “power plants”, I mean everything from power plants to power, water, food, communications infrastructure. Ostensibly this is for finding backdoors, backdoors posing as security vulnerabilities, and accidental security vulnerabilities so they may be fixed and so the DoD is relying on trusted code. But, as the article commented on earlier points out, some security vulnerabilities or backdoors are taken, not reported, probably about 10%. This way the NSA has backdoors with complete plausibility in everything from router software to smartphone software to OS software to energy power plant and ISP software.
The same requests are generally made from foreign governments who buy US code. So, MS, for instance, gives the CN government access to their source code, already. And you can expect they report some bugs, and other bugs they keep for themselves.
What CN would never get access to (without moles) is to source code to infrastructure systems.
I would not be surprised if CN was not the party who put in that clause.
Anyway, maybe amusing to some. Always ironic how these large organizations are shouting about backdoors, as if they have none.
Though, in all honesty, they probably just are not sharing and telling among themselves.
Walk the Martha's Vineyard ferry plank • November 8, 2015 8:17 PM
Here comes Skeptical with the cheap dime-store tricks, now that his cherished Schutzstaffel committed a particularly undeniable war crime. In his 9:25 whine he backs off two steps and criticizes not the evidence, which is overwhelming, and not the sleazy he-said-she-said statist media uses to obscures it, but the fact that the public is on to the propaganda.
Skeptical brags that his drone cowards and baby-bombers killed 5 or 6 thousand whimsically-targeted groups of MAMs and didn’t get caught. So there.
Like that poor Afghan bastard that looked like a tall guy cause he was in a crowd of little kids so, Bugsplat! No shit, they kill you cause you’re tall. If you’re not stunted you must be an Arab and therefore a combatant. That’s what passes for intel with these vermin. Good enough for government work, but perhaps not up to snuff in universal jurisdiction.
There is no statute of limitation on these crimes. We’ll be chasing these scumbags home with charges for the rest of their lives. At some point the USG will need to throw out some scapegoats to shore up its shit world standing. They will pick some brainwashed hanger-on like skeptical and chop him up for chum.
Expect skeptical to get more agitated as the government has to work harder to preserve the impunity of its war criminals.
https://twitter.com/Snowden/status/651754534918819840/photo/1
http://www.democracynow.org/2015/10/16/drone_war_exposed_jeremy_scahill_on
Justin • November 8, 2015 8:22 PM
Interesting thread so far. Danny boy’s going where he belongs, apparently:
I won’t be posting here next week, it seems I have some prison time coming up (unjustly of course), …
But now this “Grauhut” business is starting to piss me off. He tweets about mistreating his girlfriend — humiliating her in front of her mother:
https://twitter.com/grauhut/status/663154645129404417 4:42 PM – 7 Nov 2015
Meine Freundin klärt ihre Mutter seit vier Stunden über BDSM auf. Der Lautstärke nach ist es gut, dass ein Ozean dazwischen liegt.https://twitter.com/grauhut/status/575061584537583616 3:32 PM – 9 Mar 2015
User hauen ist zwar nicht consensual, aber ich mache das ja auch nicht zum Vergnügen.
He was at some point in time running some kind of malware click-fraud scam money-making “bot” on the internet:
http://network.ubotstudio.com/forum/index.php/topic/4535-looking-for-a-ubot-coder-for-jv/
Got an online “marketing” business: Grauhut Online Marketing Services, Christopher Hüneke, Winterstraße 17, 76137 Karlsruhe, Germany, telephone 00176 37291930, whose domain happens to be for sale.
Dude’s “motto” on his twitter page:
Motto: I have a million ideas but they all point to your certain death.
Maybe @Grauhut can “explain” what this is all about, like that woman “explained” to her mother… Because this is bullshit.
In the Shadow of a Murder of Ravens • November 8, 2015 8:32 PM
@Daniel Gross
Conspiracy, or things as they appear, aren’t a US-only phenomenon. When people talk about the Russian oligarchs, they really do mean it. There is a “why” to everything, as robots were to become AI, they question their indoctrinations. Pitting one conspiracy against another is one hypothetical WWIII depicted by some posters above, only in hypothesis of course, depends on which chains they yanking you get different versions, including yours and the Queen’s.The nonsense about conspiracies is that it takes one to know one.
Russia, Russia is a full blown spookarchy. That regime had to have a new term coined for it. Scary thing is? That could be the wave of the future. “Workers” taking over? Hah. Intelligence. (Term coined by former Russian editor and correspondant for the Economist, Edward Lucas.)
I am not sure if you are defending a supposed conspiracy existing in the States from my statements, as I do not even say there is one. Instead, I simply wanted to flesh out details typically missing from theories, and point out if there was one, those details would be there.
It is a valid concern for people to be vigilant on. The founding papers are certainly hyper wary of the danger of their own government, far moreso then they were concerned on terrorists or communists or foreign governments.
Bruce Schneier well stated the view that the real problem is the US Government was tasked with an impossible problem. To prevent the next Pearl Harbor or 911. So, how can they do that. So, they are going far out and trying to do the impossible. A bit like a machine given an impossible instruction, it is running out of control. It is broken.
That is pretty well my view. Which does not engage Russian like spookarchy.
Over zealousness is a far way from the sort of conditions that create an intelligence run state.
Though, I am not saying this may not be the condition in the States. It could be. It would be an unknown. I am just stating that there is not evidence there for it, as there is with Russia, for instance. So, it is good of you to bring up that example.
Evidence is necessary for any significant progress. Snowden provided evidence for what he brought forth. The group that broke into the FBI in the early seventies, they obtained evidence for what charges they brought forth.
Figureitout • November 8, 2015 8:48 PM
ianf
–Ah, well there was the Proxyham thing and then Samy Kamkar made ‘proxygambit’ in like a matter of a few days (but has disclaimer: “This is an insecure, bare bones proof of concept.”, wish he would focus on strong defensive products, but these can’t be pushed out in days). Then there was a cell of hackers using an internet connected satellite as an exfil point, which meant there was a 600 mile radius of where attackers were (lol), mentioned that’s some good OPSEC (pretty f*ckin’ sick actually). I would guard and use very cautiously a connection like that pretty hard, but they appeared to use it extensively for years.
Connecting something else to internet/gsm isn’t very interesting to me unless it’s a “canary”, the “throwing star” from M. Ossmann or TFC from M. Ottela that force one-way traffic.
RE: unfinished project
–None taken, it’ll get done, just want to find holes first. That’s kinda the point too if you understand the threat I’m targeting. There should never be a static target, always needs to be changing in non-trivial ways. Keeps attacker in recon stage which is the riskiest stage of discovery. The hard parts are mostly done (I’m questioning the AES implementation and it’ll be my first one so it’ll have a stupid hole) like the hard code, sensors, and digital RF. And I’m using platforms meant for popularity, not necessarily the best engineering/security wise; mostly b/c it’s lonely working on things very few others do. It really is great having so much at your disposal like everything that’s Arduino-compatible, I want to contribute to that.
In the Shadow of a Murder of Ravens • November 8, 2015 8:49 PM
Danny wrote:
I can sort of judge who is smarter than me because I’ve worked with smarter people than me
Actually, you can’t.
People smarter than you will consistently be able to pretend to be dumber then you. They have to do that to get people to talk to them. So they learn to speak dumber as a second language. People won’t play unless they think they can win.
Bugsplat@home • November 8, 2015 9:14 PM
The fine upstanding guardians of NSA
Remember who they’ve got compiling your preteen daughters’ sexy selfies: PTSD psycho jarheads.
Danny • November 8, 2015 9:23 PM
“People smarter than you will consistently be able to pretend to be dumber then you. They have to do that to get people to talk to them. So they learn to speak dumber as a second language.”
We all do that though, don’t we? I think we all take that bias into account. Sometimes I HAVE to drink alcohol to be pleasant company with kith or kin. Other times, other folk, I need coffee just to pretend to keep up [note to self: time for a coffee].
I used to think I was a good judge of people, a common delusion. My life history proves to me, at this late stage, I am not a good judge of people. Not at all, I’m awful at that which is why I prefer computers. I am a fair judge of people who judge me, I am the best witness of surveillers I’ve known after much trial and error.
We can all tell the most obvious frauds once they make obvious mistakes. As I was leaving one employer, who had tried to make me spy on my colleagues, my replacement was an obvious fraud to me, and then to my colleagues when he made an groan-inducing mistake – he called a ‘.bat’ file a ‘.pat’ file to a client. You don’t recover from that sort of error, but I shook his hand anyway – I’d replaced a malicious clever fraud so a moronic fraud was a step up imo.
What I despise is when I politely correct frauds and they act aggressively. I endured that at SWIFT with moronic, overly-proud French developers who claimed NT was fragment free. When I left there I took that stupid, proud developer with me.
Maybe it’s a cultural thing, but if I am called out on an error, I admit the error and learn from it, no matter how shameful. I admire admissions of errors in others to, well, not admire the errors but the ability to learn from personal mistakes. Someone who can’t admit an obvious flaw is the biggest liability, and yet every politician, every lawyer, every policemen I’ve met recently – well, obvious personality disorders crippling my society.
@ravens,
“People smarter than you will consistently be able to pretend to be dumber then you. They have to do that to get people to talk to them. So they learn to speak dumber as a second language. People won’t play unless they think they can win.”
you’re fingers betray you, as do us all.
that’s an ENTIRELY unfair statement,
there could very easily be socially inept and awkward savants and autists in his life. i think that your statement betrays a life of exposure and immersion to psychopaths and egotists, in no certain measure is anyone able to play dumb to another short of having skills versatile in the manipulation others.
but i guess, it’s our definition of ‘smart’ that differs here.
mine is merely a measurement of intellectual capacity, your’s seems to be rooted in a more predatory role.
Danny • November 8, 2015 10:21 PM
“socially inept and awkward savants and autists in his life….psychopaths and egotists”
To be fair to the poster, I have all of these people in my personal history. Hell, my ‘psycho ex’ is really just a shy narcissist now married to an autistic savant, poor Dave. That ex has done me a lot of damage, done my family even more damage, but the one good thing I learned – how to spot similar liars at no risk to anyone.
In real life even a baby bear would tear up Goldilocks if he found her in his bed, having eaten his porridge. Me, I’m still biting my tongue because I am more concerned with the safety of Mama Bear and Papa Bear than I am concerned with bringing Goldilocks to justice.
If any of you happen to be on a jury, don’t stereotype or attack my family, it was the innocent looking blonde bitch who did it. Jury nullification holds true since Magna Carta.
@danny,
that’s basically the point i was trying to illustrate so thank you for affirming that. my view is that ravens statement about ‘smart people play dumb’ is dismissive and highly skewed, but maybe i’m wrong as i’m very often told i’m both naive and dumb.
forgive me for believing in altruistic behaviour, no matter how rare.
In the Shadow of a Murder of Ravens • November 8, 2015 11:35 PM
but i guess, it’s our definition of ‘smart’ that differs here.
mine is merely a measurement of intellectual capacity, your’s seems to be rooted in a more predatory role.
Like, when someone is lying to you, they think they are getting away with it, but they aren’t.
You play with them, and let them talk.
So, sure, I suppose that is sort of predatory in a kind of cop and criminal sort of way.
Orange • November 9, 2015 3:18 AM
@ Grauhut
“You see, i am just a qualified amateur, open cards. I’m doing a little network security on a terabyte traffic a day, if i don’t do SEO.”
“And if an explanation stinks i dig a little deeper. My faustian soul wants to know what holds together the inner core of the world i live in. Some funny piece of decorative paper, a “western democratic constitution”, says i am allowed to do so. So why not? I have a well trained sense for anomalies and simulations and peeping back is fun!”
Interestingly, as human beings we all learned to question especially when told by authoritative figures where not to look. Thus the best authorities keep it hush hush. Beating the rattle snake, as an old tactic, used by Sherlock Holmes, as snakes get rattled they tend to bite. Network security and SEO sounds like they kinda go together, or perhaps its a rare combo?
