surveillance https://truthvoice.com Wed, 22 May 2019 11:31:45 +0000 en-US hourly 1 https://wordpress.org/?v=6.0.2 https://i0.wp.com/truthvoice.com/wp-content/uploads/2019/05/cropped-truthvoice-logo21-1.png?fit=32%2C32&ssl=1 surveillance https://truthvoice.com 32 32 194740597 Homeland Security Asking Hotel Staff to Report Customers for Too Many Condoms https://truthvoice.com/2016/01/homeland-security-asking-hotel-staff-to-report-customers-for-too-many-condoms/?utm_source=rss&utm_medium=rss&utm_campaign=homeland-security-asking-hotel-staff-to-report-customers-for-too-many-condoms Wed, 13 Jan 2016 09:48:32 +0000 http://truthvoice.com/2016/01/homeland-security-asking-hotel-staff-to-report-customers-for-too-many-condoms/
Lives3

Screen capture from the film The Lives of Others, based on the lives of citizens monitored by the Stasi in Communist East Germany.

The U.S. Department of Homeland Security (DHS) continues to pour time and taxpayer money into convincing the American people that there’s an epidemic of sex trafficking here. So bad is this alleged epidemic that ordinary crime-control measures won’t work, hence the deparment is recruiting truck drivers and hotel workers to be its eyes and ears on the ground. Ugh.

Despite federal fearmongering, there’s no concrete evidence to suggest that sex trafficking is even prevalent in America, let alone on the rise. But you would never know that from listening to lawmakers, federal officials, and their local-media mouthpieces talk. And while some of this propaganda stems from good intentions, it also provides good fodder for all manner of civil-liberties abuses, from seizing sex-business assets to expanding police wiretapping power. Now it’s providing law enforcement with cover to convince citizens to spy on each other and report one another to police for perfectly normal activity.

“We would rather have you call anybody and report it to somebody,” a DHS spokeswoman told 9News Colorado, “even if it turns out to be nothing, than miss one of those victims that’s suffering.”

That’s why, as part of the “Safe Action Project,” DHS staff will train hotel and hospitality workers on how to spot the so-called signs of sex trafficking. Alleged “red flags” include:

  • garbage cans containing many used condoms
  • frequent use of “Do Not Disturb” sign on room door
  • excessive foot traffic in and out of a room
  • “excessive sex paraphernalia” in room
  • an “overly smelly room” that reeks of “cigarette, marijuana, sweat, bodily fluids, and musk”
  • a guest who “averts eyes or does not make eye contact”
  • individuals “dressed inappropriate for age” or with “lower quality clothing than companions”
  • guests with “suspicious tattoos”
  • the presence of multiple computers, cell phones, pagers, credit card swipes, or other technology
  • the presence of photography equipment
  • minibar in need of frequent restocking
  • guests with too many personal hygiene products, especially “lubrication, douches”
  • guests with too few personal possessions
  • rooms paid for with cash or a rechargeable credit card
  • “individuals loitering and soliciting male customers”
  • “claims of being an adult though appearance suggests adolescent features”
  • refusal of room cleaning services for multiple days

Take heed, lovers on romantic getaways, photographers on assignment, beauty-product junkies, tech workers, cash carriers, alcoholics, late sleepers, slobs, immodest dressers, people on the autism spectrum, people with body-odor problems, single patrons seeking hotel-bar hookups, light packers, and those with a youthful appearance: DHS is onto you!

Meanwhile, in California, the Attorney General’s office, the U.S. Attorney’s Office for the Northern District of California, and an organization called Truckers Against Trafficking have been teaming up to train truck drivers on how to identify and report suspected sex traffickers. The program essentially urges truckers to report people offering prostitution at truck stops, making sure to include “actionable information” such as a physical descriptions of the individual, car make and model, license plate number, etc.

“Given the cross-jurisdictional nature of the crime of human trafficking and the use of major thoroughfares by traffickers, truck drivers are particularly well-positioned to aid law enforcement,” states a press release from California Attorney General Kamala D. Harris. The training “will also feature The Freedom Drivers Project, a first-of-its-kind 48-foot mobile exhibit that includes artifacts from trafficking cases, portraits of Truckers Against Trafficking members, and ways members of the public can join the fight against human trafficking.”

Elizabeth Nolan Brown is a staff editor at Reason.com.

