Category Archives: Tech

Tech giants to press Obama on NSA reform in private White House meeting

 Tech giants to press Obama on NSA reform in private White House meeting

Technology industry leaders were due to question Barack Obama about privacy issues and his progress towards ending the National Security Agency’s collection of bulk telephone data on Friday, in their second White House meeting over Silicon Valley’s surveillance concerns.
Continue reading «Tech giants to press Obama on NSA reform in private White House meeting»

Executives from Facebook, Google and Yahoo were invited by the administration to the private Oval Office discussion amid continued anger over revelations stemming from leaks last June by NSA whistleblower Edward Snowden.

Reform efforts in Washington have stalled somewhat since Obama called for the US government to stop collecting domestic phone data in January but suggested an unspecified third party might be able manage the database instead – leaving Congress and the intelligence community locked in a battle over how to proceed.

This has doubly complicated matters for the US technology industry, which fears public surveillance concerns are damaging its international business interests but which has little appetite for replacing the NSA’s role with a private sector database provider.

Friday’s meeting comes just days after Facebook founder Mark Zuckerberg called Obama to express his displeasure with the latest round of NSA revelations. “Unfortunately, it seems like it will take a very long time for true, full reform,” Zuckerberg wrote in a Facebook post on 13 March.

Zuckerberg, who was expected to attend the Oval Office event with Google chairman Eric Schmidt, said he had been “confused and frustrated” by reports of the behaviour of the US government. “When our engineers work tirelessly to improve security, we imagine we’re protecting you against criminals, not our own government,” he wrote.

“The US government should be the champion for the internet, not a threat. They need to be much more transparent about what they’re doing, or otherwise people will believe the worst.”

This week, Rajesh De, the NSA’s general counsel, said all communications content and associated metadata harvested by the NSA under a 2008 surveillance law occurred with the knowledge of the companies – both for the internet collection program known as Prism and for the so-called “upstream” collection of communications moving across the internet.

Executives from Netflix and Palantir, the big data mining company, are also expected to attend the White House meeting, where a major topic of conversation is expected to be the imminent overhaul of how the US collects the phone records of millions of US mobile users.

Obama’s speech in January worried many in the tech and telecoms community, who are concerned that the burden of collecting and keeping that data will merely be passed on to them.

Following Obama’s announcement, Google, Facebook, Microsoft, Yahoo, AOL and others said the proposal represented “positive progress on key issues including transparency from the government and in what companies will be allowed to disclose, extending privacy protections to non-US citizens, and Fisa court reform.”

But they said crucial details remain to be addressed and additional steps were needed. Others were more critical. Alex Fowler, head of privacy and public policy at Mozilla, maker of the Firefox browser, said Obama’s proposals did not represent meaningful change.

“Overall, the strategy seems to be to leave current intelligence processes largely intact and improve oversight to a degree. We’d hoped for, and the internet deserves, more. Without a meaningful change of course, the internet will continue on its path toward a world of balkanization and distrust – a grave departure from its origins of openness and opportunity,” he wrote in a blog post.

Silicon Valley executives have made clear that they want greater transparency over the government’s collection of their users data and more oversight. But talks seem to have foundered in recent months with tech executives becoming increasingly concerned that little will change.

Source: TheGuardian

Largest single personal data hack ever? 360mn stolen account credentials found online

Largest single personal data hack ever 360mn stolen account credentials found online Largest single personal data hack ever? 360mn stolen account credentials found online

A cyber security firm has reported a “mind boggling” cache of stolen credentials which has been put up for sale on online black markets. A total of 360 million accounts were affected in a series of hacks, one of which seems to be the biggest in history.
Continue reading «Largest single personal data hack ever? 360mn stolen account credentials found online»

Alex Holden, chief information security officer of Hold Security LLC, said that the firm had uncovered the data over the past three weeks.

He said that 360 million personal account records were obtained in separate attacks, but one single attack seems to have obtained some 105 million records which could make it the biggest single data breach to date, Reuters reports. “The sheer volume is overwhelming,” said Holden in a statement on Tuesday.

“These mind boggling figures are not meant to scare you and they are a product of multiple breaches which we are independently investigating. This is a call to action,” he added.

Hold Security said that as well as 360 million credentials, hackers were also selling 1.25 billion email addresses, which may be of interest to spammers.

The huge treasure trove of personal details includes user names, which are most often email addresses, and passwords, which in most cases are unencrypted.

Hold Security uncovered a similar breach in October last year, but the tens of millions of records had encrypted passwords, which made them much more difficult for hackers to use.

“In October 2013, Hold Security identified the biggest ever public disclosure of 153 million stolen credentials from Adobe Systems Inc. One month later we identified another large breach of 42 million credentials from Cupid Media,”
 Hold Security said in statement.

