Wednesday, November 23, 2016

OpenStack 11/23/2016 (p.m.)


Posted from Diigo. The rest of Open Web group favorite links are here.

Friday, November 04, 2016

OpenStack 11/04/2016 (p.m.)

  • Article by James Bamford, the first NSA whistleblower and author of three books on the NSA.

    Tags: war & peace, cyberwar, U.S.-foreign-policy, Russia, Bamford

    • Last summer, cyber investigators plowing through the thousands of leaked emails from the Democratic National Committee uncovered a clue.

      A user named “Феликс Эдмундович” modified one of the documents using settings in the Russian language. Translated, his name was Felix Edmundovich, a pseudonym referring to Felix Edmundovich Dzerzhinsky, the chief of the Soviet Union’s first secret-police organization, the Cheka.

      It was one more link in the chain of evidence pointing to Russian President Vladimir Putin as the man ultimately behind the operation.

      During the Cold War, when Soviet intelligence was headquartered in Dzerzhinsky Square in Moscow, Putin was a KGB officer assigned to the First Chief Directorate. Its responsibilities included “active measures,” a form of political warfare that included media manipulation, propaganda and disinformation. Soviet active measures, retired KGB Major General Oleg Kalugin told Army historian Thomas Boghart, aimed to discredit the United States and “conquer world public opinion.”

      As the Cold War has turned into the code war, Putin recently unveiled his new, greatly enlarged spy organization: the Ministry of State Security, taking the name from Joseph Stalin’s secret service. Putin also resurrected, according to James Clapper, the U.S. director of national intelligence, some of the KGB’s old active- measures tactics. 

      On October 7, Clapper issued a statement: “The U.S. Intelligence community is confident that the Russian government directed the recent compromises of emails from U.S. persons and institutions, including from U.S. political organizations.” Notably, however, the FBI declined to join the chorus, according to reports by the New York Times and CNBC.

      A week later, Vice President Joe Biden said on NBC’s Meet the Press that "we're sending a message" to Putin and "it will be at the time of our choosing, and under the circumstances that will have the greatest impact." When asked if the American public would know a message was sent, Biden replied, "Hope not." 

      Meanwhile, the CIA was asked, according to an NBC report on October 14, “to deliver options to the White House for a wide-ranging ‘clandestine’ cyber operation designed to harass and ‘embarrass’ the Kremlin leadership.”

      But as both sides begin arming their cyberweapons, it is critical for the public to be confident that the evidence is really there, and to understand the potential consequences of a tit-for-tat cyberwar escalating into a real war. 

    • This is a prospect that has long worried Richard Clarke, the former White House cyber czar under President George W. Bush. “It’s highly likely that any war that began as a cyberwar,” Clarke told me last year, “would ultimately end up being a conventional war, where the United States was engaged with bombers and missiles.”

      The problem with attempting to draw a straight line from the Kremlin to the Clinton campaign is the number of variables that get in the way. For one, there is little doubt about Russian cyber fingerprints in various U.S. campaign activities. Moscow, like Washington, has long spied on such matters. The United States, for example, inserted malware in the recent Mexican election campaign. The question isn’t whether Russia spied on the U.S. presidential election, it’s whether it released the election emails.

      Then there’s the role of Guccifer 2.0, the person or persons supplying WikiLeaks and other organizations with many of the pilfered emails. Is this a Russian agent? A free agent? A cybercriminal? A combination, or some other entity? No one knows.

      There is also the problem of groupthink that led to the war in Iraq. For example, just as the National Security Agency, the Central Intelligence Agency and the rest of the intelligence establishment are convinced Putin is behind the attacks, they also believed it was a slam-dunk that Saddam Hussein had a trove of weapons of mass destruction. 

      Consider as well the speed of the political-hacking investigation, followed by a lack of skepticism, culminating in a rush to judgment. After the Democratic committee discovered the potential hack last spring, it called in the cybersecurity firm CrowdStrike in May to analyze the problem.