]]>
2152
Secret Service Can Use Cell-Phone Trackers And Stingrays Without Warrants https://truthvoice.com/2015/10/secret-service-can-use-cell-phone-trackers-and-stingrays-without-warrants/?utm_source=rss&utm_medium=rss&utm_campaign=secret-service-can-use-cell-phone-trackers-and-stingrays-without-warrants Fri, 30 Oct 2015 09:30:19 +0000 http://truthvoice.com/2015/10/secret-service-can-use-cell-phone-trackers-and-stingrays-without-warrants/
US President Barack Obama, surrounded by US Secret Service agents, walks to greet guests after arriving on Air Force One at Griffiss International Airport in Rome, New York on May 22, 2014. Obama is traveling to visit the National Baseball Hall of Fame and Museum in Cooperstown, New York, before attending Democratic fundraisers in Chicago. AFP PHOTO / Saul LOEB (Photo credit should read SAUL LOEB/AFP/Getty Images)

US President Barack Obama, surrounded by US Secret Service agents, walks to greet guests after arriving on Air Force One at Griffiss International Airport in Rome, New York on May 22, 2014. Obama is traveling to visit the National Baseball Hall of Fame and Museum in Cooperstown, New York, before attending Democratic fundraisers in Chicago. AFP PHOTO / Saul LOEB (Photo credit should read SAUL LOEB/AFP/Getty Images)

WASHINGTON (AP) — A new policy allows the Secret Service to use intrusive cellphone-tracking technology without a warrant if there’s believed to be a nonspecific threat to the president or another protected person.

Homeland Security Assistant Secretary Seth M. Stodder described to a House subcommittee Wednesday the department’s policy on the use of cell-site simulators.

Civil libertarians and privacy advocates have long expressed concern about the suitcase-size devices, known as Stingrays, which mimic cell-towers to scoop up electronic data that can be used to locate nearby phones and identify their owners. The devices don’t listen in to phone calls or capture text messages, Stodder said.

The policy the department unveiled this week is similar to the one announced in September by the Justice Department, which includes the FBI.

Federal law enforcement officers are required to get a warrant signed by a judge before using Stingrays, except under emergency “exigent circumstances” meeting the constitutional standard for probable cause under the Fourth Amendment, but when there is no time to get a warrant.

Stodder cited the example of kidnappings, such as a recent case where Immigration and Customs Enforcement officers used a Stingray to help locate and rescue a 6-year-old girl being held hostage by human smugglers in Arizona.

But Stodder said another allowed exception under the policy would let the Secret Service use Stingrays in “exceptional circumstances” without meeting the legal threshold for probable cause. In such cases, using the devices would require direct approval from “executive-level personnel” at Secret Service headquarters and the U.S. attorney for the relevant jurisdiction.

Asked whether that essentially granted a blanket exception for the Secret Service, Stodder said that the exemption would not be used in routine criminal probes, such as a counterfeiting investigation.

“The key exception that we envision is the Secret Service’s protective mission,” Stodder said. “In certain circumstances where you could have an immediate threat to the president and you have cryptic information, our conclusion in drawing the line between security and privacy here is to err on the side of protection.”

Stodder added that such information could be “a cryptic email or something like that” indicating a security threat to the president where agents would lack the time or the information to determine probable cause, “but you need to locate that person.”

Cell-site stimulators have been used for years by both state and federal law enforcement agencies, who tout them as a vital tool to catch fugitives and locate suspects. But privacy groups and some lawmakers have raised alarms about the secrecy surrounding its use and the collection of cellphone information of innocent bystanders who happen to be in a particular neighborhood or location.

Stodder could not immediately say how many times department law-enforcement officers had used Stingrays without warrants in recent years.

Rep. Ted Lieu, D-Calif., said Wednesday the newly announced guidelines are a good first step, but added that the policy still lacks transparency and provides overly broad permission for Stingrays to be used without warrants. The new federal policies also don’t apply to state and local law enforcement agencies that have purchased Stingrays, sometimes through the use of federal grants.

]]>
1750
NYPD Is Using Mobile X-Ray Vans to Spy on Everyone https://truthvoice.com/2015/10/nypd-is-using-mobile-x-ray-vans-to-spy-on-everyone/?utm_source=rss&utm_medium=rss&utm_campaign=nypd-is-using-mobile-x-ray-vans-to-spy-on-everyone Wed, 21 Oct 2015 09:28:17 +0000 http://truthvoice.com/2015/10/nypd-is-using-mobile-x-ray-vans-to-spy-on-everyone/

XRay Vans

Dystopian truth is stranger than dystopian fiction.

In New York City, the police now maintain an unknown number of military-grade vans outfitted with X-ray radiation, enabling cops to look through the walls of buildings or the sides of trucks. The technology was used in Afghanistan before being loosed on U.S. streets. Each X-ray van costs an estimated $729,000 to $825,000.

The NYPD will not reveal when, where, or how often they are used.

“I will not talk about anything at all about this,” New York Police Commissioner Bill Bratton told a journalist for the New York Post who pressed for details on the vans. “It falls into the range of security and counter-terrorism activity that we engage in.”

He added that “they’re not used to scan people for weapons.”

Here are some specific questions that New York City refuses to answer:

  • How is the NYPD ensuring that innocent New Yorkers are not subject to harmful X-ray radiation?
  • How long is the NYPD keeping the images that it takes and who can look at them?
  • Is the NYPD obtaining judicial authorization prior to taking images, and if so, what type of authorization?
  • Is the technology funded by taxpayer money, and has the use of the vans justified the price tag?