Largest single personal data hack ever 360mn stolen account credentials found online 2 Largest single personal data hack ever? 360mn stolen account credentials found online

 

Holden said he believes that in many cases the latest theft has yet to be publically reported and that the companies that have been attacked are unaware of it. He added that he will notify the companies concerned as soon as his staff has identified them.

“We have staff working around the clock to identify the victims,”
 he said.

However, he did say that the email addresses in question are from major providers such as AOL Inc, Google Inc, Yahoo Inc, and Microsoft Corp, as well as “almost all” Fortune 500 companies and nonprofit organizations.

Heather Bearfield, who runs cybersecurity for an accounting firm Marcum LLP, told Reuters that while she had no information about Hold Security’s findings, she believed that it was quite plausible as hackers can do more with stolen credentials than they can with stolen credit cards, as people often use the same login and password for many different accounts.

“They can get access to your actual bank account. That is huge. That is not necessarily recoverable funds,”she said.

The latest revelation by Hold Security comes just months after the US retailer Target announced that 110 million of their customers had their data stolen by hackers. Target and the credit and debit card companies concerned said that consumers do not bear much risk as funds are rapidly refunded in fraud losses.

Source: RT

GCHQ and NSA intercepted Yahoo users’ private photographs

GCHQ and NSA intercepted Yahoo users private photographs GCHQ and NSA intercepted Yahoo users private photographs

British and American surveillance agencies teamed up to develop a system that collected millions of images from the webcams of unsuspecting and innocent internet users, new leaked documents reveal.
Continue reading «GCHQ and NSA intercepted Yahoo users’ private photographs»

This “Optic Nerve” program — administered by the UK’s GCHQ with the assistance of the National Security Agency — routinely intercepted and stored those webcam images in secret starting in 2008, according to documents disclosed by former intelligence contractor Edward Snowden and published by The Guardian on Thursday.

The program indiscriminately collected millions of images from people who used Yahoo’s webcam chat function, the Guardian’s Spencer Ackerman and James Ball reported, “including substantial quantities of sexually explicit communications.”

According to the journalists, the GCHQ relied on Optic Nerve to experiment with facial recognition programing to monitor existing targets and search for new persons of interest.

But the GCHQ didn’t stop at targeting solely suspected terrorists, the report continues, and instead collected intelligence by seemingly anyone unfortunate enough to log-in to Yahoo’s webcam chat feature, at least between 2008 and 2012.

“Yahoo webcam is known to be used by GCHQ targets,” reads a portion of the classified documentation published by the paper.

The GCHQ did not limit their surveillance to just those target, however. According to the leaked Snowden document, 1.8 million Yahoo users had their webcam images collected by the agency during just a six-month span shortly after Optic Nerve was first rolled out.

When reached for comment by the British paper, a representative for Yahoo said the GCHQ program as explained demonstrates a “whole new level of violation of our users’ privacy.”

Elsewhere in the leaked documentation, GCHQ agents admitted that a large portion of the imagery collected contained “undesirable nudity.”

“Unfortunately … it would appear that a surprising number of people use webcam conversations to show intimate parts of their body to the other person,” one internal document cited by The Guardian reads.“Also, the fact that the Yahoo software allows more than one person to view a webcam stream without necessarily sending a reciprocal stream means that it appears sometimes to be used for broadcasting pornography.”

And although the program was carried out by British spies, Ackerman and Ball acknowledged that millions of Americans may have had their own likeness — clothed or not — captured in the process.

“GCHQ does not have the technical means to make sure no images of UK or US citizens are collected and stored by the system, and there are no restrictions under UK law to prevent Americans’ images being accessed by British analysts without an individual warrant,” they wrote.

But Vanee Vines, a spokesperson for the NSA, told the Guardian that the US spy agency “does not ask its foreign partners to undertake any intelligence activity that the US government would be legally prohibited from undertaking itself.”

“A key part of the protections that apply to both US persons and citizens of other countries is the mandate that information be in support of a valid foreign intelligence requirement, and comply with US Attorney General-approved procedures to protect privacy rights. Those procedures govern the acquisition, use, and retention of information about US persons,” Vines said.

In an op-ed published in The Guardian also on Thursday, acclaimed security expert and cryptographer Bruce Schneier said even safeguards in place to prevent these images being viewed by any GCHQ staffer should be questioned.

“[I]s it really okay for a computer to monitor you online, and for that data collection and analysis only to count as a potential privacy invasion when a person sees it? I say it’s not, and the latest Snowden leaks only make more clear how important this distinction is,” he wrote.

