Imagine if your television was listening to everything you said in front of it. Hold on, actually, this doesn’t need to be a thought experiment. Simply pop down to the shops and buy a Samsung Smart TV (from £280) and voilá, in your living room, nestled up against the wall, will sit a device that listens to all the conversation within earshot. And records it. And then sends it on to another company for analysis. Do you have a copy of 1984 to hand? Best get one…
Worse still, this all happens even if you don’t turn voice recognition on, as Samsung says: “If you do not enable Voice Recognition, you will not be able to use interactive voice recognition features, although you may be able to control your TV using certain predefined voice commands. While Samsung will not collect your spoken word, Samsung may still collect associated texts and other usage data so that we can evaluate the performance of the feature and improve it.”
and THEY get to decide who is authorized!
Apparently, working as a supervisor for the Transportation Security Administration at Philadelphia International Airport comes with a perk: You get to throw people in jail for no good reason and still keep your job.
If that’s not the case, why is Charles Kieser still employed by the TSA?
In a new court filing, the Department of Justice revealed that it kept a secret database of telephone metadata—with one party in the United States and another abroad—that ended in 2013.
The three-page partially-redacted affidavit from a top Drug Enforcement Agency (DEA) official, which was filed Thursday, explained that the database was authorized under a particular federal drug trafficking statute. The law allows the government to use “administrative subpoenas” to obtain business records and other “tangible things.” The affidavit does not specify which countries records were included, but specifically does mention Iran.
This database program appears to be wholly separate from the National Security Agency’s metadata program revealed by Edward Snowden, but it targets similar materials and is collected by a different agency. The Wall Street Journal, citing anonymous sources, reported Friday that this newly-revealed program began in the 1990s and was shut down in August 2013.
The criminal case involves an Iranian-American man named Shantia Hassanshahi, who is accused of violating the American trade embargo against Iran. His lawyer, Mir Saied Kashani, told Ars that the government has clearly abused its authority.
“They’ve converted this from a war on drugs to a war on privacy,” he said.
GCHQ’s bulk surveillance of electronic communications has scooped up emails to and from journalists working for some of the US and UK’s largest media organisations, analysis of documents released by whistleblower Edward Snowden reveals.
Emails from the BBC, Reuters, the Guardian, the New York Times, Le Monde, the Sun, NBC and the Washington Post were saved by GCHQ and shared on the agency’s intranet as part of a test exercise by the signals intelligence agency.
The disclosure comes as the British government faces intense pressure to protect the confidential communications of reporters, MPs and lawyers from snooping.
Quis custodiet ipsos custodes?
David Cameron could block WhatsApp and Snapchat if he wins the next election, as part of his plans for new surveillance powers announced in the wake of the shootings in Paris.
The Prime Minister said today that he would stop the use of methods of communication that cannot be read by the security services even if they have a warrant. But that could include popular chat and social apps that encrypt their data, such as WhatsApp.
Apple’s iMessage and FaceTime also encrypt their data, and could fall under the ban along with other encrypted chat apps like Telegram.
The comments came as part of David Cameron’s pledge to revive the “snoopers’ charter” to help security services spy on internet communications today.
René (to the radio): Allo, allo! This is Nighthawk. Can you hear me? Can you hear me? Over.
Fanny (interrupts): Of course I can hear you.
René: Not you! Shut up!
Radio: Allo, allo! Pass your message.
René (To Edith): What is the code to tell them the British airmen have arrived?
Edith: “The little cupboard is full.”
Fanny : Ah? What is that?
René: The little cupboard is full!
Fanny (interrupts again): Oh no, no, no. I have not used it all the day!
We considered the Section 215 request for [REDACTED] discussed earlier in this report at pages 33 to 34 to be a noteworthy item. In this case, the FISA Court had twice declined to approve a Section 215 application based on First Amendment Concerns. However, the FBI subsequently issued NSLs for information [REDACTED] even though the statute authorizing the NSLs contained the same First Amendment restriction as Section 215 and the ECs authorizing the NSLs relied on the same facts contained in the Section 215 applicants…
A woman in her late 20s is dead after a 2-year-old boy got a hold of a loaded handgun in her purse and accidentally shot her inside a Wal-Mart store in Hayden, the Kootenai County Sheriff’s Office is reporting.The woman was shopping with four children, Lt. Stu Miller said today. The 2-year-old was riding in a shopping cart and pulled the gun from her purse and shot her, he said. Sheriff’s deputies assume the woman is the boy’s mother, but are still investigating, he said. It’s not clear whether all four children are related to her.