    • CrowdStrike took just a month or so before it conclusively determined that Russia’s FSB, the successor to the KGB, and the Russian military intelligence organization, GRU, were behind it. Most of the other major cybersecurity firms quickly fell in line and agreed. By October, the intelligence community made it unanimous. 

      That speed and certainty contrasts sharply with a previous suspected Russian hack in 2010, when the target was the Nasdaq stock market. According to an extensive investigation by Bloomberg Businessweek in 2014, the NSA and FBI made numerous mistakes over many months that stretched to nearly a year. 

      “After months of work,” the article said, “there were still basic disagreements in different parts of government over who was behind the incident and why.”  There was no consensus­, with just a 70 percent certainty that the hack was a cybercrime. Months later, this determination was revised again: It was just a Russian attempt to spy on the exchange in order to design its own. 

      The federal agents also considered the possibility that the Nasdaq snooping was not connected to the Kremlin. Instead, “someone in the FSB could have been running a for-profit operation on the side, or perhaps sold the malware to a criminal hacking group.” 

      Again, that’s why it’s necessary to better understand the role of Guccifer 2.0 in releasing the Democratic National Committee and Clinton campaign emails before launching any cyberweapons.

    • t is strange that clues in the Nasdaq hack were very difficult to find ― as one would expect from a professional, state-sponsored cyber operation. Conversely, the sloppy, Inspector Clouseau-like nature of the Guccifer 2.0 operation, with someone hiding behind a silly Bolshevik cover name, and Russian language clues in the metadata, smacked more of either an amateur operation or a deliberate deception.

      Then there’s the Shadow Brokers, that mysterious person or group that surfaced in August with its farcical “auction” to profit from a stolen batch of extremely secret NSA hacking tools, in essence, cyberweapons. Where do they fit into the picture? They have a small armory of NSA cyberweapons, and they appeared just three weeks after the first DNC emails were leaked. 

      On Monday, the Shadow Brokers released more information, including what they claimed is a list of hundreds of organizations that the NSA has targeted over more than a decade, complete with technical details. This offers further evidence that their information comes from a leaker inside the NSA rather than the Kremlin.

      The Shadow Brokers also discussed Obama’s threat of cyber retaliation against Russia. Yet they seemed most concerned that the CIA, rather than the NSA or Cyber Command, was given the assignment. This may be a possible indication of a connection to NSA’s elite group, Tailored Access Operations, considered by many the A-Team of hackers.

      “Why is DirtyGrandpa threating CIA cyberwar with Russia?” they wrote. “Why not threating with NSA or Cyber Command? CIA is cyber B-Team, yes? Where is cyber A-Team?” 

      Because of legal and other factors, the NSA conducts cyber espionage, Cyber Command conducts cyberattacks in wartime, and the CIA conducts covert cyberattacks. 

    • The Shadow Brokers connection is important because Julian Assange, the founder of WikiLeaks, claimed to have received identical copies of the Shadow Brokers cyberweapons even before they announced their “auction.” Did he get them from the Shadow Brokers, from Guccifer, from Russia or from an inside leaker at the NSA?

      Despite the rushed, incomplete investigation and unanswered questions, the Obama administration has announced its decision to retaliate against Russia.  But a public warning about a secret attack makes little sense. If a major cyber crisis happens in Russia sometime in the future, such as a deadly power outage in frigid winter, the United States could be blamed even if it had nothing to do with it. 

      That could then trigger a major retaliatory cyberattack against the U.S. cyber infrastructure, which would call for another reprisal attack ― potentially leading to Clarke’s fear of a cyberwar triggering a conventional war. President Barack Obama has also not taken a nuclear strike off the table as an appropriate response to a devastating cyberattack.


Posted from Diigo. The rest of Open Web group favorite links are here.

Sunday, October 30, 2016

OpenStack 10/31/2016 (a.m.)

