Friday Squid Blogging: More Materials Science from Squid Skin

Article: "How a Squid's Color-Changing Skin Inspired a New Material That Can Trap or Release Heat."

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on May 24, 2019 at 4:11 PM • 74 Comments

Comments

vas pupMay 24, 2019 4:45 PM

Mona Lisa 'brought to life' with deepfake AI:
https://www.bbc.com/news/technology-48395521

"The subject of Leonardo da Vinci's famous Mona Lisa painting has been brought to life by AI researchers.

The video, achieved from a single photo, shows the model in the portrait moving her head, eyes and mouth.

The latest iteration of so-called deepfake technology came out of Samsung's AI research laboratory in Moscow.

Some are concerned that the rise of convincing deepfake technology has huge potential for misuse.

Samsung's algorithms were trained on a public database of 7,000 images of celebrities gathered from YouTube."

vas pupMay 24, 2019 4:51 PM

Amazon heads off facial recognition rebellion
https://www.bbc.com/news/technology-48339142
"Rekognition is an online tool that works with both video and still images and allows users to match faces to pre-scanned subjects in a database containing up to 20 million people provided by the client.

In doing so, it gives a confidence score as to whether the ID is accurate.

In addition, it can be used to:
◾detect "unsafe content" such as whether there is nudity or "revealing clothes" on display
◾suggest whether a subject is male or female
◾deduce a person's mood
◾spot text in images and transcribe it for analysis"

Sherman JayMay 24, 2019 9:15 PM

From my post last night just in case you missed it:
albert • May 24, 2019 12:05 PM

@Sherman Jay,
I read somewhere that you can change you MAC address in Terminal.
ht tp://www.aboutlinux.info/2005/09/how-to-change-mac-address-of-your.html

Let us know how you fare...
. .. . .. --- ....
--------------------------------
Sherman Jay • May 24, 2019 1:28 PM

@albert,
Thanks for that link albert, I'll check it out.
I just finished reading: https://www.howtogeek.com/192173/HOW-AND-WHY-TO-CHANGE-YOUR-MAC-ADDRESS-ON-WINDOWS-LINUX-AND-MAC/
They also mentioned the command line MAC address change for Linux.
"in my spare time" I will go to that 'semi-public' wifi spot and try connecting, disconnecting changing the MAC address and then connecting again to see if that clears their identification of my computer.

Also,
@ Clive Robinson,
I feel only anger and disgust for Amazin and G00gley. They are huge corporate thugs. I do whatever I can to avoid aiding them in any way. Can't avoid all the G00gley tracking fonts, ads and other crap on many commercial sites, but I use duckduckgo for searchint. And, we will NEVER buy anything from Amazin I intentionally buy tech/computer products from smaller more honest companies (local whenever possible).
---------------------------
And for today 20190525:
Techdirt has come important security related articles:
https://www.techdirt.com/

Legal Issues
from the no,-this-is-not-a-good-reason-to-support-it dept
>>> Fri, May 24th 2019 10:44am — Mike Masnick
Under DOJ's Own Theory For Prosecuting Julian Assange, Donald Trump Probably Violated The Espionage Act

Legal Issues
from the whoa dept
>>> Thu, May 23rd 2019 3:02pm — Mike Masnick
New Assange Indictment Makes Insane, Unprecedented Use Of Espionage Act On Things Journalists Do All The Time

from the transparency-in-censorship dept
>>>Thu, May 23rd 2019 10:44am — Mike Masnick
Techdirt Sues ICE After It Insists It Has No Records Of The 1 Million Domains It Claims To Have Seized

Failures
from the ill-communication dept
Thu, May 23rd 2019 6:43am — Karl Bode
https://www.techdirt.com/blog/?start=10
Ajit Pai May Have Lied To Congress (AGAIN) About FCC's Failure To Address Wireless Location Data Scandals

name.withheld.for.obvious.reasonsMay 25, 2019 1:34 AM

The United States Justice Department, in its blind pursuit of revenge, has in fact opened itself up to the flavor, nature, and act of treason against the United States. Let me explain; the Espionage Act under which Assange has been charged was passed as a response to treasonous acts during World War I. If the state is improperly applying law that prevents treason, must in fact be an act of treason.

This case also fails to overrule "Principal Law" of the U.S. Constitution, specifically with respect to the First Amendment, and I quote; "Congress shall make no law respecting religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press."

I would argue that Assange did, under speech, as a Journalist, exercised his discretion in publishing the illegality presented by facts. When murder, truth, and the execution of power all based on illegal acts can be tolerated, we are all war criminals. It is an indictment of this society. The United States and its citizenry has fallen into a crypto-facist malaise. Leaving to government the ultimate power without question, is certain to entertain the state at some point in the court of jokes and all of us in the future.

It is amazing to me that the U.S. press has been absent whilst the DoJ and their own government has specifically taken aim at them. There is a cost to ignorance, there is a cost to wishful thinking, there is a cost for arrogance. There is a cost to assume that no ill shall be taken, or given.

The intelligentsia is so late to this party that personally I have decided that there is no reason to observe the U.S. holiday designated as "Memorial Day". The holiday is meant to bring a reflective view of those that have served their country and paid THE price. Now the question is--to what end?

Sorry for the spectacle Benjamin Franklin, I guess we can read earlier editions of the Framers' Almanac whilst flying a kite at the Fire Department. Hope you had fun in France. Say hello to Jefferson for me, will you? Dedicated in fond remembrance of the fateful experiment in a democratic republic. Rest in peace my friend.

WeatherMay 25, 2019 2:54 AM

Etap,Bruce hank
@mod
Http proxy iis error code windows client, is spam.

AlejandroMay 25, 2019 4:33 AM

@name.withheld.for.obvious.reasons


I consider Assange unworthy of hero status for several reasons. But, still, and as expected, now that he is in the wild again it certainly does seem like a TON of charges are piling up.

My thought is only the very most rich persons in the world could mount a viable self-funded defense of them. Basically, Assange is facing a legal opponent with literal unlimited time, money, personnel and other resources working towards fixing it so he never gets out of prison, ever. Ouch!

With that said, Ed Snowden, a true hero in my estimation, must be taking note of Assange's treatment. I am quite sure there is an even larger stack of charges awaiting him if he should ever become available.


JonMay 25, 2019 6:31 AM

Julian Assange may or may not be a cretin - I don't know, I don't know him, I have never met him.

But I think one thing he did, publishing Chelsea Manning's evidence that the US government was lying, counts as heroic. I cannot believe he didn't know he was poking a very large bear, and that the consequences would come back upon him in a big way.

Other things? I don't know. He may not be a hero. But that was heroic.

Edward Snowden did a similarly heroic thing. Again, other things, I don't know, but he too poked a very large bear (and made better choices about where to run to).

One establishment that does not come off as a hero here is the U.S. government.

J.

Sed Contra May 25, 2019 8:33 AM

@etep, @Weather, et al

The Eric S. Raymond linked site, and also catb.org, don’t seem to allow https.

Minor rant a propos E. Raymond: I never saw why “cathedral” is an appropriate metaphor. The cathedral was in its essence the most open, popular, historically stable institution, and a repository of perennial true order. Also why bazaar, as they are “hives of scum and villainy” living off proprietary profit gouging methods. The Justinian souk would be better, where the point was to concentrate all manufacturers of a given type in one place so that the hapless customer could at least have an option to compare.

JG4May 25, 2019 9:34 AM


@the usual suspects, particularly vas pup, Faustus and Clive.

This is a stunning piece of writing, photography and photo-essay. Scott is a gifted thinker and gifted writer. Approaching peak irony, mind the event horizon. We are close to exiting the neuroarsenical stage of neuropharmacology.

