Softpanorama May the source be with you, but remember the KISS principle ;-) Contents Bulletin Scripting in shell and Perl Network troubleshooting History Humor

# Strategies of Defending Microsoft Windows against Malware

 News Recommended Links Recommended Books Spyware Malware Defense History (ebook) Articles Vault 7 scandal Internet as intelligence collection tool Malicious Web Sites Windows Disk Protection Free Windows Registry Tools Windows Process Viewers Microsoft Power Toys Norton Ghost Alternatives to Norton Ghost Windows Integrity Checkers Windows Security Compromised Web sites gallery Web Scanning Zombies Filesystems Recovery Data Recovery Free Windows Registry Tools Microsoft Registry Tools Registry Backup Registry Monitoring Softpanorama Spyware defense strategy Malicious frame attack False positives Spyware Removal Fighting Network worms History Humor Etc

Introduction to the topic became too big and was converted into a separate article on Dec 1, 2012.  The later news is that the CIA lost its arsenal of hacking tools Vault 7 scandal

After those news you can simply believe that the only secure PC is the PC the is not connected to the internet.

Your browser does not support iframes.

Softpanorama Switchboard Softpanorama Search

## Old News ;-)

 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999
 Microsoft is closely monitoring the situation, and is committed to helping customers have a safe, enjoyable computing experience. From the quotes of the day “the Windows dominance produced a computer monoculture with all the same problems as other monocultures.” "Anti-virus companies have always been seen as ambulance chasers, and sometimes, it's true," said Dan Schrader, the chief security analyst at Trend Micro. "Because this is an industry that has been built on hype and alerts and pretensions of being good citizens, the industry doesn't have a lot of credibility." The preoccupation with computer "hacking" is a way for physically unattractive males to enter the mainstream of society. Anonymous

#### [Mar 25, 2017] Putin is not the only one who knows how to play a Dead Hand

###### Mar 25, 2017 | www.zerohedge.com
warsev Mar 25, 2017 6:40 PM

Thing is, if Binney was actually a problem for the NSA et. al, the problem would be quickly eliminated. That he's still around to say what he says means that the NSA at least doesn't care, or more likely that he's a controlled disinformation mouthpiece.

Or his 'insurance policy' is as big as Snowden's and Montgomery's. Putin isn't the only one that knows how to play a 'Dead Hand'.

Winston Churchill -> warsev Mar 25, 2017 6:54 PM

He probably has something much more dangerous to them to be released on a dead mans switch.

9/11 the full story perhaps.

Like Kevin Shipp. I just got his book, "From The Company of Shadows" about his career in the CIA.

II was thinking about that today. How is this man still alive, given the information he was talking about to Carlson?

I hope that the climate continues to warm towards whistleblowers, and more and more honest whistle blowers come forward to speak up. It''s the way to drain the sulphurous swamp. 9/11 might could surface and blow that way .

Perhaps Trump should start looking at Snowdon and Assange in completely different light too.

crossroaddemon -> warsev Mar 25, 2017 8:12 PM

That's what I was thinking, too. To consider this genuine, or at least important, one has to assume that there's an uncompromised press outlet.

I don't believe that. I think wikileaks is a psyop as well. Maybe even Snowden.

#### [Mar 24, 2017] C.I.A. Developed Tools to Spy on Mac Computers, WikiLeaks Disclosure Shows

##### "... By rewriting the firmware of a computer or a phone, tools that operate at the chip level can hide their existence and avoid being wiped out by routine software updates. ..."
###### Mar 24, 2017 | www.nytimes.com

The C.I.A. developed tools to spy on Mac computers by injecting software into the chips that control the computers' fundamental operations, according to the latest cache of classified government documents published on Thursday by WikiLeaks .

Apple said in a statement Thursday evening that its preliminary assessment of the leaked information indicated that the Mac vulnerabilities described in the disclosure were previously fixed in all Macs launched after 2013.

However, the documents also indicated that the Central Intelligence Agency was developing a new version of one tool last year to work with current software.

The leaked documents were the second batch recently released by WikiLeaks, which said it obtained a hoard of information on the agency's cyberweapons programs from a former government worker or contractor. The first group of documents , published March 7, suggested that the C.I.A. had found ways to hack Apple iPhones and Android smartphones, Microsoft Windows computers, Cisco routers and Samsung smart televisions.

Since the initial release of the C.I.A. documents, which the agency has not confirmed are authentic, major technology companies have been scrambling to assess whether the security holes exploited by the C.I.A. still exist and to patch them if they do.

All of the surveillance tools that have been disclosed were designed to be installed on individual phones or computers. But the effects could be much wider. Cisco Systems, for example, warned customers this week that many of its popular routers, the backbone of computer networks, could be hacked using the C.I.A.'s techniques.

... ... ...

The spy software described in the latest documents was designed to be injected into a Mac's firmware, a type of software preloaded in the computer's chips. It would then act as a "listening post," broadcasting the user's activities to the C.I.A. whenever the machine was connected to the internet.

A similar tool called NightSkies was developed in 2009 to spy on iPhones, the documents said, with the agency figuring out how to install it undetected before a new phone was turned on for the first time. (Apple said that flaw affected only the iPhone 3G and was fixed in all later models.)

Although most of the tools targeted outdated versions of the Apple devices' software, the C.I.A.'s general approach raises new security concerns for the industry, said Eric Ahlm, who studies cybersecurity at Gartner, a research firm. By rewriting the firmware of a computer or a phone, tools that operate at the chip level can hide their existence and avoid being wiped out by routine software updates.

Under an agreement struck during the Obama administration, intelligence agencies were supposed to share their knowledge of most security vulnerabilities with tech companies so they could be fixed. The C.I.A. documents suggest that some key vulnerabilities were kept secret for the government's use.

The C.I.A. declined to comment Thursday, pointing reporters to its earlier statement about the leaks, in which it defended its use of "innovative, cutting-edge" techniques to protect the country from foreign threats and criticized WikiLeaks for sharing information that could help the country's enemies.

#### [Mar 23, 2017] Houston, we have a problem

##### "... It is the role of elected members of Congress to conduct public investigations of alleged wrongdoing by public officials.. ..."
###### Mar 23, 2017 | www.zerohedge.com

Yes, they have your Apples too:

Crash Overide -> aloha_snakbar , Mar 23, 2017 7:39 PM

Maxine Waters: 'Obama Has Put In Place' Secret Database With 'Everything On Everyone'

Vilfredo Pareto , Mar 23, 2017 7:01 PM

The rank and file of the IC are not involved in this. So let's not tar everyone with the same brush, but Obama revised executive order 12333 so that communication intercepts incidentally collected dont have to be masked and may be shared freely in the IC.

Now we have "synthetic" surveillance. You don't even need a court order. Now all incidental communication intercepts can be unmasked. One can search their huge databases for all the incidental communications of someone of interest, then collect all of the unmasked incidental communications that involve that person and put them together in one handy dandy report. Viola! You can keep tabs on them every time they end up being incidentally collected.

You ever went to an embassy party? Talked to a drug dealer or mafia guy without being aware of it? Correspond overseas? Your communications have been "incidentally" collected too. There is so much surveillance out there we have probably all bounced off various targets over the last several years.

What might your "synthetic" surveillance report look like?

Chupacabra-322 , Mar 23, 2017 7:04 PM

It's worth repeating.

There's way more going on here then first alleged. From Bloomberg, not my choice for news, but There is another component to this story as well -- as Trump himself just tweeted.

It's very rare that reporters are ever told about government-monitored communications of U.S. citizens, let alone senior U.S. officials. The last story like this to hit Washington was in 2009 when Jeff Stein, then of CQ, reported on intercepted phone calls between a senior Aipac lobbyist and Jane Harman, who at the time was a Democratic member of Congress.

Normally intercepts of U.S. officials and citizens are some of the most tightly held government secrets. This is for good reason. Selectively disclosing details of private conversations monitored by the FBI or NSA gives the permanent state the power to destroy reputations from the cloak of anonymity.

This is what police states do. In the past it was considered scandalous for senior U.S. officials to even request the identities of U.S. officials incidentally monitored by the government (normally they are redacted from intelligence reports). John Bolton's nomination to be U.S. ambassador to the United Nations was derailed in 2006 after the NSA confirmed he had made 10 such requests when he was Undersecretary of State for Arms Control in George W. Bush's first term. The fact that the intercepts of Flynn's conversations with Kislyak appear to have been widely distributed inside the government is a red flag.

Representative Devin Nunes, the Republican chairman of the House Permanent Select Committee on Intelligence, told me Monday that he saw the leaks about Flynn's conversations with Kislyak as part of a pattern. "There does appear to be a well orchestrated effort to attack Flynn and others in the administration," he said. "From the leaking of phone calls between the president and foreign leaders to what appears to be high-level FISA Court information, to the leaking of American citizens being denied security clearances, it looks like a pattern."

@?realDonaldTrump?

The real story here is why are there so many illegal leaks coming out of Washington? Will these leaks be happening as I deal on N.Korea etc?

President Trump was roundly mocked among liberals for that tweet. But he is, in many ways, correct. These leaks are an enormous problem. And in a less polarized context, they would be recognized immediately for what they clearly are: an effort to manipulate public opinion for the sake of achieving a desired political outcome. It's weaponized spin.............

But no matter what Flynn did, it is simply not the role of the deep state to target a man working in one of the political branches of the government by dishing to reporters about information it has gathered clandestinely.

It is the role of elected members of Congress to conduct public investigations of alleged wrongdoing by public officials.. ..... But the answer isn't to counter it with equally irregular acts of sabotage - or with a disinformation campaign waged by nameless civil servants toiling away in the surveillance state.....

#### [Mar 17, 2017] Orwells 1984 was not a complete work of fiction, but a successful blueprint for full statist control

##### "... Rosen goes back to state dept video archives, finds out that his whole exchange with Psaki has been erased. Weasel Kirby, when asked how this happened, who did it, who ordered it, blames it on a "technical glitch." ..."
###### Mar 11, 2017 | www.zerohedge.com

FreedomWriter -> TheWrench , Mar 11, 2017 10:12 AM

Snowflakes should also learn the depressing fact that Orwell's 1984 was not a complete work of fiction, but a successful blueprint for full statist control.

Orwell was dying of tuberculosis when he wrote "1984" and passed away after its publication in 1949. Once you have their attention and they have read the book, it is time to show snowflakes the MANY obvious parallels between Orwellian concepts and modern society.

NEWSPEAK AND THOUGHT CRIME

You can start with soft targets like Newspeak (today's examples include gems like cis-gender labels and other politically correct BS).

Now move to the "thought police" and thought crime in general.

Explain how thought and speech crime keep the globalist model alive and ticking by discouraging independent thought and discussion.

Explain how state-financed institutions seek to implant these concepts at an early age and onwards into university education.

Provide real-life newspeak and double-think examples, such as "police-action" "regime-change", "coalition of the willing" and "collateral damage". Show how these are really just PC euphemisms for "wars of aggression" and "murder". If you have a picture of a droned wedding party handy, now is the time to use it.

Also mention people who have been silenced, prosecuted or even killed for committing "hate crimes" or other political blasphemies. Explain how this often occurs while they are standing up for or using their constitutionally protected human rights.

Name some of these people: Randy and Vicki Weaver, David Koresh, Marine Le Pen, Geert Wilders, Julian Assange, William Binney, Edward Snowden and Chelsea Manning

Show them how this trend is ongoing both in the USA and abroad, and is primarily being deployed against populist politicians who promote more individual rights and reduced state control over citizens. Ask them whether or not they can see a pattern developing here.

Above all, d on't waste time with cheap shots at identity politics and its absurd labelling. This will just polarize the more brainwashed members of your audience. Stick to the nitty gritty and irrefutable facts.

And be very careful here, because if they have insufficient vocabulary to understand or critique what you are saying, you will lose them. Which was the whole point of Newspeak. Of course you can use this failed learning opportunity to demonstrate just how successful the Newspeak program has been.