Those specifics are taken from a New York Civil Liberties Union court filing. The legal organization is seeking to assist a lawsuit filed by Pro Publica journalist Michael Grabell, who has been fighting New York City for answers about X-ray vans for 3 years.

“ProPublica filed the request as part of its investigation into the proliferation of security equipment, including airport body scanners, that expose people to ionizing radiation, which can mutate DNA and increase the risk of cancer,” he explained. (For fear of a terrorist “dirty bomb,” America’s security apparatus is exposing its population to radiation as a matter of course.)

A state court has already ruled that the NYPD has to turn over policies, procedures, and training manuals that shape uses of X-rays; reports on past deployments; information on the costs of the X-ray devices and the number of vans purchased; and information on the health and safety effects of the technology. But New York City is fighting on appeal to suppress that information and more, as if it is some kind of spy agency rather than a municipal police department operating on domestic soil, ostensibly at the pleasure of city residents.

Its insistence on extreme secrecy is part of an alarming trend. The people of New York City are effectively being denied the ability to decide how they want to be policed.

“Technologies––from x-ray scanners to drones, automatic license plate readers that record license plates of cars passing by, and ‘Stingrays’ that spy on nearby cell phones by imitating cell phone towers—have brought rapid advances to law enforcement capacity to monitor citizens,” the NYCLU notes. “Some of these new technologies have filtered in from the battlefields into the hands of local law enforcement with little notice to the public and with little oversight. These technologies raise legitimate questions about cost, effectiveness, and the impact on the rights of everyday people to live in a society free of unwarranted government surveillance.”

A New York Police Department (NYPD) officer keeps guard during New Year's Eve celebrations in Times Square December 31, 2014.   REUTERS/Stephanie Keith  (UNITED STATES - Tags: SOCIETY CRIME LAW) - RTR4JS50

A New York Police Department (NYPD) officer keeps guard during New Year’s Eve celebrations in Times Square December 31, 2014. REUTERS/Stephanie Keith 

For all we know, the NYPD might be bombarding apartment houses with radiation while people are inside or peering inside vehicles on the street as unwitting passersby are exposed to radiation. The city’s position—that New Yorkers have no right to know if that is happening or not—is so absurd that one can hardly believe they’re taking it. These are properly political questions. And it’s unlikely a target would ever notice. “Once equipped, the van—which looks like a standard delivery van—takes less than 15 seconds to scan a vehicle,” Fox News reported after looking at X-ray vans owned by the federal government. “It can be operated remotely from more than 1,500 feet and can be equipped with optional technology to identify radioactivity as well.”

In her ruling, Judge Doris Ling-Cohan highlights the fact that beyond the privacy questions raised by the technology are very real health and safety concerns. She writes:

Petitioner states in his affidavit, and respondent does not dispute, that: backscatter technology, previously deployed in European Union airports, was banned in 2011, because of health concerns; an internal presentation from American Science and Engineering, Inc., the company that manufactures the vans, determined that the vans deliver a radiation dose 40 percent larger than delivered by a backscatter airport scanner; bystanders present when the van is in use are exposed to the radiation that the van emits… moreover, petitioner maintains, and it is not disputed by the NYPD, that ‘there may be significant health risks associated with the use of backscatter x-ray devices as these machines use ionizing radiation, a type of radiation long known to mutate DNA and cause cancer.

Finally, petitioner states, again without dispute, that, on August 2011, the United States Customs and Border Protection Agency, which used the vans to scan vehicles crossing into and out of the United States, despite repeated testing and analysis of the amount of radiation emitted by such devices, nevertheless, prohibited continued use of the vans to scan occupied vehicles, until approval was granted by the United States Custom and Border Protection Radiation and Safety Committee…

And since the technology can see through clothing, it is easy to imagine a misbehaving NYPD officer abusing it if there are not sufficient safeguards in place. Trusting the NYPD to choose prudent, sufficient safeguards under cover of secrecy is folly. This is the same department that spent 6 years conducting surveillance on innocent Muslims Americans in a program so unfocused that it produced zero leads—and that has brutalized New York City protestors on numerous occasions. Time and again it’s shown that outside oversight is needed.
Lest readers outside New York City presume that their walls still stand between them and their local law enforcement agency, that isn’t necessarily the case. Back in January, in an article that got remarkably little attention, USA Today reported the following:

At least 50 U.S. law enforcementagencies have secretly equipped their officers with radar devices that allow them to effectively peer through the walls of houses to see whether anyone is inside, a practice raising new concerns about the extent of government surveillance. Those agencies, including the FBI and the U.S. Marshals Service, began deploying the radar systems more than two years ago with little notice to the courts and no public disclosure of when or how they would be used. The technology raises legal and privacy issues because the U.S. Supreme Court has said officers generally cannot use high-tech sensors to tell them about the inside of a person’s house without first obtaining a search warrant. The radars work like finely tuned motion detectors, using radio waves to zero in on movements as slight as human breathing from a distance of more than 50 feet. They can detect whether anyone is inside of a house, where they are and whether they are moving.