The APA Meeting: A Photo-Essay
https://slatestarcodex.com/2019/05/22/the-apa-meeting-a-photo-essay/
Posted on May 22, 2019 by Scott Alexander
...
Seems kind of weird. Maybe I’ll just take the escalator…
...
The fifth thing you notice at the American Psychiatric Association meeting is that the CIA has set up a booth.

I was pretty curious about what the CIA wanted from psychiatrists (did they lose the original MKULTRA data? do they need to gather more?), but I was too shy to ask their representative directly. I did take one of their flyers, but it turned out to just be about how woke they were:
...
I dunno, if I were working in an area where the research supporting a treatment has a tendency to collapse suddenly and spectacularly, I might want to avoid building an association in people’s minds between my medication and a house of cards. But the ways of Vraylar® are inscrutable to mortal men.
...

Dr. Richard H. ThorndykeMay 25, 2019 10:27 AM

@JG4

This was all anticipated in my presentation “High Anxiety” delivered to the Association meeting in 1977.

PatriotMay 25, 2019 11:01 AM

China has recently blocked access to Wikipedia.

This is not a security issue from the Western viewpoint, per se, but it is still important.

The mood has darkened in this part of the world, especially in South Korea. Thailand has a pall thrown over it. China, after so many years of rapid development, now has question marks. This is all negative for security and prosperity in East Asia and Southeast Asia.

Just about anyone who has worked in IT in China will tell you it's vibrant, a lot is going on. Westerners tend to be treated very well. The work ethic is demanding. The place is booming.

I don't want to see China closing off. The trade conflicts with the U.S., generated by the U.S., look like a lose-lose situation, and worsening relations could take a downward plunge--not something the world wants to see.

FaustusMay 25, 2019 12:09 PM

@ name withheld

"If the state is improperly applying law that prevents treason, must in fact be an act of treason."

Treason, treason, treason, eh?

Your argument seems to be:

"If a state is improperly applying a law about X, then the state is guilty of X."

Call it the "I'm rubber, you're glue" Principle.

Let's try it out:

If a state is improperly apply a law about drunk driving, is that in fact a case of drunk driving?

No, it isn't.

Although your principle has an attractive symmetry it really equates two very different things.

vas pupMay 25, 2019 2:22 PM

@JG4 • May 25, 2019 9:34 AM
Thank you for the link!
I guess it should be FBI both as well addressing mass shootings, serial killer/rapist/terrorist profiling utilizing psychiatric tools for prediction. Moreover, suicide level is high within ranks of LEAs (social isolation: cop is always cop, so his/her friends could only other cops due to general distrust, etc. mental problems of undercover agents - split personality, etc.)

CIA tasks (in that field) is to maintain psychiatric health of their staff, fields agents in particular, i.e. “Beware that, when fighting monsters, you yourself do not become a monster... for when you gaze long into the abyss. The abyss gazes also into you.”

― Friedrich W. Nietzsche

Same applied to shrinks as well forensic in particular.

They probably want finally to bring psychiatry closer as possible to science in the cases of evaluation/diagnostics, i.e. close mapping mental disorders with patterns in the brain structures utilizing AI. E.g. by analyzing fMRI of folks with English as first language and folks whose first language is other (except folks fro Singapore) but pretend to have English as first language, areas in the brain responding by English language stimulus are different. I guess same research could be done on original name and legend name of spy. See, 007 almost always used his own name James Bond :). You can't find out original name of language, but it should red flag. I hope they are not using Dr. Cameron of 21 century - see quote above.

IncomingMay 25, 2019 3:14 PM

Another nice implied cultural reference to what we may or may not be on about: https://vimeo.com/25177157 ("Blind Side" by Hybrid)
Please set to 240p to reduce strain on your servers; it's just fine at that.

Just a pseudorandom refreshment about using tools to misdirect pattern recognition tools that are hyperfocused on (y)our text/typing. This is pretty much not yet very effective; however, it takes practice to accomplish anything. Everyone (everyone!) starts from zero. It took a very long time just to make these. Yet, if wasting a chosen select bit of my own time helps to discourage others from wasting my time and resources and yours, then it was worth it.

Perhaps someone else will be reminded of better techniques.

https://i.postimg.cc/YqW1QSjZ/MatriNoX.gif
https://i.postimg.cc/vZK3bKgw/NoX.gif

Don't worry, the files are still relatively small.

AndersMay 25, 2019 3:30 PM

@JG4

Thanks, it was wonderful reading!
This proves again that the most sane people are inside the nuthouse.

Incoming *brace for "impact" font*May 25, 2019 10:05 PM

Thanks for the first several comments this round. I read most of the comments, thus far for this week's entry. Often I just speedread and skim.

Some rather important security things bubbling up to keep tabs upon:

0) START ARCHIVING EVERYTHING USEFUL Amnesia is the Biggest Threat to Freedom

if you ever had to recover from a traumatic brain injury and/or a stroke, you might already comprehend this. yet this is a possibility coming to a theatre, oops, town near you!

incapacitation is not imaginary... consider if somebody purges all your transhumanist or cybernetic kinds of covert/unspoken "cyber" tools or merely misdirects them or fills them with bogus data...

1) CONVERGING COLLIDING "deep learning" & "neural net" type of stuff is already converging with DNA computing, wearable technology, surgically implanted wearable technology, the g-d-dmnd IoT, so-called "cloud computing", CRISPR (the abomination) results, materials sciences (think non-metallic, non germanium, non silicon electronics and circuits; bendable or plastic or transparent LEDs/chips/cloth wires, etcetera), invasive surveillance, evasive radar techniques, DARPA website promos about implanted brain chips and neurological interfaces

2) US White House Continuing Infiltration, Continued Undermining of US Institutions & Traditions by insiders, Displacement of US Diplomats, Attempts to Buy & Steal the American People's Preferences

3) Total lack of US Congressional/Legislative/Judicial Enforcement of Violators of US Laws (Civic, Municipal, County, State, Regional, Intra-State, Federal, Internation Treaty-Derived, + Implied Military Agreements/Pacts/Necessities/Customs/Zones).

4) Now the Trumpsters are picking on the CIA?????!!!!??!

5) International hate groups have been recently documented trying to expose the anti-hate group counter-terrorism groups and covert individuals. I could joke about the Trump admin implicating themselves if you read between the lines of 4+5.

If no one is going to do anything about the vast incursions, they will only get worse until all hell breaks loose.

oops, gotta go.
my laptop is getting rained upon and I'm outside for the moment.
keep your heads up. peace is a real choice worth re-upping.

Be Creative, It Always Pays Off

ALMay 25, 2019 11:10 PM

@Faustus
"If a state is improperly applying a law about X, then the state is guilty of X."

Let's just stick to treason. Treason is separate from espionage, because it requires a state of war to exist. So, it has nothing to do with the rest of Name Withheld's post.

That said, if officials of the state are incorrectly apply a law regarding treason, it could be considered conspiracy to commit the offense if the reason was to further more treason.

Certainly, the charges of espionage against Assange could hardly be construed as an attempt to encourage more espionage. So, the logic fails on that ground. The government is not guilty of espionage unless the prosecution of Assange it done in order to cause more espionage.

As far as Assange is concerned, I think the stuff he published is covered by the 1st amendment. If he operated a secure drop where people could leave disclosures, that's covered. But, if he engaged in a conspiracy to steal the information, and the conspiracy had an overt act committed by one of the conspirators, he has a problem. So, to the extent he corresponded to Manning and aided and abetted the theft of the documents that were leaked, he could very well have committed the offense of espionage. It all depends on the level of support. If his role was simply to tell Manning if you have some good stuff, I'll publish it, then it is OK. But the original charge alleges that he aided an abetted the cracking of a password. I don't believe the attempt has to be successful to deem Assange a conspirator.

His best chance is the U.K. deeming the U.S. prosecution a political trial, and declining the extradition request.

NavyierMay 25, 2019 11:39 PM

Remember when AV scanning software would amp up the fear/panic over browser cookies by flashing red and saying "malicious files"?