TELESCREENS

Tell them about the real life "Telescreens" that can now listen to you, even when turned off. Name one of their known manufacturers: Samsung and users: Central Intelligence Agency

Show them how these same telescreens are used to pump out constant lies from the MSM whenever they are turned on. Name some of these organizations: CNN, BBC, MSNBC, FOX, etc.

MASS SURVEILLANCE and the "PANOPTICON"

Talk to them about the modern surveillance state and how it will always be abused by corporate globalists and corrupt elites.

Describe how mass-surveillance service providers (MSSPs) and MSM stooges have become obscenely rich and powerful as the real-life proles (who were 85% of the population in "1984") struggle to put food on the table, pay their debts, find a decent job or buy a home. Tell them to find out how much wealth is owned by 8 very wealthy people relative to the poorest half of the world, and how this trend is accelerating. Name a few of them: Bill Gates, Mark Zuckerberg, Carlos Slim, etc.

Show how the previously enacted, totalitarian US policies, programs and laws have been extensively deployed, lobbied for, used and abused by the very Big-Brothers (Clinton and Obama) they so adored. Even George W is swooning progressives again.

Name some of these policies, programs and laws: Patriot Act, SOPA, US Telecommunications Act, FISA, Echelon, PRISM, and Umbrage

Explain why this whole surveillance system, its operators and proponents must be completely dismantled and reined in or imprisoned, unless we wish all whistle blowers, dissidents and normal citizens to end up like Winston Smith.

ETERNAL WAR AND THE BROTHERHOOD

Explain how eternal war keeps the proles from getting too restless and questioning their leaders. How it leads to modern strategic idiocies like "Osama Bin Laden and the Mujahedeen are steadfast allies against Russian totalitarianism, which is why the CIA needs to give them Stingers" (aka Operation Cyclone). Or the illegal provision of arms and funds to countries with questionable human rights records (KSA, Iran, Nicaragua, Guatemala, Israel.....)

Explain how this leads to, nay requires, state-propagated lies like WMD to justify illegal military actions against sovereign nation states like Iraq, Libya and Syria.

Show how 9/11 was used to target a former-ally Osama and his Taliban brotherhood and prepare the terrain for eternal war, even though the real criminals were actually in DC, Riyadh and other world capitals. Explain how letting Osama escape from Tora Bora was all part of this intricate plan for the PNAC, until he finally outlived his usefulness as a bogeyman. If they disagree, ask for their counter-argument and proofs.

Explain how these same criminals then made a financial killing when our real life Oceania went to war bigly with Eastasia. How this resulted in over a million civilian deaths (half of them children), around 80,000 terrorists and perhaps 10,000 uniformed soldiers/contractors. Show them videos where US officials justify this slaughter as "worth it", unimportant or irrelevant. Ask what kind of individuals could even say these things or let them happen. If they can't answer, name a few: Madeleine Albright, Hillary Clinton, Barack Obama, George W. Bush and Dick Cheney.

At this point, you may need to take a break as listeners will soon have trouble distinguishing between real-life events and those in Orwell's book.

WAR IS PEACE, FREEDOM IS SLAVERY, IGNORANCE IS STRENGTH

Next, explain how real, imagined or simulated terrorist outrages can be manipulated to influence electorates. This is done by creating or allowing atrocities that frighten citizens into seeking "safety". These citizens will then vote in corrupt, globalist leaders who promise to keep them safe. These same leaders can then curtail freedoms in their previously democratic, freedom-loving nation states. New terrorist threats can always be used to justify more restrictions on free movement and state-mandated invasions of personal privacy.

If your snowflakes don't agree with this, name some leaders responsible for bad laws, policies and the ensuing restrictions on civil liberties:

Tony Blair, George W Bush, Angela Merkel, Theresa May and Francois Hollande.

Name some events as well: Oklahoma City, 911, 7/7 Sandy Hook, 11-M

Also mention that the USA has not waged a single legal, constitutional, Congress-declared war since 1945. But that the USA has been involved in hot or cold wars for all but 5 of the past 71 years.

HISTORY AND BACKGROUND

Tell them that Orwell's original book title was actually "1944" (already past), but that his publisher vetoed this choice saying it could hurt sales.

Then explain how 1944-45 was actually the perfect crucible for the divisive, right-left political paradigm we live in today and many of the concepts presciently described in Orwell's chilling masterpiece.

EPILOGUE

Tell them everything, until their brains hurt, their eyes water and their ears bleed.

Eventually even the iciest snowflakes will get it.

Of course, some will cry, and some will have temper tantrums and meltdowns.

But a few might just wake up, start reading real books and get a proper education.

This is when the healing can begin.

Those thinking a career in gender-diversity-issue management is still the way forward may figure it out later, God help them. Until then, we should just pity them.

dearth vader , Mar 11, 2017 5:03 AM

Ira Levin's "This Perfect Day" (1970) is from the same dystopian mold. In the late Eighties, my then teenage daughter kept reading it, till it literally fell apart.

How technology has "advanced"! People in this phantasy had to wear bracelets with which they checked in and out of buildings and areas. Reality always seems to surpass the imaginative powers of SF-writers.

Maestro Maestro , Mar 11, 2017 5:16 AM

The problem is not your government.

YOU are the problem.

Your government is not populated by reptilians from outer space. The politicians and the bankers, lawyers are YOUR sons and daughters. You gave birth to them, you educated them, you taught them their values.

YOU pull the trigger when the government says KILL! YOU vote Democrat or Republican EVERY TIME. Yet you have the temerity to blame them when you don't get what you wanted.

Scum,

Hitler didn't kill anyone as fas as we know, in WWII. People [YOU] killed people. You blame the Jews because the wars they incite you to fight result in blowback to you. Why do you blame them because YOU jumped when they said JUMP! YOU are the ones flying the fighter jets and firing the tank shells against foreign populations living 10,000 miles away from your land, and who have not attacked you. NO ONE does anything unless they wanted to, in the first place. In any case, YOU are responsible for YOUR actions. This we all know.

Even your own money the US dollar is illegal according to your own US Constitution (Article 1, Section 10) yet you commit mass murder and mass torture throughout the world in order to impose it on everyone?

Fuck you, American.

BrownCoat , Mar 11, 2017 6:59 AM

The liberals are promoting the book (Nineteen Eighty-Four). IMO, that's great! Orwell's book is a classic and accurately describes features in our current society.

The downside is that the liberals won't understand it . They are promoting the idea that Trump is a fascist. They don't see that they themselves are fascists (albeit a different brand of fascism). Ironic that the book could help them see past the indoctrinated haze of their perspective, but it won't. The future, from my perspective, is a boot stamping on a human face forever.

Robert of Ottawa -> BrownCoat , Mar 11, 2017 8:09 AM

Fascism as a style of government rather than philosophy .

RevIdahoSpud3 , Mar 11, 2017 9:07 AM

I read 1984 in 1960 as a freshman in HS. Spent the next 24 years waiting. I don't remember details but I do remember it was upsetting at the time to picture my future as depicted by Orwell. It might be more interesting to me now to go back to the publishing date and study the paradigm that Orwell lived under to get a perspective of his mindset. He wasn't a US citizen. He was born in India, moved to England with his mother, had little contact with his father, was sickly and lonely as a child and suffered from tuberculosis as an adult, served in Burma for five years as a policeman, fought Soviet backed Communsts in the Spanish Civil War, fought Facism, believed in Democratic socialism or Classless socialism.

His book Animal Farm was a satire on Stalin and Trotsky and 1984 * gave readers a glimpse into what would happen if the government controlled every detail of a person's life, down to their own private thoughts. (*online bio). The battles in Europe were life and death with the goal of survival.

The European cauldron produced or nurtured, IMO, the seeds of most social evils that exist today. In Orwell's era society was changing and reacting to the Machine age which was followed by the Atomic age, the Space age and to the current Information age. He died in 1950 but in his environment, the Machine age is where he related. The forces (of evil) at work in his era still exist today with the additions of the changes brought by the later ages. We don't contend with the physical (at least not initially) conquerors such as the Genghis Khan, Mohamed, Alexander, Roman conquest etc. of the past but the compulsion of others to control our lives still exists just in different forms. We as a society react or comply and have the same forces to deal with as did Orwell but also those that resulted in the later eras. 1984 was actually the preview of the information age that Orwell didn't experience.

We are now programed (propagandized) from pre school to the home for the elderly. We are initially taught as children, continue through college, and are forever conditioned by media such as TV, Movies, Radio, Newspapers and Advertising our entire lives. The younger generations are not taught to think independently or critically but instead indoctrinated with pre packaged knowledge 'propaganda' while older generations assess outcomes from a different perspective. There is as a result, a clash within the society which we are experiencing today.

Through the modern (at least recorded) ages the underlying force no matter what era humans lived through was the conflict of...religion. In the name or names of God and whose god is the true god and which god will rule. Even in the most 'godless' societies it is the underlying force. There are many who do not believe in god or a god and by extension should or do not believe in satin. Good vs Evil? It's always there, although we are encouraged not to mention it?