The overarching theme here is a law enforcement community that has never seen a technology that causes it to say, “We’d better ask if the public wants us to use this or not.”

Instead, the usual protocol is not only to adopt new technology without permission—regardless of the privacy, health and safety, or moral questions that it raises—but to keep having done so a secret as long as possible, and to hide the true nature of the technology in question even after the public has been alerted to its existence. The fact that this pattern has held in regards to a device that can look through walls while emitting radiation on the streets of New York City raises questions including “What’s next?” “What else don’t we know about?” and “Will any technology on the military-to-police pipeline ever cause cops to ask permission first?”

By Conor Friedersdorf for The Atlantic

]]>
1698
Americans Would be Fine With Police Internet Spying if They Were Notified https://truthvoice.com/2015/10/americans-would-be-fine-with-police-internet-spying-if-they-were-notified/?utm_source=rss&utm_medium=rss&utm_campaign=americans-would-be-fine-with-police-internet-spying-if-they-were-notified Tue, 20 Oct 2015 09:22:41 +0000 http://truthvoice.com/2015/10/americans-would-be-fine-with-police-internet-spying-if-they-were-notified/

Despite increasingly heated rhetoric from opponents of government surveillance, a recent survey shows that most Americans would be okay with many kinds of Internet snooping as long as the snoopers told them first.

The results showed “a surprising willingness by participants to accept the inspection of encrypted traffic, provided they are first notified,” according to the researchers behind the survey, which was titled “At Least Tell Me.”

Although the respondents put up with surveillance, half of them said that they believed it constituted an invasion of privacy.

Surveillance tools can create security vulnerabilities that permit hacking, illegal spying, privacy violations, and identity theft. But around 75 percent of respondents agreed that Internet service providers should be allowed to surveil traffic as long they notified users and received consent.

Most respondents also agreed that employers should be able to monitor the encrypted Internet connections of employees even without notification or consent, especially when an employee used a company computer. There was less agreement when it came to employees using personal devices; approximately a third of respondents opposed surveillance in that case.

In other situations—using the Internet at schools, in libraries, and on public Wi-Fi—most respondents said that surveillance was fine as long as they were told that it was happening.

The one exception to the overall trend in the survey involved warrantless government surveillance, but even that issue exposed a sharp divide.

Half of respondents objected outright to such spying. But 10 percent accepted it without qualification, another 10 percent said it was acceptable with notification, and a quarter of respondents said it was acceptable with consent.

surveillance

Responses toward specific surveillance scenarios Brigham Young Internet Security Research Lab

The survey asked specifically about TLS interception proxies, software that intercepts and examines encrypted Internet traffic. Such proxies are used for protecting computers against malware, identity theft, and surveillance. Anyone with enough money can buy a TLS proxy. The same technique can be replicated with fake security certificates, rogue authorities, or clever attacks.

Despite accepting surveillance in a number of situations, 60 percent of respondents said that they would react negatively if they discovered that a network they currently use employed TLS proxies.

“I would be angry and would feel that organization violated my trust,” one anonymous responder said. “I would wonder what information that organization had been collecting on me and what they planned to do with it. If it was my employer, I also would think that organization did not trust me and would consider working somewhere else.”

Most respondents said that trade-offs often made surveillance acceptable because it could help schools and workplaces while defending against hackers.

The researchers described “confusion, doubt, worry, equivocation, and reasoned conclusions” among the participants as they wrestled with the big questions of privacy and security.

“I think it is perfectly acceptable for organizations (companies, schools, libraries, etc.) to use TLS proxies because it protects their computers,” one participant wrote.

“It keeps hackers from getting to sensitive or confidential information of the organization. In addition, it blocks harmful viruses that can cause a lot of damage and expense in repair. It can also keep individuals from accessing websites (employees from playing online games or minors from accessing pornography). It is perfectly reasonable for companies to employee this device for these purposes when an individual is using their computer. We should not expect privacy when we are using someone else’s computer.”

Approximately 90 percent of the survey’s 1,976 respondents were American. The researchers conducted the survey online earlier this year. Respondents skewed toward young adult, single, childless males, most of whom considered themselves Internet security savvy.

From The Daily Dot

Tagged with

]]>
1552
Chicago, LAPD Bought “Stingrays on Steroids” With Asset-Forfeiture Money https://truthvoice.com/2015/08/chicago-lapd-bought-stingrays-on-steroids-with-asset-forfeiture-money/?utm_source=rss&utm_medium=rss&utm_campaign=chicago-lapd-bought-stingrays-on-steroids-with-asset-forfeiture-money Wed, 19 Aug 2015 09:08:01 +0000 http://truthvoice.com/2015/08/chicago-lapd-bought-stingrays-on-steroids-with-asset-forfeiture-money/

Stingray2-640x353

The military surveillance devices known as “Dirtboxes” have been in secret operation for more than a decade, tracking citizens’ locations and intercepting their calls, breaking the encryption on hundreds of calls at once.