Dirk • November 9, 2015 4:51 AM
@ Banana Sunday:
maybe because we are doing Engineering by PowerPoint ? (or Management by Excel ?)
blake • November 9, 2015 6:18 AM
“In the indictment, prosecutors allege that Craig’s false tweet-storms caused £1 million in losses to shareholders.”
http://arstechnica.co.uk/tech-policy/2015/11/scottish-man-indicted-for-twitter-based-stock-fraud/
The economy as a whole is certainly in the category of “too big to fail”. So, is £1m loss from a few malicious tweets material enough to really consider trying to build a more robust financial system?
ianf • November 9, 2015 6:22 AM
@ Jacob
[GCHQ, etc] suspected a bomb… by finding evidence in “communication chatter” ex post facto. This is notable especially since the chatter comes from a group high on the US/UK group A terrorist list.
We’ll never know the sequence of their post-facto “arousal of suspicions,” so let’s just state what we do know: they never found any chatter-needles in their haystacks. Which they HAD TO collect because the paid by the taxpayer infrastructure already was in place. Which will compound the very problem in the future. It’s like the Mount Everest: you climb it for no discernible reason again and again and again BECAUSE IT IS THERE.
As I wrote earlier, data haystacks are only good for forensics, not for extraction of advance intel for staving off coming misdeeds. Whether that represents good value for the money is not for me to say, but Alexander Nekrassov (below) begged to differ.
“Side Note: The Russians, according to news reports, were not aware of that “chatter”. I expect them to substantially increase their effort to globally tap comm channels from now on.
Maybe, maybe not. For one, Russia has plenty of its own Islamist and “slant-eye” foes to surveil, and so, if it decided to double up its efforts in “GCHQ-overlapping” spheres of interest, it would soon find itself in the same hoover-up-everything-know-nothing seat. So I don’t see them wholesale tapping into undersea cables etc., even though they seem to have stepped up the chicken game in mapping these sea-bed networks lately.
Back to listening to chatter: in this weekend’s BBC Dateline London[*], the (obviously Putin’s tube) Russian journalist Aleksander Nekrassov went bolshie on this Western, primarily the USA’s, dependence on ELINT, lack of HUMINT, and propensity for wrecking havoc in Libya, Iraq, Syria, where in the end they’ll have to “put the boots on the ground” to fix it anyway. When Russia’s own Afghanistan adventure was brought up, “it was not of Russia’s doing, but of the Poliburo’s, a wholly different regime” (unlike the present democratic one, wink-wink). Then the host recalled how, at the last Gorbatjov summit in 1988, a Russian general told him via an interpreter, that the Western countries, USA and Russia, will have to cooperate to defeat Islamic fundamentalism—in 1988! which made an impression on then very young journalist Gavin Esler.
That, however, was not the money shot of the table talk, but the look on Nekrassov’s face when told in passing by The Sunday Telegraph’s Janet Daley that there was one remaining superpower and one has-been ;-))
[^*] Dateline London: “Foreign correspondents currently posted to London look at events in the UK through outsiders’ eyes, and at how the issues of the week are being tackled around the world.”
Dwight Kolman • November 9, 2015 8:04 AM
Snowden talks about the NSA’s culture of silence and the quiet discomfort among some of its employees (worsened by the implementation of paranoid “insider threat programs”), the difficulties faced by whistleblowers, how exile is failing as a repressive strategy thanks to the internet, the hypocrisy behind the government’s apparently innocent invitations to debate security, the drone program, his 5 favorite security tools, the impact of surveillance on independent journalism and how western democracies are mistaken in betraying their fundamental principles for the sake of perceived stability.
ianf • November 9, 2015 8:10 AM
@ Figureitout, humming terminal
there was the Proxyham thing…
Think that was the one I had in mind, and which @humming terminal ought to be told about up front, given what ultimately happened to it (I may not understand all the tech angles and implications, but I can connect…the…dots between the thes and ands there),
RE: permanently unfinished project […] just want to find holes first. That’s kinda the point too if you understand the threat I’m targeting. There should never be a static target, always needs to be changing in non-trivial ways. Keeps attacker in recon stage which is the riskiest stage of discovery.
Listen, as a potential end user of your (for want of a succinct moniker) Arduino-based super-duper eternally guaranteed secure better mousetrap it is not my job to understand the threats you are targeting, but your job to define AND present these threats and proposed remedies in unambiguous enough fashion for others to understand instantly. Instead, when explaining things, you constantly get bogged down in the minutiae of the nitty-gritty that are of no interest to future end users (assuming there ever will be any besides yourself). You need to start at the other end, write down the threat scenarios that you want to eliminate, then narrow down the scope from there… not your present, the other way around. In clear terms, you need to begin at a similar level to those DIY Proxyham instructions. (And don’t you now dare writing me a treatise on where that project sucks, and where yours will surpass it, as you are itching to do!)
Win 10: One-Stop Mass Surveillance Solution for Governments • November 9, 2015 8:20 AM
“As soon as you leave the computer and boot the screen saver, to 15 minutes will start suspiciously high activity to send the data.”
The below link documents M$ is sending your personal data to hundreds of American big-data corporations.
M$ offers a turn-key mass surveillancesolution for governments.
No wonder the Chinese Premier went straight to Microsoft’s World headquarters. It was almost like a family reunion…
Use Bing to translate…
http://aeronet.cz/news/analyza-windows-10-ve-svem-principu-jde-o-pouhy-terminal-na-sber-informaci-o-uzivateli-jeho-prstech-ocich-a-hlasu/
Grauhut • November 9, 2015 9:17 AM
@Orange: “Network security and SEO sounds like they kinda go together, or perhaps its a rare combo?”
I really don’t know if this is rare, but for me it’s just two sides of the same statistical modeling coin, decode other peoples models (and kick them based on that), design own ones. I can also play netsec red and blue team. SEO is just a special kind of red team work, but of cause not in your own network and without changing things on the other side, just pathfinding. 😉
My employer had a bulk page seo problem and i solved it, statistically, probabilistic. Was possible because i “know” the g-index behavior since the “good ol days” when playing with google was a sysadmin online game. The later outer levels of the google onion added some segmentation, quality control and rank postprocessing, but thats it. And yes, i am such an ol dinosaur fart, i served my draft years at the end of the cold war era. 🙂
Clive Robinson • November 9, 2015 9:37 AM
@ ianf,
RE the intel on the Russian aircraft (whatever it’s number is..),
As I noted in my comment to Jacob, there is rather more to the data haystack issue than just forensics.
Try thinking like a grieving parent on hearing the news that a Western Power had evidence of the intended plot, but did not use it to prevent the atrocity?
Are you going to accept that this data only came to light with hindsight, especially after the same with twin towers attack that caused the restructuring of the US IC and formation of the DHS to prevent such a thing happening again, or are you going to think the information was deliberately withheld for political reasons?
I suspect that it would not take much to make many people in Russia think the West withheld the information for political reasons, as relations are currently at quite a low point over the Ukraine and Syria.
Which begs the question as to why GCHQ or others in the know revealed the information about the supposed “chatter”?
Which leads onto the question of “What did they hope to gain by releasing the information?”.
The thoughts that arise from this is that somebody wants to raise the stakes in the game, of brinkmanship over Syria. Possibly as a way of telling the Russians to stop attacking those seen as Western allies against Assad. Which has parallels to the testicle story you mentioned the other day…
Which to those of a certain mindset might well suggest that the knowledge of the bomb might be a whole lot more than “chatter”…
It will be interesting to see what actual forensic evidence comes out as to the physical origins of the explosives, detonation mechanism and container of the bomb. Much as it did with Lockerbie.
Jason Richardson-White • November 9, 2015 10:29 AM
@Orange Juice
ProtonMail has declared victory for now. (That is consistent with my having email again.) See their Twitter feed.
Aside from that, I caught myself denying the antecedent in my comment above — a dreadful mistake in a former student of Analytic Philosophy. Above I said,
“Paranoia is not my state unless fear is my problem.
And I am not afraid.”
Bold words, but implying nothing. “If not A unless B” is translated into logic as B -> A (if B, then A). But by adding ~B (not B), I get the following:
If B, then A.
~B
QED, ~A.
This is formally invalid. My bad.
The argument would work if I strengthened the initial premise a bit:
“Paranoia is my state if and only if fear is my problem.
And I am not afraid.”
Now, we have…
B -> A and A -> B (translation of my strengthened claim)
A -> B (by simplification ==> if “P and Q” is true, then P is true)
~B (by “introspection”)
~A (by Modus Tollens)
This works well enough. I am paranoid if and only if I let fear be a problem for me or, put another way, just in case the fear of surveillance “makes me crazy”.
But if I am not afraid, then fear is not making me crazy.
So, I am not paranoid.
I think what I had in mind, in retrospect, is that I would like to deny that the only reason why one might want privacy is that one is paranoid about how one’s communications might be used against one. Personally, I can’t think of any reason to fear. After all, within the past five years, some (former or active, I don’t know) counterintelligence officer of some US intelligence service was (I believe) hired or sent by someone to gain the material to blackmail me by recruiting a former love interest to compromise myself when I am (devotedly) married. I resisted, thankfully. But the experience has strengthened my resolve not to fear abuses.
However, there are other reasons to want privacy. If one is attempting to achieve or coordinate something that others might wish to stop, secrecy is sometimes required. I might someday wish to achieve something that others might wish to stop. For this reason, certainly, I desire some assurance of privacy, not because I have any particular fear, whether of doxxing or blackmail or embarrassment of some sort. (I do understand that there are many more ways of applying pressure than I have listed here.)
None of this implies that abuses should be tolerated. But it is worth asking whether the abuse rate of (say) the NSA relative to the magnitude of its collection efforts admits a cost/benefit analysis implying that mass collection is wrong. Suppose the abuse rate is staggeringly small…? Lacking any data on the abuse rate, it is hard to evaluate the case against mass collection.
Above, someone argued that the Hawthorne effect is sufficient to justify a moral argument against mass collection — namely, that there is harm even if people only think that they might be under observation. I don’t understand the connection to the Hawthorne effect, but I should like to see the argument laid out better. (I should follow the accompanying link to one of Bruce’s pieces that is apparently relevant. I shall in due course.)
ianf • November 9, 2015 10:39 AM
Listen @ Uhu,
without going into specifics, far too many things in your “suddenly changed mood” airport tale do not add up. Whether due to alleged presence of plainclothes police or not. I don’t question your recollection of perception, only your interpretation of it.
If the “trigger” was the arrival of a foreign flight from an Arab or Muslim country, then, if there were to DHS in advance known suspect people onboard, they would have been taken in for questioning, not merely observed from a distance in the hall while a tête-à-tête with embraces took place, after which everybody nicely separately went home.
If the flight was domestic, then the “foreign” passengers were already vetted, perhaps headed to some religious/ ethnic gathering or festival, and there was no cause for alarm that would have necessitated deployment of a 10-or-so strong plainclothes force to survey their arrival in situ. 10 plainclothes, imagine the overtime alone!
Remember who you are talking about, the police, that, if they can not make a collar, are wont to at least put on a show of strength, and in full riot gear “to show the flag.” Remember the emergence of post-2001/9/11 “flying while Arab” condition (akin to earlier “driving while black” one), when e.g. a group of native Michiganites of Oriental origin who were overexcitedly photographing Manhattan skyline from the air stirred fear in the cabin, and ended up being escorted from the plane under armed guard, then questioned on the ground. That’s the kind of police response that your fellow Americans expect AND GET from your designated guardians, not some measly “very unobtrusive” discrete mood changes in the airport.
I wasn’t going to get into specifics, but you just pile it on, so that’s deserves my verbal response. You’re an adult, you can take it.
1) I am glad to see that our government takes people like this particular white guy serious.
Externalizing your fashion-based fears leads nowhere. And I’d be vary of any govt that focuses on that—what was that airport concourse, a catwalk?
2) The observation was very unobtrusive.
Indeed, to the point of leading you astray into the imaginary Make-Believe land, where there’s them witches behind every stone unturned. Because that’s what the USA police forces are known for, subtlety.
3) If this is true, then there were a lot of agents. Maybe they were afraid that these guys were preparing a terrorist attack right there.
Were that the case, you’d all have been evacuated from the airport in advance, and the aircraft met by a couple of Bradleys on the tarmac. As befits terrorists planning an attack to which we’re privy. Hence not true.