Can't say I need another go at 1984 from Costco but I do need another indoor/outdoor vacuum and right now they have one with a manufacturers discount of 5. See you there! Collectivism Killz , Mar 11, 2017 9:24 AM 1984 is really just a knock off of Evgeny Zemyatin's "We," which is frankly a better account of dystopian authoritarianism from someone who wrote shortly after the Russian Revolution. FrankDrakman -> Collectivism Killz , Mar 11, 2017 9:39 AM This is not true. Orwell's book touched on major points, such as the destruction of people's ability to communicate real ideas by perversion and simplification of language, that are not discussed elsewhere. It is a unique and disturbing view of totalitarian regimes. Atomizer , Mar 11, 2017 10:22 AM Tyler, your missing the point. 1984 was about controlling the news and airwaves. Farenheit 451 was about burning history. The two go hand in hand. Nobodys Home , Mar 11, 2017 10:23 AM Manipulation of the news is not new folks: The similarity of the major networks evening "news" programs has given rise to a report that, each day, a list of ten or twelve "acceptable" news stories is prepared by British Intelligence in London for the networks, teletyped to Washington, where the CIA routinely approves it, and then delivered to the networks. The "selectivity" of the broadcasters has never been in doubt. Edith Efron, in "The News Twisters," (Manor Books, N.Y., 1972) cites TV Guide's interview with David Brinkley, April 11, 1964, with Brinkley's declaration that "News is what I say it is. It's something worth knowing by my standards." This was merely vainglorious boasting on Brinkley's part, as he merely reads the news stories previously selected for him. Sinophile -> Nobodys Home , Mar 11, 2017 11:33 AM "REMEMBER THE MAINE!" That false flag headline is over a century old. Dragon HAwk , Mar 11, 2017 10:53 AM Next time you are in a Best Buy.. go up to the Geek Squad guy and say... "So how does it feel to work for the CIA " Al Bondiga , Mar 11, 2017 11:13 AM Fuck the Washington Post. As Katherine Austin Fitts has suggested, it is essentially the CIA's Facebook wall. The same could be said of the NYT as well. SurfinUSA , Mar 11, 2017 1:37 PM Bezos has no problem selling "1984" on Amazon. https://tinyurl.com/hdmhu75 He's collecting the sales price and sticking it in his pocket. He's not making a joke out of it. Bezos is a lunatic. The Washington Post is full of shit. End of story. Amy G. Dala -> SurfinUSA , Mar 11, 2017 2:23 PM James Rosen from Fox, he was at a state dept briefing with that little weasel Kirby, and Kirby stated that the negotiations over the Iran "deal" were all overt and "above the table." He remembered, tho, a briefing years earlier from the witch Psaki, who stated that sometimes, in interests of expedience, aspects of the negotiations are not made public. Rosen goes back to state dept video archives, finds out that his whole exchange with Psaki has been erased. Weasel Kirby, when asked how this happened, who did it, who ordered it, blames it on a "technical glitch." It's a slippery fuckin slope. Only now the progressives are finding relevance in 1984? #### [Mar 16, 2017] Is Trump administration under survellance from its own intelligence agencies? ###### Mar 16, 2017 | economistsview.typepad.com rjs -> pgl... March 14, 2017 at 02:16 PM , 2017 at 02:16 PM it's obvious that Conway was reading about the wikileaks release of the CIA's Vault 7, which shows they have the capability of remotely turning over the counter smart phones and TVs into spying devices...the release was widely covered in the foreign press, not so much here.. 1) The CIA has the ability to break into Android and iPhone handsets, and all kinds of computers. The US intelligence agency has been involved in a concerted effort to write various kinds of malware to spy on just about every piece of electronic equipment that people use. That includes iPhones, Androids and computers running Windows, macOS and Linux. 2) Doing so would make apps like Signal, Telegram and WhatsApp entirely insecure Encrypted messaging apps are only as secure as the device they are used on – if an operating system is compromised, then the messages can be read before they encrypted and sent to the other user. WikiLeaks claims that has happened, potentially meaning that messages have been compromised even if all of the usual precautions had been taken. 3) The CIA could use smart TVs to listen in on conversations that happened around them. One of the most eye-catching programmes detailed in the documents is "Weeping Angel". That allows intelligence agencies to install special software that allows TVs to be turned into listening devices – so that even when they appear to be switched off, they're actually on. 4) The agency explored hacking into cars and crashing them, allowing 'nearly undetectable assassinations' 5) The CIA hid vulnerabilities that could be used by hackers from other countries or governments Such bugs were found in the biggest consumer electronics in the world, including phones and computers made Apple, Google and Microsoft. But those companies didn't get the chance to fix those exploits because the agency kept them secret in order to keep using them, the documents suggest. 6) More information is coming. The documents have still not been looked through entirely. There are 8,378 pages of files, some of which have already been analyzed but many of which hasn't. When taken together, those "Vault 7" leaks will make up the biggest intelligence publication in history, WikiLeaks claimed. #### [Mar 13, 2017] Boris and Natasha version of hacking might well be a false flag operation. How about developing Russian-looking hacking tools in CIA? To plant fingerprints and get the warrant for monitoring Trump communications ##### Notable quotes: ##### "... If you did not noticed Vault 7 scandal completely overtook everything else now. This is a real game changer. ..." ##### "... Tell me who stole the whole arsenal of CIA hacking tools with all the manuals? Were those people Russians? ..." ###### Mar 13, 2017 | economistsview.typepad.com Am I alone in thinking that Preet Bharara, the just fired US Attorney for Southern District of New York, would be the ideal Special Prosecutor of the Trump - Russia investigation Tom aka Rusty -> im1dc... Sunday, March 12, 2017 at 11:41 AM Bharara did not push back against "too big to prosecute" and sat out the biggest white collar crime wave in the history of the world, so why is he such a saint? Lots of easy insider trading cases. im1dc -> Tom aka Rusty... Sunday, March 12, 2017 at 05:01 PM I don't think you considered the bigger picture here which includes in Bharara's case his bosses to whom he would have to had run any cases up the flag pole for approval and Obama and Company were not at the time into frying Wall Street for their crimes b/c they were into restarting the Bush/Cheney damaged, almost ruined, US and global Economy. libezkova -> im1dc... Sunday, March 12, 2017 at 09:11 PM If you did not noticed Vault 7 scandal completely overtook everything else now. This is a real game changer. Just think, how many million if not billion dollars this exercise in removing the last traces of democracy from the USA and converting us into a new Democratic Republic of Germany, where everybody was controlled by STASI, cost. And those money were spend for what ? BTW the Stasi was one of the most hated and feared institutions of the East German government. If this is not the demonstration of huge and out of civil control raw power of "deep state" I do not know what is. If you are not completely detached from really you should talk about Vault 7. This is huge, Snowden size scandal that is by the order of magnitude more important for the country then all those mostly fake hints on connections of Trump and, especially "Russian hacking". Tell me who stole the whole arsenal of CIA hacking tools with all the manuals? Were those people Russians? If not, you should print your last post, shred is and eat it with borsch ;-). libezkova -> libezkova... Sunday, March 12, 2017 at 10:01 PM From this video it looks like CIA adapted some Russian hacking tools for their own purposes. https://www.youtube.com/watch?v=8Z6XGl_hLnw In the world of intelligence false flag operations is a standard tactics. Now what ? Difficult situation for a Midwesterner... libezkova -> libezkova... Another difficult to stomach hypothesis: "Boris and Natasha" version of hacking might well be a false flag operation. How about developing Russian-looking hacking tools in CIA? To plant fingerprints and get the warrant for monitoring Trump communications. VAULT 7: CIA Staged Fake Russian Hacking to Set Up Trump - Russian Cyber-Attack M.O. As False Flag https://www.youtube.com/watch?v=B4CHcdCbyYs == quote == Published on Mar 7, 2017 "The United States must not adopt the tactics of the enemy. Means are important, as ends. Crisis makes it tempting to ignore the wise restraints that make men free. But each time we do so, each time the means we use are wrong, our inner strength, the strength which makes us free, is lessened." - Sen. Frank Church WikiLeaks Press Release Today, Tuesday 7 March 2017, WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency. Code-named "Vault 7" by WikiLeaks, it is the largest ever publication of confidential documents on the agency. The first full part of the series, "Year Zero", comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA's Center for Cyber Intelligence in Langley, Virgina. It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election. Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive. "Year Zero" introduces the scope and direction of the CIA's global covert hacking program, its malware arsenal and dozens of "zero day" weaponized exploits against a wide range of U.S. and European company products, include Apple's iPhone, Google's Android and Microsoft's Windows and even Samsung TVs, which are turned into covert microphones. Since 2001 the CIA has gained political and budgetary preeminence over the U.S. National Security Agency (NSA). The CIA found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force - its own substantial fleet of hackers. The agency's hacking division freed it from having to disclose its often controversial operations to the NSA (its primary bureaucratic rival) in order to draw on the NSA's hacking capacities. #### [Mar 13, 2017] Here is the edited version of Dr Steve Pieczenik interview ##### Video ###### www.youtube.com #### [Mar 11, 2017] US spies still wont tell Congress the number of Americans caught in dragnet ##### Notable quotes: ##### "... Trump at least seems to have a problem with him or his associates being spied on lately. ..." ##### "... Nothing can be done because the intelligence services are in the privileged position of being able to sabotage anybody's political career. So everyone keeps going through the motions of simulating free will while actually only doing as they're told. And it will only get worse so brace for it. ..." ##### "... So essentially, the 3 letter agencies are not accountable to the US government. They can lie, cheat and hide information at will without any kind of consequence. They are running the show. ..." ##### "... The US people has completely lost control over their governance. The constitution is a totally empty shell. ..." ##### "... You would need more then just IP's to make that determination - anyone with a VPN can have an American IP address, same with TOR exit nodes. ..." ##### "... The heads of these agencies knows if they ever say any number, that will be the end due to outrage. There is little to be gained, unless they are sent to prison. If I were a senator, I'd give immunity to some of the whistle blowers to find the truth. Give them a chance to testify about their bosses. ..." ##### "... If they're scanning the backbone, AND checking the main sites people go to, that's pretty danged close to everybody. ..." ##### "... The evasiveness is deceptive in and of itself. When the NSA says it "would require the Intelligence Community to conduct exhaustive analysis of every unknown identifier in order to determine whether they are being used inside or outside the U.S." that's because they don't even count the data as "collected" unless an analyst looked at it. Recorded? Doesn't count. Searched by computer programs for keywords or pattern matching? Doesn't count. A human looked at it? Ok, that counts. ..." ##### "... By our definition, which says if you put the data in your database and use it when running searches, that data has been collected, there's no doubt the number is nearly the same as the US population, discounting only people with no online presence (e.g. infants). ..." ###### Mar 11, 2017 | arstechnica.com In 2013, a National Security Agency contractor named Edward Snowden revealed US surveillance programs that involved the massive and warrantless gathering of Americans' electronic communications. Two of the programs, called Upstream and Prism , are allowed under Section 702 of the Foreign Intelligence Surveillance Act. That section expires at year's end, and President Donald Trump's administration, like his predecessor's administration, wants the law renewed so those snooping programs can continue. That said, even as the administration seeks renewal of the programs , Congress and the public have been left in the dark regarding questions surrounding how many Americans' electronic communications have been ensnared under the programs. Congress won't be told in a classified setting either, despite repeated requests. mod50ack , Smack-Fu Master, in training Mar 10, 2017 6:38 AM Popular Yeah, you're not going to see anybody in the Federal Government really stopping this, no matter their party. 99 posts | registered 2/23/2014 gmerrick , Ars Praefectus Mar 10, 2017 6:40 AM Popular If a government employee is not answering questions to the comittees regarding these issues, what measures can the comitties take to force an answer? Can they impeach, or compel testimony? Can they throw somebodies ass in jail until the question gets answered? 3033 posts | registered 9/20/2006 Ziontrain , Ars Praefectus Mar 10, 2017 6:40 AM Popular Thing is, we all know two things: 1) the number is 300 million + 2) the "esteemed" members of congress are singled out for special surveillance As a result, the only possible outcome is the same procedure as all the previous times: congress rolls over. As should everyone's eyes who is watching this elaborate kabuki performance... 