DRT boxes (named for Digital Receiver Technology Inc, a Boeing subsidiary), are called “Stingrays on steroids” — Stingrays are the powerful, secretive fake cell towers used to track whole populations’ movements around cities. Dirtboxes are often mounted on low-flying aircraft and used for mass-scale urban surveillance.

Dirtboxes are used by the US military and NSA overseas, including in France. Because of the secrecy surrounding Dirtboxes, they are acquired through no-bid contracts, and many of the cases in which they are used collapse in court because police departments are unwilling to reveal their phone surveillance capabilities in public forums.

Chicago bought their Dirtboxes with cash seized in dubious civil forfeiture cases; LAPD’s funding came from a DHS national security grant.

The main difference between the Harris and Digital Receiver Technology devices, Martinez said, is the ability of the most sophisticated Digital Receiver Technology devices to simultaneously break the encryption of communications from hundreds of cellphones at once. A 2011 purchase order for this equipment by the Washington Headquarters Services, a branch of the Pentagon, states the devices can retrieve the encryption session keys for a cellphone “in less than a second with success rates of 50 to 75% (in real world conditions).”

In Chicago, cell-site simulators have been used to eavesdrop on the activities of demonstrators during a 2012 NATO summit and Black Lives Matter demonstrations last year.

“What’s happened here is the U.S. goes to war against a foreign country under dubious circumstances, private companies develop these surveillance technologies with the help of the CIA and NSA, and they import them back home and use them on Americans,” Martinez said.

Chicago and Los Angeles have used ‘dirt box’ surveillance for a decade [Ali Winston/Reveal News]

]]>
1219
Feds Can Read Every Email You Opened Last Year Without A Warrant https://truthvoice.com/2015/07/feds-can-read-every-email-you-opened-last-year-without-a-warrant/?utm_source=rss&utm_medium=rss&utm_campaign=feds-can-read-every-email-you-opened-last-year-without-a-warrant Tue, 14 Jul 2015 09:01:00 +0000 http://truthvoice.com/2015/07/feds-can-read-every-email-you-opened-last-year-without-a-warrant/

snooping-computer

It’s no longer a surprise that the government is reading your emails. What you might not know is that it can readily read most of your email without a warrant.

Any email or social networking message you’ve opened that’s more than six months old can also be accessed by every law enforcement official in government — without needing to get a warrant. That’s because a key provision in a law almost three decades’ old allows this kind of access with a mere subpoena, which doesn’t require a judge.

That includes every email or message you opened last year, and earlier. (Anything under that six-month period still requires a warrant, however.)

It’s therefore no surprise that in the wake of the Edward Snowden leaks, hundreds of lawmakers are calling for change. But there’s a problem. The committee that would get the bill, dubbed the Email Privacy Act, to the House floor for a vote hasn’t yet picked it up.

The warrantless email search reform bill was originally introduced in 2013, but stalled in a bureaucratic session despite passing the various congressional committees. The proposed law aims to fix the outdated Electronic Communications Privacy Act, which is still in effect despite falling behind the curve of the digital age, and has the support from privacy groups and major technology companies alike.

Its popularity has rocketed. The House version of the bill, introduced by Rep. Kevin Yoder (R-KS, 3rd), has more than 280 co-sponsors, more than half the entire House of Representatives. That includes big names like Rep. Thomas Massie (R-KY, 4th), whose election was won on supporting privacy matters. It also includes Rep. James Sensenbrenner (R-WI, 5th), who was a key figure in bringing the Freedom Act to a final vote.

Sensenbrenner chairs the House Judiciary Subcommittee on Crime, Terrorism, Homeland Security where the bill was referred to. But, as reported by The National Journal, the bill remains on the parent House Judiciary Committee chairman’s “to-do list” for the time being.

Chairman Bob Goodlatte (R-VA, 6th) reportedly told Yoder, speaking to the publication, that he may “have some potential modifications to the end product.” A committee spokesperson also told the publication that ECPA reform is a “top priority” and expects some movement soon.

Naturally, the federal agencies who rely on keeping ECPA intact are not pleased. The Securities and Exchange Commission (SEC), which regulates the banks and financial institutions, cannot issue warrants but instead issues subpoenas for emails and messages older than six-months. The agency has been accused of standing in the way of meaningful legislative reform in order to keep its somewhat limited powers.

The bill as it stands today would almost certainly pass if it headed to a House vote. A Senate version has been read twice and was referred to the Senate Judiciary Committee, chaired by Sen. Chuck Grassley (R-IA), earlier this year.

The support from Congress is there, but until the two chairmen set a date, meaningful reform to warrantless searches is as good as stalled.