Source: RT

Apple security flaw could be a backdoor for the NSA

Apple security flaw could be a backdoor for the NSA Apple security flaw could be a backdoor for the NSA

Was the National Security Agency exploiting two just-discovered security flaws to hack into the iPhones and Apple computers of certain targets? Some skeptics are saying there is cause to be concerned about recent coincidences regarding the NSA and Apple.
Continue reading «Apple security flaw could be a backdoor for the NSA»

Within hours of one another over the weekend, Apple acknowledged that it had discovered critical vulnerabilities in both its iOS and OSX operating systems that, if exploited correctly, would put thought-to-be-secure communications into the hands of skilled hackers.

“An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS,” the company announced.

Apple has since taken steps to supposedly patch up the flaw that affected mobile devices running its iOS operating system, such as iPhones, but has yet to unveil any fix for the OSX used by desktop and laptop computers. As experts investigated the issue through the weekend, though, many couldn’t help but consider the likelihood — no matter how modicum — that the United States’ secretive spy agency exploited those security flaws to conduct surveillance on targets.

On Saturday, Apple enthusiast and blogger John Gruber noted on his personal website that information contained within internal NSA documents leaked by former intelligence contractor Edward Snowden last year coincide closely with the release of the affected mobile operating system, iOS 6.

According to a NSA slideshow leaked by Mr. Snowden last June, the US government has since 2007 relied on a program named PRISM that enables the agency to collect data “directly from the servers” of Microsoft, Yahoo, Google, Facebook and others. The most recent addition to that list, however, was Apple, which the NSA said it was only able to exploit using PRISM since October 2012.

The affected operating system — iOS 6.0 — was released days earlier on September 24, 2012.

These facts, Gruber blogged, “prove nothing” and are “purely circumstantial.” Nevertheless, he wrote, “the shoe fits.”

With the iOS vulnerability being blamed on a single line of erroneous code, Gruber considered a number of possibilities to explain how that happened.

Conspiratorially, one could suppose the NSA planted the bug, through an employee mole, perhaps. Innocuously, the Occam’s Razor explanation would be that this was an inadvertent error on the part of an Apple engineer,” he wrote.

Once the bug was in place, the NSA wouldn’t even have needed to find it by manually reading the source code. All they would need are automated tests using spoofed certificates that they run against each new release of every OS. Apple releases iOS, the NSA’s automated spoofed certificate testing finds the vulnerability, and boom, Apple gets ‘added’ to PRISM.

Gruber said he sees five possible scenarios, or “levels of paranoia,” as he put it:

Nothing. The NSA was not aware of this vulnerability.
The NSA knew about it, but never exploited it.
The NSA knew about it, and exploited it.
NSA itself planted it surreptitiously.
Apple, complicit with the NSA, added it.

Of course, Guber added, there is always the possibility that “this is all a coincidence.” He certainly wasn’t the only one to consider it, though.

Again, all of this is circumstantial and speculative, and Apple has come out numerous times vehemently denying its involvement in any NSA program,” iDownloadblog’s Cody Lee wrote on Monday. “But the timing is rather odd, and it makes you wonder how such a serious bug went undiscovered for over a year.”

Indeed, Apple has since the start of the Snowden leaks adamantly fended off allegations concerning a possible collusion with the NSA. On December 31, 2013, the company even issued a statement insisting “Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone.”

We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them,” Apple said then — nearly two months after acknowledging the major security vulnerability discovered last week.

At the time, though, Apple was responding to another serious allegation that, if correct, gives much more credence to the latest accusations. The Dec. 31 statement was sent hours after security researcher Jacob Appelbaum presented previously unpublished NSA slides at a hacking conference in Germany, including some where the spy agency boasted about being able to infiltrate any iPhone owned by a targeted person.

The NSA, Appelbaum said, “literally claim that any time they target an iOS device, that it will succeed for implantation.”

“Either they have a huge collection of exploits that work against Apple products — meaning they are hoarding information about critical systems American companies product and sabotaging them — or Apple sabotages it themselves.”

Last year, RT reported that the NSA entered into a contract in 2012 with VUPEN, a French security company that sells so-called 0-day exploits to governments and agencies so that vulnerabilities and flaws can be abused before the affected product’s owner is even made aware. It’s likely just another major coincidence that fits the time frame eerily well, but that contract was signed only days before iOS 6 was released — and, coincidentally, days before the NSA boasted about being able to access Apple communications through its PRISM program.

Source: RT

Hundreds of tiny satellites could soon deliver free internet worldwide

Hundreds of tiny satellites could soon deliver free internet worldwide Hundreds of tiny satellites could soon deliver free internet worldwide
Developers say they are less than a year away from deploying prototype satellites that could someday soon broadcast free and universal internet all over the globe from high in orbit.
Continue reading «Hundreds of tiny satellites could soon deliver free internet worldwide»

The “Outernet” project being bankrolled by the Media Development Investment Fund (MDIF) of New York is currently in the midst of conducting technical assessment of the project, but say by June they hope to develop test satellite in order to see how long-range WiFi would work if beamed down by a tiny 10x10x10-centimeter payload called a CubeSat.