The country needs more guns. If the mother had two guns, she could of defended herself and justifiably shot the toddler in self defense.
The Snowden documents reveal the encryption programs the NSA has succeeded in cracking, but, importantly, also the ones that are still likely to be secure. Although the documents are around two years old, experts consider it unlikely the agency’s digital spies have made much progress in cracking these technologies. “Properly implemented strong crypto systems are one of the few things that you can rely on,” Snowden said in June 2013, after fleeing to Hong Kong.
NSA documents indicate they can get into SSH, along with IPSec and PPTP, but that PGP/GnuPG and OTR, as well as TrueCrypt are secure.
German researchers have discovered security flaws that could let hackers, spies and criminals listen to private phone calls and intercept text messages on a potentially massive scale – even when cellular networks are using the most advanced encryption now available.
The flaws, to be reported at a hacker conference in Hamburg this month, are the latest evidence of widespread insecurity on SS7, the global network that allows the world’s cellular carriers to route calls, texts and other services to each other. Experts say it’s increasingly clear that SS7, first designed in the 1980s, is riddled with serious vulnerabilities that undermine the privacy of the world’s billions of cellular customers.
The flaws discovered by the German researchers are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network.
When I learned that the Intelligence Authorization Act for FY 2015 was being rushed to the floor for a vote—with little debate and only a voice vote expected (i.e., simply declared “passed” with almost nobody in the room)—I asked my legislative staff to quickly review the bill for unusual language. What they discovered is one of the most egregious sections of law I’ve encountered during my time as a representative: It grants the executive branch virtually unlimited access to the communications of every American.
The next time you call for assistance because the internet service in your home is not working, the “technician” who comes to your door may actually be an undercover government agent. He will have secretly disconnected the service, knowing that you will naturally call for help and — when he shows up at your door, impersonating a technician — let him in. He will walk through each room of your house, claiming to diagnose the problem. Actually, he will be videotaping everything (and everyone) inside. He will have no reason to suspect you have broken the law, much less probable cause to obtain a search warrant. But that makes no difference, because by letting him in, you will have “consented” to an intrusive search of your home.
As nude celebrity photos spilled onto the web over the weekend, blame for the scandal has rotated from the scumbag hackers who stole the images to a researcher who released a tool used to crack victims’ iCloud passwords to Apple, whose security flaws may have made that cracking exploit possible in the first place. But one step in the hackers’ sext-stealing playbook has been ignored—a piece of software designed to let cops and spies siphon data from iPhones, but is instead being used by pervy criminals themselves.
On the web forum Anon-IB, one of the most popular anonymous image boards for posting stolen nude selfies, hackers openly discuss using a piece of software called EPPB or Elcomsoft Phone Password Breaker to download their victims’ data from iCloud backups. That software is sold by Moscow-based forensics firm Elcomsoft and intended for government agency customers. In combination with iCloud credentials obtained with iBrute, the password-cracking software for iCloud released on Github over the weekend, EPPB lets anyone impersonate a victim’s iPhone and download its full backup rather than the more limited data accessible on iCloud.com. And as of Tuesday, it was still being used to steal revealing photos and post them on Anon-IB’s forum.
The fact that Apple isn’t complicit in law enforcement’s use of Elcomsoft’s for surveillance doesn’t make the tool any less dangerous, argues Matt Blaze, a computer science professor at the University of Pennsylvania and frequent critic of government spying methods. “What this demonstrates is that even without explicit backdoors, law enforcement has powerful tools that might not always stay inside law enforcement,” he says. “You have to ask if you trust law enforcement. But even if you do trust law enforcement, you have to ask whether other people will get access to these tools, and how they’ll use them.”
Returning students at Hillsborough County Public Schools in Tampa, Fla. found 20 new armed officers in the elementary schools in the first year of a plan costing about $1 million.
The school board also approved security training for employees, the hiring of a safety consultant and more measures to control school access, such as fencing and buzzers.