  • Tags: surveillance state, Endace, internet-intercept, equipment, intelligence-industry-complex

    • t was a powerful piece of technology created for an important customer. The Medusa system, named after the mythical Greek monster with snakes instead of hair, had one main purpose: to vacuum up vast quantities of internet data at an astonishing speed.

      The technology was designed by Endace, a little-known New Zealand company. And the important customer was the British electronic eavesdropping agency, Government Communications Headquarters, or GCHQ.

      Dozens of internal documents and emails from Endace, obtained by The Intercept and reported in cooperation with Television New Zealand, reveal the firm’s key role helping governments across the world harvest vast amounts of information on people’s private emails, online chats, social media conversations, and internet browsing histories.


Posted from Diigo. The rest of Open Web group favorite links are here.

Tuesday, October 25, 2016

OpenStack 10/26/2016 (a.m.)

  • Tags: surveillance state, CloudFlare, censorship

    • Re: Major net hack - its not necessarily off topic. .gov is herding web sites into it's own little DNS animal farms so it can properly protect the public from that dangerous 'information' stuff in time of emergency. CloudFlare is the biggest abattoir... er, animal farm.

      CloudFlare is kind of like a protection racket. If you pay their outrageous fees, you will be 'protected' from DDoS attacks. Since CloudFlare is the preferred covert .gov tool of censorship and content control (when things go south), they are trying to drive as many sites as possible into their digital panopticons.

      Who the hell is Cloudflare?

      ISUCKER: BIG BROTHER INTERNET CULTURE

      On top of that, CloudFlare’s CEO Matthew Prince made a weird, glib admission that he decided to start the company only after the Department of Homeland Security gave him a call in 2007 and suggested he take the technology behind Project Honey Pot one step further…

      And that makes CloudFlare a whole different story: People who sign up for the service are allowing CloudFlare to monitor, observe and scrutinize all of their site’s traffic, which makes it much easier for intel or law enforcement agencies to collect info on websites and without having to hack or request the logs from each hosting company separately. But there’s more. Because CloudFlare doesn’t just passively monitor internet traffic but works like a dynamic firewall to selectively block traffic from sources it deems to be “hostile,” website operators are giving it a whole lotta power over who gets to see their content. The whole point of CloudFlare is to restrict access to websites from specific locations/IP addresses on the fly, without notifying or bothering the website owner with the details. It’s all boils down to a question of trust, as in: do you trust a shady company with known intel/law enforcement connections to make that decision?

    • And here is an added bonus for the paranoid: Because CloudFlare partially caches websites and delivers them to web surfers via its own servers, the company also has the power to serve up redacted versions of the content to specific users. CloudFlare is perfect: it can implement censorship on the fly, without anyone getting wise to it!

      Right now CloudFlare says it monitors nearly 1/5 of all Internet visits. [<-- this] An astounding claim for a company most people haven’t even heard of. And techie bloggers seem very excited about getting as much Internet traffic routed through them as possible!

      See? Plausable deniability. A couple of degrees of separation. Yet when the Borg Queen wants to start WWIII next year, she can order the DHS Stazi to order outfits like CloudFlare to do the proper 'shaping' of internet traffic to filter out unwanted information.

      How far is any expose of propaganda like Dusty Boy going to happen if nobody can get to sites like MoA? You'll be able to get to all kinds of tweets and NGO sites crying about Dusty Boy 2.0, but you won't see a tweet or a web site calling them out on their lies. Will you even know they interviewed Assad? Will you know the activist 'photographer' is a paid NGO shill or that he's pals with al Zenki? Nope, not if .gov can help it.

  • Tags: DDOS-attacks, Internet-of-things

    • Last month, we wrote about Bruce Schneier's warning that certain unknown parties were carefully testing ways to take down the internet. They were doing carefully configured DDoS attacks, testing core internet infrastructure, focusing on key DNS servers. And, of course, we've also been talking about the rise of truly massive DDoS attacks, thanks to poorly secured Internet of Things (IoT) devices, and ancient, unpatched bugs.