3189 posts | registered 7/7/2006 d4Njv , Ars Scholae Palatinae Mar 10, 2017 7:23 AM Popular mod50ack wrote: Yeah, you're not going to see anybody in the Federal Government really stopping this, no matter their party. Trump at least seems to have a problem with him or his associates being spied on lately. Not sure how he feels about ordinary Americans /s. 1635 posts | registered 10/1/2013 close , Wise, Aged Ars Veteran Mar 10, 2017 7:25 AM gmerrick wrote: If a government employee is not answering questions to the comittees regarding these issues, what measures can the comitties take to force an answer? Can they impeach, or compel testimony? Can they throw somebodies ass in jail until the question gets answered? Nothing can be done because the intelligence services are in the privileged position of being able to sabotage anybody's political career. So everyone keeps going through the motions of simulating free will while actually only doing as they're told. And it will only get worse so brace for it. arcite , Ars Legatus Legionis Mar 10, 2017 7:35 AM mod50ack wrote: Yeah, you're not going to see anybody in the Federal Government really stopping this, no matter their party. Ostensibly, they have the power to bring down the Trump admin...odds are he will increase their funding. AHuxley , Wise, Aged Ars Veteran Mar 10, 2017 7:45 AM gmerrick wrote: If a government employee is not answering questions to the comittees regarding these issues, what measures can the comitties take to force an answer? Can they impeach, or compel testimony? Can they throw somebodies ass in jail until the question gets answered? The lack of overnight issue was attempted in the 1970's with the Church Committee. https://en.wikipedia.org/wiki/Church_Committee All that domestic US spying should have been stopped. Operation CHAOS https://en.wikipedia.org/wiki/Operation_CHAOS showed domestic legal protections did not work. boondox , Ars Centurion Mar 10, 2017 8:04 AM Reisner wrote: The American people don't know and don't care to know. John Conyers really need to focus on the things that matter, like stopping Detroit from sinking into the abyss; getting jobs for his constituents; lowering the amount of kids being born out of wedlock and preventing them from killing each other over trivial things like clothes and being disrespected. I agree with you on the underlined. America seems more interested in amusing itself to death more than anything. The representatives of the people have their work cut out for them. Personne , Ars Scholae Palatinae Mar 10, 2017 8:28 AM So essentially, the 3 letter agencies are not accountable to the US government. They can lie, cheat and hide information at will without any kind of consequence. They are running the show. The US people has completely lost control over their governance. The constitution is a totally empty shell. AHuxley , Wise, Aged Ars Veteran Mar 10, 2017 8:37 AM Personne wrote: So essentially, the 3 letter agencies are not accountable to the US government. The US people has completely lost control over their governance. The constitution is a totally empty shell. Its more that staff feel Congress has no oversight as who they work for did not get established by Congress. The question of oversight authority was used to avoid questions until the 1970's. AutisticGramma , Ars Scholae Palatinae Mar 10, 2017 8:45 AM AHvivere wrote: Small nitpick to the author. You do know that having that particular picture on there constitutes a spillage for every single DoD and Federal employee that clicks on the article to read it right? And this is exactly why it should stay up. These agencies behavior is creating this for themselves. No over sight no funding, who ever signs the check is on the hook. The fed budget needs to reflect this. Someone signed off on authority to operate. SewerRanger , Ars Centurion et Subscriptor Mar 10, 2017 8:50 AM Hookgrip wrote: I would assume that they're collecting IP addresses along with this traffic. Couldn't that be used to generate at least a rough estimate of the number of US citizens targeted? Is there another way to generate a good estimate? You would need more then just IP's to make that determination - anyone with a VPN can have an American IP address, same with TOR exit nodes. This number would be completely useless. You'd have to cross reference the IP with a bunch of other data and that leads to a catch-22: you'd have to maintain a database of American data to be able to detect when you have American data so you can not keep it except what you have in your database of American data that you use to detect American data so you can not keep it. arcite , Ars Legatus Legionis Mar 10, 2017 8:54 AM Personne wrote: So essentially, the 3 letter agencies are not accountable to the US government. They can lie, cheat and hide information at will without any kind of consequence. They are running the show. The US people has completely lost control over their governance. The constitution is a totally empty shell. Vast bureaucracies have a life of their own, detached from the earthly proclivities of democractic transitions. Buchliebhaber , Wise, Aged Ars Veteran et Subscriptor Mar 10, 2017 9:18 AM Quote: Still, US spies say they don't track the number of Americans caught in this dragnet, in part to protect Americans' privacy. Performing this task would require spies to de-anonymize phone numbers and IP addresses to determine whether they're American, according to April Doss, a former NSA lawyer who testified (PDF) before the House Judiciary Committee on March 1. This seems to imply that they're reading the request to "get the count of Americans monitored" extremely literally, interpreting it as "get the exact number of Americans". The NSA has some very good mathematicians - they should easily be able to give a pretty highly accurate estimate using the sample data they already have from when they've de-anonymized targeted persons. Bodacious , Smack-Fu Master, in training Mar 10, 2017 9:21 AM AHvivere wrote: You are literally saying that 5 million people are bad. You sound retarded. I think he literally said the agencies' behavior is bad, which is literally not the same thing as saying everyone who works for them is. Are you a DoD or Federal employee? AutisticGramma , Ars Scholae Palatinae Mar 10, 2017 9:29 AM Buchliebhaber wrote: Still, US spies say they don't track the number of Americans caught in this dragnet, in part to protect Americans' privacy. Performing this task would require spies to de-anonymize phone numbers and IP addresses to determine whether they're American, according to April Doss, a former NSA lawyer who testified (PDF) before the House Judiciary Committee on March 1. This seems to imply that they're reading the request to "get the count of Americans monitored" extremely literally, interpreting it as "get the exact number of Americans". The NSA has some very good mathematicians - they should easily be able to give a pretty highly accurate estimate using the sample data they already have from when they've de-anonymized targeted persons, +/-10%. This estimate I'm sure was rolling around in the head of someone at the table. The whole point of the system is to provide information that they're requesting, literally how computers work. Stonewalling Congress needs to be a good way to find an agency with out funding or mandate. Instead it's more like Kanye stealing the mic at the grammys, but with more chest medals. AHuxley , Wise, Aged Ars Veteran Mar 10, 2017 9:31 AM AutisticGramma wrote: Do you have some context for 5 million people, this comment is an island not found on any map. The 5.1 million people number? Its amount of people who held some US government security clearance as of around 2013. Confidential, Secret, Top Secret, Gov staff, Contractors as a total. TheFu , Ars Scholae Palatinae Mar 10, 2017 9:32 AM We should send them to Guantanamo Bay until they talk and cut their funding 50%. The US Govt is supposed to work FOR US citizens. Something has gone wrong. People need to be held accountable. Spying on everyone is NOT ok without an individual, specific, tied-to-location, warrant signed by a judge outside some secret court. PERIOD. The heads of these agencies knows if they ever say any number, that will be the end due to outrage. There is little to be gained, unless they are sent to prison. If I were a senator, I'd give immunity to some of the whistle blowers to find the truth. Give them a chance to testify about their bosses. AnchorClanker , Wise, Aged Ars Veteran et Subscriptor Mar 10, 2017 9:40 AM Seems like it would be a minor exercise to analyze a valid sample of their intercepts and to project with enough accuracy to answer the question. A cynic might suspect that the answer to, "How many Americans' electronic communications have been ensnared under the programs?" may well be, "All of them." waasoo , Wise, Aged Ars Veteran Mar 10, 2017 9:41 AM Reisner wrote: The American people don't know and don't care to know. John Conyers really need to focus on the things that matter, like stopping Detroit from sinking into the abyss; getting jobs for his constituents; lowering the amount of kids being born out of wedlock and preventing them from killing each other over trivial things like clothes and being disrespected. I agree with a part of your sentiment but feel, maybe wrongly, that you are also hiding racism behind those words. The part that I agree with - most people don't care enough about spying programs or which 3 letter agency is scanning their ass. You can probably get 100 million Americans to sign a petition on facebook or twitter or your neighborhood supermarket and only because those are low investment options. There is nothing wrong with such an existential position; I am guilty of that for most part of the day. If the scanning keeps me "safe" and I have nothing to hide, why bother? Now, you will get a lot more people involved if such scanning led to prosecution for the little technical crimes we do every day of our life; until then this will continue if only with another name. 139 posts | registered 5/9/2012 yankinwaoz , Ars Centurion Mar 10, 2017 9:50 AM I'm sure Feinstein has her rubber stamp out. There is no request from NSA/CIA that she doesn't love. Grrrrrr... 321 posts | registered 2/20/2013 Jacee , Smack-Fu Master, in training Mar 10, 2017 9:56 AM Hookgrip wrote: I would assume that they're collecting IP addresses along with this traffic. Couldn't that be used to generate at least a rough estimate of the number of US citizens targeted? Is there another way to generate a good estimate? "Another way to generate a good estimate?" Certainly. Go to the US Census Bureau. They can get you real close. Or just google it. As of 2014, it was 318.4million If they're scanning the backbone, AND checking the main sites people go to, that's pretty danged close to everybody. bothered , Ars Scholae Palatinae Mar 10, 2017 10:13 AM yankinwaoz wrote: I'm sure Feinstein has her rubber stamp out. There is no request from NSA/CIA that she doesn't love. Grrrrrr... Don't vote for her again, I know I won't. Just got an email from Feinstein's office today with a laundry list of ways she is opposing Trump and his picks, no mention of national security issues. Im sure that Feinstein and the current Administration will come together on National Security - in their view its about "protecting American's" which I read as "covering my ass on my watch". ars diavoli , Ars Centurion Mar 10, 2017 10:46 AM gmerrick wrote: If a government employee is not answering questions to the comittees regarding these issues, what measures can the comitties take to force an answer? Can they impeach, or compel testimony? Can they throw somebodies ass in jail until the question gets answered? They could start cutting budgets, but that won't happen. carcharoth , Ars Scholae Palatinae Mar 10, 2017 10:56 AM "Congress and the public have been left in the dark regarding questions surrounding how many Americans' electronic communications have been ensnared under the programs." how is this acceptable? how are these programs still running period? where is the outcry? why wont they tell? because its not about "dragnet casualties," they're not accidentally spying on Americans, they've got a system they use to spy on who they want when they want to Its insane that these organizations can lie to the people, to their own gov't, and not get torn down AutisticGramma , Ars Scholae Palatinae Mar 10, 2017 11:03 AM The 5.1 million people number? Its amount of people who held some US government security clearance as of around 2013. Confidential, Secret, Top Secret, Gov staff, Contractors as a total. And how many of them are responsible for signing off on carte blanche spying on Americans with 0 oversight. Since clearance is on a need to know basis, did that many people need to know? I see you looking to divide and conquer here, you just end up sounding guilty. 5.1 million people wanted a paycheck while serving their country and deserve one. Around 500 elected officials are letting a select few ruin all of this for rest of us because rules are 'unamerican.' This is what happens 20 years after 'rules kill jobs' the same business leaders who didn't need rules 'cause jobs' now don't need rules as government appointees. NotJustAnotherRandmGuy , Wise, Aged Ars Veteran Mar 10, 2017 11:08 AM Hookgrip wrote: I would assume that they're collecting IP addresses along with this traffic. Couldn't that be used to generate at least a rough estimate of the number of US citizens targeted? Is there another way to generate a good estimate? All of it... the answer is all of it. Everything. Everybody. All. https://en.wikipedia.org/wiki/Mark_Klein BobsYourUncleBob , Ars Tribunus Militum Mar 10, 2017 11:22 AM We cannot provide an answer to your request, Senator, simply because we don't know the answer. Should we ever embark upon data analysis that would provide the answer you're seeking, such action would constitute an unnecessary and unwarranted intrusion on the privacy of U.S. persons; without specific statutory authorization, it would likely also be unlawful, since it would be both intrusive and unrelated to any need for foreign intelligence gathering. And we don't want to act in any manner that may be regarded as unlawful ... unless Congress were to provide authorization for us to do so ... Then there is the matter of resource allocation: current budgets constrain us from embarking upon such a program of data analysis, in terms of both the hardware and human resources that such a program would require. Estimates on the additional funding that such a program would require have been developed, however these budgetary requirements cannot be released to Congress, as they are classified. Should Congress decide to provide both authorization and funding for such a program, we can advise on the number of zeros ( "0" ) that the funding authorization should include. In summary, Senator, it would appear that "the ball is entirely in your court" so to speak ... jdale , Ars Tribunus Militum Mar 10, 2017 11:26 AM The evasiveness is deceptive in and of itself. When the NSA says it "would require the Intelligence Community to conduct exhaustive analysis of every unknown identifier in order to determine whether they are being used inside or outside the U.S." that's because they don't even count the data as "collected" unless an analyst looked at it. Recorded? Doesn't count. Searched by computer programs for keywords or pattern matching? Doesn't count. A human looked at it? Ok, that counts. By this definition, they should