Meet attorney Timothy Parlatore and reporter Carl Prine, who think that hosting your logo (literally the images that goes out with every E-mail you send - a prime candidate for eliminating from your outgoing bandwidth by referencing a commercial server) instead of attaching it in the message is "a Trojan horse they put on the system".

Fear-mongering is abundant. What other malware was placed on their system? Is there a wiretap in their phone? Parlatore, who has only been aware of these "tracking devices" for a few months, already knows that a stalker learned their victim's whereabouts when such a device "gathered up the location and other information from the victim's phone". A defense motion identifies this tracking device as "a 'Splunk' tool" (splunk.com?) "which can allow the originator full access to his computer, and all the files on the computer". Gabe Rottman (rcfp.org) claims that the tracking software in this E-mail could surreptiously track who else the reporter is talking to, including "other sources in totally unrelated cases to government scrutiny" and asserts that the Justice Department "would likely have to get a court order or use a subpoena even to get the metadata under the Electronic Communications Privacy Act".

Sri Sridharan (usf.edu), Florida Center for Cybersecurity, says it "seems to be breaking new ground that cries out for legislative action", invoking Congress.

I'm all for privacy, but this behavior is making cybersecurity look bad. We don't need to spread misinformation to justify privacy laws. Doing so seems more like a set-up to make privacy look bad. Technically every website is a tracking device, because it learns your IP address with every action you take on it - it must, that's how TCP/IP works.

If the architecture of the internet is, as Rottman wants it, a 4th Amendment violation, then why not just admit your end-game and declare the entire Internet unconstitutional?

ThothMay 26, 2019 12:19 AM

@Clive Robinson

The Robinson Broadcast Method modified using Blockchain ledger. Essentially, to realize broadcast of encrypted messages, it is posted onto a public blockchain ledger where anybody could have been the poster and anybody could have been the recipient assuming the key is not reused again. Due to portability of blockchain transaction output messages (txout) that are sent to miners to mine and then added to the ledger, you could technically encrypt in air/energy gap and walk the ciphertext to whoever you want to use as a broadcast client to broadcast to miners to mine and add to blockchain.

This is getting closer and it seems quite practical.

Link: https://eprint.iacr.org/2019/556

Wesley ParishMay 26, 2019 1:50 AM

@Navyier, @usual suspects

A couple of interesting articles on the US Navy and the US Air Force
Why the Air Force is investigating a cyber attack from the Navy
https://www.militarytimes.com/news/your-air-force/2019/05/21/why-the-air-force-is-investigating-a-cyber-attack-from-the-navy/

“In fact, I’ve learned that the Air Force is treating this malware as a cyber-intrusion on their network and have seized the Air Force Individual Military Counsel’s computer and phone for review,” he wrote.

and

Top Navy official calls out government lawyers for spying on legal team of Navy SEAL accused of war crimes
https://www.businessinsider.com/navy-official-blast-government-lawyers-for-spying-on-navy-seal-lawyers-2019-5/?r=AU&IR=T

Wilson wrote in the letter that he was first notified on May 10 that the lead prosecutor in both cases had "inserted or caused to be inserted certain tracking software" into emails with the defense team, who opened the messages on both private, commercial, and military email networks.

Now who was it that declared that the United States would treat all cyber-intrusions as war, and would leave the option of a kinetic response open?

Happy happy joy joy! who needs a Civil War reenactment when you can fight a real Civil War between the USAF and the USN ....

VelvetMay 26, 2019 6:52 AM

Italian Insurance
The opponents 2016 plan[1] was for Italian Intelligence to hack into the Italian servers, plant classified emails from Hillary’s servers inside these servers on American soil, and then alert the FBI.
The FBI would then raid these locations, “discover” these e-mails, investigate, link these servers to their political opponent and force him to resign...
Nuclear engineer and mathematician Occhionero’s twitter account has numerous tweets related to this subject, including Mueller awarding one of Italy’s top spies the FBI Medal of Honor.
The Italian spy network had a close relationship with Joseph Mifsud who lives in Rome and London yet a recent American report mislabeled him as a Russian.

High-flying Brother and Sister Don’t look like your Typical Cyber-criminals
https://www.politico.eu/article/giulio-occhionero-francesca-maria-occhionero-mysterious-sibling-duo-accused-of-hacking-the-italian-elite-matteo-renzi-mario-monti/

The NYT only provides spotty, selective damage-control reporting.
As for myself I’m waiting for the hugely popular Netflix series to accurately document this intriguing international spy plot.

[1] "If the press reports were confirmed, we would be faced with an episode which would humiliate the structure of our Intelligence and the people involved and which would create a very serious precedent, establishing an extremely dangerous and unacceptable practice in a democratic country", concludes former Italian Defense Minister Pinotti.” https://www.repubblica.it/politica/2019/05/15/news/servizi_segreti_interrogazione_zanda_a_conte_governo_revochi_richiesta_dimissioni_-226361041/?ref=search&refresh_ce

Clive RobinsonMay 26, 2019 1:34 PM

@ Petre Peter,

Thieves blow up atm in Romania

The article is light on details.

They may well not be using "explosives" like dynamite or other mining/demolition or other commercial explosives because they contain the equivalent of batch numbers that remain in the resedue and are fully tracable.

In other parts of the world cheap untracable gas canisters have been used as a "poor man's Fuel Air Explosive".

There is also the issue of "ink capsules" and similar anti-tamper systems that render the money inside unusable and like comercial explosives very tracable.

So lots of security questions but no answers yet ;-)

Clive RobinsonMay 26, 2019 1:48 PM

@ Thoth,

The Robinson Broadcast Method modified using Blockchain ledger.

I'm having a read through the paper, they get quite a few non-technical things quite wrong suggesting their research is not what it could be. Therefor I'm treating the paper with rather more of a sharp eye than I would normally, and mulling it over.

To be honest I'm not sure the "blockchain" usage realy adds anything, but experience tells us it could very easily slow things down to the point they are bot workable beyond a very small scale.

But yes they do seem to have done a "Marconi" which is filtch lots of other peoples ideas, stick them in a box and say "this is all mine and I have the paper to prove it".

As you know this is far from the first time when discussions from this blog have been "claimed" falsely as "original work" by others, some being semi-respectable academics trying to go into business. In most cases they give themselves away by not getting some of the technical details right or not understanding how to get things to work not just correctly but efficiently.

I'll comment more when I've had the chance to "sleep on it" a bit.

Alyer Babtu May 26, 2019 2:34 PM

@Thoth @Clive Robinson

Is there any work being done on practical scalable schemes of “hiding in plain sight”, i.e. no encryption in the usual sense, or perhaps, better, encryption with special output format, where the text as transmitted has a reasonable “normal” meaning to the outsider, but a hidden meaning for the intended recipient ?

The PullMay 26, 2019 3:48 PM

@whomever

I mentioned, in one thread, the possibility of detection of a phone bug by noting the power level of a phone, then leaving it off, say, overnight. If the power level has sufficiently drained, I think that is a good indicator your phone is compromised. Any takers on seeing a problem w that?

(Remember when it was easy to just drop your battery out of your phone...)

Premise there is that someone who goes through the trouble to get on your phone in the first place very well may want to use the capability to run when your phone is off. Especially as turning your phone off might be the very method some use to ensure some privacy.

(Though having a small rf cage seems like it would be the safest assurance of temporary security.)

@Alyer Babtu

"Is there any work being done on practical scalable schemes of “hiding in plain sight”, i.e. no encryption in the usual sense, or perhaps, better, encryption with special output format, where the text as transmitted has a reasonable “normal” meaning to the outsider, but a hidden meaning for the intended recipient ?"