      That all came to a head this morning when large chunks of the internet went down for about two hours, thanks to a massive DDoS attack targeting managed DNS provider Dyn. Most of the down sites are back (I'm still having trouble reaching Twitter), but it was pretty widespread, and lots of big name sites all went down. Just check out this screenshot from Downdetector showing the outages on a bunch of sites:
    • You'll see not all of them have downtime (and the big ISPs, as always, show lots of complaints about downtimes), but a ton of those sites show a giant spike in downtime for a few hours.

      So, once again, we'd like to point out that this is as problem that the internet community needs to start solving now. There's been a theoretical threat for a while, but it's no longer so theoretical. Yes, some people point out that this is a difficult thing to deal with. If you're pointing people to websites, even if we were to move to a more distributed system, there are almost always some kinds of chokepoints, and those with malicious intent will always, eventually, target those chokepoints. But there has to be a better way -- because if there isn't, this kind of thing is going to become a lot worse.

Posted from Diigo. The rest of Open Web group favorite links are here.

Monday, October 24, 2016

OpenStack 10/25/2016 (a.m.)

  • Tags: surveillance state, FISA-Court, opinions, disclosure, litigation, ACLU

    • The American Civil Liberties Union (ACLU) has filed a motion to reveal the secret court opinions with “novel or significant interpretations” of surveillance law, in a renewed push for government transparency.

      The motion, filed Wednesday by the ACLU and Yale Law School’s Media Freedom and Information Access Clinic, asks the Foreign Intelligence Surveillance Act (FISA) Court, which rules on intelligence gathering activities in secret, to release 23 classified decisions it made between 9/11 and the passage of the USA Freedom Act in June 2015.

      As ACLU National Security Project staff attorney Patrick Toomey explains, the opinions are part of a “much larger collection of hidden rulings on all sorts of government surveillance activities that affect the privacy rights of Americans.”

      Among them is the court order that the government used to direct Yahoo to secretly scanits users’ emails for “a specific set of characters.” Toomey writes:

      These court rulings are essential for the public to understand how federal laws are being construed and implemented. They also show how constitutional protections for personal privacy and expressive activities are being enforced by the courts. In other words, access to these opinions is necessary for the public to properly oversee their government.

    • Although the USA Freedom Act requires the release of novel FISA court opinions on surveillance law, the government maintains that the rule does not apply retroactively—thereby protecting the panel from publishing many of its post-9/11 opinions, which helped create an “unprecedented buildup” of secret surveillance laws.

      Even after National Security Agency (NSA) whistleblower Edward Snowden revealed the scope of mass surveillance in 2013, sparking widespread outcry, dozens of rulings on spying operations remain hidden from the public eye, which stymies efforts to keep the government accountable, civil liberties advocates say.

      “These rulings are necessary to inform the public about the scope of the government’s surveillance powers today,” the ACLU’s motion states.

      • Toomey writes that the rulings helped influence a number of novel spying activities, including:

        • The government’s use of malware, which it calls “Network Investigative Techniques”
        • The government’s efforts to compel technology companies to weaken or circumvent their own encryption protocols
        • The government’s efforts to compel technology companies to disclose their source code so that it can identify vulnerabilities
        • The government’s use of “cybersignatures” to search through internet communications for evidence of computer intrusions
        • The government’s use of stingray cell-phone tracking devices under the Foreign Intelligence Surveillance Act (FISA)
        • The government’s warrantless surveillance of Americans under FISA Section 702—a controversial authority scheduled to expire in December 2017
        • The bulk collection of financial records by the CIA and FBI under Section 215 of the Patriot Act

        Without these rulings being made public, “it simply isn’t possible to understand the government’s claimed authority to conduct surveillance,” Toomey writes.

        As he told The Intercept on Wednesday, “The people of this country can’t hold the government accountable for its surveillance activities unless they know what our laws allow. These secret court opinions define the limits of the government’s spying powers. Their disclosure is essential for meaningful public oversight in our democracy.”