be able to produce a deceptively low number, perhaps thousands to tens of thousands per year. By our definition, which says if you put the data in your database and use it when running searches, that data has been collected, there's no doubt the number is nearly the same as the US population, discounting only people with no online presence (e.g. infants). In any case, the fact that they have prevaricated about this for the past 6 years makes pretty clear that the answer will not look good. It's time to end these programs. If they want them renewed, the replacements will need real oversight. #### [Mar 11, 2017] Snowden What The Wikileaks Revelations Show Is Reckless Beyond Words ##### Notable quotes: ##### "... The CIA reports show the USG developing vulnerabilities in US products, then intentionally keeping the holes open. Reckless beyond words. ..." ##### "... Evidence mounts showing CIA & FBI knew about catastrophic weaknesses in the most-used smartphones in America, but kept them open -- to spy. ..." ##### "... So the CIA was doing the NSA's job, dropped the ball and let the weapons out to the world. I wonder if they were using these "tools" domestically outside of their mandate? As an agency you couldn't be more incompetent. Does anyone understand how much security they (CIA) have just compromised? This is so serous it's insane. ..." ##### "... The issue is now all that software is running on nearly every computer out there. Every computer in the current paradigm is considered a security risk. ..." ##### "... Android is Linux based as well as the routers that have been reportedly compromised use Linux as a Operating system. Nothing has been spared. ..." ##### "... Now if IBM Mainframes are compromised it means, Banks, Insurance, and other behemoths (they mostly use IBM Main Frames for their back-end functions) maybe ticking time bombs. Scary shit. ..." ###### Mar 07, 2017 | www.zerohedge.com While it has been superficially covered by much of the press - and one can make the argument that what Julian Assange has revealed is more relevant to the US population, than constant and so far unconfirmed speculation that Trump is a puppet of Putin - the fallout from the Wikileaks' "Vault 7" release this morning of thousands of documents demonstrating the extent to which the CIA uses backdoors to hack smartphones, computer operating systems, messenger applications and internet-connected televisions, will be profound. As evidence of this, the WSJ cites an intelligence source who said that " the revelations were far more significant than the leaks of Edward Snowden ." Mr. Snowden's leaks revealed names of programs, companies that assist the NSA in surveillance and in some cases the targets of American spying. But the recent leak purports to contain highly technical details about how surveillance is carried out. That would make them far more revealing and useful to an adversary, this person said. In one sense, Mr. Snowden provided a briefing book on U.S. surveillance, but the CIA leaks could provide the blueprints. Speaking of Snowden, the former NSA contractor-turned-whistleblower, who now appears to have a "parallel whisteblower" deep inside the "Deep State", i.e., the source of the Wikileaks data - also had some thoughts on today's CIA dump. In a series of tweets, Snowden notes that "what @Wikileaks has here is genuinely a big deal", and makes the following key observations "If you're writing about the CIA/@Wikileaks story, here's the big deal: first public evidence USG secretly paying to keep US software unsafe " and adds that "the CIA reports show the USG developing vulnerabilities in US products, then intentionally keeping the holes open. Reckless beyond words ." He then asks rhetorically "Why is this dangerous?" and explains " Because until closed, any hacker can use the security hole the CIA left open to break into any iPhone in the world. " His conclusion, one which many of the so-called conspiratorial bent would say was well-known long ago: " Evidence mounts showing CIA & FBI knew about catastrophic weaknesses in the most-used smartphones in America, but kept them open -- to spy. " To which the increasingly prevalent response has become: "obviously." Still working through the publication, but what @Wikileaks has here is genuinely a big deal. Looks authentic. - Edward Snowden (@Snowden) March 7, 2017 If you're writing about the CIA/ @Wikileaks story, here's the big deal: first public evidence USG secretly paying to keep US software unsafe. pic.twitter.com/kYi0NC2mOp - Edward Snowden (@Snowden) March 7, 2017 The CIA reports show the USG developing vulnerabilities in US products, then intentionally keeping the holes open. Reckless beyond words. - Edward Snowden (@Snowden) March 7, 2017 Why is this dangerous? Because until closed, any hacker can use the security hole the CIA left open to break into any iPhone in the world. https://t.co/xK0aILAdFI - Edward Snowden (@Snowden) March 7, 2017 Evidence mounts showing CIA & FBI knew about catastrophic weaknesses in the most-used smartphones in America, but kept them open -- to spy. https://t.co/mDyVred3H8 - Edward Snowden (@Snowden) March 7, 2017 Looney -> PoasterToaster , Mar 7, 2017 2:33 PM The "Pandora's Box" cliché doesn't quite fit the use of Cyber Weapons, but another metaphor does – "Pinocchio's Screw". When Pinocchio discovered a screw inside of his belly button, he grabbed a screwdriver and two seconds later, his ass fell off . ;-) Looney froze25 -> nuubee , Mar 7, 2017 2:44 PM So the CIA was doing the NSA's job, dropped the ball and let the weapons out to the world. I wonder if they were using these "tools" domestically outside of their mandate? As an agency you couldn't be more incompetent. Does anyone understand how much security they (CIA) have just compromised? This is so serous it's insane. WordSmith2013 -> froze25 , Mar 7, 2017 2:56 PM "It doesn't get any bigger than Vault 7!" Vault 7 Opened Up: The Biggest Megillah of Them All CPL -> froze25 , Mar 7, 2017 3:06 PM Why do you think the geek community decided to go develop their own tools in parallel (Linux, BitCoin, DevOps platforms, etc)? We knew, we complained, we got shut down. The issue is now all that software is running on nearly every computer out there. Every computer in the current paradigm is considered a security risk. It also means the insurance industry now has to pull out of all insurance guarantees on engineered systems with an ISO certification for every industry. It's a fucked up mess that's going to cost tens of trillions of dollars to migrate and patch every existing system on the planet. froze25 -> CPL , Mar 7, 2017 3:22 PM Android is Linux based as well as the routers that have been reportedly compromised use Linux as a Operating system. Nothing has been spared. I believe IOS is UNix based (or IOS is just IOS) so that one is compromised as well. Now if UNIX is compromised that means (potentially) that IBM mainframes are compromised. Now if IBM Mainframes are compromised it means, Banks, Insurance, and other behemoths (they mostly use IBM Main Frames for their back-end functions) maybe ticking time bombs. Scary shit. #### [Mar 11, 2017] CIA faces huge problem over malware claims ###### Mar 11, 2017 | www.bbc.com BBC • WikiLeaks, the CIA and your devices: what the documents reveal FT • CIA contractors likely source of latest WikiLeaks release: U.S. officials Reuters. Neoliberalism's "market state" puts government functions up for sale. So it's not surprising that people sell them. • CIA Leak: "Russian Election Hackers" May Work In Langley Moon of Alabama. Watch for the "atttribution problem" when CrowdStrike testifies at the upcoming Russki hearings. As I've said, "Internet evidence is not evidence." • WikiLeaks strikes again. Here are 4 big questions about Vault 7. WaPo. "In cyberspace, we mainly have a reasonability problem, not an attribution problem." Oh. OK. • CIA Did Not Have Multi-Factor Authentication Controls for All Users as Recently as August 2016 emptywheel • Oh, that traitorous WikiTrump Pepe Escobar, Asia Times (Re Silc). • Spicer says 'massive difference' between CIA WikiLeaks leak and Podesta email leak ABC #### [Mar 10, 2017] CIA Leak Shows Sliding Down the Slippery Slope Toward Totalitarianism, Where Private Lives Do Not Exist ##### Notable quotes: ##### "... The elephant in the room is not privacy problems. It is blackmail for various purposes. ..." ##### "... This makes he US Government totally dysfunctional. the spread of such spy technique has created chaos. Latest news is that Democrats paid some hackers for not revealing their server information. ..." ##### "... I don't think this can be stopped. But we need more open discussion about blackmailing and thus protection from such methods. An elected President or Official should not have their private life discussed by the Media. It should be banned ..." ##### "... And Clinton never feared anything, probably because the CIA was in her pocket and could get the goods on anybody even Loretta Lynch. ..." ###### Mar 10, 2017 | www.zerohedge.com That the CIA has reached into the lives of all Americans through its wholesale gathering of the nation's "haystack" of information has already been reported. It is bad enough that the government spies on its own people. It is equally bad that the CIA, through its incompetence, has opened the cyberdoor to anyone with the technological skills and connections to spy on anyone else. The constant erosion of privacy at the hands of the government and corporations has annihilated the concept of a "right to privacy," which is embedded in the rationale of the First, Third, Fourth, Ninth and Fourteenth Amendments to the U.S. Constitution. It is becoming increasingly clear that we are sliding down the slippery slope toward totalitarianism, where private lives do not exist. We have entered a condition of constitutional crisis that requires a full-throated response from the American people. Before you label Kucinich as being overly-dramatic, you may want to note that Bill Binney – the high-level NSA executive who created the agency's mass surveillance program for digital information, the 36-year NSA veteran widely who was the senior technical director within the agency and managed thousands of NSA employees – told Washington's Blog that America has already become a police state. And Thomas Drake – one of the top NSA executives, and Senior Change Leader within the NSA – told us the same thing. And Kirk Wiebe – a 32-year NSA veteran who received the Director CIA's Meritorious Unit Award and the NSA's Meritorious Civilian Service Award – agrees (tweet via Jesselyn Radack, attorney for many national security whistleblowers, herself a Department of Justice whistleblower): It's not just NSA officials Two former U.S. Supreme Court Justices have warned that America is sliding into tyranny. A former U.S. President , and many other high-level American officials agree. #1 problem all other unconstitutional problems stem from FRB Wild E Coyote , Mar 9, 2017 8:58 PM The elephant in the room is not privacy problems. It is blackmail for various purposes. We have many indications that politicians, judges, officials and even other intel organizations are being blackmailed, and destroyed using lucid information from their private life. This makes he US Government totally dysfunctional. the spread of such spy technique has created chaos. Latest news is that Democrats paid some hackers for not revealing their server information. I don't think this can be stopped. But we need more open discussion about blackmailing and thus protection from such methods. An elected President or Official should not have their private life discussed by the Media. It should be banned. GRDguy , Mar 9, 2017 8:56 PM All we're really seeing is the wet dreams of banksters efforts of over 400+ years "to own the earth in fee-simple." Our real problem is that their efforts makes them richer while making everyone else poorer. The only way to stop the Money Kings is not to do business with them; an extremely difficult task. Sometimes The Dragon Wins JailBanksters , Mar 9, 2017 8:51 PM The old adage about, if you've got nothing to hide, you've got nothing to fear .... I don't think a lot of people realize the scope of this, because it's not about you. If Trump was hacked, that information could be used against him, like blackmail in order to change his action or direction on certain things. Clinton: You should be in Jail, they're GOOD People, so I won't be appointing a special prosecutor. And Clinton never feared anything, probably because the CIA was in her pocket and could get the goods on anybody even Loretta Lynch. That's what this is about. And that's why Trump can't win. #### [Mar 10, 2017] Democratic Party as the defenders of the surveillance state ###### Mar 10, 2017 | economistsview.typepad.com Peter K. : March 09, 2017 at 01:37 AM Democrats like PGL are big defenders of the surveillance state and hate on Wikileaks. Why is that? B/c they're anti-democratic and authoritarian. The NSA tapped Angela Merkel's phone. Way to alienate our allies. https://www.nytimes.com/2017/03/08/us/wikileaks-cia.html C.I.A. Scrambles to Contain Damage From WikiLeaks Documents By MATTHEW ROSENBERG, SCOTT SHANE and ADAM GOLDMAN MARCH 8, 2017 WASHINGTON - The C.I.A. scrambled on Wednesday to assess and contain the damage from the release by WikiLeaks of thousands of documents that cataloged the agency's cyberspying capabilities, temporarily halting work on some projects while the F.B.I. turned to finding who was responsible for the leak. Investigators say that the leak was the work not of a hostile foreign power like Russia but of a disaffected insider, as WikiLeaks suggested when it released the documents Tuesday. The F.B.I. was preparing to interview anyone who had access to the information, a group likely to include at least a few hundred people, and possibly more than a thousand. An intelligence official said the information, much of which appeared to be technical documents, may have come from a server outside the C.I.A. managed by a contractor. But neither he nor a former senior intelligence official ruled out the possibility that the leaker was a C.I.A. employee. The officials spoke on the condition of anonymity to discuss an ongoing investigation into classified information. The C.I.A. has refused to explicitly confirm the authenticity of the documents, but it all but said they were genuine Wednesday when it took the unusual step of putting out a statement to defend its work and chastise WikiLeaks. The disclosures "equip our adversaries with tools and information to do us harm," said Ryan Trapani, a spokesman for the C.I.A. He added that the C.I.A. is legally prohibited from spying on individuals in the United States and "does not do so." The leak was perhaps most awkward for the White House, which found itself criticizing WikiLeaks less than six months after the group published embarrassing emails from John D. Podesta, the campaign chairman for Hillary Clinton, prompting President Trump to declare