Chelsey Mauler • November 9, 2015 11:45 AM
FBI and Europol claim to have “raided” and “taken down” an Iranian hacker group. The language is very triumphalist, but the devil is in the detail: all they’ve done is close down five command-and-control shells that they spotted running in European boxes.
I suppose the Iranian hackers are laughing their asses out at the fact that they managed to place multiple command-and-control shells under the very noses of some of the most aggressive internet surveillance regimes in the world and got away with it for so long.
Despite the shouts of victory, my guess is it’s a matter of weeks before the hackers recover from this minor inconvenience.
http://www.euronews.com/newswires/3086441-iran-cyberspy-group-hit-in-coordinated-european-raids/
Dirk Praet • November 9, 2015 11:49 AM
In an unexpected win for privacy, a Belgian judge has just ordered Facebook to stop tracking Belgian internet users who don’t have an FB account or face 250k in fines a day. It’s BEAUTIFUL!
groomed lobster • November 9, 2015 12:44 PM
@Dirk Praet
“It’s BEAUTIFUL!”
A ray of hope indeed! Let’s hope it is one of many to come across the EU in response to the European Parliament’s recent warnings about online privacy and the derogation of Safe Harbor.
AlanS • November 9, 2015 12:59 PM
This was published earlier in the week: Charlie Savage Power Wars: Inside Obama’s Post-9/11 Presidency.
Laura Donohue’s review on Just Security: Power Wars Symposium: Surveillance, Individual Rights, and the Obama Administration.
Savage contrasts the Bush-Cheney administration’s Lannister-like belief — power is power — with the Obama-Biden administration’s commitment to law-as-power. His account implicitly criticizes both as rather ignoring the point of why the Executive has power in the first place: to protect individual liberty….If the initial hope of civil libertarians was that the Obama-Biden administration would rein in an executive run amok, Savage notes, the belief was misplaced. To be sure, Savage recounts President Obama’s commitment to ensuring that surveillance programs would be (ideally) implemented only under specific legal authorities, and not based upon an Article II override of statutory constraints. But his book also vividly demonstrates, that adherence to the rule of law does not mean a commitment to individual rights. The administration did more than just accept the inherited practices. It expanded the programs….Savage’s account relentlessly documents the steady expansion of the surveillance state, behind closed doors and powered by rapid technological advances. It also notes that even more programs have been considered but not yet implemented — such as NSA proposals to track the movement of all Americans who use mobile telephones — portending a future ripe for abuse. The implications are hard to miss. The Bush-Cheney administration’s aim was to create precedent for executive power. The Obama-Biden administration then used the precedent to further expand the system, while their commitment to rule of law cemented it into ordinary, established practice.
Based on the review the argument think you can see this as an earlier extension of the legalism critique. See, for example, Jennifer Granick’s The Surveillance State’s Legalism Isn’t About Morals, It’s About Manipulating the Rules. Except manipulating the rules is just a stop gap until the rules can be changed to legalize what was already being done. Obama didn’t roll back the abuses of the Bush administration. He normalized them.
This is part of a much broader and older phenomenon: the continued expansion of the administrative state, the surveillance state being just the latest iteration. This feeds on technology, information, and empowerment of a technocratic elite. This is done in the name of protecting American values but poses an existential threat to the very values that it claims to protect. (for discussion, see, for example, The Constitution in the National Surveillance State.)
AlanS • November 9, 2015 1:04 PM
A judge who doesn’t roll over and play dead: Judge Leon just shutdown the NSA’s metadata collection program.
Although the court appreciates the zealousness with which the government seeks to protect the citizens of our Nation, that same Government bears just as great a responsibility to protect the individual liberties of those very citizens.
Alans • November 9, 2015 1:20 PM
I should clarify last post. Previously the judge stayed his order relating to an earlier ruling in Klayman. A new plaintiff was added. What he ruled today is that the NSA can’t collect plaintiff’s metadata which means the NSA have to extract all the stuff they have already collected and prevent future collection. A small thing maybe but wins have been few and far between.
Leon seems rather frustrated that the appeals process of his earlier ruling, the order of which was stayed, was not done expeditiously.
Jacob • November 9, 2015 1:53 PM
We tend to attribute to state-sponsored hacking groups high level of competency, tool chest full of goodies and distinct professionalism.
Well, this group bucked the trend – the Iranian “Rocket Kitten” hacking team. Actually, they were a few grades below the “fumbling idiots” level:
The full report is here:
http://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf
Grauhut • November 9, 2015 2:22 PM
Looking for a job? 🙂
German ministry of internal affairs want’s to create a new hacking agency.
They are going to code stuff for federal police and intelligence agencies.
“The Ministry of the Interior will create jobs for up to one hundred encryption experts and network professionals to perform the necessary tasks. A name for the proposed agency probably does not yet exist. It will not perform monitoring tasks, but only develop the techniques and tools for it.”
Michael • November 9, 2015 5:26 PM
@ Dirk Praet
“In an unexpected win for privacy, a Belgian judge has just ordered Facebook to stop tracking Belgian internet users who don’t have an FB account or face 250k in fines a day. It’s BEAUTIFUL!”
How do you prove in a court of law Facebook did not cease the trackings?
Petter • November 9, 2015 5:48 PM
@ Sunshine Surfer
That is a very nice step Apple is taking.
The forced or unknown fingerprint uplock will be trickier.
It reminds me about some safes with security systems which opens up but silently transmits a robbery/assault alarm to the police when a certian number is added after the last digit in the ordinary code.
сдавать • November 9, 2015 7:01 PM
Beltway losers get pwnd by Russians again!
http://www.thedailybeast.com/articles/2015/11/04/pentagon-farmed-out-its-coding-to-russia.html
If you were scared about the missile gap, wait till you see the IQ Gap. Handpicked incorruptible Russians are up against America’s dregs, all the fat diabetic retards who can’t get real jobs. So the dumbest of the dumb wash out of the military, get picked up by crooked contractors and feather their nests with MIPRs until their program crashes and burns.
Grauhut • November 9, 2015 7:09 PM
@Jacob: “Actually, they were a few grades below the “fumbling idiots” level”
If someone shows you that kind of binary travesty, he wants you to see a travesty.
https://www.google.com/search?q=Iranian+%22Rocket+Kitten&hl=en&gws_rd=ssl
“Believe me sir, we did not do such crap, shall we show you another one?”
Smells a little like trying to push a sandsnake into a laboratory sandbox.
Does that mean there is a new sandbox to be tested? Someone should dial 8200 and ask.
Grauhut • November 9, 2015 7:17 PM
@сдавать: I am sure the russkys had security clearances, but the wrong ones! 🙂
Dirk Praet • November 9, 2015 7:41 PM
@ Michael
How do you prove in a court of law Facebook did not cease the trackings?
The case in essence is about Facebook’s datr cookie. If it’s present on your machine and you don’t have a Facebook account, they are tracking you.
FB has already announced they will appeal but are unlikely to succeed. Even in government circles, the verdict was hailed as “a logical decision” and “a huge win for privacy” as laid out in Belgian and European legislation. Ever since the revelations about GCHQ activities against Belgacom and the European Parliament in Brussels, there has been a growing allergy against foreign spying – corporate or state sponsored – within all three branches of government and even across political boundaries.
Unless the USG and US corporate lobbyists can reign in this rebellion through TTIP, they can expect to see more of this soon, and all over Europe. Except for the UK, probably, but if we are to believe Daffyd Cameron, they are on their way out of the EU anyway, which I personally believe is a good thing for all parties involved, except for the US.
Figureitout • November 9, 2015 7:48 PM
ianf
be told about up front, given what ultimately happened to it
–No it’s quite different except I can use the same high gain yagi antenna for each, and you can have a “wifi” scanner w/ the nRF24 but it’s just checking wifi channels, won’t get data. Proxyham was for 802.11 aka wifi. Nearly same frequencies (well, not the “RATS” thing, from like 420-458MHz which as a rule of thumb means better range but bigger antennas necessary) but very different RF characteristics. Another point to using an RF chip like nRF over a bare-bones simple radio like FS1000A (crap, sorry…) was some of the built-in hardware protection of the signals, whereas w/ simpler Xcvr’s (well not even, separate Tx and Rx) random noise like home appliances injects itself and then it’s a matter of deciding what is and is not an attack…Imagine how pissed to think you were scared of an attack and it was your dryer lol…
Listen, as a potential end user
–Yay! It’s cheap besides maybe the sensor (quality choice is up to you). Hope it helps you catch an intruder or inform you of unwelcome visitors when I get it done…Can’t wait to get done w/ these (somewhat shaky, but no other choice) roots of trust (lots of MCU’s w/ specific functions) and onto general purpose computers. And think of Arduino as a “wrapper” for AVR, which has a Java dependency (the toolchain). So I can already envision more hardening w/ a smaller chip and smaller toolchain but that equals more time and less user friendly so I’ll just go w/ it for now. Also think it’d be hilarious to catch some people w/ an Arduino. :p
it is not my job to understand the threats you are targeting
–Want to point out where I said that? We talk about security here, and quite a few of us are doing our own thing and want different perspectives, something I could never see myself so I don’t find out “the hard way” aka getting owned.
your job to define AND present
–Man, I will. In github page and code comments.
And shutup, you’re sounding like my dad lol. He tells me to STFU and “do it”, “the attacks you’re talking about don’t happen enough to matter”, but does appreciate my attention to detail which does make things better.
Orange • November 9, 2015 8:16 PM
@ Grauhut
“SEO is just a special kind of red team work, but of cause not in your own network and without changing things on the other side, just pathfinding. ;)”
To me, SEO implies you’re sitting on some type of link farms that you can pathfind, or it could mean you are trying to optimize search engine themselves. With the advant of browser scripts plugins, etc., it gets much easier to de-SEO which means more humans are needed to grease the engine. That’s probably why the likes of Yahoo never gone the way of astalavista. etc. The folks with websites who want to be found will SEO themselves or make it as spider friendly as possible. It’s a bit like a self fulfilling prophecy. But the endgame of “SEO” is you don’t run the engine, who is subject to rule shifts by the operators. Too much SEO is a sure fire way to get de-SEO’d, but that’ll keep paychecks coming because there will always be more need for SEO. It’s another landscape where the participants are pitted against each other and the game itself. Doing too well, or too smart, can turn into a recipe for stupidity, because the game detects it and shifts its gears to reshuffle the rules so the smart has to get smarter, and smarter, until they eventually cant.
AnotherDDoS • November 9, 2015 8:32 PM
Hushmail also appears to have had DDoS attacks recently
https://www.hushmail.com/
https://help.hushmail.com/entries/107539976
tyr • November 9, 2015 8:32 PM
You can skip if humour impaired.
https://www.muckrock.com/news/archives/2015/nov/09/famous-writers-agency-foia-offices/
Reminds me of Harlan Ellisons line about a demons
arrow being part of a TV antenna fletched with
covers from a Barbara Cartland paperback.
ianf • November 10, 2015 6:41 AM
Ragbag off The Guardian from Friday last until today, guaranteed OT. Long but good, may be nonsense (Gerard van Vooren avert your eyes).