Meanwhile, all 16 schools in the Coeur d’Alene, Idaho, public school district have been enclosed in security fencing and each school limits visitors to a single entry point, officials said. This September, for the first time, two police officers will patrol elementary schools, at a cost of roughly $68,000 from the district’s state funding.
…officials continue to allow four anonymous employees to carry firearms on school property. Bulletproof glass and panic buttons have been installed, and officials held schoolwide assemblies for security training.
Because, clearly, the solution to “too many weapons in society” is “more weapons!”
The 175th Wing, Maryland Air National Guard, located at Warfield Air National Guard Base, Baltimore, Maryland, intends to issue a Request for Proposal (RFP) to award a single firm fixed-price contract for Construction of a CYBER/ISR Facility. Project to be LEEDR Silver Certified. Construction services will consist of the construction of a new CYBER/ISR Facility. The purpose of this facility is to house a Network Warfare Group and ISR Squadron. The Cyber mission includes a set of capabilities, expertise to enable the cyber operational need for an always-on, net-speed awareness and integrated operational response with global reach. It enables operators to drive upstream in pursuit of cyber adversaries, and is informed 24/7 by intelligence and all-source information
Let’s get real, how many guardsmen speak Farsi, Chinese, Russian, Swahili or Hindi?
How many know anything about NZ, Australia, GB or Canada worth knowing in a cyber context.
So who does that leave for adversaries?
Right. You and me.
Shortly after the initial news came out that NSA fakes google and yahoo servers with stolen or faked certificates:
the german computer magazine C’T issued a warning that it is a security risk, when microsoft automatically updates its list of certificates without any noticing of the users, so that dubious certificates could easily get into the windows certificate list, which is thrusted by webbrowsers like internet explorer or google chrome for windows:
After reading this, I filed a bug in chromium, which then was dismissed as a “won’t fix”, with the chromium developers saying that the certificate list is “signed by Microsoft” and there would not be any break in the “chain of thrust”.
And now I see this message from google:
“On Wednesday, July 2, we became aware of unauthorized digital certificates for several Google domains. The certificates were issued by the National Informatics Centre (NIC) of India, which holds several intermediate CA certificates trusted by the Indian Controller of Certifying Authorities (India CCA).
The India CCA certificates are included in the Microsoft Root Store and thus are trusted by the vast majority of programs running on Windows, including Internet Explorer and Chrome. Firefox is not affected because it uses its own root store that doesn’t include these certificates.
We are not aware of any other root stores that include the India CCA certificates, thus Chrome on other operating systems, Chrome OS, Android, iOS and OS X are not affected. Additionally, Chrome on Windows would not have accepted the certificates for Google sites because of public-key pinning, although misissued certificates for other sites may exist.”
Update Jul 9: India CCA informed us of the results of their investigation on July 8. They reported that NIC’s issuance process was compromised and that only four certificates were misissued; the first on June 25. The four certificates provided included three for Google domains (one of which we were previously aware of) and one for Yahoo domains. However, we are also aware of misissued certificates not included in that set of four and can only conclude that the scope of the breach is unknown.”
Now microsoft has removed the certificates in question and it turnes out that the issue affected 45 domains:
In view of this list, the advice from google looks especially funny:
“Chrome users do not need to take any action to be protected by the CRLSet updates. We have no indication of widespread abuse and we are not suggesting that people change passwords.”
The microsoft certificate list is used in the browser chrome. Faking of a google server is difficult, since chrome checks its certificate by different means and that was how the attack was revealed. But chrome does not have a similar check for yahoo. If that attack would not be working after all, the hackers would not have used it.
But still, google does explicitely not suggesting anyone that they should change passwords…
William Binney is one of the highest-level whistleblowers to ever emerge from the NSA. He was a leading code-breaker against the Soviet Union during the Cold War but resigned soon after September 11, disgusted by Washington’s move towards mass surveillance.
On 5 July he spoke at a conference in London organised by the Centre for Investigative Journalism and revealed the extent of the surveillance programs unleashed by the Bush and Obama administrations.
“At least 80% of fibre-optic cables globally go via the US”, Binney said. “This is no accident and allows the US to view all communication coming in. At least 80% of all audio calls, not just metadata, are recorded and stored in the US. The NSA lies about what it stores.”