I created a steganography app designed to do that with image files, using a browser plugin. Encryption usually is also used for such systems. Just about any form of data used online [or off] can be used in a steganographical format. Just about any form of signal. Today, with AR (Augmented Reality), you can leave messages which can be secret in plain sight.

There are also a wide variety of code talking methods, and if you are engaged with a group where they are distant, and change their usernames or other manner of disguise... previously known, private information, only the two of you would know can be used to authenticate personas.

Contents of a photograph, or other online graphical representation, can be used to transmit a message, if the concern is natural language processing systems. Though, this sort of method is starting to be out done by systems that can read text in photos.

This though sort of system its' self can be outdone, by pre-known private secrets, or by indirect communication. Such as someone temporarily changing their picture to wearing a certain tshirt, which tshirt might impart some communication to the viewer only they would be able to catch.

That is 'a picture says a thousand words', is a true saying.

Thinking on the above, you don't even need AR for some nifty message passing in a busy city, or wherever, but simply tinted glasses of various kinds. Such as the 'following powder' the KGB used to use on someone, so their target would stand out in a crowd.

When high tech is very much in usage, sometimes low tech can really meet the bill.

:P :-)


The PullMay 26, 2019 3:58 PM

Stolen NSA tool is used in the Baltimore ransomware attack

https://www.cnet.com/news/stolen-nsa-hacking-tool-now-victimizing-us-cities-report-says/?utm_source=reddit.com#ftag=CAD0610abe0f

What a nightmare. Russia has a history of using ransomware attacks on Ukraine, and Baltimore is NSA's own backyard. Looks like they are probably doing this to psych out and expend unnecessary resources. Which is what chess players do.

It is odd that Russia relies so much on psychological games. But, they do.

Baltimore has been frontpage news for a few days now, because of this attack.

Symphony for the DevilMay 26, 2019 4:42 PM

@The Pull

Your link, AFAIK, without tracking
https://www.cnet.com/news/stolen-nsa-hacking-tool-now-victimizing-us-cities-report-says/

"frontpage news"
https://www.nytimes.com/2019/05/25/us/nsa-hacking-tool-baltimore.html

"Since 2017, when the N.S.A. lost control of the tool [via China or Shadow Brokers?], EternalBlue, it has been picked up by state hackers in North Korea, Russia and, more recently, China, to cut a path of destruction around the world, leaving billions of dollars in damage. But over the past year, the cyberweapon has boomeranged back and is now showing up in the N.S.A.’s own backyard.

[...]

Thomas Rid, a cybersecurity expert at Johns Hopkins University, called the Shadow Brokers episode “the most destructive and costly N.S.A. breach in history,” more damaging than the better-known leak in 2013 from Edward Snowden, the former N.S.A. contractor.

[...]

The Baltimore attack, on May 7, was a classic ransomware assault. City workers’ screens suddenly locked, and a message in flawed English demanded about $100,000 in Bitcoin to free their files: “We’ve watching you for days,” said the message, obtained by The Baltimore Sun. “We won’t talk more, all we know is MONEY! Hurry up!”

Today, Baltimore remains handicapped as city officials refuse to pay, though workarounds have restored some services. Without EternalBlue, the damage would not have been so vast, experts said. The tool exploits a vulnerability in unpatched software that allows hackers to spread their malware faster and farther than they otherwise could."

Clive RobinsonMay 26, 2019 5:04 PM

@Alyer Babtu, Thoth, The Pull,

Is there any work being done on practical scalable schemes of “hiding in plain sight”

Yes there are various anonymity schemes for people to send and receive messages from locations that are not disclosed.

Essentially they are "networks ontop of networks" a very low grade example is Tor.

I've described other methods which appear to have ended up in the paper @Thoth linked to.

With regards,

i.e. no encryption in the usual sense, or perhaps, better, encryption with special output format, where the text as transmitted has a reasonable “normal” meaning to the outsider, but a hidden meaning for the intended recipient ?

I've described such a scheme before built around "One Time Codes". They can also be made to work over and over as long as you use a secure enough cipher in an appropriate mode.

The basic principle is as follows, you have certain fairly innocent and normaly used sentances, such as,

    We should meet up for a drink, how about next tuesday?

You can use a number of different intros to replace "We should meet up" such as "How about we meet up" or "It's been a while since we met up". In effect you can use this either as an indicator or as a variable null to stop the sentence becoming "stylised" thus stand out with repeated use, or you could use it to do both.

You then produce a list of commestables to exchange with "drink" a list that has sixteen entries alows four bits to be communicated.

You can also use the "next tuseday" date etc in various ways, either to send a genuine time or a time offset or just to send another series of bits.

Several such sentances can be created with their own "dictionary-number" to send small amounts of data.

That sentance alone can send around 10bits which gives a thousand or more meanings that can be used to address a "code book" of words or sentances.

So far so good provided you only use the sentence once, it's as provably secure as a One Time Pad is, for exactly the same reasons.

Codes as opposed to ciphers are broken by looking for repeats that correlate to some event/action because they have a fixed relationship.

However it's fairly easy to make the repeated use of the code as secure as a One Time Code. You simply "super-encrypt" the code number with a One Time Pad before converting it to a word in the code dictionary.

Whilst "One Time Pads/codes" have significant logistical problems not just in generation (KeyGen) but distribution you can significantly reduce the problem by using a Crypto-Secure stream generator or even block cipher with say "counter mode whitening".

You do still have the problem of generating and maintaining the code books but this is a much lesser problem.

The other problem is,

    Three can keep a secret if two are dead.

When you make codebooks you have to regard them as being only for communications between two entities. Because when a third party becomes aware codes are being used, they can betray them. Even though an adversary does not know the meaning as they don't have the super-encipherment, they do know the difference between messages carrying code and those that do not, thus traffic analysis comes into play.

I hope that answers your question.

The PullMay 26, 2019 5:31 PM

@Clive Robinson

"Three can keep a secret if two are dead."

One of my favorite lines in this subject matter [Ben Franklin]. :-) Quoting that to me, could mean you know my Real Identity. (Unlike most cDc/Hacktivismo folks, I never took my mask off.)

Probably not meant that way, but exactly how messages can be sent wo saying anything online. :-)


@Symphony for the Devil

Ah, right, good catch. Just grabbed it from my reddit frontpage feed.

Good name.

Nobody Speak - DJ Shadow
https://www.youtube.com/watch?v=B_qgZfMwK9E

Big Empty - Stone Temple Pilots
https://www.youtube.com/watch?v=0YoMUcvKcBQ

Clive RobinsonMay 26, 2019 6:08 PM

@ The Pull,

I think that is a good indicator your phone is compromised. Any takers on seeing a problem w that?

Yes, how do you know the state of the battery?

It's unlikely you can get a voltmeter into the phone as quite a few now are so slim they are actually glued together. So you are left with the battery indicator on a phone with malware on it... Thus a half bright malware writer will get the screen display to lie to you...

Which means you would have to do an extended test against time till the phone went from fully charged to turning it's self off due to a genuine discharged battery detection (it's unwise to over discharge modern LiPo etc bateries because the rapidly become damaged beyond recovery).

There is however another way to catch the phone "in use" which is a "Broadband Diode envelope detector" it acts like an old "crystal set" or "bug hunter" in that it rectifies the RF signal and it can then be amplified by an audio amplifier to either listen to or to be sent to a computer that you can write fairly simple software to analyze the actual signal type.

Without going into to many or in depth details, a modern state level agent would use software that "compressed, stored and forwarded" so a little like the old spy LPI "burst radios". Only today as only voice is being looked for fairly good filtering and breath/pause elimination and similar can be used before using a low bit rate compander algorithm (have a look at how low bitrate the OpenSource "OGG" compander will go). The data can also be further compressed before the phone does an E.T. to "phone home" to the mother ship or more likely send data packets to the Internet.

Unfortunatly GSM phones have to "re-register" with the network every so often if they are not communicating for other reasons...