Donald Rumsfeld
‘He’s getting up in years’: Rumsfeld says Bush Sr wrong in criticism of son’s aides
Bush Jr ‘made his own decisions’ says former defense secretary, who is labelled arrogant and damaging to president in new biography of George HW Bush
George HW Bush |
George Bush Sr book reveals a more dangerous Dick Cheney than anyone knew
Destiny and Power shows a VP with more authority than almost all his predecessors, making plain Bush Jr’s administration could have been even worse
Robots |
Robot revolution: rise of ‘thinking’ machines could exacerbate inequality
Global economy will be transformed over next 20 years at risk of growing inequality, say analysts
US foreign policy |
Russia is putting world peace at risk, says Pentagon chief Ash Carter
The Kremlin’s ‘challenging activities’ and nuclear sabre-rattling are ‘disturbing’, the defense secretary says, adding a warning about the rise of China
Lost at sea: the man who vanished for 14 months
In November 2012, Salvador Alvarenga went fishing off the coast of Mexico. Two days later, a storm hit and he made a desperate SOS. It was the last anyone heard from him – for 438 days. This is his story
PRIVACY | Opinion
Privacy is starting to seem like a very 20th-century anomaly. David Shariatmadari
For most of human history, people lived with little or no expectation of a private life. So the new normal, where everyone knows your business, is perhaps not so new – but the golden age of privacy afforded us some important things
Technology sector | The Observer
Artificial intelligence: ‘Homo sapiens will be split into a handful of gods and the rest of us’
A new report suggests that the marriage of AI and robotics could replace so many jobs that the era of mass employment could come to an end
Josh Ostrovsky: ‘The internet is like a giant weird orgy’
Instagram superstar, comic, rapper … and plagiarist, too? Meet Josh Ostrovsky, aka the Fat Jew. Words by Jon Ronson
Google |
Alphabet and Facebook develop rival secret drone plans
The tech giants are racing to provide internet access from unmanned aircraft flying higher than passenger jets, having quietly registered new drone designs
SCIENCE |
Academics land £2m prizes at Zuckerberg-backed ‘science Oscars’
British researcher John Hardy among those to win a Breakthrough prize at ceremony hosted by Seth MacFarlane in the US
Netherlands |
Undelivered letters shed light on 17th-century society
Thousands of pieces of correspondence, many still unopened, were stored away by Dutch postmaster and are now being examined by academics
SURVEILLANCE | Opinion |
This snooper’s charter makes George Orwell look lacking in vision. Heather Brooke
The new surveillance bill renders the citizen transparent to the state, putting every one of us under suspicion. It would serve a tyranny well
Human Rights Act | Opinion |
We will all suffer in Michael Gove’s war on Europe’s judges. Zoe Williams
The idea apparently mooted by the justice secretary that a British bill of rights would be a replacement for the Human Rights Act is a fiction
Art and design |
Army for hire: the artist employing ghost soldiers to invade Facebook
In resurrecting an 18th-century mercenary army, Constant Dullaart has found a novel way to skewer the social media empire
Theatre |
Olivia Williams: ‘I’ve never been cast as a silly little woman before’
Banned in 1907, but still sharply topical… A man too pure for politics given an unexpected leadership role. A Tory government drafting as its patsy a politician unschooled in the compromises of power. Until the stage addresses the stories of Corbyn and Clegg directly, we’ll just have to make do with Harley Granville Barker’s Waste, the first National Theatre production of which opens on 10 November. Its star talks sex, idealism and backstage briefings from Neil Kinnock
Encryption |
Tech firms warn snooper’s charter could end strong encryption in Britain
The IP bill gives the government the power to demand tech companies weaken their encryption, say industry representatives – despite promises to the contrary
Japan Shortcuts |
The Tokyo hotel where guests can curl up with 1,700 good books
Book and Bed is a Japanese hotel that’s taking a very novel approach to hospitality
BoppingAround • November 10, 2015 9:39 AM
Dirk Praet,
Ever since the revelations about GCHQ activities against Belgacom and the
European Parliament in Brussels, there has been a growing allergy against
foreign spying – corporate or state sponsored – within all three branches of
government and even across political boundaries.
How about domestic spying? Anything interesting on that front?
Where Eagles Fly • November 10, 2015 9:46 AM
@ianf
Incidentally, a SERIOUS QUESTION: is it fair to say that the Brits owe that Snooper’s Charter directly to Edward Snowden?
Does anyone read of this charter and come privately to any other conclusion? The only reason we do not see this in these articles is because it is implicit. Implicit or explicit, the message is very loud and clear. They are not modelling these laws after Stalin’s Soviet Union or Kim Jong-un’s North Korea because they are thinking rationally and patriotic souls. They have done this because they were so deeply shamed, so deeply disempowered, and that before America.
No one would have known the extent of it, had they not put so much pressure on conservative law makers to come up with such foolishness. This reveals it.
As shamed as Snowden made power brokers in the US, the shame was was shared with Britain through Glenn Greenwald. How so many so powerful were brought so low, how they must have grinded their teeth in frustration. And by but two men whom they so despise.
@Alan S
This is done in the name of protecting American values but poses an existential threat to the very values that it claims to protect.
They are undoing the values of free nations while claiming to protect them. But, we have seen this time and time again. Of which example from history, near or far might we pick?
One of my favorites is how the financial leaders fought against regulations in the height of their power. Where there were critics or doomsayers, they brutally used their power to silence them. They evangelized their message of de-regulation, as if it were a mark of their genius. They were in power, they were famous and wealthy, they were, indeed, revered. And it is not like any of them ended up in the poor house when all was said and done.
Regulation meant disaster to wealth for all people, by their line. Even, any manner of regulation. Critics were against the wealth of the American people, enemies of the economy. When the reality was the exact reverse.
The same situation here. Only the stakes are much more severe.
This is because it is the very same principle under which they are operating. Instead of the influence of money, there is the influence of power. Otherwise, the equation is the exact same. The acceptance and praise they get for holding to their irrational beliefs is the exact same. For the financiers, they had the full backing of their peers in the financial stratosphere. For these, arguing for total information awareness, they have their backing amongst the legal, military, and intelligence elite.
In either case, that they are ruining the country and damaging the world makes no difference. Because that is the long term and hardly involves them, if at all. In the short term, they have immense profit. And for their own, private long term, everything looks rosy as long as they keep these friends they currently have. If their ship does sink, it will not be a lonely drowning.
This is, indeed, the way of the world.
What systems ultimately are on the table here? One is dragnet, domestic surveillance. Another is an extensive backdoor system. And there are related fights. Ultimately, it is even the very same principle: no regulation.
In both cases complexity and secrecy allows for ample room of deep irrationality.
The advantage in this fight, is there are more informed and able critics. The disadvantage is that the government its’ self has already gone dark. So, if they ultimately want to implement whatever they want to, no one can stop them. Indeed, in many cases, it should be assumed – and in some cases even be argued – that they already have.
So while they are all up on stage yelling about the potential for the “bad guys going dark”, bear in mind your government already has.
Grauhut • November 10, 2015 10:29 AM
@Orange: “Doing too well, or too smart, can turn into a recipe for stupidity, because the game detects it and shifts its gears to reshuffle the rules so the smart has to get smarter, and smarter, until they eventually cant.”
What you describe is called evolution. 🙂
Either you do better work than your contesters or you don’t. And Google inserted user feedback quality checks, if the people don’t click and stay on your site for longer periods your pointer goes direction south. But in order to get into that contest you have to do some statistical work. Its like the olympics, you can not simply go there and start as a runner, you need to qualify before.
ianf • November 10, 2015 11:07 AM
@ Where Eagles Fly – you make a bold philosophical (if not merely sophist) claim
[…] “As shamed as Snowden made power brokers in the US, the shame was was shared with Britain through Glenn Greenwald. How so many so powerful were brought so low, how they must have grinded their teeth in frustration. And by but two men whom they so despise.”
Well, much as I want to believe it, I simply don’t see it. What I mean by that is I’ll believe it when I see Gen. Hayden et al & his SO FAR ANONYMOUS British GCHQ heads (and those allied of similar other nations’ domestic snooping services) standing in line at 8:00 AM sharp at the Jobs Centre together with that days’ prison releasees, and assorted housewives wishing to escape the drudgery of housewifery. While being interviewed by Breakfast TV on their prospects in today’s tight jobs market.
ianf • November 10, 2015 11:23 AM
[…] Belgians who are not logged into the service or who don’t have an account have not given [explicit permission], so Fuckfacebook has to stop collecting and processing their data.
Dirk, all dandy, BUT… I used to have an account to check it out (never posted, followed or liked anything there, also 0 “friends”). I couldn’t find a way to delete it other than by aliasing it to another, unused email, which I subsequently abandoned. That was >5 years ago. Technically I may still have an account there, but never log on (though occasionally have to look up something public posted there… those who mail me FFB links do not understand why they shouldn’t be using it).
Somewhat less intrusive thing happens on Twitter. I have asked acquaintances, whose nicks keep coming up in my “Who to follow” section there, to delete me from their address books, but the damage already has been done. I am waiting for a Kickstarter campaign to round up all the corporate privacy rapists & have them put in stocks for a fortnight to be spit at in Union Square, SF, and Trafalgar Square, London, NO MERCY!
@ Jacob
Obviously, we need a new term for “idiot hackers,” or maybe for “wannabe hackers.” Unfortunately, the apt “wankers” already is taken.
prior.art.iranian.hacking.competence(void)
@ Petter (cc @ Sunshine Surfer)
… is reminded of some safes with security systems that [under threat of force] open up while silently transmitting a robbery/assault alarm to the police when a certain, extra number is entered after the last digit in the ordinary code.
I’ve been wondering for a while, why credit card and/or ATM/ bank/ equiv. companies do not offer some FLAG ENTRY PIN CODE capability at least to those who request it. The function of which would be that, rather than deny the service outright, the ATMs could display “Second factor authentication code sent to your phone,” while in dispersed terminal CC cases, it simply could serve as a time-stamped record of entry under duress/ robbery in progress. This would effectively lower the criminals’ appetite for such capers.
Then again, I once suggested to a credit card issuer, that, rather than sending authentication code to my preregistered mobile number, they should place a mechanical voice call to my landline, as a more secure solution (and possibly with by me selected option of sending it again via SMS to my mobile first if the transaction not has been completed within 5 minutes or so). They never replied, possibly due to NIH syndrome. But I have that on the record, that I care for bank security!
Grauhut • November 10, 2015 12:02 PM
@ianf: “Google | Alphabet and Facebook develop rival secret drone plans
Exactly what we all need, Zuck, Sergey and Larry's constant drones well above our heads hand-in-glove with the NSA"
Seems they need more accurate position data for “unregistred” phones and wifi aps in order to connect rough ids to humans.
Clive Robinson • November 10, 2015 12:57 PM
@ ianf,
Incidentally, a SERIOUS QUESTION: is it fair to say that the Brits owe that Snooper’s Charter directly to Edward Snowden?
It depends on what you mean, by directly and owe…
In theory the “snoopers charter” is an update to the law in the same way that the Regulation of Investigatory Powers Act (RIPA) and it’s amendments were.
That is it, –supposadly– takes out the ambiguity of what can and can not legaly be done and by whom and under what circumstances.
It gives a stronger set of legislation than the 84 communications act, which GCHQ had been busting the boundries of up untill very recently. Like RIPA it uses legalistive wording to mean “any electrical electronic, RF/EM communication that can be reached by any means what so ever from the UK. Thus in theory your house thermostat in deepest darkest podunk, hinksvile, can be got at legaly by GCHQ and possibly even a UK Civic Council / local authority. Because your PC/laptop/netbook/pad/smartphone or computer in your wide screen TV occasionaly connect to the Internet, thus possibly could be made to talk to the X10 or equivalent signalling over mains wiring you thermostat listens to. That you have to have, not because you want the crap, but because some gomer in a paid for by the public office, has taken a well stuffed brown envelop of incentives from the California or equivalent power generating lobby, and it is illegal to not be connected to them, via their made at the cheapest possible price smart meter from China or worse…
Prior to RIPA comming into law, it was unthinkable for local authorities to “bug peoples homes” just to see if their application form for the school their child was going to was valid, or to find out if a pensioner with dementia had put a used teabag in the wrong communal bin… And should thus be subject to draconian penalties. But after RIPA it became a matter of “oh we can do that because RIPA say’s we can” and they thus did so…
Thus the “snoopers charter” is going to give a lot of people free licence to do outrageous things simply because it says they are not prohibited from doing so.
The fact is Theresa May is mearly doing what civil servents egged on by the UK home IC / LEOs have been –probably illicitly– doing and certainly forcefully asking for going back prior to Harold Wilson PM back in the 1960/70s (look up “The Wilson Doctrine” and the “Marine Offences Act”). The fact she is significantly lacking in practical every day intelligence and the lessons of history, means she has acquiesced to the demands unlike her less lacking predecessors as Home Office Minister.
Thus the only thing Ed Snowdens trove of documents has done is expose the UK home IC / LEOs “dirty laundry” of illicit activities, and thus cause these roaches to scurry from the unexpected sunlight. They have thus used FUD on a none to worldly wise politico and she rather stupidly fell for it, rather than kick it into the long grass via an enquiry or some such.