at the time, "I love WikiLeaks." Sean Spicer, the White House spokesman, said the release of documents "should be something that everybody is outraged about in this country." There was, he added, a "massive, massive difference" between the leak of classified C.I.A. cyberspying tools and personal emails of political figures. The documents, taken at face value, suggest that American spies had designed hacking tools that could breach almost anything connected to the internet - smartphones, computers, televisions - and had even found a way to compromise Apple and Android devices. But whether the C.I.A. had successfully built and employed them to conduct espionage remained unclear on Wednesday. A number of cybersecurity experts and hackers expressed skepticism at the level of technical wizardry that WikiLeaks claimed to uncover, and pointed out that much of what was described in the documents was aimed at older devices that have known security flaws. One document, for instance, discussed ways to quickly copy 3.5-inch floppy disks, a storage device so out of date that few people younger than 35 have probably used one. One indication that the documents did not contain information on the most highly sensitive C.I.A. cyberespionage programs was that none of them appeared to be classified above the level of "secret/noforn," which is a relatively low-level of classification. The disclosures "equip our adversaries with tools and information to do us harm," said Ryan Trapani, a spokesman for the C.I.A. He added that the C.I.A. is legally prohibited from spying on individuals in the United States and "does not do so." The leak was perhaps most awkward for the White House, which found itself criticizing WikiLeaks less than six months after the group published embarrassing emails from John D. Podesta, the campaign chairman for Hillary Clinton, prompting President Trump to declare at the time, "I love WikiLeaks." Sean Spicer, the White House spokesman, said the release of documents "should be something that everybody is outraged about in this country." There was, he added, a "massive, massive difference" between the leak of classified C.I.A. cyberspying tools and personal emails of political figures. The documents, taken at face value, suggest that American spies had designed hacking tools that could breach almost anything connected to the internet - smartphones, computers, televisions - and had even found a way to compromise Apple and Android devices. But whether the C.I.A. had successfully built and employed them to conduct espionage remained unclear on Wednesday. A number of cybersecurity experts and hackers expressed skepticism at the level of technical wizardry that WikiLeaks claimed to uncover, and pointed out that much of what was described in the documents was aimed at older devices that have known security flaws. One document, for instance, discussed ways to quickly copy 3.5-inch floppy disks, a storage device so out of date that few people younger than 35 have probably used one. One indication that the documents did not contain information on the most highly sensitive C.I.A. cyberespionage programs was that none of them appeared to be classified above the level of "secret/noforn," which is a relatively low-level of classification. On Feb. 16, WikiLeaks released what appeared to be a C.I.A. document laying out intelligence questions about the coming French elections that agency analysts wanted answers to, either from human spies or eavesdropping. When WikiLeaks released the cyberspying documents on Tuesday, it described the earlier document as "an introductory disclosure." Peter K. -> Peter K.... March 09, 2017 at 01:52 AM "He added that the C.I.A. is legally prohibited from spying on individuals in the United States and "does not do so."" Well that's good to know give the CIA's history. Anachronism -> Peter K.... , March 09, 2017 at 05:12 AM Maybe, but the FBI is not prohibited and I'm sure they have access to the same tools the CIA has. Peter K. - Are you comfortable with Wikileaks telling the world (and therefore the "bad guys") exactly what we've been using to gather information and showing them how they can use the same tools? Do you think that hurts America's security? I'll grant you that there have been times I've been for some of the Wikileaks disclosures, but on the whole (and expecially this), it harms our security. RC AKA Darryl, Ron -> Anachronism ... , March 09, 2017 at 06:31 AM I used to be disgusted but now I am just amused. The surveillance state is a deep subject. Without the military hegemony for which it is emblematic would we then even have a threat of terrorism? The domestic surveillance state does little else save maybe some counter-espionage against the other nuclear powers. OTOH, it gave us the recently ended TV series "Person of Interest," which almost makes up for the violations of our Bill of Rights (illegal search and potentially seizure). I kind of like people knowing how automobile technology can be hacked to remotely control the family car. If not for the competition to develop self-driving cars then I doubt most of the Wi-Fi enabled interfaces would facilitate remote control, but rather just monitoring. It sounds like the game of grand theft auto is about to be profoundly revised. Anachronism -> RC AKA Darryl, Ron... , March 09, 2017 at 07:01 AM "The surveillance state is a deep subject. Without the military hegemony for which it is emblematic would we then even have a threat of terrorism? The domestic surveillance state does little else save maybe some counter-espionage against the other nuclear powers." Agreed. We've interfered with impudence in the affairs of Central/South America and the Middle East. We've assassinated leaders of other countries and propped up our little puppets in their places. We staged a revolution to create the country of Panama, simply because we wanted to dig a canal. However, You're arguing the past. The question is, now that we're where we are, how do we proceed? All of these people who now hate us, because of the evils we've done aren't simply going to stop if we say "we're not going to spy on you anymore". Paraphrasing Shakespere - "The evil countries do lives after them. The good is oft interr'd within their bones. Thus let it be with the U.S.A" won't make terrorists think about our foreign aid programs, or disaster relief for places like Haiti". The primary function of the federal government should be to protect the welfare of it's people, and obstensibly tools like the ones the CIA developed (and subsequently leaked) were there to find out what the bad guys were doing. We are now less safe as a direct result of the leak. RC AKA Darryl, Ron -> Anachronism ... , March 09, 2017 at 07:37 AM "...The question is, now that we're where we are, how do we proceed?..." [Your point there is well taken. However, it is still a question with no implicit answer that cannot be alternatively argued. So, the other way to say this is that we have as a nation done very bad things. There will be a price to pay for it. How do we want to pay for it? How long do we want to keep paying for it? Stated another way then there is still no implicit answer that cannot be alternatively argued. It is why I usually avoid such matters. Without a crystal ball then we answer correctly. I just was inquiring to see how far that you were considering. I have no argument against you since you seem to understand the quagmire well enough. I will stick with easier topics such as constitutional reform of the political system, a piece of cake in comparison.] RC AKA Darryl, Ron -> RC AKA Darryl, Ron... , March 09, 2017 at 07:38 AM "...Without a crystal ball then we CANNOT answer correctly..." [First EDIT, then POST.] Anachronism -> RC AKA Darryl, Ron... , March 09, 2017 at 07:46 AM So, to paraphrase you; we're screwed. It's simply a question of how badly we're screwed and when. I agree. Which is why I'm no fun at parties anymore. I would argue that people who don't understand how screwed we are, are much happier than those who do understand. Such is our lot in life. RC AKA Darryl, Ron -> Anachronism ... , March 09, 2017 at 08:09 AM Totally agreed. Yet I cling to hope. Donald Trump has achieved more in organizing progressives in just four months than I have seen done over the collective period since 1968. RC AKA Darryl, Ron -> RC AKA Darryl, Ron... , March 09, 2017 at 08:12 AM Nothing unites people better than a common enemy which they unequivocally despise. ilsm -> RC AKA Darryl, Ron... , March 09, 2017 at 02:30 PM the oceans mean no one without a huge navy* or ICBM's (why sputnik was a problem) can affect the US. Military spending outside of nuclear warning and MAD is low payback. The terrorists know we won't nuke Mecca, hell we are paying Mecca's defenders to keep terrorists in Syria. * occupying the US would be dealing with 120M guns in hands of angered civilians....... the Japanese general staff thought they would find 80M behind blades of grass........... Peter K. -> Anachronism ... , March 09, 2017 at 08:54 AM The NSA chief told Congress that they don't spy on private US citizens, but Edward Snowden showed that to be a lie. Are you comfortable with that? Are you comfortable with handing the surveillance state over to a lunatic like Trump? Anachronism -> Peter K.... , March 09, 2017 at 09:45 AM As I said above, maybe the CIA doesn't spy on US citizens, but the FBI can and does. I don't think Trump would care about me nearly as much as he would Bill Maher or Hillary Clinton, public people who mock him. Peter K. -> Anachronism ... , March 09, 2017 at 10:08 AM It would effect you personally for Trump to neutralize all of his political opponents? Anachronism -> Peter K.... , March 09, 2017 at 11:09 AM I don't think republicans would like the idea of a liberal spying on them any more than we would with a conservative spying on us. Trump is at a whole new level because of his Nixonian paranoia plus his need for revenge plus his penchant for "punching down". Having said that, there are safeguards in place to ensure that the FBI can't spy on just anyone. You need a FISA warrant which needs to be approved by a FISA judge. President Cheeto can't just order it to be done. Well, he could, but the FBI should refuse. Anachronism -> Anachronism ... , March 09, 2017 at 11:11 AM This is the same reason Obama could not order Cheeto's "wires tapped". ilsm -> Peter K.... , March 09, 2017 at 02:32 PM Trump is more concerned with the Bill of rights than the con artist with the peace prize. #### [Mar 10, 2017] Latest WikiLeaks dump reveals CIA can hack computers, smartphones, even TVs ##### Notable quotes: ##### "... the code tracking system of the CIA's Center for Cyber Intelligence has more than 5,000 registered users. ..." ##### "... Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more code than that used to run Facebook ..." ##### "... The documents, which appear to have been acquired at least several months ago, detail exploits (or techniques to expose vulnerabilities) for a wide variety of desktop and mobile operating systems, including Android, iOS, Windows, Linux and the server operating system Solaris. ..." ##### "... The documents appear to have been extracted from an internal CIA wiki website that was established to provide authorized users download access to the malware programs and also to instruct users on how to deploy them. ..." ##### "... an archive of the software and its documentation had been circulating among former U.S. government hackers and contractors in an unauthorized manner for some time. ..." ##### "... The site's editor, Julian Assange, said there was an "extreme proliferation risk" in the development of malicious software by governments, which he compared to the global arms trade. ..." ##### "... The Vault 7 documents also disclose that the CIA purchases software exploits from other intelligence agencies, including Britain's MI5. The documents also indicate that the CIA has purchased exploits from shadowy private companies going by such names as Fangtooth, Anglerfish and SurfsUp. Instead of reporting security holes to software companies like Microsoft or Google, these companies peddle the vulnerability to the highest bidder. ..." ##### "... If this information is accurate, the agency may be in violation of a policy put into place by former President Barack Obama in 2013 that was intended to prohibit the government from exploiting vulnerabilities that were unknown to software makers. ..." ##### "... Besides speeding up the development time for malware for the CIA's use, the agency's use of outside-sourced malware also enables the CIA to make digital forensic investigators believe that an unknown outside party may have been behind an infiltration, rather than a government agency. ..." ##### "... A veteran writer, tv producer, and web developer, Matthew Sheffield writes about politics, media, and technology for Salon. You can email him via m.sheffield@salon.com or follow him on Twitter . ..." ##### "... Okay, so "who cares" that we have a CIA with unchecked powers and no publicly discernible agenda, but RUSSIA!! ..." ##### "... How many agencies do we need to do the same things and replicate each others work? 16 intelligence agencies? ..." ##### "... And if you think you only need to worry about your computers, phones, and TVs being full of Mama Gubmint's lackeys consider your car. It has it's own ID and the roads are bristling with detectors too. License plate scanners, facial recognition, chem/radiation detectors, etc. 1984 has long been with us. ..." ###### Mar 10, 2017 | www.salon.com ...The disclosure revealed that the CIA has its own division dedicated solely to computer hacking that rivals the National Security Agency's online espionage operation. According to WikiLeaks, the code tracking system of the CIA's Center for Cyber Intelligence has more than 5,000 registered users. "Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more code than that used to run Facebook," WikiLeaks said in an introductory statement accompanying the documents. "The CIA had created, in effect, its 'own NSA' with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified." Tuesday's disclosure is only the first part of what WikiLeaks is calling its "Vault 7" series of documents obtained from what it said was an "isolated, high-security network" located within the CIA's headquarters in Langley, Virginia. The documents, which appear to have been acquired at least several months ago, detail exploits (or techniques to expose vulnerabilities) for a wide variety of desktop and mobile operating systems, including Android, iOS, Windows, Linux and the server operating system Solaris. The CIA also appears to have developed methods to hijack internet-enabled televisions from Samsung to use them to record audio such as conversations, through the use of a "Fake Off" mode so that the TV appears to be powered down but actually is not. The stolen information indicates that the intelligence agency also appears to have the ability to gain access to messaging