Thus a State Level agent worth their salt would analyse the "re-register" pattern and try and simulate it's cadence by sending packets via the Internet in the same or marginaly faster cafence to stop the phone "re-registering" whilst also sending the data.

That way an inexperienced listener might think they are only hearing the phone re-registering. However if the detector is connected to a computer with appropriate software it can easily tell the difference in a low bandwidth re-register and a high-bandwidth data transfer even though the transmission time is about the same.

There is however another trick you can do with your computer. Turn it into an audio jammer.

A friend does this they simply play music at a highish level into "studio speakers" with the cloth front removed. The mid range speaker is resessed in a "audio waveguide" and he simply puts the phone in there with the low frequency from the Woofer traveling through the case suround, and the high frequency from the Tweeter reflected back by the light screen on an adjustable angle poise lamp.

If you go back to the end of the glory days of Digital Rights Managment (DRM) watermarking, what killed it was a piece of software from Cambridge Universities Computer lab. What it did was marginally distort an image in two directions as well as chroma/brilliance. The result was that a human would not notice but the DRM detector would "fritz out".

You can apply a similar technique to music files where you can stretch them in time but not pitch, andjust the phase relasionship to radically alter the audio envelope and apply the equivallent of a "parametric equalizer" to make other distortions to spectral content and amplitude. Most of which humans will ignore as they happily sing along in their heads. However what goes across the phone can not be synced up to any known audio recording so can not be "automagically" nulled out to get the quiet conversation on the other side of the room, especially if the phone mic is driven into nonlinear compression modes.

I hope that adds to your "OpSec" file ;-)

ThothMay 26, 2019 8:39 PM

@Clive Robinson

"To be honest I'm not sure the "blockchain" usage realy adds anything, but experience tells us it could very easily slow things down to the point they are bot workable beyond a very small scale."

Indeed blockchains get very messy when they grow big. Especially when it is used in a messaging context where somebody and anybody could send large amounts of data, it gets even worse but it is indeed a very attractive idea for the fact that very few software for secure chats and very few people these days bother to or even know how to get a broadcast up and working as per the original idea we had discussed.

As a compromised a blockchain is almost like a broadcast which can become messy as it grows.

We can solve two problems typically faced by blockchains via two methods which are already in use on certain blockchains:

- Pruning of old records.
- Incentivize without using a cryptocurrency

Pruning of old records is quite straightforward, you can configure the clients/miners to prune away any records older than 30 days and Ehtereum blockchain and even Bitcoin blockchain have them but only Ethereum got the pruning feature into actual software while Bitcoin official software does not follow the paper to allow pruning.

The idea of pruning of encrypted blockchain messages is not only suitable for saving space on the blockchain but also to implicitly enforce a duration on all messages and their lifespan. It may or may not be a desirable feature to enforce pruning of blockchain stored messages on the entire blockchain but in general it is more helpful to prune old messages. Very few people would typically want to scroll back 1 month worth of messages anyway and if you really want a historical record of all the messages since account creation, then the messages should be cached on local storage instead of hoarding up space and become redundant on a blockchain in the first place. Messages can be created with some sort of metadata pointing to its once existence on a blockchain and thus even if the encrypted and signed messages are pruned, they will still contain metadata and signatures pertaining to its historical records of the message that has been mined by miners anyway and thus proving it once existed on the blockchain.

Using cryptocurrency to incentivize has always been a double edge sword. It creates a financial race of who can control the most cryptocurrency and manipulate the blockchain. In order to remove the problems associated with most cryptocurrency, it is better to remove the financial portion of the blockchain which is the cryptocurrency and simply use the merkle tree structure of a blockchain as is.

Some schemes using blockchain do not have any financial incentive. In order to maintain a blockchain, all blockchain users automatically become miners and the ability to post messages onto blockchain depends not on the cryptocurrency and incentive but on cooperation on the blockchain. In order to post a message on a non-incentivized blockchain, the poster must "mine" X amount of messages (i.e. 5 messages) and add hashes and signatures of their mining of X amount of "mined" messages onto the message they want to post as a proof of mining and the next poster would also attempt to mine X amount of messages and then add their mining results to their own post and tag it onto the blockchain. If a message is discovered to have incorrect mining messages, it is disregarded and orphaned. Only messages in the proper chain would be considered correct and legitimate. This would ensure a fair game where every poster must mine a minimum threshold of messages before proceeding. Orphaned/disregarded messages are not broadcast onto the blockchain network and deleted from the local client's blockchain cache storage.

The cache would be pruned and synced every 1 month or whatever time period agreed upon on the chain itself.

The only problem with this chain is whenever a new user installs the client and wants to send a message, they must sync their chain cache sufficiently and if there is lots of data to sync for the month, they would be in a fix.

This brings in an alternate method called a "light client" where only metadata headers of messages are synced and stored which makes it lighter and easier for new users but this also post a problem for embedded devices though and another solution is to rely on an active thick client and enter into a complete trusted state with the relying thick client (i.e. a server running a full fledge client software).

I am also aware that somehow the ideas of their design may not come from them and it seems to be rather suspiciously close to our discussion and thus the reason I decided to bring this up here.

WhomeverMay 26, 2019 11:00 PM

Regarding the secrecy of one vs. three (and hiding in plain sight); I had been thinking about this recently and meaning to post an idea here for some review/feedback.

Consider a journaling application that: backs up to “the cloud”, allows storing text and images, supports scanning QR codes to retrieve raw encoded data (you can get 2-3kb per code depending on image fidelity), and is capable of performing a standard set of cipher functions.

Now, using this app I could encrypt messages for myself and store them remotely for access from multiple devices. But, I would still be vulnerable to a “what’s app” attack. Peril!

However, I could install a copy of the app on an old phone or a burner phone and create a novel situation (bearing some degree of hardware chops I could also physically disable the radio on my burner). This burner phone could create a key and generate QR codes that contain cipher text of my private data. A second phone (even a phone with what’s app installed) could take photos of (or scan and store raw bytes of) such QR data and it would remain relatively private.

This would be perfect if I needed a way to keep notes that no one else could read in a shared location that I could access from multiple devices. But, if I were a schemer, it would also enable me to communicate with one or more entities who shared access to the account.

Basically air-gap transfer capability wrapped in a consumer grade note taking app. I just can’t figure out a way to add plausible deniability with the existence of the QR codes or cipher text. It’s kind of like Wa’el said some time ago that you can’t have both — and thus obscurity has a place, in practice, with this problem.

vas pupMay 27, 2019 3:44 PM

Russian data theft: Shady world where all is for sale:
https://www.bbc.com/news/world-europe-48348307

"Last year, Dutch authorities released the names of several people it said were involved in spying. A search for those names in a Russian car registration database - which is supposed to be secret and controlled by the interior ministry, but has been leaked to murky private operators - revealed those individuals' addresses.

They were traced to a building in Moscow used by the GRU - Russian military intelligence."

JG4May 27, 2019 7:09 PM


Thanks the fallen for their sacrifices and wishes the living a sobering reflection on the lies for which the soldiers died. Fake news isn't new and wasn't new when Bernays et al. subjected it to electronic amplification for the first time. What was novel was the scale of the ensuing disasters.

JackMay 28, 2019 4:15 AM

A blockchain is a public ledger which stores everything, while ephemeral communication is a privacy feature. To a global surveillance apparatus, they are essentially the same thing, because by default it stores all ephemeral communications. The only difference is the blockchain conveniently stores all messages in contextual structured manner (via cryptologic keys) without exhausting hardware on the surveilance side, IMHO.
What the global surveillance seeks to identify is not only plaintext messages but also matching up sender and recipients. A blockchain may exhibit "broadcast" qualities but each sender/recipients are exposed at the time the intended recipient reads a message. This is in many ways inferior to using a public message board. An open facing message board allows broadcasting of messages, un-timely retrievals, and no ways to identify an intended recipient unless responded to.

name.withheld.for.obvious.reasonsMay 28, 2019 5:28 AM

@AL, @Faustus

Thanks for adding to the scope and tenor...