If all goes as planned, a test CubeSat will be sent into orbit next January, and within a few years there could be hundreds of similar devices circling the Earth and sending back down internet signals. Once that is accomplished, countries that largely censor the web — like China and North Korea — would be hard-pressed to restrict internet access without also going into orbit.

“We exist to support the flow of independent news, information, and debate that people need to build free, thriving societies,” MDIF President Peter Whitehead told the National Journal recently. “It enables fuller participation in public life, holds the powerful to account and protects the rights of the individual.”

To accomplish as much, though, MDIF is facing a rather uphill battle, at least with regards to funding. Funny enough, sending hundreds of tiny WiFi ready satellites into orbit isn’t as inexpensive as one might imagine.

Syed Karim, MDIF’s director of innovation, told the National Journal’s Alex Brown that it would take only three years and $12 billion to get the project up and running.

But “We don’t have $12 billion,” Karim said, “so we’ll do as much as we can with CubeSats and broadcast data.”

Broadcasting data,” Outernet says on their website, “allows citizens to reduce their reliance on costly internet data plans in places where monthly fees are too expensive for average citizens. And offering continuously updated web content from space bypasses censorship of the Internet.”

Around 40 percent of the planet currently doesn’t have access to any sort of internet service, the company claims, but basic CubeSats could send one-way signals down to earth to deliver news or content through a “global notification system during emergencies and natural disasters,” their website says.

Access to knowledge and information is a human right and Outernet will guarantee this right by taking a practical approach to information delivery. By transmitting digital content to mobile devices, simple antennae and existing satellite dishes, a basic level of news, information, education and entertainment will be available to all of humanity.” If they can succeed with that, then Outernet hopes to start figuring a way to let customers send data back to the CubeSats, ideally creating free, “two-way internet access for everyone” in a few years’ time.

During a recent question-and-answer session on the website Reddit, Karim explained that the Outernet project is already being more affordable because some of the most expensive aspects of the endeavor, at least with regards to research, have already been considered by other entrepreneurial space experts.

There isn’t a lot of raw research that is being done here; much of what is being described has already been proven by other small satellite programs and experiments,” Karim said.

There’s really nothing that is technically impossible to this,” he added. “But at the prospect of telecoms operators trying to shut the project down before it gets off the ground,” Karim said, “We will fight… and win.”

Meanwhile, his group is gunning to figure out how to make that dream a reality without going over budget. Getting one of those tiny CubeSats into orbit could cost upwards of $100,000, Brown reported, and slightly larger satellites being considered by Outernet could run three times that.

We want to stay as small as possible, because size and weight are directly related to dollars,” Karim said. “Much of the size is dictated by power requirements and the solar panels needed satisfy those requirements.”

Source: RT

White House unveils cybersecurity standards for private businesses

us introduces cybersecurity standards for private companies White House unveils cybersecurity standards for private businesses
The White House on Wednesday released the final version of the voluntary cybersecurity standards that President Barack Obama called for the creation of exactly one year ago in an effort to reduce risks to the United States’ critical infrastructure.
Continue reading «White House unveils cybersecurity standards for private businesses»

But after 12 whole months of development, tech experts aren’t sure if the latest effort to strengthen cybersecurity among the players involved in the nation’s power sector, telecommunications sphere and other at-risk realms meets what they think is warranted.

During his 2013 State of the Union address, Pres. Obama acknowledged that earlier that day he signed an executive order intended to strengthen the country’s cyber defenses “by increasing information sharing and developing standards to protect our national security, our jobs and our privacy.” That executive order compelled the director of the National Institute of Standards and Technology, or NIST, to develop a framework intended to help entities reduce cyber risks faced by the nation’s most crucial assets. Government officials announced one year to the day that they were ready to begin rolling-out those standards to interested industry partners during a White House press conference on Wednesday.

“Threats are becoming more sophisticated,” White House Chief of Staff Denis McDonough said during the event that afternoon, and “…the only way to address these threats effectively is through a true partnership between the government and the private sector.” Soon, however, participation in the program is expected to be mandated among government contractors.

When the president signed the order last February, he warned that the threat from cyberattacks has worsened in recent years and cited money-hungry hackers and malicious foreign nation-states as being among the biggest culprits behind attacks on America’s computer systems. One year later that threat has arguably only intensified — especially in light of the recent security breaches suffered at the hands of Target, Neiman Marcus and others — and the Obama administration hopes that companies that consider adopting the new framework will find themselves less likely to be brought down by highly-skilled hackers.