Posted from Diigo. The rest of Open Web group favorite links are here.

Tuesday, October 18, 2016

OpenStack 10/19/2016 (a.m.)

  • Tags: surveillance state, Wikileaks, Assange, Ecuador, internet-access

    • Midway through releasing a series of damaging disclosures about U.S. presidential contender Hillary Clinton, WikiLeaks founder Julian Assange says his hosts at the Ecuadorean Embassy in London abruptly cut him off from the internet. The news adds another layer of intrigue to an extraordinary campaign.

      “We can confirm Ecuador cut off Assange’s internet access Saturday, 5pm GMT, shortly after publication of Clinton’s Goldman Sachs (speeches),” the group said in a message posted to Twitter late Monday.

  • Tags: surveillance state, fingerprints, phone-access, search-warrants, civil-liberties

    • Under the Fourth Amendment, Americans are protected from unreasonable searches and seizures, but according to one group of federal prosecutors, just being in the wrong house at the wrong time is cause enough to make every single person inside provide their fingerprints and unlock their phones.

      Back in 2014, a Virginia Circuit Court ruled that while suspects cannot be forced to provide phone passcodes, biometric data like fingerprints doesn’t have the same constitutional protection. Since then, multiple law enforcement agencies have tried to force individual suspects to unlock their phones with their fingers, but none have claimed the sweeping authority found in a Justice Department memorandum recently uncovered by Forbes.

    • In the court document filed earlier this year, federal prosecutors in California argued that a warrant for a mass finger-unlocking was constitutionally sound even though “the government does not know ahead of time the identity of every digital device or every fingerprint (or indeed, every other piece of evidence) that it will find in the search” because “it has demonstrated probable cause that evidence may exist at the search location.” Criminal defense lawyer Marina Medvin, however, disagreed.

      Advertisement

      Advertisement

      “They want the ability to get a warrant on the assumption that they will learn more after they have a warrant,” Medvin told Forbes. “This would be an unbelievably audacious abuse of power if it were permitted.”

      Unfortunately, other documents related to the case were not publicly available, so its unclear if the search was actually executed. Even so, Medvin believes the memorandum sets a deeply troubling precedent, using older case law regarding the collection of fingerprint evidence to request complete access to the “amazing amount of information” found on a cellphone.


Posted from Diigo. The rest of Open Web group favorite links are here.

Monday, October 17, 2016

OpenStack 10/18/2016 (a.m.)

  • Investigation was instigated by Sen. Ron Wyden after receiving constituent complaints.

    Tags: cable-ISPs, Comcast, Xfinity, FCC, penalties, excess-charges

    • Comcast is being forced to pay the largest fine the FCC has ever levied against a cable operator. Its offense: Charging customers for services and equipment they didn't ask for.

      The company agreed to pay a $2.3 million civil penalty and to submit to a "compliance plan," in which regulators will monitor Comcast for the next five years to ensure it cleans up its act.

    • The FCC said it received over 1,000 complaints from customers, who said Comcast charged them for premium channels, cable boxes, DVRs or other products that they never ordered.

      In many cases, the FCC said, customers expressly told Comcast that they didn't want the add-on options, but they were charged anyway.

      Complaints also describe how customers spent "significant time and energy to attempt to remove the unauthorized charges" and get refunds, the commission said.

      The complaints spurred the FCC to launch an investigation nearly two years ago. Today's settlement marks the conclusion of the probe.

      Under the five-year compliance plan, Comcast must begin sending customers special notifications every time a new charge or service is added to their bill. The company also has to add a way for customers to easily "block the addition of new services or equipment to their accounts," according to an FCC press release.

    • Comcast (CMCSA) will also be required to compensate or address complaints from customers who have disputed charges, and it will be barred from referring an account to collections or suspending an account that has a disputed charge.

      Comcast agreed to the fine without admitting any guilt.


Posted from Diigo. The rest of Open Web group favorite links are here.