Tagged with

]]>
1044
Hacking Team Scrambling to Limit Damage Brought on by Explosive Data Leak https://truthvoice.com/2015/07/hacking-team-scrambling-to-limit-damage-brought-on-by-explosive-data-leak/?utm_source=rss&utm_medium=rss&utm_campaign=hacking-team-scrambling-to-limit-damage-brought-on-by-explosive-data-leak Tue, 07 Jul 2015 11:30:58 +0000 http://truthvoice.com/2015/07/hacking-team-scrambling-to-limit-damage-brought-on-by-explosive-data-leak/

Who hacked Hacking Team, the Milan-based company selling intrusion and surveillance software to governments, law enforcement agencies and (as it turns out) companies?

A hacker who goes by “Phineas Fisher” claims it was him (her? them?):

phf-07072015

The hacker has also previously compromised UK-based Gamma International, another provider that sells their spying wares to governments, and which has also been named an “enemy of the Internet.” Phineas Fisher says there will be more similar hacks in the future:
tweet-07072015

In the meantime, Hacking Team is scrambling to minimize the damage this hack and data leak is doing to the company.

According to Motherboard‘s Lorenzo Franceschi Bicchierai, the company has sent out emails to all its customers, requesting them to shut down all deployments of its Remote Control System software (“Galileo”) – even though it seems they could do that themselves, as the customer software apparently has secret backdoors.

Perhaps they chose the first route because they hoped to keep that fact hidden from the customers? And because every copy of Hacking Team’s Galileo software is secretly watermarked, the leaked information could allow researchers to link a certain backdoor to a specific customer?

One of the reason for this shutdown request is that the data leaked contains source code of the company’s surveillance solutions, and they are worried that this information will allow targeted users to discover who’s spying on them.

“Another concern [by the wider security community] with this breach is that there is now source code available for some pretty nasty malware including what would appear to be functional exploit code,” points out Craig Young, Security Researcher, Tripwire.

“Although most users would not know what to do with the source code release, it would be surprising if we don’t very quickly start seeing underground malware authors branching and repackaging the HT malware and selling it without restriction. A more responsible action may have been for the hackers to release a document dump while sharing the malware source code only with reputable security vendors for the purpose of creating detection routines.”

All the stolen information was likely accessed via the compromised computers of Christian Pozzi and Mauro Romeo, two Hacking Team’s sysadmins. Christian Pozzi was apparently the first one who realized on Monday that the company was hacked, panicked and started threatening a researcher who pointed out his lousy password choices on Twitter. He also falsely claimed that the leaked torrent file contained a virus in an attempt to prevent people from downloading it.

The leaked cache is already being analyzed by many researchers and activists around the world, who are dropping the choicest morsels of information on Twitter and spreading them widely.

This is how we now know that the US FBI, DEA and Army, but also many governments with a poor track record of respecting human rights are/were Hacking Team customers, and that they have sold their software to the Sudan government (thus violating UN sanctions) and have been stonewalling the UN as they try to investigate the matter.

Also, that they can apparently bypass certificate pinning and the HTTP strict transport security mechanisms and were worried about EFF’s HTTPS Everywhere browser extension spotting their rogue certificates and send them to the EFF SSL Observatory, and that they used public exploits to compromise targets.

The Tor Project commented the leaked documents by saying that they knew Hacking Team was actively trying to break their software, but that so far they haven’t found any actual exploits.

Some of the leaked documents and screenshots seem to indicate that the hackers compromised the company’s infrastructure half a year ago, in January 2015, and possibly even earlier.

 

Tagged with

]]>
3552
NSA Was Collecting Much More Than They Claimed https://truthvoice.com/2015/07/nsa-was-collecting-much-more-than-they-claimed/?utm_source=rss&utm_medium=rss&utm_campaign=nsa-was-collecting-much-more-than-they-claimed Sat, 04 Jul 2015 11:31:44 +0000 http://truthvoice.com/2015/07/nsa-was-collecting-much-more-than-they-claimed/

snowden

Former U.S. National Security Agency contractor Edward Snowden appears live via video during a student organized world affairs conference at the Upper Canada College private high school in Toronto, February 2, 2015.

NSA documents leaked to the Guardian in 2013 described a covert program called XKeyscore, which involved a searchable database for intelligence analysts to scan intercepted data.

Now, new documents show the breadth of this program and just what sort of data XKeyscore catalogs.

According to a new report from The Intercept, the amount of data XKeyscore scoops up as well as the sort of data it collects is much larger than originally thought.