The framework, its authors write, “uses a common language to address and manage cybersecurity risk in a cost-effective way based on business needs without placing additional regulatory requirements on businesses.” According to its executive summary it “enables organizations – regardless of size, degree of cybersecurity risk or cybersecurity sophistication – to apply the principles and best practices of risk management to improving the security and resilience of critical infrastructure” by providing “organization and structure to today’s multiple approaches to cybersecurity by assembling standards, guidelines and practices that are working effectively in industry today.”

Over the course of 47 pages, the document outlines a framework composed of five core functions — identify, protect, deter, respond and recover — intended to provide participating entities with a strategic view of how they match up against varying levels of attack. Elsewhere it shows participants how to align with best practices crucial to protecting the systems of critical infrastructure components, and how those groups can manage themselves to assess all sorts of potential risks.

Critical infrastructure, as defined in that report, is composed of “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety or any combination of those matters,” and includes private sector businesses ranging from telecommunication providers to utility companies.

Cybersecurity Framework 021214 Final

The framework announced this week doesn’t require any companies or corporations to sign on, however, and absent monetary incentives it could make little difference in coercing cooperation from the private sector.

Originally, the US government considered actions that would have awarded companies that follow the framework by providing assistance in acquiring the upgrades required to wrestle against cyberattacks. That offer has been erased from the finalized framework, however, much to the chagrin of some who saw those measures as a way to attract otherwise unwilling participants that aren’t interested in adopting purely voluntary standards.

“Six months ago the message we were hearing is that incentives were coming,” Robert Dix, vice president of government affairs for California’s Juniper Networks told Bloomberg BusinessWeek in a recent telephone interview“Virtually nothing has been done to move the needle on any incentives that are going to be economic motivators for investments.”

“If the framework isn’t cost effective and isn’t supported by incentives, it’s hard to see how it can work on a sustainable basis,” added Larry Clinton, the president of the Internet Security Alliance, which represents General Electric, among others.

Indeed, Dix and Clinton’s trade group are not alone. On Tuesday this week, the Information Technology Industry Council — which includes Apple, Google, IBM, Intel and Symantec — released a statement which in part objected to the lack of incentives being offered a year after they were all but assured.

“Given limited fiscal resources and the complexity of incentives, including the necessary involvement of multiple stakeholders including Congress, it is highly unlikely any will be available at, or immediately following, the February 2014 launch” of the framework, that group said.

Others have applauded the framework, albeit while still expressing some reservations about the final report.

“The voluntary cybersecurity framework provides a number of useful guideposts for companies who want to better secure their data,” Greg Nojeim of the DC-based Center for Democracy and Technology wrotein a statement released Wednesday afternoon. “The framework will be useful to companies and their privacy officers, because it will remind them that processes should be put in place to deal with the privacy issues that arise in the cybersecurity context.”

“However, we are concerned that the privacy provisions in the framework were watered down from the original draft,” added Nojeim. “We would have preferred a framework that requires more measurable privacy protections as opposed to the privacy processes that were recommended. As the framework is implemented, we are hopeful that such privacy protections are further developed and become standardized.”

Even Michael Chertoff, the former secretary of the Department of Homeland Security under President George W. Bush, told POLITICO last week that he thinks the framework lacks the necessary support from other aspects of the US government. Without that, he said, it might not be enough to protect critical infrastructure components.

“Either Congress will have to really put some muscle behind it, or the regulators … will have to pick up the baton,” said Chertoff. “I wouldn’t say we’re at the end of the journey.”

Even those unwilling to adopt the voluntary standards will have other options to protect their computers, though. Current DHS Secretary Jeh Johnson announced during Wednesday’s conference that his office has established the Critical Infrastructure Cyber Community Voluntary Program, or C-Cubed, to give companies that provide critical services like cell phone, email, banking and energy free and direct access to cyber security experts within the DHS who have knowledge about specific threats facing the country, as well as ways to counter those threats and recover.

“The C-Cubed Voluntary Program will serve as a point of contact and customer relationship manager to assist organizations with framework use, and guide interested organizations and sectors to DHS and other public and private sector resources to support use of the Cybersecurity Framework,” Johnson’s department said in a statement published on Wednesday.

Source: RT

DARPA developing ultimate web search engine to police the internet

darpa internet search engine DARPA developing ultimate web search engine to police the internet

​The Pentagon’s research arm that fosters futuristic technology for the military will soon begin working to surpass current abilities of commercial web search engines. Yet, once it masters the “deep Web,” the agency doesn’t say much about what comes next.

Continue reading «DARPA developing ultimate web search engine to police the internet»

The Defense Advanced Research (DARPA) said its “Memex” project will be able to search the far corners of internet content that is unattainable by modern, mainstream search engines, offering DARPA“technological superiority in the area of content indexing and Web search on the Internet.”