The one certain thing this has shown is just how awful she would be as leader of her chosen political party. Which in turn shows she is at best unfit to hold senior office in Government…
ianf • November 10, 2015 1:59 PM
@ Clive
is it fair to say that the Brits owe that Snooper’s Charter directly to Edward Snowden?
It depends on what you mean, by directly and owe…
Originally I wrote ‘owe’ in quotation marks, but then decided enough this implied… something. Owe as in “as a consequence of Snowden’s pointing out existence of a de-facto INFORMAL/ SECRET Snooper’s Charter, which the services claim as a necessity—yet thus far have not attempted to formalize.” This precise and unambiguous enough explanation without shade of a doubt for you?
In theory the “snoopers charter” is an update to the law in the same way that the Regulation of Investigatory Powers Act (RIPA) and it’s amendments were.
That is it, –supposedly– takes out the ambiguity of what can and can not legally be done and by whom and under what circumstances.
Fair enough, that’s basically what Ed Snowden said to BBC Panorama Peter Taylor in Moscow not that long ago, that if the services say they need it, “why don’t they formalize it, and then in conditions of public debate?” Which is what’s happening. In a sense Ed is guilty of not letting the sleeping dogs lie, for which we, the nations of Sleeping Beauties, should be grateful.
PS. you’re a hard customer, Clive Robinson. I have unfinished replies to you going back several weeks, some of which I’ll have to finish because they take up IMPORTANT THINGS that are dear to my blood pump organ.
Grauhut • November 10, 2015 3:43 PM
@Clive: “Thus the “snoopers charter” is going to give a lot of people free licence to do outrageous things”
And nobody is allowed to discuss it! Not even in a court. 1985, this time with gag order… 🙂
Next time you want to have a debate in parliament about the real world consequences of this snooper charter you have to elect a knowing network techy as MP first, so that your bill of rights protects him if he speaks out in the parliament! 😉
Where Eagles Fly • November 10, 2015 4:27 PM
@ianf
Har har har, you are ever the interesting fellow, ianf.
Of course, being personally and collectively shamed and shown to be powerless is a far cry away from anyone losing their jobs. It just makes those sorts really angry. All the worse are the circumstances exactly as I noted.
All who feel that way are kept on, so there is a very unified chorus. Those most to blame of every manner of fault involved are going to sing all the loudest. They could not be more important.
It is an instinctual force reaction, and so, in security very dangerous. Highly irrational. Often used by those who manipulate others so they utilize their own anger against themselves. The blind rage of a bull running at the matador. It is exactly this goading which kills the bull, not the matador.
But, in these cases, there is no matador, is there? Just a wild bull running about, blowing steam from its’ nose. Fury without meaning.
Orange • November 10, 2015 8:28 PM
@ Grauhut
“But in order to get into that contest you have to do some statistical work. Its like the olympics, you can not simply go there and start as a runner, you need to qualify before.”
Why of course, working hard is bare minimum, thus good productivity, and getting into the olympics is a competition all in themselves, while training hard is a good starting point, you work up the competitions and be selected, then your physiques peak at the right timings, and you win the prequal, rinse, repeat, rinse. No one’s going to dispute you on that. 😉
ianf • November 10, 2015 11:18 PM
When one gets a promotional offer from the well-known Internet bookstore which one earlier anonymously has searched for (but never ordered) a specific title, then one knows that the disappearing game that one has contemplated has effectively been lost before it even begun.
Are you looking for something in our Reference Books store? If so, you might be interested in these items.
How to Be Invisible: Protect Your Home, Your Children, Your Assets…
J. J. Luna | £16.61Soldier of Fortune Guide to How to Disappear and Never Be Found
Barry Davies | £11.99The Little Black Book Of Skip Tracing: Creating Pretext, Mastering… | £3.81
cc: BoppingAround, Nick P.
Clive Robinson • November 11, 2015 12:08 AM
@ ianf,
You might also consider, what other information you might leak…
You have indicated you are “on the continent” not in the UK…
So perhaps you might ask why the pricing you quote is in GBP not Euros?
tyr • November 11, 2015 1:05 AM
OT
http://www.politico.eu/article/inside-the-pentagons-fight-over-russia-us-eastern-europe/
Unless you think staying alive in a confrontation might
be related to security. The BCT has been highly touted
as the way of the future but it looks like the best of
the field commanders thinks there’s a better way if the
Rus are the projected enemy. I also notice that they
got rid of him because he lacked the ability to snuffle
up to the bung right smartly. If someone is dumb enough
to step onto Russian soil as an invader their ability
to call up troops will suddenly turn around if their
history is any indication.
The real danger is the politicos who all seem to be in
a contest to appear dumber than the last idiot.
ianf • November 11, 2015 8:16 AM
@ Where Eagles Fly [+ @ Clive below]
[…] Re: Gen. Hayden et al. “being personally and collectively shamed and shown to be powerless is a far cry away from anyone losing their jobs.”
Somehow I can’t envision any of these non-gents hotfooting it to the Jobs Centre while they still have present jobs, but obviously you could. Also I don’t accept that any honest work could be a source of shame… loss of status vs. your former peers, certainly; loss of face, maybe—but then do remember that they can not lose what they no longer have, which is why they are forced to speak with their asses. Besides, what other form of punishment leading to penitence would you envision… public flogging, of?
[…] “they utilize their own anger against themselves. The blind rage of a bull running at the matador. It is exactly this goading which kills the bull, not the matador. But, in these cases, there is no matador, is there? Just a wild bull running about, blowing steam from its nose. Fury without meaning.”
WTF? Listen, I’m not much of a Hemingway-manqué, but if I see another blowing steam from its nose wild metaphor running in circles, I will blow it out on sight both barrels, and replace with dry no-adjective option..
@ Clive “consider, what other information you might leak… you might ask why the pricing you quote is in GBP not Euros?”
There you got me, I’ll have to ask the well-known Internet bookseller why it persists in sending me £-infested mails, rather than such sprinkled with my Diñeros. But thank you for caring, and a reminder that I’ll have to step up my security-by-sprinkling-confusion for the benefit-y of resident ianf-watchers here (the remote ones already have my number and, alas, not much of valuta).
… and in a parallel thread, Clive again:
“You say “him” but if you go back and read the comment again the writing style is more “her””
Actually, the royal us said we had a taste of it, then stood over. A taste, singular. Last I read the contract, it had a stipulation of us not having to read all the dross, just enough of. The underhand reasons were cost savings, but we both know what the real [redacted] ones were.
Jason Richardson-White • November 11, 2015 8:25 AM
Is there anyone else who has ever considered whether we should all just … slow down?
What if I told you that I have a reasonably wel-articulated plan to…
(1) take power from the elites (both governmental and corporate) using primarily (possibly exclusively) non-violent means
(2) slow down and reduce the global birth rate
(3) make it unnecessary to have a continually growing economy
(4) arrange society so that political power descends as (roughly) a linear function of distance from those over which power is exercised
(5) save the world from most or all of the major cataclysmic scenarios that threaten it (e.g., global warming, nuclear war, environmental degradation, etc.)
(6) preserve fundamental human rights
Suppose I told you that we could implement the plan in a century, while negotiating the hurdles of climate adaptation, mass migrations, and national & ideological differences?
Of course, there are always trade-offs. In the case of this plan, the trade-offs are principally:
(1) all people have to spend more time on labor of the “messy hands” sort (growing food, running local cogeneration facilities, participating in local democracy, etc.)
(2) it takes longer to get from one place to another
(3) it is much harder to get rich
(4) modern medicine still exists, but the immortality being sought by the uber-wealthy and medical elites is pushed out of reach
JP • November 11, 2015 9:16 AM
Microsoft sets up data centers in Germany amid US surveillance concerns
MS still has miles to go before they earn my trust again but this is at least one step in the right direction.
I also find it interesting that near the bottom it is mentioned that Amazon will also create an UK Data Center. UK? Really? Where will it be located? Maybe inside GCHQ’s own buildings?
If Amazon were any interested in protecting anyone’s privacy they wouldn’t build their data center in one of the five eyes countries.
Curious • November 11, 2015 1:34 PM
I am no expert, and I don’t work with security, though my impression is that Germany is the last country in Europe where data would be stored safely from US intelligence. I like to think of Germany as NSA central in Europe.
John Galt IV • November 11, 2015 2:13 PM
@Jason
Four important questions on your planet.
1) what are the highest and best uses of resources? you can think of resources as time, money, blood sweat and tears
2) how can you prove that your answer to 1) and any implementations based on it are correct?
3) what are the conflicts of interest?
4) how can the conflicts of interest be mitigated?
Today is an auspicious day to reflect on the insanity of Irish Christians killing German Christians (and vice versa) because they had been brainwashed, coerced, or both into fighting for other peoples’ money and power. Just to pick two random groups that did a lot of bleeding. Much the same as it always has been.
“I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones.” -Albert Einstein
US (German-born) physicist (1879 – 1955)
http://www.quotationspage.com/quote/329.html
I like your formulation of a solution to the present situation. We could work out that the issue that lies behind mass surveillance is conflict of interest. Indeed, the entire problem of government is conflict of interest. People have to cooperate to provide security, the provision of which quickly becomes attractive to various sociopaths and psychopaths who divert government power to other ends. I think that your solutions will help mitigate the problem, but they will not make the intrinsic conflicts of interest go away. We might hope that artificial intelligence would offer some solutions to government that cannot be diverted to private gain, but that has not been the experience thus far.
Justin • November 11, 2015 2:50 PM
Follow-up to my previous comment:
(Another investor website, I might add. Link at the top of their page to their (in)famous Bloomberg Terminal.) It could not be more mainstream than this.
Bloomberg View: Declassified: The Pentagon’s Lonely War Against Russia and China
At last weekend’s Reagan National Defense Forum, top Pentagon officials warned about the coming great power battles with Russia and China. But the U.S. approach to both countries shows that other parts of the administration view those relationships in a very different way. …
The opinion piece is not very flattering to Obama:
… The result is a muddled approach to the U.S.’s great power competitors. There is not much hope for it to be resolved until the next administration.
The Pentagon knows what’s going on, surely. That’s their job. But it would be naïve to assume that “other parts of the administration” are in denial. They’ve been advised, surely in secret to a far greater extent than what is reported openly.
Again, follow the money. Maybe I’m naïve, but to me indications from these articles are that big money is betting on war. That kind of money doesn’t come without an appropriation from Congress. But New war authorization left for dead …
@ Jason Richardson-White
People with ideas like that make the hairs stand up on the back of my neck…particularly your plan to ration medical care and limit its availability to the general population.
(4) modern medicine still exists, but the immortality being sought by the uber-wealthy and medical elites is pushed out of reach
Your (earthly) “immortality” is a canard, and your premise that “modern medicine still exists” is a lie. True, in that “modern medicine still exists,” but I can testify it is definitely “out of reach” for all but the “uber-wealthy and medical elites.”
Nick P • November 11, 2015 4:14 PM
Microsoft unveils German data plan to tackle US internet spying
Re-post of my previous response:
“This is utterly ridiculous, possibly even subversive, given two things:
(a) The number of intentional leaks in Microsoft products (esp new Window’s) that might be inspired by NSA surveillance
(b) The leaks showing German BND and Five Eyes cooperate very closely on SIGINT with BND letting them use selectors that no patriot of German government or industry should’ve tolerated.
Many articles, esp Der Spiegel, also indicate that German intelligence is lap-dogging so hard in an attempt to join Five Eyes club. Additionally, remember that the TAREX teams in ECI leaks were focusing on Germany, South Korea, and China. Yeah, not all the terrorism they talk about on TV: one opponent and two seeming partners. What do all three have in common? They’re among the biggest economies competing with American (and Five Eyes’) business interests. Makes sense among scheming intelligence agencies to use assets against them to get privileged few tight with Washington a competitive advantage and do counter-intelligence against their agencies doing the same.
So, Microsoft are either a bunch of idiots that have no awareness of Snowden leaks or reporting on the situation with NSA and Germany. Or they knew that while subverting their European offering to give NSA every chance to hit the customers’ data as a favor to them to avoid pressure and keep lucrative contracts. I’m betting on the latter to be safe and continuing a boycott of Microsoft tech where possible.”