Here are a few highlights from the new report:

  • The XKeyescore database is “fed a constant flow of Internet traffic from fiber optic cables that make up the back of the world’s communication network, among other sources, for processing,” the new report writes. Its servers collect all of this data for up to five days, and store the metadata of this traffic for up to 45 days.
  • Web traffic wasn’t XKeyscore’s only target. In fact, according to the documents posted by The Intercept, it was able to gather data like voice recordings. A list of the intercepted data included “pictures, documents, voice calls, webcam photos, web searches, advertising analytics traffic, social media traffic, botnet traffic, logged keystrokes, computer network exploitation (CNE) targeting, intercepted username and password pairs, file uploads to online services, Skype sessions and more.
  • How the search works is very advanced. The new documents detail ways that analysts can query the database for information on people based on location, nationality, and previous web traffic.
  • XKeyscore was also used to help hack into computer networks for both the US and its spying allies. One document dated in 2009 claims that the program could be used to gain access into unencrypted networks. 
  • Using XKeyscore was reportedly insanely easy. “The amount of work an analyst has to perform to actually break into remote computers over the Internet seems ridiculously reduced — we are talking minutes, if not seconds,” security researcher Jonathan Brossard told The Intercept. “Simple. As easy as typing a few words in Google.”

While XKeyscore has been known as an intelligence tool for years now, these new documents highlight just how advanced and far-reaching the program’s surveillance is.

The NSA, in a statement to The Intercept, claims that all of its intelligence operations are “authorized by law.” It added, “NSA goes to great lengths to narrowly tailor and focus its signals intelligence operations on the collection of communications that are most likely to contain foreign intelligence or counterintelligence information.”

Written by Solarina Ho for Reuters, with additional reporting and writing by Alastair Sharp and editing by Chris Reese and Peter Galloway

]]>
3579
British spies ‘moved after Snowden files read’ https://truthvoice.com/2015/06/british-spies-moved-after-snowden-files-read/?utm_source=rss&utm_medium=rss&utm_campaign=british-spies-moved-after-snowden-files-read Sat, 13 Jun 2015 08:51:10 +0000 http://truthvoice.com/2015/06/british-spies-moved-after-snowden-files-read/

snowden

UK intelligence agents have been moved because Russia and China can read files stolen by a US whistleblower, a senior government source has told the BBC.

The Sunday Times is reporting that Russia and China have cracked the encryption of the computer files.

The government source told the BBC the countries “have information” that led to agents being moved but added there was “no evidence” any had been harmed.

Edward Snowden, now in Russia, leaked intelligence data two years ago.

The former CIA contractor left the US in 2013 after leaking details of extensive internet and phone surveillance by American intelligence to the media.

His information made international headlines in June 2013 when the Guardian newspaper reported that the US National Security Agency was collecting the telephone records of tens of millions of Americans.

Mr Snowden is believed to have downloaded 1.7 million secret documents before he left the US.

‘Hostile countries’

The government source said the information obtained by Russia and China meant that “knowledge of how we operate” had stopped the UK getting “vital information”.

Intelligence officials have long warned of what they see as the dangers of the information leaked by Mr Snowden and its potential impact on keeping people in the UK safe – a concern Prime Minister David Cameron has said he shares.

According to the Sunday Times, Western intelligence agencies have been forced to pull agents out of “hostile countries” after “Moscow gained access to more than one million classified files” held by Mr Snowden.

“Senior government sources confirmed that China had also cracked the encrypted documents, which contain details of secret intelligence techniques and information that could allow British and American spies to be identified,” the newspaper added.

‘Huge setback’

Tim Shipman, who co-wrote the Sunday Times story, told the BBC: “Snowden said ‘nobody bad has got hold of my information’.

“Well, we are told authoritatively by people in Downing Street, in the Home Office, in the intelligence services that the Russians and the Chinese have all this information and as a result of that our spies are having to pull people out of the field because their lives are in danger.

“People in government are deeply frustrated that this guy has been able to put all this information out there.”

The newspaper quoted Sir David Omand, former director of UK intelligence agency GCHQ, saying the fact Russia and China had the information was a “huge strategic setback” that was “harming” to Britain, the US and their Nato allies.

It comes two days after the UK’s terrorism watchdog David Anderson QC published a review into terrorism legislation, which was set up amid public concerns about surveillance sparked by Mr Snowden’s revelations.

He said the country needed clear new laws about the powers of security services to monitor online activity and concluded that the current situation was “undemocratic, unnecessary and – in the long run – intolerable”.

]]>
748
Governments of the World Agree: Encryption Must Die! https://truthvoice.com/2015/06/governments-of-the-world-agree-encryption-must-die/?utm_source=rss&utm_medium=rss&utm_campaign=governments-of-the-world-agree-encryption-must-die Thu, 04 Jun 2015 11:25:35 +0000 http://truthvoice.com/2015/06/governments-of-the-world-agree-encryption-must-die/

Encrpyion

Finally! There’s something that apparently virtually all governments around the world can actually agree upon. Unfortunately, it’s on par conceptually with handing out hydrogen bombs as lottery prizes.

If the drumbeat isn’t actually coordinated, it might as well be. Around the world, in testimony before national legislatures and in countless interviews with media, government officials and their surrogates are proclaiming the immediate need to “do something” about encryption that law enforcement and other government agencies can’t read on demand.