DARPA said earlier this month in its solicitation announcement for Memex proposals that the system will initially be used to counter human trafficking, which often thrives in web forums, chat rooms, job postings, hidden services and other websites.

To root out trafficking operations within the invisible corners of the web, commonly referred to as the“deep web,” Memex (a melding of “memory” and “index”“will address the inherent shortcomings of centralized search by developing technology for domain-specific indexing of Web content and domain-specific search capabilities.”

With Memex, DARPA hopes to achieve the ability for decentralized, automated, topic-precise searches that can leverage image recognition and natural language technology.

DARPA has asked researchers to develop advanced web-crawler software to reach sites and resources that have sophisticated crawler defenses. Memex operators would then be able to access the indexed domain-relevant content with much greater precision and ease than is currently possible.

Memex, DARPA says, will be first employed against human trafficking, which, “especially for the commercial sex trade, is a line of business with significant Web presence to attract customers and is relevant to many types of military, law enforcement, and intelligence investigations.”

DARPA says that dark places online where trafficking occurs enables “a growing industry of modern slavery” that can be stopped with Memex capabilities.

“An index curated for the counter trafficking domain, including labor and sex trafficking, along with configurable interfaces for search and analysis will enable a new opportunity for military, law enforcement, legal, and intelligence actions to be taken against trafficking enterprises,” DARPA’s solicitation announcement reads.

Yet while DARPA mentions the usefulness of such technology for law enforcement and investigative purposes regarding human trafficking – basically, crimes few are opposed to stopping – it does not address the myriad other uses Memex would offer the US military, government intelligence operations, or police actions.

Amid the recent disclosures of government spying via the National Security Agency’s operations, the topic of complete surveillance over the entirety of the web is a sore subject. Thus, DARPA says it is“specifically not interested in proposals for the following: attributing anonymous services deanonymizing or attributing identity to servers or IP addresses, or gaining access to information which is not intended to be publicly available.”

How DARPA would catch traffickers without “deanonymizing” someone, though, the agency does not explain. Nor does it address just how far it wants to out anyone hiding in the deep web for legitimate reasons, whether they are journalists, whistleblowers, activists, and the like.

The Memex project takes its name from a 1945 article in The Atlantic titled “As We May Think,” by Dr. Vannevar Bush, head of the White House Office of Scientific Research and Development. Bush envisioned a “device” that could be used for finding and categorizing the world’s information, acting as a supplement for the human brain.

“In a nutshell, Bush wanted to mimic how the human brain thinks, learns, and remembers information,”writes Motherboard. “Which is exactly what artificial intelligence researchers at the DoD and in Silicon Valley are trying to do now, to glean better insights from the unruly army of big data being collected by web giants and the military alike.”

The Memex project is expected to run over the next three years, with proposals due in April.

Source: RT

‘The day we fight back’: 6,000 websites protest surveillance, honor Aaron Swartz

snimok ekrana 2014 02 11 v 12.45.13 ‘The day we fight back’: 6,000 websites protest surveillance, honor Aaron Swartz

More than 6,000 websites, including Reddit, Tumblr, Mozilla, are taking part in an online protest against government surveillance. The action marks two years since website blackouts against SOPA and PIPA and commemorates Aaron Swartz’s death.
Continue reading «‘The day we fight back’: 6,000 websites protest surveillance, honor Aaron Swartz»

The February 11 online protest, going by the title ‘The Day We Fight Back’, is supposed to see around 6, 200 websites each host a large banner at the top reading “Dear internet, we’re sick of complaining about the NSA. We want new laws that curtail online surveillance.”

The banner enables US internet users to contact members of Congress directly via email or a computer telephone call link using Twilio Voice. They would then be able to ask legislators to oppose the FISA Improvements Act, which would strengthen the NSA surveillance legality and to support the USA Freedom Act, that would, conversely, curb the domestic surveillance power of intelligence agencies.

As for website visitors from outside US, they are urged to sign a petition in support of the principles against mass surveillance. The petition has already been signed by more than 26,000 people.

In addition, everyone is encouraged to change their social networks’ profile pictures, adding a #STOPTHENSA tag to them.

“Together we will push back against powers that seek to observe, collect, and analyze our every digital action,” states the movement’s website. “Together, we will make it clear that such behavior is not compatible with democratic governance. Together, if we persist, we will win this fight.”

The protests are not confined to the instantaneous, infinite and easily accessible realm of cyberspace. Over a dozen protest events are taking place worldwide from Denmark, Costa Rica and Serbia to Stockholm, with street theater taking place in some US cities. San Francisco is seeing masses of people aiding in the projection of an anti-surveillance image onto the side of an AT&T building as a speech is given by one of its former technicians, whistleblower Mark Klein.