It may not have been clear in my last post, the statement regarding treason was necessarily argumentative. A way to provoke conversation amongst others that could cause discovery/clarity. I've described similar means of discourse with Clive and this is a sort of discourse side-channel hack. Often deemed to be unfair, it is sometimes seen as provocative and an aloof form of prose, that is not my intent.

Creating greater discourse and exchanging thoughts on subjects is a multi-person affair. One does not need to victimize others in taking a position or setting out a point of view. Speaking to the issues/problems/ideas without resorting to juvenile means of dissuading others is important. This is a general observation, not a response to the discussion here. It rarely is difficult to be topical here, although there was this one time...skeptical?

If provocation can illuminate, done using neutral and non-threatening rhetoric and without personal attacks, we can realize more than just what comes from gazing at one's navel. An author can exercise a sort of antithetical or "devil's advocate" position within their own writing. I use it as a tool of rhetorical construction to bring a challenge to a particular hypothesis in flushing more detail out.

name.withheld.for.obvious.reasonsMay 28, 2019 5:46 AM

What I understand to be the end-game with the U.S. government and the press is that under the Trump administration, official news will be a Fox Friendly version that probably looks like a hybrid Fox/TBN called GNN (Government News Network).

The Assange case is not about publishing secrets, it's about publishing.

JG4May 28, 2019 7:02 AM

The dystopian future is here now, it's just not evenly distributed. It never can be, because life is a non-equilibrium process. Their entropy maximization is not your entropy maximization.

https://www.nakedcapitalism.com/2019/05/links-5-28-19.html
...

Under the dome: Fears Pacific nuclear ‘coffin’ is leaking PhysOrg (Chuck L)
...

The Atomic Soldiers: U.S. Veterans, Used as Guinea Pigs, Break the Silence Atlantic (David L, UserFriendly).
...

Big Brother is Watching You Watch

Apple Executive Dismisses Google CEO’s Criticism Over Turning Privacy Into a ‘Luxury Good’ The Verge

Grindr Let Chinese Engineers See Data From Millions of Americans Reuters

In Baltimore and Beyond, a Stolen NSA Tool Wreaks Havoc New York Times

The future of AT&T is an ad-tracking nightmare hellworld The Verge
...

WeatherMay 28, 2019 3:06 PM

The sun outputs 293 degrees, the climate does 0.1 degree, a coal seem takes 500 years of tree mass, its just cooked for one million years.
Face it, its just a system to remove non renewable energy source(which is a good thing) ,but how's the break on the swing, isn't it just ineta

A90210May 28, 2019 4:42 PM

https://www.washingtonpost.com/technology/2019/05/28/its-middle-night-do-you-know-who-your-iphone-is-talking/


"Consumer Tech Perspective
It’s the middle of the night. Do you know who your iPhone is talking to?
[...]
And your iPhone doesn’t only feed data trackers while you sleep. In a single week, I encountered over 5,400 trackers, mostly in apps, not including the incessant Yelp traffic. According to privacy firm Disconnect, which helped test my iPhone, those unwanted trackers would have spewed out 1.5 gigabytes of data over the span of a month. That’s half of an entire basic wireless service plan from AT&T.

“This is your data. Why should it even leave your phone? Why should it be collected by someone when you don’t know what they’re going to do with it?” says Patrick Jackson, a former National Security Agency researcher who is chief technology officer for Disconnect. He hooked my iPhone into special software so we could examine the traffic. “I know the value of data, and I don’t want mine in any hands where it doesn’t need to be,” he told me.

In a world of data brokers, Jackson is the data breaker. He developed an app called Privacy Pro [ https://itunes.apple.com/us/app/disconnect-privacy-pro-entire/id1057771839?ls=1&mt=8 ] that identifies and blocks many trackers. If you’re a little bit techie, I recommend trying the free iOS version to glimpse the secret life of your iPhone.

Yes, trackers are a problem on phones running Google’s Android, too. Google won’t even let Disconnect’s tracker-protection software into its Play Store. (Google’s rules prohibit apps that might interfere with another app displaying ads.) ..."

A90210May 28, 2019 5:14 PM

https://www.npr.org/programs/fresh-air/2019/05/16/723960354/fresh-air-for-may-16-2019-the-dark-side-of-generic-prescription-drugs

https://www.democracynow.org/2019/5/20/bottle_of_lies_how_poor_fda
"Bottle of Lies: How Poor FDA Oversight & Fraud in Generic Drug Industry Threaten Patients’ Health"

"... AMY GOODMAN: Could the government produce these drugs?

KATHERINE EBAN: Absolutely. And Elizabeth Warren, in fact, has a very interesting proposal to get the U.S. government to manufacture essential generic drugs. I mean, looked at one way, this is a national security issue. We need to manufacture our own medicine. What if we pissed off India, and they said, “Sorry, no more antibiotics”? We’d really be in a fix.

AMY GOODMAN: Some of the people you spoke to said they avoid taking prescription drugs.

KATHERINE EBAN: Well, they were more specific than that. And, in fact, this was a number of FDA investigators, who, based on the things that they witnessed in these plants overseas, basically have stopped taking generics manufactured overseas.

AMY GOODMAN: Where do they get them then?

KATHERINE EBAN: They try not to get sick. They are very particular about which companies they take drugs from. And it’s based on their own knowledge.

[...]

AMY GOODMAN: So, you’ve been working on this book for years, and you’ve been doing this kind of research way beyond the research you did for this book. What shocked you most, Katherine?

KATHERINE EBAN: Some of the falsifications and fabrications that are going on in these plants. For example, they’re even fabricating their own data proving that the plants are sterile. They’re falsifying their microbiology data. They have to test the environment. They have to test the air. They have to test the water. They’re fabricating that data. So, what is real, and what is fake?

AMY GOODMAN: Is there a particular story that sticks in your mind that you cannot shake?

KATHERINE EBAN: I mean, I would have to say Peter Baker’s investigations into the plant, Wockhardt, which I chronicle in my book.

AMY GOODMAN: Peter Baker, the FDA inspector.

KATHERINE EBAN: Yes, absolutely. I mean, from the moment that he lands at an airport, is followed by company representatives, one of whom—there is a man who yanks open the door of his cab, takes a hard look at him, closes it again. The investigators go to the plant. Several of them fall ill because of tainted water. They learn later that even as they were at night in the hotel room talking about their inspections and their findings, the company had bugged the hotel room. That is the level of the—

AMY GOODMAN: And how much support did he get from the FDA?

KATHERINE EBAN: Minimal, absolutely minimal. In fact, they pulled him off of doing inspections. I mean, he’s one of the most—he’s sort of the Pablo Picasso of FDA investigations.

AMY GOODMAN: And he left just now, just this past March.

KATHERINE EBAN: Yes. That’s right.

AMY GOODMAN: Under the Trump FDA.

KATHERINE EBAN: Yeah.

AMY GOODMAN: I want to thank you for being with us.

KATHERINE EBAN: Thank you.

AMY GOODMAN: We’re going to do Part 2 and post it online at democracynow.org. Investigative journalist Katherine Eban is the author of Bottle of Lies: The Inside Story of the Generic Drug Boom. It’s just been published. Her previous book, Dangerous Doses: A True Story of Cops, Counterfeiters, and the Contamination of America’s Drug Supply."

lurkerMay 29, 2019 1:07 AM

@ A90210

Yes, trackers are a problem on phones running Google’s Android, too.

For me data traffic bandwidth = (Network charges + battery consumption), which is a good reason to have data switched off until I want to use it; and background data always off. Then there should be only the one app running at the time I turn data on. I know some others try to phone home, but they don't get much of a look in. My kids think I'm crazy, they may be right...