The National Security Agency and FBI have covertly monitored the emails of prominent Muslim-Americans—including a political candidate and several civil rights activists, academics, and lawyers—under secretive procedures intended to target terrorists and foreign spies.
According to documents provided by NSA whistleblower Edward Snowden, the list of Americans monitored by their own government includes:
• Faisal Gill, a longtime Republican Party operative and one-time candidate for public office who held a top-secret security clearance and served in the Department of Homeland Security under President George W. Bush;
• Asim Ghafoor, a prominent attorney who has represented clients in terrorism-related cases;
• Hooshang Amirahmadi, an Iranian-American professor of international relations at Rutgers University;
• Agha Saeed, a former political science professor at California State University who champions Muslim civil liberties and Palestinian rights;
• Nihad Awad, the executive director of the Council on American-Islamic Relations (CAIR), the largest Muslim civil rights organization in the country.
The official NSA reply is predictable:
No U.S. person can be the subject of surveillance based solely on First Amendment activities, such as staging public rallies, organizing campaigns, writing critical essays, or expressing personal beliefs.
On the other hand, a person who the court finds is an agent of a foreign power under this rigorous standard is not exempted just because of his or her occupation.
The United States is as committed to protecting privacy rights and individual freedom as we are to defending our national security.
Police in Florida have, at the request of the U.S. Marshals Service, been deliberately deceiving judges and defendants about their use of a controversial surveillance tool to track suspects, according to newly obtained emails.
At the request of the Marshals Service, the officers using so-called stingrays have been routinely telling judges, in applications for warrants, that they obtained knowledge of a suspect’s location from a “confidential source” rather than disclosing that the information was gleaned using a stingray.
A series of five emails (.pdf) written in April, 2009, were obtained today by the American Civil Liberties Union showing police officials discussing the deception. The organization has filed Freedom of Information Act requests with police departments throughout Florida seeking information about their use of stingrays.
“Concealing the use of stingrays deprives defendants of their right to challenge unconstitutional surveillance and keeps the public in the dark about invasive monitoring by local police,” the ACLU writes in a blog post about the emails. “And local and federal law enforcement should certainly not be colluding to hide basic and accurate information about their practices from the public and the courts.”
The U.S. Marshals Service did not respond to a call for comment.
James Comey, the FBI director, says the bureau’s no-tolerance marijuana policy is hindering the hiring of cyber-security experts. Coney added that he is “grappling” with possibly changing the practice.
The director’s comments come one day after five members of the Chinese military were indicted in the US on allegations of hacking into major US corporations and stealing trade secrets
“I have to hire a great work force to compete with those cyber criminals and some of those kids want to smoke weed on the way to the interview,” Comey told a New York City Bar Association meeting Tuesday.
The bureau, which is seeking to employ as many as 2,000 new recruits this year, is prohibited from hiring those who have used marijuana the previous years.
The Guardian has obtained CCTV footage showing a police officer firing a Taser at a naked man in a cell.
A chief constable tried to prevent the release of footage showing the Wiltshire constable Lee Birch shooting the Taser at 23-year-old Daniel Dove – despite a court agreeing it could be published.
The Guardian obtained the footage from another source.
It shows Dove, who had been arrested on suspicion of being drunk and disorderly, being subjected to a strip search in a custody suite.
He pulls off his boxer shorts and flicks them at Birch. The officer takes a Taser he had held behind his back and fires it at Dove’s chest. The young man falls on to a mat that had been placed on the floor of the cell.
A crown court jury on Tuesday cleared Birch of assault causing actual bodily harm and misconduct in a public office. Charges were subsequently dropped against Dove.
However the Independent Police Complaints Commission (IPCC) is investigating five officers including Birch in connection with the incident and is also looking at why the force involved, Wiltshire, did not inform it about what happened.
The IPCC will now examine if Birch, 31, and four colleagues breached professional standards.
Meanwhile, the FBI fiercely resists any efforts at Congressional oversight, especially on whistleblower matters. For example, four months ago I sent a letter to the FBI requesting its training materials on the Insider Threat Program. This program was announced by the Obama Administration in October 2011. It was intended to train federal employees to watch out for insider threats among their colleagues. Public news reports indicated that this program might not do enough to distinguish between true insider threats and legitimate whistleblowers. I relayed these concerns in my letter. I also asked for copies of the training materials. I said I wanted to examine whether they adequately distinguished between insider threats and whistleblowers.