The day of online protest is “in celebration of the win against SOPA and PIPA two years ago.” Back then thousands of websites, including Wikipedia, Reddit and Flickr, went ‘dark’ to protest the bills, which were supposedly written to protect copyrighted material and which many believed would cripple the freedom of the internet.

The Day We Fight Back is also in memory of Aaron Swartz, a 26 year-old information transparency activist, who took his own life just over a year ago, having faced a standoff with the government.

When he was just 14, tech prodigy Swartz helped launch the first RSS feeds. By the time he turned 19, his company had merged with Reddit, which would become one of the most popular websites in the world.

But instead of living a happy life of a Silicon Valley genius, Swartz went on to champion a free internet, becoming a political activist calling for others to join.

This isn’t something playing out on stage somewhere where big giants fight each other and you’ve got to sit and munch popcorn,” Swartz said in one of his interviews. “This is a fight you can join in. So if you go to domain progress.org and sign up, we’ve got actions every week. There are bills that are coming up that could crack down on internet freedom, companies trying to abuse their power. And it’s up to all of us to stop them.”

Aaron Swartz drew the FBI’s attention in 2008, when he downloaded and released about 2.7 million federal court documents from a restricted service. The government did not press charges because the documents were, in fact, public.

He was arrested in 2011, for downloading academic articles from a subscription-based research website at his university – with the intention of making them available to the public. Although, none of what he downloaded was classified, prosecutors wanted to put him in jail for 35 years.

Aaron Swartz ‘The day we fight back’: 6,000 websites protest surveillance, honor Aaron Swartz

 

Friend and Harvard law professor Lawrence Lessig, later described how the persecution had driven Swartz to the edge.

When he saw all of his wealth gone and he recognized his parents were going to have to mortgage their house, so he can afford a lawyer to fight a government that treated him as if he were a 9/11 terrorist, as if what he was doing was threatening the infrastructure of the United States. When he saw that and he recognized how incredibly difficult that fight was going to be, of course he was depressed.”

Civil liberties advocates are now pushing for Congress to reform the anti-hacking law the government used to pursue Swartz .

Parker Higgins from the Electronic Frontier Foundation believes there’s still a lot to be done before politicians realize such relentless persecution is unacceptable.

Unfortunately the government hasn’t changed its perception here,” Higgins told RT. “There was a proposal last year in the US legislature called ‘Aaron’s law’ that would address some of the biggest concerns that we have. But Aaron’s law still hasn’t advanced to the point where it’s passed or can be signed. In fact we’ve seen proposals to make our computer crime laws even harsher. And that’s something we need to keep working on until politicians who don’t have a great grasp of how technology works understand that this kind of persecution is unacceptable.”

Google, Facebook, Microsoft hire first anti-NSA lobbyist in Washington

Anti NSA lobbying Google, Facebook, Microsoft hire first anti NSA lobbyist in Washington

Technology powers like Apple and Google have coalesced to register a lobbyist in Washington to focus on government surveillance reform in an effort to maintain credibility following NSA spying disclosures that often implicated them as accomplices.
Continue reading «Google, Facebook, Microsoft hire first anti-NSA lobbyist in Washington»

On Thursday AOL, Apple, Facebook, Google, LinkedIn, Microsoft, Twitter and Yahoo formed the“Reform Government Surveillance” coalition, motivated to influence policy in the nation’s capital. The new coalition hired Monument Policy Group, which has previously worked with Microsoft and LinkedIn, to handle the lobbying operations.

After the beginning of spying revelations – supplied by former NSA contractor Edward Snowden – the companies often chose to stay quiet about desired reforms, if they weren’t already forced to by the US, as has been the case with transparency efforts. But as it has become more apparent that surveillance disclosures have had or could have an impact on their business interests, the companies have chosen to act.

In late June, the US Department of Justice relented, albeit in a modest manner, to tech companies’ requests to reveal more information about how much data is demanded of them by government surveillance operations. The companies will now be able to report on national security letters – in which information is demanded independent of court authority – as well as requests ordered by the Foreign Intelligence Surveillance Act court. Yet how they report will be limited to broad numerical ranges on the volume of orders and the number of accounts affected.

The companies had been barred from revealing even that amount of limited insight into its cooperation with the US. Silicon Valley, faced with questions about their own trustworthiness and culpability since early Snowden disclosures in June, has increasingly spoken out about it desire to provide more insight into how user data was handled and how easy it has been for the US government to legally, and illegally, access private information.

Countries overseas, especially in Europe, have floated the idea of demanding tech companies be subject to new counter-NSA privacy rules that would require them have servers within a country’s border in order to supply services there. Such a data “localization” measures would mean significant cost expenditures the companies are, to no surprise, not enthused about.