A90210May 29, 2019 11:36 AM

https://www.vox.com/2019/5/29/18644237/robert-mueller-remarks-transcript [TL;DR video about 10 minutes]

"Here’s a full transcript of Robert Mueller’s remarks
The former special counsel held a surprise news conference on Wednesday. [ at the Department of Justice (DOJ) ]

[...]

[ Mueller speaking: ] Thank you for being here. Two years ago, the Acting Attorney General asked me to serve as Special Counsel, and he created the Special Counsel’s Office. The appointment order directed the office to investigate Russian interference in the 2016 presidential election. This included investigating any links or coordination between the Russian government and individuals associated with the Trump campaign. Now I have not spoken publicly during our investigation. I’m speaking out today because our investigation is complete. The Attorney General has made the report on our investigation largely public. We are formally closing the Special Counsel’s office, and as well I’m resigning from the Department of Justice to return to private life. I’ll make a few remarks about the results of our work. But beyond these few remarks it is important that the office’s written work speak for itself.

Let me begin where the appointment order begins: and that is interference with the 2016 presidential election. As alleged by the grand jury in an indictment, Russian intelligence officers who were part of the Russian military launched a concerted attack on our political system. The indictment alleges that they used sophisticated cyber techniques to hack into computers and networks used by the Clinton campaign. They stole private information and then released that information through fake online identities and through the organization Wikileaks. The releases were designed and times to interfere with our election and to damage a presidential candidate.

And at the same time as the grand jury alleged in a separate indictment, a private Russian entity engaged in a social media operation where Russian citizens posed as Americans in order to influence an election. These indictments contain allegations, and we are not commenting on the guilt or innocence of any specific defendant. Every defendant is presumed innocent unless and until proven guilty.

The indictments allege, and the other activities in our report describe, efforts to interfere in our political system. They needed to be investigated and understand. And that is among the reasons why the Department of Justice established our office. That is also a reason we investigated efforts to obstruct the investigation. The matters we investigated were of paramount importance and it was critical for us to obtain full and accurate information from every person we questioned. When a subject of an investigation obstructs that investigation or lies to investigators, it strikes at the core of the government’s effort to find the truth and hold wrong doers accountable.

Let me say a word about the report. The report has two parts, addressing the two main issues we were asked to investigate. The first volume details numerous efforts emanating from Russia to influence the election. This volume includes a discussion of the Trump campaign’s response to this activity, as well as our conclusion that there was insufficient evidence to charge a broader conspiracy.

And in a second volume, the report describes the results and analysis of our obstruction of justice investigation involving the president.

The order appointing the Special Counsel authorized us to investigate actions that could obstruct the investigation. And we conducted that investigation and we kept the Office of the Acting Attorney General apprised of the progress of our work.

And as set forth in the report after that investigation, if we had had confidence that the President clearly did not commit a crime, we would have said so.

We did not, however, make a determination as to whether the president did commit a crime. The introduction to the volume two of our report explains that decision. It explains that under long-standing Department policy, a President cannot be charged with a federal crime while he is in office. That is unconstitutional. Even if the charge is kept under seal and hidden from public view, that too is prohibited. The special counsel’s office is part of the Department of Justice and by regulation it was bound by that Department policy. Charging the president with a crime was, therefore, not an option we could consider.

The Department’s written opinion explaining the policy makes several important points that further informed our handling of the obstruction investigation. Those points are summarized in our report, and I will describe two of them for you. First, the opinion explicitly permits the investigation of a sitting President because it is important to preserve evidence while memories are fresh and documents available. Among other things, that evidence could be used if there were co-conspirators who could be charged now. And second, the opinion says that the Constitution requires a process other than the criminal justice system to formally accuse a sitting President of wrong doing. And beyond Department policy we were guided by principles of fairness. It would be unfair to potentially — it would be unfair to potentially accuse somebody of a crime when there can be no court resolution of the actual charge.

So that was Justice Department policy. Those were the principles under which we operated and from them we concluded that we would not reach a determination, one way or the other, about whether the President committed a crime. That is the office’s — that is the office’s final position, and we will not comment on any other conclusions or hypotheticals about the President.

We conducted an independent criminal investigation and reported the results to the Attorney General, as required by Department regulations. The attorney general then concluded that it was appropriate to provide our report to Congress and to the American people. At one point in time I requested that certain portions of the report be released. The Attorney General preferred to make that — preferred to make the entire report public all at once, and we appreciate that the Attorney General made the report largely public. And I certainly do not question the Attorney General’s good faith in that decision.

Now I hope and expect this to be the only time that I will speak to you in this manner. I am making that decision myself. No one has told me whether I can or should testify or speak further about this matter. There has been discussion about an appearance before Congress. Any testimony from this office would not go beyond our report. It contains our findings and analysis and the reasons for the decisions we made. We chose those words carefully and the work speaks for itself. And the report is my testimony. I would not provide information beyond that which is already public in any appearance before congress.

In addition, access to our underlying work product is being decided in a process that does not involve our office. So beyond what I have said here today, and what is contained in our written work, I do not believe it is appropriate for me to speak further about the investigation or to comment on the actions of the Justice Department or Congress. And it’s for that reason I will not be taking questions today as well.

Now before I step away, I want to thank the attorneys, the FBI agents, and analysts, the professional staff who helped us conduct this investigation in a fair and independent manner. These individuals who spent nearly two years with the Special Counsel’s Office were of the highest integrity.

And I will close by reiterating the central allegation of our indictments — that there were multiple, systematic efforts to interference in our election. That allegation deserves the attention of every American.

Thank you. Thank you for being here today."

A90210May 29, 2019 12:42 PM

https://www.emptywheel.net

https://mobile.twitter.com/emptywheel/status/1133771963040768000

" [edited] @emptywheel

This strongly suggests that (as I [emptywheel] predicted) the timing of Mueller's statement/resignation today is tied to getting Miller's testimony, which they've been trying to get for over a year. twitter.com/kpolantz/statu…

Miller is Roger Stone flunkie who was scheduling his time/shadowing him, including during the RNC, in 2016. He has also suggested he might face some exposure on financial issues. Stone was investigated for wire fraud,

Prosecutors have implied they may bring new charges against Stone once they get Miller's testimony. We should also assume Mueller also got Mystery Appellant to comply. ..."


1&1~=UmmMay 29, 2019 12:49 PM

BoJo to be privately dragged to a life in imprisonment?

This might amuse,

https://www.bbc.co.uk/news/amp/uk-politics-48445430

Essentially one of the most self intetested, self serving, self aggrandizing buffoons in British Politics, knowingly told "major porkies" to the public. Not his usuall lies on who he is or is not having an affair/child with, or who's giving him back handers one way or another this week.

No it's about something more important "money". Apparently he has deliberately and knowingly lied to the British People whilst in "Public Office" about how much money the UK alledgadly gives to Europe on a weekly basis.

Such lying in such a position is considered "Malfeasance in Public Office" and it's quite an old law going back to a time when politicians were expected to behave not just honourably but honestly, or pay significant consequences. Thus as a law it still carries the maximum penalty of "life in prison" and significant fines as well as disbarment from any further public office.

Tradition has it that when a member of parliment is taken to court the sensible and honourable thing for them to do is to stand down from their position, which they can nolonger devote all their time to, and instead spend their time fighting the case.

My own personal feelings are that as the statistics say that members of parliment are four times more likely to be criminals than the ordinary citizen the odds are not in his favour. But also I would like to see a politician put away for rather longer than a token period of a few months. Perhaps putting BoJo away for the rest of his (un)natural life might teach politicians that life is not about lining their pockets and behaving as if the morals of society do not apply to them.

After all most politicians demand "tougher sentencing" and "being hard on crime" perhaps now is a time their fervent wishes should be applied to one of their own. After all they should be mindfull of what they wish for, as well as leading by example.