In response, an FBI legislative affairs official told my staff that a briefing might be the best way to answer my questions. It was scheduled for last week. Staff for both Chairman Leahy and I attended, and the FBI brought the head of their Insider Threat Program. Yet the FBI didn’t bring the Insider Threat training materials as we had requested. However, the head of the Insider Threat Program told the staff that there was no need to worry about whistleblower communications. He said whistleblowers had to register in order to be protected, and the Insider Threat Program would know to just avoid those people.
Now I have never heard of whistleblowers being required to “register” in order to be protected. The idea of such a requirement should be pretty alarming to all Americans. Sometimes confidentiality is the best protection a whistleblower has. Unfortunately, neither my staff nor Chairman Leahy’s staff was able to learn more, because only about ten minutes into the briefing, the FBI abruptly walked out. FBI officials simply refused to discuss any whistleblower implications in its Insider Threat Program and left the room. These are clearly not the actions of an agency that is genuinely open to whistleblowers or whistleblower protection.
The senior lawyer for the National Security Agency stated unequivocally on Wednesday that US technology companies were fully aware of the surveillance agency’s widespread collection of data, contradicting months of angry denials from the firms.
Rajesh De, the NSA general counsel, said all communications content and associated metadata harvested by the NSA under a 2008 surveillance law occurred with the knowledge of the companies – both for the internet collection program known as Prism and for the so-called “upstream” collection of communications moving across the internet.
Asked during a Wednesday hearing of the US government’s institutional privacy watchdog if collection under the law, known as Section 702 or the Fisa Amendments Act, occurred with the “full knowledge and assistance of any company from which information is obtained,” De replied: “Yes.”
When the Guardian and the Washington Post broke the Prism story in June, thanks to documents leaked by whistleblower Edward Snowden, nearly all the companies listed as participating in the program – Yahoo, Apple, Google, Microsoft, Facebook and AOL – claimed they did not know about a surveillance practice described as giving NSA vast access to their customers’ data. Some, like Apple, said they had “never heard” the term Prism.
De explained: “Prism was an internal government term that as the result of leaks became the public term,” De said. “Collection under this program was a compulsory legal process, that any recipient company would receive.”
Britain’s surveillance agency GCHQ, with aid from the US National Security Agency, intercepted and stored the webcam images of millions of internet users not suspected of wrongdoing, secret documents reveal.
GCHQ files dating between 2008 and 2010 explicitly state that a surveillance program codenamed Optic Nerve collected still images of Yahoo webcam chats in bulk and saved them to agency databases, regardless of whether individual users were an intelligence target or not.
In one six-month period in 2008 alone, the agency collected webcam imagery – including substantial quantities of sexually explicit communications – from more than 1.8 million Yahoo user accounts globally.
The document estimates that between 3% and 11% of the Yahoo webcam imagery harvested by GCHQ contains “undesirable nudity”. Discussing efforts to make the interface “safer to use”, it noted that current “naïve” pornography detectors assessed the amount of flesh in any given shot, and so attracted lots of false positives by incorrectly tagging shots of people’s faces as pornography.
No Swiss fighter jets were scrambled Monday when an Ethiopian Airlines co-pilot hijacked his own plane and forced it to land in Geneva, because it happened outside business hours, the Swiss airforce said.
“Working for the TSA,” I wrote, “has the feel of riding atop the back of a large, dopey dog fanatically chasing its tail clockwise for a while, then counterclockwise, and back again, ad infinitum.”
FBI agents put this pressure on ACLU clients Abe Mashal, a Marine veteran; Amir Meshal; and Nagib Ali Ghaleb. Each of these Americans spoke to FBI agents to learn why they were suddenly banned from flying and to clear up the errors that led to that decision. Instead of providing that explanation or opportunity, FBI agents offered to help them get off the No-Fly List—but only in exchange for serving as informants in their communities.Our clients refused.