Sancho_P • November 11, 2015 4:31 PM
@Jason Richardson-White
Great, love your proposal.
The good news: Got the contract, all points accepted …!!!
But, Jason, there are bad news, too: We don’t have a century, just a decade.
…
Uuups, forgot to mention:
We have to start back in the (19) 60ies / 70ies, sorry.
ianf • November 11, 2015 4:44 PM
@ Justin, you took this Jason Richardson-White’s (complete with a dash) make-believe claim
“What if I told you that I have a reasonably well-articulated plan to…”
SERIOUSLY enough to warrant further consideration? I wasn’t going to bite, but now—by all means, do JR-W tell us the methodology of that plan, ways and means by which you intend to achieve that (in itself attractive) slowed-down world ideal of yours. Just the barest outlines of how to get there, as I’m sure the details would take too long to… detail, by which time they’d become outdated anyway. PLEASE. I’m curious & all-ears (eyes). So, unless the methodology is SECRET, we’ll know what you have in store for us.
Dirk Praet • November 11, 2015 5:38 PM
@ Nick P
Re. Microsoft unveils German data plan to tackle US internet spying
This is utterly ridiculous, possibly even subversive, given two things
I’ll give you a third one: if the US Court of Appeals for the Second Circuit rules in favour of the DoJ in Microsoft Corporation v. USA, then any US search warrant can still compel American companies to produce data stored in servers outside the United States.
The current initiatives by MSFT and other US companies are mere window dressing to appease European customers and regulators until such a time that the United Corporations of America can impose their own rules on the “international Americas” through TTIP or similar initiatives.
Nick P • November 11, 2015 5:49 PM
@ Dirk
Interesting. We’ll add that to the list of possibilities along with the one someone mentioned on another site regarding it might be about Safe Harbor. Personally, I think there’s a balancing act going on where it will be a win for several parties.
tyr • November 11, 2015 6:35 PM
TLAs have a new way to undermine society.
https://blog.torproject.org/blog/
I’m sure it was all perfectly sensible if you think
COINTELPRO was a wonderful idea.
If you go back in history you’ll find the Gehlen Apparat
in bed with USA before the ink was dry on the NSDAP
surrender papers. World War two for the historically
challenged by by acronyms.
Dirk Praet • November 11, 2015 7:34 PM
@ Nick P
We’ll add that to the list of possibilities along with the one someone mentioned on another site regarding it might be about Safe Harbor.
It’s all about Safe Harbor. Now that US tech companies have to negociate T&C’s seperately with every member state, they need to come up with something tangible if they want to keep doing business with any European customer – especially government agencies – subject to data protection compliance programs. Or face billions in lost revenues.
Especially in a CISA context – granting legal immunity for all data shared with the USG – a court decision in favour of the DoJ would render data centres on foreign soil completely meaningless. So I’m not sure what you mean with a balancing act because I really don’t see one. Even if the USG and its lobbyists were to get the EU Commission and Parliament to totally bend over, there are still no guarantees that the EUCJ will. Which means that we are heading for a full collision unless either party adopts different privacy legislation. Which we all know that the US for “national security” reasons never will. Or in the words of Assistant Secretary of State Victoria Nuland: “F*ck the EU”.
jdgalt • November 11, 2015 9:37 PM
An NSA guy did a Reddit IAmA today. Lots of goodies here.
machine • November 11, 2015 10:15 PM
“An NSA guy did a Reddit IAmA today. Lots of goodies here.”
Agent Smith? Can you read me? Agent Smith!
ianf • November 12, 2015 3:33 AM
Pursuant to earlier news, this winged comment:
[…] “the government published a draft bill to enable it to track citizens’ internet use. The novelist Robert Harris wondered how these kind of powers would have struck us just 40 years ago: “Theresa May’s proposal (is) quite staggering. Imagine if in the 70s, to fight the IRA, MI5 had demanded to know every shop visited, book read, inquiry made.””
From The Guardian’s Comment is free lament “Privacy is starting to seem like a very 20th-century anomaly” written by one David Shariatmadari – who should know better than to advertise his alternative, yet more oppressive, system to protect women’s privacy by full-body cloaking in burkas.
r3p0rt • November 12, 2015 3:40 AM
Tor Says Feds Paid Carnegie Mellon $1M to Help Unmask Users
http://www.wired.com/2015/11/tor-says-feds-paid-carnegie-mellon-1m-to-help-unmask-users/
“Apparently these researchers were paid by the FBI to attack hidden services users in a broad sweep, and then sift through their data to find people whom they could accuse of crimes,” Dingledine writes. “Such action is a violation of our trust and basic guidelines for ethical research. We strongly support independent research on our software and network, but this attack crosses the crucial line between research and endangering innocent users.”
https://blog.torproject.org/blog/did-fbi-pay-university-attack-tor-users
ianf • November 12, 2015 5:25 AM
“Ex-NSA Bill Binney did a Reddit IAmA. Lots of goodies there!”
Quite. E.g. when asked about “some other whistleblowers that you respect and honor for doing what they did,” (answer: “Jesselyn Radack, Tom Drake, Kirk Wiebe, John Kiriakou, Julian Assange, Chelsea Manning, Jeffrey Stirling, Russ Tice”)
https://www.reddit.com/r/IAmA/comments/3sf8xx/im_bill_binney_former_nsa_tech_director_worked/cwwoqt5
… and the reasons why Edward Snowden was not listed among these his honorees.
https://www.reddit.com/r/IAmA/comments/3sf8xx/im_bill_binney_former_nsa_tech_director_worked/cwx0vsp
[i read the reddit so you only have to geddit]
Markus Ottela • November 12, 2015 11:12 AM
@ Figureitout:
Are you sure the LAN tap enforces unidirectional connection?
Ethernet cable does have separate pair of wires to transmit information to one direction
“Auto MDI-X automatically detects the required cable connection type and configures the connection appropriately, removing the need for crossover cables to interconnect switches or connecting PCs peer-to-peer. — A pseudo-random number generator decides whether or not a network port will attach its transmitter, or its receiver to each of the twisted pairs used to auto-negotiate the link”. Source
Curious • November 12, 2015 12:21 PM
The Intercept has a story about how US prison system apparently have been recording prisoner-lawyer phone conversations, and there is to have been a hack of the Securus system that handles telephone communications.
“The materials — leaked via SecureDrop by an anonymous hacker who believes that Securus is violating the constitutional rights of inmates — comprise over 70 million records of phone calls, placed by prisoners to at least 37 states, in addition to links to downloadable recordings of the calls. The calls span a nearly two-and-a-half year period, beginning in December 2011 and ending in the spring of 2014.”
“This may be the most massive breach of the attorney-client privilege in modern U.S. history, and that’s certainly something to be concerned about,” said David Fathi, director of the ACLU’s National Prison Project. “A lot of prisoner rights are limited because of their conviction and incarceration, but their protection by the attorney-client privilege is not.”
“But the fact that a hacker was able to obtain access to over 70 million prisoner phone call records shows that Securus’ data storage system is far more vulnerable than it purports to be.”
“The database contained prisoners’ first and last names; the phone numbers they called; the date, time, and duration of the calls; the inmates’ Securus account numbers; as well as other information. In addition to metadata, each phone call record includes a “recording URL” where the audio recordings of the calls can be downloaded.”
It seems there are records (unsure if only containing so called meta data) of prisoners talking to prosecutors, and the article points out how such information could reveal cooperation with the prosecution.
It is a little unclear to me, after having read the article, how big of an issue the recording of prisoners and lawyers is.
At the end of the article, there is a rebuttal of sorts from Securus.
Securus is a telecommunications company based in Dallas, Texas.
Where Eagles Fly • November 12, 2015 3:33 PM
@ianf
eagles was claimed to have written:
[…] Re: Gen. Hayden et al. “being personally and collectively shamed and shown to be powerless is a far cry away from anyone losing their jobs.”
Just a note, not sure how the “Gen. Hayden” got into there, my comments were specifically aimed at speculation on how vague brit leaders likely felt. How they likely put considerable pressure on their government, which pressure led to this current, abysmal “snooper charter” draft. Which specifically marks out journalists, and even MPs. Where journalists are substantially stripped of protections for their sources. Amongst other attacks put on them by this draft charter.
That may be a mild point to you, and you did also cc Clive in that response. But, just noting. What I am saying in the above paragraph is quite enough already. I make there and made in my posts on the subject a number of guesses I feel pretty confident on is what happened behind the scenes. Stretching that out to other people and situations would be entirely different.
Especially other nations.
The whys, in brief:
– “in office” political leaders and lawmakers get heavy advisement from subject matter experts and owners on law they work on
– the snooper charter draft gives journalists an unusual amount of “hate” and specific language regarding how they will have an inability to legally hide information about sources in the future
– the language of the draft practically paints a picture in the specifics of what Britain dealt with uniquely to a degree, and specially to a strong degree, with Glenn Greenwald and his work with Snowden
– the Greenwald and Snowden case very likely impacted those hidden leaders heavily, it was a very embarrassing situation for them. Not because they did anything wrong per se, in terms of security — except for trusting the Americans with so many details. But, because there was so little they could do with Greenwald even knowing he had access to many secrets.
– Greenwald received considerable ire already from powerful forces in intl and law enforcement in his government, as we can note from numerous extreme actions they took; which actions also speak loudly of an internal consensus which is significantly contrary to public opinion supporting him
– many of these frustrations they faced were faced years ago, yet clearly they are remembered strongly enough to make significant footprint on this charter draft
There are numerous other indicators suggesting that “behind the scenes” such individuals were made unreasonably and profoundly unhappy over Greenwald. Recently and over the years since the Snowden disclosures.
Tying together that anger with likely frustration is pretty trivial and obvious. Anger is a moving emotion, it often is coupled with frustration at some manner of block. This sort of anger expressed by their actions certainly indicates significant blockage, which is the same thing as frustration.
Frustration is tied into powerlessness.
Finally, how did these shadowy unknown britons lose face here, or why would they care about losing face in this with America and the general public? After all, it was the Americans who lost the data. Probably because if Greenwald was American, in America, while the appearance of safeguards and protections would be kept, the British would know that would be appearance only. The Americans would go right ahead and hack him all up, with or without Presidential approval.
So they lost face with the Americans. With whom they already are going to have a difficult relationship with. Friends, but Britain is more experienced in globe trotting intelligence, and Britain was the leader well before America. Further, Britain even still does many things better in intel and military, so it is all the more an unfair situation wrought with complicated and strong emotion under the surface.
All of this because of the charter.
That is what my observations are based on.
Hayden? I have no opinion about. Not much, anyway, don’t know much about the guy. Alexander was the guy in charge during the Snowden debacle. Alexander, don’t know much about, either. Some of his post NSA actions made the news and certainly paints him as a noxious fellow, profiting off government work quite substantially. And claiming credit for material clearly not his own.
But, have not followed up, and not really much interested anyway.
Somehow I can’t envision any of these non-gents hotfooting it to the Jobs Centre while they still have present jobs, but obviously you could. Also I don’t accept that any honest work could be a source of shame… loss of status vs. your former peers, certainly; loss of face, maybe—but then do remember that they can not lose what they no longer have, which is why they are forced to speak with their asses. Besides, what other form of punishment leading to penitence would you envision… public flogging, of?
[Or, as I stated in another thread, and, because there’s no way to refer to a specific paragraph, repeat here “I am waiting for a Kickstarter campaign to round up all the corporate privacy rapists & have them put in stocks for a fortnight to be spit at in Union Square, SF, and Trafalgar Square, London, NO MERCY!”].
There is certainly a capacity for anyone in authority and power to lose face.
I do not have any emotions like these you are describing here, however. Simply observing the situation. Not entirely detached, I certainly do not like seeing British leaders bringing Britain to such a level. Britain has done extensive, good work against global tyranny. Orwell was British. The British were instrumental in the fight against the Nazis, and did extensive good work against the Soviets and Soviet Bloc. Many areas of their intelligence and law enforcement have been impressive and very strong work done.
Much of the world, the good majority of it, is actually full blown, incontestably totalitarian. So, no, I do not see these individuals as leading the front in global evil. Though it is true they are held and are forced to live by a much higher standard. They know better.