Thus life as a catagory A prisoner in maximum securiry 24Hour "lock down" should be a fine example for others to learn by.

Oh and on a similar note Nigal Farage MEP has complained frequently about how corrupt MEP's are. Again he should have been minfull of what he wished for,

https://www.politico.eu/article/eu-anti-fraud-body-considering-investigation-into-nigel-farage/

Hopefully Both BoJo and Niggle could share a cell together, after all as the old saying has it "Missery loves company" I'm sure they would get along just like a couple of public school boys sharing a bed room, though who would fagg for who makes an interesting thought.

A90210May 29, 2019 4:45 PM

While President Trump continues to play the 'victim' card, here is neither the FBI's nor the Rolling Stones' "Crossfire Hurricane", but Bob Dylan's Hurricane.

https://www.youtube.com/watch?v=bpZvg_FjL3Q
Bob Dylan - Hurricane (Audio)

https://www.azlyrics.com/lyrics/bobdylan/hurricane.html

"Bob Dylan was inspired to write this song by the case of Rubin "Hurricane" Carter [1], a boxer who spent 19 years in jail for a murder he did not commit. Dylan wrote the song after Carter had sent him his autobiography "The Sixteenth Round: From Number 1 Contender to Number 45472", which was published in 1974."

[1] https://en.wikipedia.org/wiki/Rubin_Carter

NoJusticeMay 29, 2019 5:17 PM

USA Office of the Inspector General

INVESTIGATIVE SUMMARY
Findings of Misconduct by an FBI Deputy Assistant Director for Unauthorized Contacts with
the Media, Disclosing Law Enforcement and Other Sensitive Information to the Media, and
Accepting a Gift from the Media

https://oig.justice.gov/reports/2019/f190529.pdf

In a separate incident FBI agents were given royal treatment at the 2018 Super-bowl while they were investigating the franchise. No charges were ever filed.

This lack of chronic ethical behavior should have been detected in detailed background checks.

1&1~=UmmMay 29, 2019 5:29 PM

@ALL interested in OTP Generation

I'll just leave this here,

https://brushbeater.wordpress.com/2019/05/08/from-a-reader-r-pi-otp-dryad-true-hardware-rng-how-to/

It might give a few people ideas.

Oh just one thing,

DON'T TRUST ON CHIP RNGS...

The reason, you can not in any way tell if they are a 'Determanistic' PRNG or 'Non determanistic' TRNG.

So if you can not verify, do not trust.

There's good evidence to suggest that quite a few on chip RNGs have so little true entropy they have to fake it with hash functions...

name.withheld.for.obvious.reasonsMay 31, 2019 3:40 AM

When the people with the guns call for using guns and say they have no concern for due process, this suggests that a democratic republic, as constituted by the framers of the U.S. Constitution, is no longer operable. I sat through a round table discussion with a half dozen security experts. Near the end of their conversation they contemplated the nature and guilt of one person, Assange, in a national security context. What I witnessed was sad. I doubt anyone on the panel, save on, could pass a immigration/naturalization citizenship test. Two months ago I took it, curious as to my "citizenship-worthy" standing, 100% pass. But the test is not a "citizenship" test as much as it is a history test. What is missing is the reasoning, the debates, the reflection and the character of individuals that dared to throw off monarchy.

Those events starting from the mid-eighteenth century were part of the enlightenment in western civilization. A truly revolutionary period in human history. Understanding history and our place in it is important, I can only speculate as to the period that covers the late twentieth and early twenty first century. To my mind, we look pretty pathetic.

To all you "might makes right'ers" out there, get off your treadmill, out of your group think, and read the writings of Thomas Paine--all of them. You might learn something, and if you get past Paine, go directly to James Madison. I doubt many will make it past Paine, his poetry can be complex...but I love it. Wish I could have a conversation with someone such as Paine; but alas, in this life all I go through is Pain.

31 May 2019 00:00:00May 31, 2019 6:57 AM

https://www.cnn.com/2019/05/30/politics/mueller-enigma/index.html

"After the president [Trump] hired a new legal team in 2018, they met with Mueller and his team to introduce themselves. The Trump team thought one of the advantages of hiring Jane and Marty Raskin was their past as colleagues with Mueller and Quarles. Jane Raskin worked with Mueller at the Justice Department, and she later worked with Quarles in private practice.

Last November, Trump's legal team prepared to provide written answers to a list of questions the Mueller team had provided months earlier on his actions prior to the inauguration. It was a deal that resolved months of battling over prosecutors' request for a sit-down interview of the President.

The Trump team learned that Mueller's prosecutors had mentioned the President by name in draft court paperwork related to a proposed plea deal they were pushing Jerome Corsi to sign. Corsi had no formal role on the Trump campaign but was an acquaintance of Roger Stone, a political adviser to then-candidate Trump.

The document, known as a "Statement of the Offense," didn't accuse Trump of any crime. But the President's lawyers were fuming that Trump was even mentioned by name while others were anonymized.

The Trump lawyers, led by Jay Sekulow and Jane Raskin, protested to Quarles, and the following day, they drove a few blocks to meet with Ed O'Callaghan, the senior official in Deputy Attorney General Rod Rosenstein's office, who led day-to-day oversight of the Mueller investigation.

Members of the President's legal team were surprised that Mueller didn't show up given that they had specifically requested to meet with him at the Justice Department, a person familiar with the meeting says, although Mueller had not directly promised to attend.

Corsi ultimately made the document public, but he didn't sign a plea agreement and the special counsel's office didn't file any charges against him.
As the investigation marched on, the Raskins dealt almost exclusively with Quarles over months of back and forth talks.

The fact that Mueller didn't attend interviews of key witnesses or participate in certain meetings can be understood when his role is viewed through the prism of his history said one former official who worked closed with him.
"The role that he's most familiar with and has done most recently is FBI director -- the leader of the investigators," the former official explained. As a result, it would be "unrealistic" to expect Mueller to hover over his team.
But that's also not to say he'd be prone to let his team run over him.

"Nobody rolls Bob Mueller," said the former official."

31 May 2019 00:00:00May 31, 2019 7:06 AM

https://www.cnn.com/2019/05/30/politics/roger-stone-hearing/index.html

"Judge appears exasperated at Roger Stone arguments against Mueller

The longtime political stuntman Roger Stone faced an exasperated judge on Thursday, as his lawyers failed to gain traction with bold legal arguments criticizing special counsel Robert Mueller before Stone's November criminal trial.

At the two-and-a-half-hour court hearing, Judge Amy Berman Jackson of the DC District Court didn't rule on requests Stone has made to puncture the case against him but got his legal team to admit flaws in almost all of their arguments."

31 May 2019 00:00:00May 31, 2019 7:28 AM

https://www.cnn.com/2019/05/30/politics/fact-checking-trump-mueller-claims/index.html

"Fact-checking Trump's flurry of falsehoods and lies [ at least 21 ] after Mueller declined to exonerate him [ Wednesday ].

Here's a breakdown of Trump's [False, Misleading, or Lie] comments.

Cost of the investigation

Cooperation with the probe

Mueller's conflicts of interest

Legal constraints on Mueller

Fairness of the investigation

Concerns about Russian meddling

Trump's role in Russian meddling

Mueller's findings on obstruction

More obstruction of justice findings

[plus about twelve more]"

JG4June 1, 2019 6:06 AM


Thanks for the tip to read Paine and Madison.

https://www.nakedcapitalism.com/2019/05/links-5-31-19.html
...

Prisoner’s Dilemma shows how exploitation is a basic property of human society MIT Technology Review
...

Newark Ticketing Drivers Who Give Money To Panhandlers CBS New York
...

Big Brother IS Watching You Watch

What happens on your iPhone doesn’t quite stay on your iPhone Business Insider
...

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Security.