The ACLU’s report,Unleashed and Unaccountable: The FBI’s Unchecked Abuse of Authority, explains what happened to Nagib Ali Ghaleb. Nagib was denied boarding when trying to fly home to San Francisco after a trip to visit family in Yemen. Stranded abroad and desperate to return home, Nagib sought help from the U.S. embassy in Yemen and was asked to submit to an FBI interview. FBI agents offered to arrange for Nagib to fly back immediately to the United States if he would agree to tell the agents who the “bad guys” were in Yemen and San Francisco. The agents insisted that Nagib could provide the names of people from his mosque and the San Francisco Yemeni community. The agents said they would have Nagib arrested and jailed in Yemen if he did not cooperate, and that Nagib should “think about it.” Nagib, however, did not know any “bad guys” and therefore refused to spy on innocent people in exchange for a flight home.
Nagib’s experience is far from unique. After Abe Mashal was denied boarding at Chicago’s Midway Airport, FBI agents questioned him about his religious beliefs and practices.The agents told Abe that if he would serve as an informant for the FBI, his name would be removed from the No-Fly List and he would receive compensation. When Abe refused, the FBI promptly ended the meeting.
Neither Nagib nor Abe present a threat to aviation security. But FBI agents sought to exploit their fear, desperation, and confusion when they were most vulnerable, and to coerce them into working as informants. Moreover, the very fact that FBI agents asked Nagib and Abe to spy on people for the government is yet another indication that the FBI doesn’t actually think either man is a suspected terrorist. This abusive use of a government watch list underscores the serious need for regulation, oversight, and public accountability of an FBI that has become unleashed and unaccountable.
The U.S. government spied on Brazil’s state-controlled oil company, Petroleo Brasileiro SA, Globo TV reported, citing classified documents obtained by former intelligence contractor Edward Snowden.
The television network, which reported a week ago that the U.S. National Security Agency intercepted phone calls and e-mails of Brazilian President Dilma Rousseff, aired slides from an NSA presentation from 2012 that explained the agency’s capability to penetrate private networks of companies such as Petrobras, as the oil company is known, and Google Inc.
One slide in the presentation listed “economic” as an intention for spying, as well as diplomatic and political reasons. None of the documents revealed the motivation for the alleged spying on Petrobras, according to Globo.
The presentation appears to contradict a statement made by an NSA spokesman to the Washington Post in an August 30 article, in which the agency said that the U.S. Department of Defense “does not engage in economic espionage in any domain, including cyber.”
Petrobras declined to comment in an e-mailed response to questions. An official at the NSA told Globo that the agency gathers economic information in order to monitor for signs of potential instability in financial markets, and not to steal commercial secrets, according to tonight’s program.
Apparently Petrobas is a hotbed of financial instability. They’re probably the single cause behind the 2008 meltdown of the financial markets.
The TSA is allowed to lie in its responses to Freedom of Information Requests. Its court-granted ability to lie to the public it nominally serves isn’t limited to sensitive issues, either: they’re allowed to pretend that they don’t have CCTV footage of their own officers violating their own policies, even when they do.
Investigators believe an 8-year-old boy intentionally shot and killed his 90-year-old grandmother on Thursday evening after playing a violent video game.
The woman, Marie Smothers, was pronounced dead at the scene with a gunshot wound to the head in a mobile home park in Slaughter, Louisiana, the East Feliciana Parish Sheriff’s Office said in a statement. Slaughter is about 20 miles north of Baton Rouge.
The boy initially told investigators he accidentally shot his grandmother while playing with a gun, but after further investigation officials determined it was a homicide.
The boy won’t face charges. Under Louisiana law, a child under 10 is exempt from criminal responsibility.
Before the incident Smothers had been watching TV in the living room while the boy played a video game in which players shoot people, the release from the sheriff’s office stated.
Why is it that the availability of the gun is not the problem?
There’s also a lot of comedy on TV, does that mean there’s more comedy in the street as well?
It turns out that the NSA’s domestic and world-wide surveillance apparatus is even more extensive than we thought. Bluntly: The government has commandeered the Internet. Most of the largest Internet companies provide information to the NSA, betraying their users. Some, as we’ve learned, fight, and lose. Others cooperate, either out of patriotism or because they believe it’s easier that way.
I have one message to the executives of those companies: fight.
Do you remember those old spy movies, when the higher ups in government decide that the mission is more important than the spy’s life? It’s going to be the same way with you.