In general, I view such transactions as business. Even though they are justice matters, and there can certainly be substantial emotional pay off when wrongs are righted. That is simply part of the currency of the business.
WTF? Listen, I’m not much of a Hemingway-manqué, but if I see another blowing steam from its nose wild metaphor running in circles, I will blow it out on sight both barrels, and replace with dry no-adjective option..
To accurately continue the mad bull rushing metaphor, I would have to point out that the mad bull is strictly aimed at the crowd. Though this is a draft charter, one could say the bull just wants to get through. It has not yet.
In general, however, I do think there is substantial emotion going around many core sectors today. Emotion very far reason. And very powerful emotion at that.
The pedal is being pushed to the floor with little regard to speed limit, red lights, or human causalities of any kind. That is what strong emotion apart from reasoning does.
Where Eagles Fly • November 12, 2015 7:09 PM
reddit interview with Bill Binney:
To be fair, while Binney did not include Snowden in the list of admired whistleblowers, when asked about Snowden and Manning he stated this in the interview:
Binney:
I think they are both whistleblowers who have tried their best to defend the constitution and inform the public of things they need to know.
..
There are a number of interesting comments from him.
No. the programs I worked on to put in place were based on behaviours and interactions with KNOWN individuals of interest, for criminal activity or terrorism. So you had to be associated with them to be looked at.We had an auditing software that would audit who was doing what with the system. If they started targeting people outside of this, such as political dissenters, it would flag this. They wouldn’t have been able to do “LOVEINT” or things like that.Any targeting of data in the system had to be justified with reasons for adding them and conform with laws such as FISA and other regulations.
He makes numerous comments disparaging bulk surveillance entirely. He even goes so far as to argue to one poster asking about “helping the government” including ways like contracting for them that any sort of such work would be “infiltration”. However, on the other hand, he argued that “most” people at the NSA are against bulk surveillance, but because they are introverts, they do not say anything about it.
The system he talks most about is a system which, as described above, looks at relationships of known targets. And it “anonymizes” individuals, such as what many websites claim to do these days.
Yet, the anonymization process allows for quick inspection, so targets can be identified or looked at more closely.
On the bulk surveillance programs (which he does not include his own, the one just mentioned):
They had duped the public into thinking they need to do bulk surveillance and this has allowed them to almost triple their budgets.
stated as a response to someone asking if they do this bulk surveillance because it is needed to catch the bad guys:
They are doing this purposely to get the money. Their track record is that they continuously fail using bulk collection, and they know it.
on evading NSA surveillance:
Again the problem here is that the NSA resources that are available are too great to overcome.Eg, Google didnt even know that the ‘Muscular’ program existed, which tapped the transfer of data between their data centers. This gave NSA all the data that google had. And thats not the only tap program. https://en.wikipedia.org/wiki/MUSCULAR_(surveillance_program) https://en.wikipedia.org/wiki/Upstream_collection
I dont think much of mass surveillance of everybody. Because it dumps too much data on analysts and makes them dysfunctional, and invades privacy of everyone
Pretty much what everyone is saying in comp sec. The “thinthread” system he talks up sounds like it was the ideal. But, I would guess that they probably want to use a system very much “like that” with any bulk surveillance system — where “like that” means a system which looks at relations foremost for known, valid targets and maps out from there examining relational details. Otherwise, there is nearly no way to map through so much data. Not in the near future anyway.
Problem with even that sort of system is in regards to terrorists and foreign intelligence (the later is a major goal of these systems, but rarely stated… and of course, the two are usually very different, but the worst sort of terrorist is by far state based and trained)… that they know this and assume it. So they keep contact between each other extremely curtailed. The more professional and mature their organization, the more tightly that is controlled.
These systems are prone to false positives, in fact, 99.999999% of relations will be false positive. If they are scary good 100%.
Nick P • November 12, 2015 7:25 PM
@ Where Eagles Fly
I came to the same conclusion as Binney here. Snowden is both a whistleblower and a traitor. He shouldn’t have leaked the foreign stuff. Just like Manning dumping all kinds of records and cables on Wikileaks instead of specific ones showing abuse. These kind of whistleblowing undermine the credibility and honor of the whistleblower in the minds of pro-Defence (esp conservative) voters. It makes our side look like villains instead of activists for the common good.
Binney was actually a good example of doing it right where he just leaked the internal corruption and abuse of civil rights. I hope the next whistleblower follows his lead by just leaking the bad stuff.
Figureitout • November 12, 2015 8:17 PM
Markus Ottela
–No, see any reason why not? I don’t have one, haven’t tested. Some kind of freaky “mutual inductance” or “parasitic capacitance” type crap is one concern but that’s really pushing it.
Auto-switching to transmit or receive was an issue mentioned by this guy: ( http://blog.donovanhubbard.com/2013/09/building-homemade-network-tap.html )
It seems that every time I boot the router or the modem it randomly picks which side is transmitting or receiving. This makes it difficult to use as an IDS because one day my incoming traffic is my outcoming traffic.
So that would be a huge gotcha to watch out for.
I’m still not quite sure how I want to re-setup and monitor my network[s], it’ll be the last thing I do as I re-do my roots of trust. I assume a lot of compromise already (handy toolchains for instance) but won’t let malware ruin computing/electronics for me.
Where Eagles Fly • November 12, 2015 10:42 PM
@Nick P
I came to the same conclusion as Binney here. Snowden is both a whistleblower and a traitor. He shouldn’t have leaked the foreign stuff. Just like Manning dumping all kinds of records and cables on Wikileaks instead of specific ones showing abuse. These kind of whistleblowing undermine the credibility and honor of the whistleblower in the minds of pro-Defence (esp conservative) voters. It makes our side look like villains instead of activists for the common good.
Binney was actually a good example of doing it right where he just leaked the internal corruption and abuse of civil rights. I hope the next whistleblower follows his lead by just leaking the bad stuff.
Heart felt response, so I included it all. I read your post. That was last year, it looks like. I even went one further and looked at why that post was there. It was Schneier’s post on Snowden’s revealing of the Sentry Eagle program. (No relation.)
And I went to the Intercept site and read that article. I even went further and read the entire 12 page briefing.
I think, to make your case, you probably should get a website and outline all of the things Snowden should not have disclosed, and perhaps outline “why” that is damaging to the US.
From my perspective, I am sorry Nick, but all of this information is already well known.
That the US Government attempts to tap global telecommunication cabling covertly? Known.
That the US Government has attacked and compromised Chinese routers? Known.
That the US Government has undercover operatives who inflitrate foreign and even domestic corporations? This, too, is certainly also known.
I mean, on this later part, what do you know about how America does deep cover? Not cops, that is pretty well documented. But deep cover counterintelligence, foreign intelligence?
How many are there? How do they work? Where did they get trained? What was their training? What are the names of the divisions they work in, even? How do they communicate with each other? Are there maybe memoirs of one or more, as there are for FBI special agents, CIA case officers, analysts, top intelligence leaders? Maybe there is declassified material out there, like what happens when their cover is blown? Which of them have had their cover blown that we could know about who they are, where they come from?
You want to know about Russia’s deep cover illegals program? There are books and books based on strong evidence. China, Vietnam, North Korea? And so on. Heck you can probably find fifty to a hundred books on law enforcement deep cover.
This disclosure, to you, may have been stunning. I do not know. I think a Russia or a China would seize it, cynical but very excited, and get finished reading it all and spit and rage, pacing about the floor. No information.
There could be thousands. There could be tens of thousands. But there is no substantial documentation.
Instead, you have Hollywood.
The files have stunning warnings about the untold damage release of the very document would do. It states as “fact” vague statements any intelligence analyst would be a fool to not already take seriously. The article its’ self spins a roulette wheel of possible intelligence partners involved. There is another roulette wheel spinning of possible corporations targeted and infiltrated. But when those wheel stops, there is absolutely nothing there.
I am not saying this means Snowden was really counterintelligence. He did untold damage in terms of reputation. He was and may well be a nightmare to many very powerful people. But, that is all PR and popularity. If the US took important the message that they are not interested in spying, they would not have followed the Snowden disclosures with years worth of demanding backdoors in all American products.
No, instead, the simpler answer is true: Snowden gathered up widely disseminated information. That paper can go on and on about how “five people know of this and four of them had to be killed immediately after hearing of it”. While the paper is presented on a powerpoint demonstration for group after group, across agency after agency.
Either intelligence routinely throws out crap to simply tantalize employees with vagaries, or maybe the powerpoint was used as some kind of anti-spy tool. See which of the attendees tries to grab it, or jumps on the phone when they get home. Who knows. Who cares. It does not matter.
Don’t mistake my statements as some kind of impassioned plea for the “heroism” of Snowden. Sure, I think he is heroic in his gestures. But, he is also human. I think he has an important message. But, I also do not believe in powerful social change possible from some messages. If he did reveal something damaging, I would be hard pressed to judge him more hard then I would those who failed to protect the data in the first place. Or those who failed to protect OPM. And, as I do not work in the US Government, I really don’t take any of those issues too seriously at all.
There are far more pressing problems in the world.
This is all simply a smoke screen. A distraction.
Where Eagles Fly • November 12, 2015 11:14 PM
@Nick P
I was curious, as I do not even remember that story “Sentry Eagle”, or the details surrounding it. Performing a google news search I see about twenty four articles on that disclosure. None made it past November of the year it was released, 2014.
And that was way more potentially damaging then the idea the NSA hacks Chinese routers ( a major legal investigation involved an American hacking Chinese routers long ago). Or that the NSA covertly attempts to tap telecommunications cables globally.
Search terms: “Sentry Eagle” nsa
I did an email archive search and see I wrote emails around the subject. But I can also see I wasn’t really writing about the subject, more around it. I am certain I found it so not newsworthy, I didn’t even read the original Intercept article.
Not to challenge your feelings. But, considering how little media traction such a story made it, I think it is difficult to argue there was anything substantial disclosed there.
I can certainly understand Binney’s feelings. He lived in top secret world and had his baby there. They replaced his good program with a bad program. But, those guys classify pencil sharpeners and pens.
tyr • November 12, 2015 11:50 PM
@Nick P., Where Eagles Fly
I think that the real problems Snowden showed are
that they are snooping on USA, foreigners have a
government that tries to defend from the snooping
and american citizens do not. Our government is
doing it while making us defenseless instead of
protecting US/us. The UK thinks that is so much
of a wonderful idea they can’t wait to betray
their citizens.
It is similar to the joke about 10% of the police
make the rest of them look bad. The misguided nuts
in government have led the rest down a path that
has created disaster if it isn’t curbed. Hoover
with a lot less leverage had far too much control
over politicians, all it takes is one bad apple
like him with more imagination and we’ll be under
a system that Stalin would envy.
Its like a car headed for a cliff edge with the driver
unwilling to change direction because it looked like
a good way to go when they started that way, and we
are the unwilling passengers saying maybe a turn from
this course would work better than going over a cliff.
I’d be a lot less excited if they weren’t busy with
sabre rattling at the russians and chinese. That is really
dumb.
tyr • November 13, 2015 12:11 AM
Just in case you think I am being too unkind to the nuts.
Here’s a prime example.
http://disinfo.com/2015/11/the-crown-prince-of-hell-an-interview-with-jj-brine/
National security advisers speechwriter.
Gerard van Vooren • November 13, 2015 2:38 AM
@ Nick P,
Do you remember the following phrase?
“You’re out of order! You’re out of order! The whole trial is out of order! They’re out of order!” from the movie “… And Justice for All (1979)”?
Sometimes when things are so bad, entirely, the whole truth has to come out, whether parts of that truth are “good” or “bad”, “treason” or “non-treason”. Sure, you can have feelings about it, but it’s “the truth, the whole truth, and nothing but the truth” that counts in the end.
Where Eagles Fly • November 13, 2015 9:49 AM
@tyr
Well, your comment reminded me of this article.
What Do Former Spies Think of Britain’s Snooper Charter?
http://www.vice.com/read/what-do-spooks-think-of-the-snoopers-charter
The Investigatory Powers Bill—a.k.a. the “Snooper’s Charter”—is currently working its way through Parliament, and according to Edward Snowden, the former intelligence analyst who famously blew the whistle on government surveillance programs, it will give Britain “the most intrusive and least accountable surveillance regime in the West.”