According to Politico, the companies have increased advocacy for surveillance reform and more government transparency in each quarterly lobbying report since the National Security Agency disclosures began.

On Thursday, Twitter slammed the US for its transparency practices despite the new opportunities afforded the tech companies in revealing how often they are asked to comply with government surveillance efforts. It called the Justice Department’s offer a violation of First Amendment rights.

“Allowing Twitter, or any other similarly situated company, to only disclose national security requests within an overly broad range seriously undermines the objective of transparency,” Jeremy Kessel, Twitter’s Global Legal Policy manager wrote in a blog post.

The companies’ efforts to boost transparency may come just in time, as the Washington Post reported Thursday that the NSA is seeking to expand court orders to compel wireless phone companies that currently do not offer the government its records to now do so, anonymous US officials said.

Meanwhile, current and former government officials claim the NSA is not collecting as much domestic phone metadata as has been reported. As of last summer, technological advancements and popularity growth of smartphones is supposedly limiting the NSA’s collection efforts. In 2006, the agency claimed it could handle nearly all of Americans’ phone metadata. Now, anonymous officials told the Washington Post that the NSA accesses and stores only as much as 30 percent.

Source: RT

GCHQ secret unit uses DDOS attack tactics against Anonymous – Snowden leak

Anon GCHQ secret unit uses DDOS attack tactics against Anonymous – Snowden leak

British intelligence has its own hacker subdivision that uses questionable practices for hunting down enemies of the state, reveals a new leak from Edward Snowden. GCHQ is fighting Anonymous and LulzSec hacktivists with DDoS attacks and malware.
Continue reading «GCHQ secret unit uses DDOS attack tactics against Anonymous – Snowden leak»

classified document obtained by NBC News reveals that the British secret service is brandishing a cyber-sword in the guise of the Joint Threat Research Intelligence Group (JTRIG), an intelligence unit not constrained by domestic or international laws.

The JTRIG unit is staging distributed denial of service (DDoS) cyber-attacks, implanting malware to disclose identities of hackers in order to prevent their communications. JTRIG is such a secret unit that its very name has never been mentioned anywhere before.

A PowerPoint presentation prepared for a 2012 NSA conference called SIGDEV, obviously from the collection of documents from the former NSA contractor, Edward Snowden, contains information about the Rolling Thunder operation against Anonymous hacktivists. JTRIG organized a DDoS attack on the internet relay chat (IRC) used by Anonymous, which reportedly resulted in 80 percent of the users quitting internet chat rooms.

The fact that the presentation was made at a conference of America’s National Security Agency is particularly interesting. It means that the NSA was informed about such governmental activities in the UK.

A DDoS attack is a criminal offence in most countries, the US and UK included. For example, in the UK a person found guilty of a cyber attack would be charged in accordance with the Computer Misuse Act, while in the US such illegal activities are prosecuted with the Computer Fraud and Abuse Act (CFAA).

Servers GCHQ secret unit uses DDOS attack tactics against Anonymous – Snowden leak

Besides that, according to cyber experts, a DDOS attack takes down an entire server, with all websites hosted on it, along with other severs operated by the same Internet Server Provider (ISP). This means that while attacking Anonymous chat rooms, JTRIG was actually disabling other web resources that had no connection to Anonymous whatsoever.

If the fact of a DDoS attack by a secret service gets some independent proof, it would mean that Britain will become the first state incriminated in staging a cyber-attack, internationally recognized as unlawful.

“Law enforcement and intelligence officials must be able to pursue individuals who are going far beyond speech and into the realm of breaking the law: defacing and stealing private property that happens to be online,” said the former head of the US National Counterterrorism Center and now an NBC News analyst Michael Leiter, noting that “there must, of course, be limitations”.

“No one should be targeted for speech or thoughts, but there is no reason law enforcement officials should unilaterally declare law breakers safe in the online environment,” said Leiter.

“Targeting Anonymous and hacktivists amounts to targeting citizens for expressing their political beliefs,”said NBC News’ Gabriella Coleman, an anthropology professor at McGill University.

In another NSA document in possession of NBC News, a JTRIG official maintains that the unit’s activities are definitely not limited to computer network protection. JTRIG is staging attacks itself, Such as “Active Covert Internet Operations” and “Covert Technical Operations”. The unit is vigorously using cyber tools to disrupt enemy communications, engaging in computer and phone jamming, breaching email accounts and conducting ‘false flag’ operations.

The Anonymous global hacker community emerged in 2011, and conducted the “Operation Payback” campaign, a series of attacks against government websites in Britain and the US in protest against the prosecution of Chelsea Manning, who handed over thousands of classified US military documents to WikiLeaks. They also attacked several financial organizations, such as credit card companies and the PayPal pay service for blocking donations support to WikiLeaks.

Source: RT