Here in the U.S., it’s a nearly constant harangue over on FOX News (nightmarishly, where most Americans apparently get their “news” these days). On CNN, it’s almost as pervasive (though anti-crypto tirades on CNN must share space with primetime reruns of a globetrotting celebrity chef and crime “reality” shows).

It’s much the same if you survey media around the world. The names and officials vary, but the message is the same — it’s not just terrorism that’s the enemy, it’s encryption itself.

That argument is a direct corollary to governments’ decidedly mixed feelings about social media on the Internet. On one hand, they’re ecstatic over the ability to monitor the public postings of criminal organizations like ISIL (or ISIS, or Islamic State, or Daesh — just different labels for the same fanatical lunatics) that sprung forth from the disastrously misguided policies of Bush 1 and Bush 2 era right-wing neocons — who not only set the stage for the resurrection of long-suppressed religious rivalries, but ultimately provided them with billions of dollars worth of U.S. weaponry as well. Great job there, guys.

Since it’s also the typical role of governments to conflate and confuse issues whenever possible for political advantage, when we dig deeper into their views on social media and encryption we really go down the rabbit hole.

While governments love their theoretical ability to track pretty much every looney who posts publicly on Twitter or Facebook or Google+, governments simultaneously bemoan the fact that it’s possible for uncontrolled communications — especially international communications — to take place at all in these contexts.

In particular, it’s the ability of radical nutcases overseas to recruit ignorant (especially so-called “lone wolf”) nutcases in other countries that is said to be of especial concern, notably when these communications suddenly “go dark” off the public threads and into private, securely encrypted channels.

“Go dark” — by the way — is now the government code phrase for crypto they can’t read on demand. Dark threads, dark sites, dark links. You get the idea.

One would be remiss to not admit that these radical recruiting efforts are of significant concern.

But where governments’ analysis breaks down massively is with the direction of their proposed solutions, which aren’t aimed at addressing the root causes of fanatical religious terrorism, but rather appear almost entirely based on preventing secure communications — for anybody! — in the first place.

Naturally they don’t phrase this goal in quite those words. Rather, they continue to push (to blankly nodding politicians, journalists, and cable anchors) the tired and utterly discredited concept of “key escrow” cryptography, where governments would have “backdoor” keys to unlock encrypted communications, supposedly only when absolutely necessary and with due legal process.

Rewind 20 years or so and it’s like “Groundhog Day” all over again, back in the early to mid 90s when NSA was pushing their “Clipper Chip” hardware concept for key escrowed encryption, an idea that was mercilessly buried in relatively short order.

But like a vampire entombed without appropriate rituals, the old key escrow concepts have returned to the land of the living, all the uglier and more dangerous after their decades festering in the backrooms of governments.

The hardware Clipper concept dates to a time well before the founding of Twitter or Facebook, and a few years before Google’s arrival. Apple existed back then, but centralized social media as we know it today wasn’t yet even really a glimmer in anyone’s eye.

While governments generally seem to realize that stopping all crypto that they can’t access on demand is not practical, they also realize that the big social media platforms (of which I’ve named only a few) — where most users do most of their social communicating — are the obvious targets for legislative, political, and other pressures.

And this is why we see governments subtly (and often, not so subtly) demonizing these firms as being uncooperative or somehow uncaring about fighting evil, about fighting crime, about fighting terrorism. How dare they — authorities repeat as a mantra — implement encryption systems that governments cannot access at the click of a mouse, or sometimes access at all under any conditions.

Well, welcome to the 21st century, because the encryption genie isn’t going back into his bottle, no matter how hard you push.

Strong crypto is critical to our communications, to our infrastructures, to our economies, and increasingly to many other aspects of our lives.

Strong crypto is simply not possible — let’s say that once more with feeling — not possible, given key escrow or other government backdoors designed into these systems. There is no practical or even theoretically accepted means for including such mechanisms without fatally weakening the entire associated encryption ecosystem, and opening it up to all manner of unauthorized access via hacking and various subversions of the key escrow process.

But governments just don’t seem willing to accept the science and reality of this, and keep pushing the key escrow meme. It’s like the old joke about the would-be astronaut who wanted to travel to the sun, and when reminded that he’d burn up, replied that it wasn’t a problem, because he’d go at night. Right.

Notably, just as we had governments who ignored realistic advice and unleashed the monsters of religious fanatical terrorism, we now have many of the same governments on the cusp of trying to hobble, undermine, and decimate the strong encryption systems that are so very vital.

There’s every reason to believe that we’d experience a similarly disastrous outcome in the encryption context as well, especially if social media firms were required to deploy only weak crypto — putting the vast populations of innocent users at risk — while driving the bad guys even further underground and out of view.

If we don’t vigorously fight back against government efforts to weaken encryption, we’re all going to be badly burned.

Published by Lauren Weinstein on vortex.com

]]>
3414