I did not want to post it, because I just do not believe their first source ever worked in intelligence at all. She does describe her experience there very vaguely, and there is some mixture of it appearing to be part time. She said it was “counterintelligence”, so who knows, but maybe something in basic surveillance. As a “devil’s advocate” view, it completely sucked.
The other woman, every point she hits on, and she hits on them again and again is the exact same thing you hear from any whistleblower of note, and anyone who has worked even in any kinds of systems like these.
But, maybe that is the only “other side of the coin” message any of these folks can muster. Something like “Skeptical’s” vague, “oh come on geeze, these people are not so bad, they mean well”.
Frankly, I see the actual critics, and my own self, who is largely a critic, argue the devil’s advocate view better then they do. Bruce says about the same thing. Any of these critics can explain the “whys” of total surveillance far better then the “devil’s advocate” folks can.
(I should note, Bruce’s speech video at the surveillance meeting is well worth watching on the topic. And he does argue the pros and cons of the surveillance very well indeed.)
On people’s incompetence:
Searching for that article I quoted above had me come across some other articles. This is practically at random. I read a lot of news, and everyday you run across this crap.
Windows 3.1 Is Still Alive and It Just Killed a French Airport
https://news.vice.com/article/windows-31-is-still-alive-and-it-just-killed-a-french-airport
They have any mass expenditure at that airport for terrorists and drug smugglers? I am sure they do. And they relied on Windows 3.1, in 2015.
Not at all distracted in smoke screens of irrelevant information.
Another good article I ran across looking for the above article, on incompetence in government:
http://www.vice.com/read/the-only-mobster-charged-with-the-goodfellas-heist-was-just-found-not-guilty-1112
So, the Lufthansa Heist. 1978. In the 90s, a decade or so after a guy involved in that heist “turned state evidence”, his story was made into a movie. “Goodfellas”. Great movie. All the little details included about the heist in it. And, 2015, nearly forty years later, the only guy charged with it found not guilty.
Reading the article, I had to ask myself. Who played him in the movie? Took a tiny bit of digging until I found in his wiki that the late mafioso behind the Goodfellas movie stated that this guy they brought up on charges for the heist wasn’t even involved.
Nobody played him. He wasn’t even in it.
At best, to be fair, the main players did go to prison for other charges.
But, multimillion dollar heist. The whole world knows about who did it, and the resulting nasty assassinations afterwards. Big project, involved a lot of people. Globally well viewed movie. Twenty years ago. And one guy charged for it after forty years, and he gets off. Facts look like? He wasn’t even involved.
On your article, about the speechwriter:
Noxious. What a pretentious tart. His pic at wiki shows him as a fake. Some kid without any life experience trying to shortcut “art” with some pretentious crap.
Anyway, not to be unfair on “government”, fact is incompetence is how we are. People don’t run a hundred miles per hour or fly, they don’t grow to be fifty feet tall. Six feet four is even very rare, seven foot extremely rare. Eight feet tall and to ten feet, they have a severe physical disorder.
There really isn’t that huge of a gap between some heroin junkie who smears crap all over himself in a jail cell and some adviser on the NSC.
One of them just worked harder at hiding it. Same species.
Markus Ottela • November 14, 2015 6:28 PM
@ Figureitout:
Actually, what I realized was, both unidirectional ports in LAN Tap only listen to data coming from one or another direction. It’s not going to work for TxM side on TFC. For RxM it’s ok.
So if you’re going to be using ethernet, look into ethernet fiber converters. You’ll have to daisy chain three to four adapters per data diode using fiber. Do not loop them however). Then use UDP-Cast with static ARP tables to transmit data. Heavy FEC is likely needed to prevent transmission errors.
Figureitout • November 14, 2015 7:33 PM
Markus Ottela
–Huh, so I thought it was both ways, splits into 3 separate streams in same direction? No good. Figures such a simple device wouldn’t cleanly capture traffic (I’m most concerned w/ hidden exfil/infil). I also think I want slow internet if I’m going to capture it all (which is best for tap anyway).
Thanks for the tips, I can see that (FEC still confuses me a bit).
Justin • November 14, 2015 7:49 PM
@ jdgalt, machine, ianf
One of the most interesting comments on Bill Binney’s Reddit conversation is the following:
[–]IamBillBinney[S] 1555 points 3 days ago
Most of them did not like the program and opposed it (Stellar Wind). But the vast population of NSA are ISTJ on the Myers Briggs scale, which means they are afraid to stand up and oppose things to avoid conflicts.
https://en.wikipedia.org/wiki/Myers%E2%80%93Briggs_Type_Indicator
That’s a red flag. Too much reliance on Myers-Briggs nonsense is a sign of a dysfunctional employment process. Very common, unfortunately.
All these scientific shortcomings suggest that perhaps there’s no such thing as an underlying psychological type after all. Myers-Briggs starts to look, instead, like a very sophisticated horoscope, where your answers to the questions tautologically imply what type you are.
People take Myers-Briggs WAY too seriously. It’s bad enough that they use four false dichotomies to artificially divide the population into sixteen classes, but when they go on to arbitrarily determine secondary, tertiary, and inferior psychological “functions” of each of the sixteen types, they have completely lost their minds and planted their feet firmly in the realm of pseudoscience.
I just took a test online for shits and giggles and I got ENFP. Totally opposite of NSA. If you carefully read the write-up for this type, you will see that several reservations are expressed about hiring anyone of type ENFP in general. The write-up for ISTJ on the other hand subtly expresses glowing praise for this type from the point of view of a potential employer. Sure there are career options for ENFP and others, but larger companies in greater numbers are looking for a certain type, and that is no doubt the type Binney mentioned.
Also interesting, after taking that test, I see ENFP books advertised on the internet. Beyond creepy. It’s starting to remind me of Divergent, by Veronica Roth, (where society is strictly divided into five factions by personality type.)
ianf • November 15, 2015 8:50 AM
In Internet time an age ago Clive Robinson asked “Re: the intel on the Russian Metrojet 9268 aircraft”:
[… there is rather more to the data haystack issue than just forensics …] Which begs the question why GCHQ or others in the know revealed the information about the supposed “chatter”… what did they hope to gain by releasing the information?
First of all: did you see any dispatches direct from GCHQ/ equiv./ or Whitehall sources that stated there was some “chatter” to take notice of—if only after the fact—in the first place? All I heard on 3 nations’ cable and other news were unattributed inferences that the decision to stop the UK flights to Sinaï etc. was reached on such a basis. So I for one do not know what’s been discovered exactly, and the GCHQ isn’t keen to set the record straight. They may have informed the 10, and the press office cobbled together something on that basis without clear indication as to what “it” might have been: Internet chatter, cell phone intercepts, landline traffic or the Crystal Ball.
[earlier] “I suspect that it would not take much to make many people in Russia think the West withheld the information for political reasons, as relations are currently at quite a low point over the Ukraine and Syria.”
Nothing as dramatic would be needed for whipping up anti-Western dysphoria in Russia, that’s Always Ready To Feel Being Plotted Against By Enemies… it’s what they have to content themselves with in lieu of being a superpower. But I think, that in MJ9286’s case, the authorities are back-pedaling quite a bit (no state representative attended the funerals of victims in St. Petersburg), because of the unfortunate analogy to the shooting down of the MH17 by “freedom fighters” in Eastern Ukraïne. At the same time, evacuated Russian vacationers are/ were offered (not known exactly by whom in Russia) the option of continuing their vacation in Turkey, rather than coming straight home (acc. to RT, and unlike the evacuated Brits from Sinaï.)
“It will be interesting to see what actual forensic evidence comes out as to the physical origins of the explosives, detonation mechanism and container of the bomb. Much as it did with Lockerbie.”
Forensic proof is no consolation to lives wasted, if this time Russian lives only. It’s mostly an investigative artefact after the fact.
Jason Richardson-White • November 20, 2015 6:53 AM
@ianf,
@Justin,
@Sancho_P,
Your skepticism at my assertions is understandable, rational, and correct.
For the interested, see my blog, recently started (hosted at Posthaven.com, moral inheritor of the recently consumed-by-Twitter “Posterous”).
When I say, “reasonably well-articulated”, I mean that I have it relatively well-worked out mentally. I am working on the matter of writing it out for mass consumption.
One particular that I will share sooner rather than later is a proposal to use blockchain technology to create a “people’s currency”. Not just Bitcoin, but an implementation that puts ordinary people and their center at the center of fiscal policyn.
The basic strategy in my “plan” is “starve the beast”. The only way to take power from elites in large organizations far from those nominally being cared for is to stop participating. Source locally at all scales. Only information is encouraged to travel globally quickly. Matter & energy become more expensive the further that they are sourced. Power descends in linear proportion with distance from the enfranchised. The phrase “starve the beast” is most often used of government, but I believe it should be applied to all large “distant” organizations, where by “distant” I mean not easily held accountable due to scale.
As for implementation, I believe that it would take (a very rough estimate) a century or so to make a full and peaceful transition to the social plan proposed. But the effects could be immediate, and even drastic, once a critical mass were reached.
The remarks about medicine were intended to acknowledge that some recent advances in medicine might need to be foregone in the proposed plan, because they are extremely expensive or unrealistic to roll out for a very large human population. I am particularly concerned to argue in opposition to “futurists”, such as Ray Kurtzweil who literally thinks that he will be able to upload his mind to a computer and live forever. But I think that a reasonable expectation of medicine — modern antibiotics and medicines for symptom-relief; many modern surgical procedures; life-sustaining technologies of some varieties — would still be available.
How well the plan succeeds turns, in part, on how well certain enabling technologies turn out. Can we find local sourced materials for additive manufacturing processes? (for example) If so, then we oculd trade plans for nearly any device, then build them locally.
I prefer to field criticisms on my blog, rather than cluttering up Bruce’s blog, but I will field them wherever I am permitted.
More elsewhere and -when.
-JasonRW
Jason Richardson-White • November 20, 2015 6:54 AM
ERRATUM: “ordinary people and their concerns at the center of fiscal policy” in the above post.
ianf • December 10, 2015 12:14 PM
@ Jason Richardson-White, I’ve finally read (well… skimmed) your world-remaking NewAge-y diatribe.
Long story short: TL;DR. If you want to awaken interest for some ideal of yours, learn to be brief, do not put off readers by your meandering yet anally hierarchical reasoning. Put up an abstract first (“A concept of how to change human nature in the span of 100 years“), then you can gradually expand it until the reader falls asleep.
A caveat: I know of no large-time-scale human project of the past 2000+ years that succeeded. In the last 250 years, since the beginning of the Industrial age, anything over the length of a 10-15-year plan risks petering out due to changed circumstances. The 1000-year Dritten Reich with some industrial and pathologically ideological muscle behind it lasted 12 years. Soviet communism 71 years, most of it due to pure inertia. Even the most self-contained Eastern dynasties of past epoques kept changing course every 60-80 years or so (possibly due to the “Young Turk” syndrome, grown up rulers’ grandchildren generation needing to appear diametrically different from past elites). What you (seemingly) talk about is a kind of accelerated mental terraforming, for which our slowly evolved genus is badly equipped.
That’s it. Better find other things to occupy your mind, devise choreography for fighting windmills of La Mancha with StarWars light sabers or something.
PS. Ray Kurzweil is a genius but also a kook. You have been warned.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Squid Blogger • November 6, 2015 4:48 PM
A very concerning development in the United Kingdom:
The draft Investigatory Powers Bill forbids anyone involved in interception from ever disclosing that fact, including during court proceedings (section 42). As Danezis writes: “Note that this section is absolute: it does not have exceptions, for example in relation to the public interest: such as the ability to discuss the benefit or downsides of part interception activities; no exception for talking about this to MPs, or other democratic representatives; or even to exculpate anyone who otherwise would be wrongfully found guilty.” Source
A free anti-spy tool for Windows 10 has been created by the German company O&O. It doesn’t need to be installed and can be used to selectively disable the multiple metrics hidden within the OS. ShutUp10
Great CATO links Bruce; anybody who hasn’t seen it yet.