programs like Telegram, WhatsApp, Signal and iMessage that have been billed as secure because they encrypt all messages between participants. Instead of intercepting a messages en route, however, the exploits work at more basic level to intercept and capture audio and text before they are encrypted and transmitted. The documents appear to have been extracted from an internal CIA wiki website that was established to provide authorized users download access to the malware programs and also to instruct users on how to deploy them. WikiLeaks did not release any of the code behind the so-called cyber-weapons, but said that an archive of the software and its documentation had been circulating among former U.S. government hackers and contractors in an unauthorized manner for some time. The site's editor, Julian Assange, said there was an "extreme proliferation risk" in the development of malicious software by governments, which he compared to the global arms trade. The Vault 7 documents also disclose that the CIA purchases software exploits from other intelligence agencies, including Britain's MI5. The documents also indicate that the CIA has purchased exploits from shadowy private companies going by such names as Fangtooth, Anglerfish and SurfsUp. Instead of reporting security holes to software companies like Microsoft or Google, these companies peddle the vulnerability to the highest bidder. If this information is accurate, the agency may be in violation of a policy put into place by former President Barack Obama in 2013 that was intended to prohibit the government from exploiting vulnerabilities that were unknown to software makers. Besides speeding up the development time for malware for the CIA's use, the agency's use of outside-sourced malware also enables the CIA to make digital forensic investigators believe that an unknown outside party may have been behind an infiltration, rather than a government agency. ... ... ... A veteran writer, tv producer, and web developer, Matthew Sheffield writes about politics, media, and technology for Salon. You can email him via m.sheffield@salon.com or follow him on Twitter . zackeryzackery , 2017-03-10T03:32:31 Anyone interested in the Russian Bank / Trump Server connection: Looks like the libtards will twist any facts to fit their narrative. DirtyDan23 , 2017-03-09T19:30:29 But ... but .... RUSSIA!!!!!. Look guys, RUSSIA! The Obama administration repeatedly broke federal laws, lied about breaking those laws, got caught lying about breaking those laws (thank you "whistle blowers") then said it stopped breaking said laws. Then it got caught lying about saying it stopped breaking laws. A Real American , 2017-03-09T16:55:26 Who cares. But what we also know is that The "President" is Putin's puppet. When is Assange going to leak that? And Don the Con has already paid Putin back by destroying the State Department. Sad. Captain America , 2017-03-09T17:05:13 Okay, so "who cares" that we have a CIA with unchecked powers and no publicly discernible agenda, but RUSSIA!! You sound like McCarthy. Is that the New Democratic Party? Fester N Boyle , 2017-03-09T11:16:11 How many agencies do we need to do the same things and replicate each others work? 16 intelligence agencies? There's 500+ govt. agencies, the system needs a reorg. Make new agencies to combine the old one's critical functions, fire all the worthless govt. employees and move the good ones into the new agency. And if you think you only need to worry about your computers, phones, and TVs being full of Mama Gubmint's lackeys consider your car. It has it's own ID and the roads are bristling with detectors too. License plate scanners, facial recognition, chem/radiation detectors, etc. 1984 has long been with us. #### [Mar 10, 2017] When Whistleblowers Tell The Truth Theyre Traitors. When Government Lies Its Politics ##### Notable quotes: ##### "... Immediately after Wikileaks released thousands of documents revealing the extent of CIA surveillance and hacking practices, the government was calling for an investigation - not into why the CIA has amassed so much power, but rather, into who exposed their invasive policies . ..." ###### Mar 09, 2017 | www.zerohedge.com Mar 9, 2017 6:05 PM Via Carey Wedler via TheAntiMedia.org, Immediately after Wikileaks released thousands of documents revealing the extent of CIA surveillance and hacking practices, the government was calling for an investigation - not into why the CIA has amassed so much power, but rather, into who exposed their invasive policies . " A federal criminal investigation is being opened into WikiLeaks' publication of documents detailing alleged CIA hacking operations, several US officials, " reportedly told CNN . According to USA Today : " The inquiry, the official said, will seek to determine whether the disclosure represented a breach from the outside or a leak from inside the organization. A separate review will attempt to assess the damage caused by such a disclosure, the official said ." Even Democratic representative Ted Lieu, who has been urging whistleblowers to come forward to expose wrongdoing within the Trump administration, has turned his focus away from what the documents exposed and toward determining how it could have possibly happened. " I am deeply disturbed by the allegation that the CIA lost its arsenal of hacking tools, " he said while calling for an investigation. " The ramifications could be devastating. I am calling for an immediate congressional investigation. We need to know if the CIA lost control of its hacking tools, who may have those tools, and how do we now protect the privacy of Americans ." According to Lieu's statements, the problem isn't necessarily that the CIA is spying on Americans and invading innocent people's technology without consent. It's that the CIA mishandled their spying tools, and in doing so, endangered Americans' privacy by exposing the tools to presumably 'bad actors.' The problem isn't the corrupt agency violating basic privacy rights, but that they weren't skillful enough to keep their corruption under wraps. So goes the familiar whistleblower narrative in the United States. Whistleblowers step forward to expose wrongdoing on the part of government - something the government claims to support - and immediately, establishment institutions and the media bend the conversation away from the wrongdoing in order to focus on the unlawful release of secrets. Putting aside the fact that, according to popular American mythology breaking the law is a patriotic duty, the government and politicians' reactions are both hypocritical and habitual. When Chelsea Manning revealed damning evidence of U.S. war crimes in Iraq, including soldiers directly targeting Reuters news staff, the response was not to investigate who allowed those crimes (in fact, a later Pentagon manual went on to describe instances in which it's permissible to kill journalists; that version was later retracted after outcry from reporters). Rather, Manning was subject to a military tribunal and issued multiple life sentences, a cruel and unusual punishment reversed only in President Obama's last days in office amid his attempts to salvage his abysmal human rights, transparency, and whistleblower record. When Edward Snowden revealed the extent of the NSA's warrantless mass surveillance of American citizens and millions of others around the world, the government's response was not to investigate why those programs existed in the first place . Rather, they thrashed and flailed around the world, ordering the plane of Bolivian President Evo Morales to be grounded in the hopes of catching the whistleblower. Congress later passed the deceptive "USA Freedom Act," which codified continued surveillance. Edward Snowden remains in exile, and establishment politicians repeatedly call him a traitor for exposing the crimes of his government. Some, including Trump's CIA Director Mike Pompeo, have called for his execution. Mass surveillance continues, and the president himself is seeking to retain those powers as he condemns former President Obama for allegedly spying on him. And so on and so forth. The same was true for John Kiriakou , Thomas Drake , William Binney , and Jeffrey Sterling . The government is exposed for wrongdoing, and rather than prove themselves to be representatives of the people by remedying those transgressions, they point fingers and divert, all the while refusing to relinquish the unjust power any given agency is exposed for having. Many people are already aware that the government does little to actually serve them (Americans' trust in political leaders and government , in general, is abysmally low). Rather, government agents and agencies operate to advance and concentrate their own interests and power. This is why penalties against killing government employees are more stringent than killing civilians. It is why stealing from the government is perceived as more outrageous to the State than stealing from a civilian. The government considers "crimes" committed against itself to carry the utmost offense, yet often fails to deliver justice to the people who provide their financial foundation. As a result, the State does not even try to show remorse for its volatile policies, even when they are exposed and splattered across social media for the world to see. Instead, with the help of corporate media, the debate is shifted to whether or not WikiLeaks is a criminal organization, or whether or not Edward Snowden is a traitor. As White House Press Secretary Sean Spicer said of the leaks: "This is the kind of disclosure that undermines our country, our security. This alleged leak should concern every American for its impact on national security. Anybody who leaks classified information will be held accountable to the maximum extent of the law ." Meanwhile, we're supposed to accept the government's investigation of itself, which (surprise!) usually finds little or no wrongdoing on their own behalf and often consolidates and extends the very same power whistleblowers exposed in the first place. Yes. The truth is always treason in an empire of lies. All by design motherfuckers. indygo55 , Mar 9, 2017 6:23 PM Binney said the NSA has everything. Every phone call, text, website visited, everything. The FISA court is theater. Window dressing. The FISA court allows prosecutors to recreate fake parallel sources to make it look like they got permission to create the illusion they didn't break the 4th amendment. THEY ALREADY BROKE THE 4TH AMENDMENT!!! Its all theater. Thats what Binney said. It was written here on ZH. These talking heads keep refering to warrants. They don't need a fucking warrant. They alreay have it. EVERYTHING. Brazen Heist -> indygo55 , Mar 9, 2017 6:31 PM In theory they could have ALOT of data with their backdoors and dragnets. But in reality, they have finite manpower to sift through all that data, and make sense of it. The more of us that rebel, encrypt and become defiant, the more taxing it is on their resources. Like I enjoy saying. They can have my data. But I'm going to make the fuckers work for it, and waste their finite resources in getting it. Ms No -> Brazen Heist , Mar 9, 2017 6:43 PM They might not need people to sift through some of the data. They could probably have a computer program sift through terms: guns, the Constitution, the Federal Reserve, Jews, drugs, gold... etc. Then you could be catagorized a whether not you were a proper sheep or a target. Brazen Heist -> Ms No , Mar 9, 2017 7:18 PM You're probably right. The algos will be hard at work. Thing is. I don't give a shit. I can already see the limits to their powers. quax -> indygo55 , Mar 9, 2017 6:37 PM And if you'd bother to add the amount of storage that'll require you'd know this is BS. They may have the metadata on pretty much everything but not the actual transcripts. DuneCreature -> quax , Mar 9, 2017 6:58 PM Nonsense. ..... They have all the content that is meaningful to them and save EVERYTHING to parse through it. ....... Your mom's phone calls to the hairdresser timeout and get discarded after they sniff it good. My guess is, anyone posting here at ZH gets their stuff tagged for archiving. ..... As do a bunch of other categories of 'interesting people'. Live Hard, You Do The Math On What A Terabyte Will Store, Die Free ~ DC v5.0 IndyPat -> quax , Mar 9, 2017 7:02 PM If you'd bother to read up on Binney, you'd know to not talk shit about that which you have no idea of. Storage is dirt cheap. Not that money is an issue. At all. TeethVillage88s -> indygo55 , Mar 9, 2017 7:01 PM ***- Right to freedom from quartering of govt in our house without our consent (Americans don't want NSA, CIA, DHS, TSA, or border control inside out devices, smart phones, PDAs, PCs, TVs, Refrigerators) (And Trump E.O Today: Our Kids are Precious they have Cell Phones and Devices, this is Tyranny, Protect our kids from Pedos!!!) E.O. Today, President Donald J. Trump, Please! - Call it the CIA, NSA, Govt in our Homes, Anti-Pedo Act Chupacabra-322 -> indygo55 , Mar 9, 2017 7:06 PM The "Spoofing" or Digital Finger Print & Parallel Construction tools that can be used against Governments, Individuals, enemies & adversaries are Chilling. Effective immediately defund, Eliminate & Supeona it's Agents, Officials & Dept. Heads in regard to the Mass Surveillance, Global Espionage Spying network & monitoring of a President Elect by aforementioned Agencies & former President Obama, AG Lynch & DIA James Clapper. The CIA can not only hack into anything -- they can download any "evidence" they want onto your phone or computer. Child pornography, national secrets, you name it. Then they can blackmail you, threatening prosecution for whatever crap they have planted, then "found" on your computer. They can also "spoof" the source of such downloads -- for instance, if they want to "prove" that something on your computer (or Donald Trump's computer) came from a "Russian source" -- they can spoof the IP address of a Russian source. The take-away: no digital evidence the CIA or NSA produces on any subject whatsoever can be trusted. No digital evidence should be acceptable in any case where the government has an interest, because they have the complete ability to fabricate and implant any evidence on any iphone or computer. And worse: they have intentionally created these digital vulnerabilities and pushed them onto the whole world via Microsoft and Google. Government has long been at war with liberty, claiming that we need to give up liberty to be secure. Now we learn that they have been deliberately sabotaging our security, in order to augment their own power. Time to shut down the CIA and all the other spy agencies. They're not keeping us free OR secure, and they're doing it deliberately. Their main function nowadays seems to be lying us into wars against countries that never attacked us, and had no plans to do so. TePikoElPozo , Mar 9, 2017 6:50 PM "There are a few rules that I live by. Number 1: I don't believe anything that the government says" -GEORGE CARLIN #### [Mar 09, 2017] Gaius Publius: Explosive WikiLeaks Release Exposes Massive, Aggressive CIA Cyber Spying, Hacking Capability ##### Notable quotes: ##### "... Donald Trump is deep in the world of spooks now, the world of spies, agents and operatives. He and his inner circle have a nest of friends, but an even larger, more varied nest of enemies. As John Sevigny writes below, his enemies include not only the intel and counter-intel people, but also "Republican lawmakers, journalists, the Clintons, the Bush family, Barack Obama, the ACLU, every living Democrat and even Rand Paul." ..." ##### "... A total of 8,761 documents have been published as part of 'Year Zero', the first in a series of leaks the whistleblower organization has dubbed 'Vault 7.' WikiLeaks said that 'Year Zero' revealed details of the CIA's "global covert hacking program," including "weaponized exploits" used against company products including " Apple's iPhone , Google's Android and Microsoft's Windows and even Samsung TVs , which are turned into covert microphones." ..." ##### "... According to the statement from WikiLeaks, government hackers can penetrate Android phones and collect "audio and message traffic before encryption is applied." ..." ##### "... "CIA turned every Microsoft Windows PC in the world into spyware. Can activate backdoors on demand, including via Windows update "[.] ..." ##### "... Do you still trust Windows Update? ..." ##### "... As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. ..." ##### "... "Richard Clarke, the counterterrorism chief under both Bill Clinton and George W. Bush, told the Huffington Post that Hastings's crash looked consistent with a car cyber attack.'" Full and fascinating article here . ..." ##### "... Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive. ..." ##### "... Since 2001 the CIA has gained political and budgetary preeminence over the U.S. National Security Agency (NSA). The CIA found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force - its own substantial fleet of hackers. The agency's hacking division freed it from having to disclose its often controversial operations to the NSA (its primary bureaucratic rival) in order to draw on the NSA's hacking capacities. ..." ##### "... By the end of 2016, the CIA's hacking division, which formally falls under the agency's Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other "weaponized" malware. Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its "own NSA" with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified. ..." ##### "... I learned this when I was in my 20s. The Catholic Church was funding my early critique of American foreign aid as being imperialist. I asked whether they thought I should go into politics. They said, "No, you'd never make it". And I said, "Why?" and they said, "Well, nobody has a police record or any other dirt on you." I asked what they meant. They said, "Unless they have something over you to blackmail you with, you're not going to be able to get campaign funding. Because they believe that you might do something surprising," in other words, something they haven't asked you to do. So basically throughout politics, on both sides of the spectrum, voters have candidates who are funded by backers who have enough over them that they can always blackmail. ..." ##### "... The campaign to frame up and discredit Trump and his associates is characteristic of how a police state routinely operates. A national security apparatus that vacuums up all our communications and stores them for later retrieval has been utilized by political operatives to go after their enemies – and not even the President of the United States is immune. This is something that one might expect to occur in, say, Turkey, or China: that it is happening here, to the cheers of much of the media and the Democratic party, is beyond frightening. ..." ##### "... 4th impressions – I went looking for the "juicy bits" of interest to me – SOHO routers, small routers – sadly its just a table documenting routers sold around the world, and whether these guys have put the firmware in their Stash Repository. Original firmware, not hacked one. But the repository isn't in the vault dump, AFAIK. ..." ##### "... The WikiLeaks docs show that CIA has developed means to use all personal digital device microphones and cameras even when they are "off," and to send all of your files and personal data to themselves, and to send your private messages to themselves before they are encrypted. They have installed these spyware in the released version of Windows 10, and can easily install them on all common systems and devices. ..." ##### "... So we have a zillion ways to spy and hack and deceive and assassinate, but no control. I think this is what the military refers to as "being overtaken by events." ..." ##### "... My godfather was in the CIA in the late sixties and early seventies, and he said that outside of the President's pet projects there was no way to sift through and bring important information to decision makers before it made the Washington Post (he is aware of the irony) and hit the President's breakfast table. ..." ##### "... To what extent do these hacks represent the CIA operating within the US? To what extent is that illegal? With the democrats worshipping the IC, will anyone in an official position dare to speak out? ..." ##### "... Schumer said that as he understands, intelligence officials are "very upset with how [Trump] has treated them and talked about them ..." ##### "... The CIA's internal security is crap, too. Really a lot of people should be fired over that, as well as over Snowden's release. We didn't hear of it happening in the NSA, though I'm not sure we would have. Given Gaius's description of Trump's situation, it seems unlikely it will happen this time, either. One of my hopes for a Trump administration, as long as we're stuck with it, was a thorough cleanout of the upper echelons in the IC. It's obviously long overdue, and Obama wasn't up to it. But I used the past tense because I don't think it's going to happen. Trump seems more interested in sucking up to them, presumably so they won't kill him or his family. That being one of their options. ..." ##### "... "The CIA had created, in effect, its "own NSA" with even less accountability ." [My emphasis]. It seems to characterize an organization that operates outside of any control and oversight – and one that is intentionally structuring itself that way. That worries me. ..." ##### "... It's a dangerous world out there and only our brave IC can protect us from it. Come on. Stop blaming the victim and place the blame where it belongs–our IC and MIC. I say stop feeding the beast with your loyalty to a government that has ceased to be yours. ..." ##### "... "These CIA revelations in conjunction with those of the NSA paints a pretty dark future for privacy and freedom. Edward Snowden made us aware of the NSA's program XKEYSCORE and PRISM which are utilized to monitor and bulk collect information from virtually any electronic device on the planet and put it into a searchable database. Now Wikileaks has published what appears to be additional Big Brother techniques used by a competing agency. Say what you want about the method of discovery, but Pandora's box has been opened." ..." ###### Mar 09, 2017 | www.nakedcapitalism.com March 9, 2017 by Yves Smith Yves here. The first release of the Wikileaks Vault 7 trove has curiously gone from being a MSM lead story yesterday to a handwave today. On the one hand, anyone who was half awake during the Edward Snowden revelations knows that the NSA is in full spectrum surveillance and data storage mode, and members of the Five Eyes back-scratch each other to evade pesky domestic curbs on snooping. So the idea that the CIA (and presumably the NSA) found a way to circumvent encryption tools on smartphones, or are trying to figure out how to control cars remotely, should hardly come as a surprise. However, at a minimum, reminding the generally complacent public that they are being spied on any time they use the Web, and increasingly the times in between, makes the officialdom Not Happy. And if this Wikileaks claim is even halfway true, its Vault 7 publication is a big deal: Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive. This is an indictment of the model of having the intelligence services rely heavily on outside contractors. It is far more difficult to control information when you have multiple organizations involved. In addition, neolibearlism posits that workers are free agents who have no loyalties save to their own bottom lines (or for oddballs, their own sense of ethics). Let us not forget that Snowden planned his career job moves , which included a stint at NSA contractor Dell, before executing his information haul at a Booz Allen site that he had targeted. Admittedly, there are no doubt many individuals who are very dedicated to the agencies for which they work and aspire to spend most it not all of their woking lives there. But I would assume that they are a minority. The reason outsiders can attempt to pooh-pooh the Wikileaks release is that the organization redacted sensitive information like the names of targets and attack machines. The CIA staffers who have access to the full versions of these documents as well as other major components in the hacking toolkit will be the ones who can judge how large and serious the breach really is. 1 And their incentives are to minimize it no matter what. By Gaius Publius , a professional writer living on the West Coast of the United States and frequent contributor to DownWithTyranny, digby, Truthout, and Naked Capitalism. Follow him on Twitter @Gaius_Publius , Tumblr and Facebook . GP article archive here . Originally published at DownWithTyranny CIA org chart from the WikiLeaks cache (click to enlarge). "The organizational chart corresponds to the material published by WikiLeaks so far. Since the organizational structure of the CIA below the level of Directorates is not public, the placement of the EDG [Engineering Development Group]and its branches is reconstructed from information contained in the documents released so far. It is intended to be used as a rough outline of the internal organization; please be aware that the reconstructed org chart is incomplete and that internal reorganizations occur frequently." * * * "O brave new world, that has such people in it." Bottom line first. As you read what's below, consider: That the CIA is capable of doing all of the things described, and has been for years, is not in doubt. That unnameable many others have stolen ("exfiltrated") these tools and capabilities is, according to the Wikileaks leaker, also certain. Consider this an especially dangerous form of proliferation, with cyber warfare tools in the hands of anyone with money and intent. As WikiLeaks notes, "Once a single cyber 'weapon' is 'loose' it can spread around the world in seconds, to be used by peer states, cyber mafia and teenage hackers alike." That the CIA is itself using these tools, and if so, to what degree, are the only unknowns. But can anyone doubt, in this aggressively militarized environment, that only the degree of use is in question? Now the story. WikiLeaks just dropped a huge cache of documents (the first of several promised releases), leaked from a person or people associated with the CIA in one or more capacities (examples, employee, contractor), which shows an agency out-of-control in its spying and hacking overreach. Read through to the end. If you're like me, you'll be stunned, not just about what they can do, but that they would want to do it, in some cases in direct violation of President Obama's orders. This story is bigger than anything you can imagine. Consider this piece just an introduction, to make sure the story stays on your radar as it unfolds - and to help you identify those media figures who will try to minimize or bury it. (Unless I missed it, on MSNBC last night, for example, the first mention of this story was not Chris Hayes, not Maddow, but the Lawrence O'Donnell show, and then only to support his guest's "Russia gave us Trump" narrative. If anything, this leak suggests a much muddier picture, which I'll explore in a later piece.) So I'll start with just a taste, a few of its many revelations, to give you, without too much time spent, the scope of the problem. Then I'll add some longer bullet-point detail, to indicate just how much of American life this revelation touches. While the cache of documents has been vetted and redacted , it hasn't been fully explored for implications. I'll follow this story as bits and piece are added from the crowd sourced research done on the cache of information. If you wish to play along at home, the WikiLeaks torrent file is here . The torrent's passphrase is here . WikiLeaks press release is here (also reproduced below). Their FAQ is here . Note that this release covers the years 2013–2016. As WikiLeaks says in its FAQ, "The series is the largest intelligence publication in history." Preface - Trump and Our "Brave New World" But first, this preface, consisting of one idea only. Donald Trump is deep in the world of spooks now, the world of spies, agents and operatives. He and his inner circle have a nest of friends, but an even larger, more varied nest of enemies. As John Sevigny writes below, his enemies include not only the intel and counter-intel people, but also "Republican lawmakers, journalists, the Clintons, the Bush family, Barack Obama, the ACLU, every living Democrat and even Rand Paul." Plus Vladimir Putin, whose relationship with Trump is just "business," an alliance of convenience, if you will. I have zero sympathy for Donald Trump. But his world is now our world, and with both of his feet firmly planted in spook world, ours are too. He's in it to his neck, in fact, and what happens in that world will affect every one of us. He's so impossibly erratic, so impossibly unfit for his office, that everyone on the list above wants to remove him. Many of them are allied, but if they are, it's also only for convenience. How do spooks remove the inconvenient and unfit? I leave that to your imagination;they have their ways. Whatever method they choose, however, it must be one without fingerprints - or more accurately, without their fingerprints - on it. Which suggests two more questions. One, who will help them do it, take him down? Clearly, anyone and everyone on the list. Second, how do you bring down the president, using extra-electoral, extra-constitutional means, without bringing down the Republic? I have no answer for that. Here's a brief look at "spook world" (my phrase, not the author's) from " The Fox Hunt " by John Sevigny: Several times in my life – as a journalist and rambling, independent photographer - I've ended up rubbing shoulders with spooks. Long before that was a racist term, it was a catch-all to describe intelligence community people, counter intel types, and everyone working for or against them. I don't have any special insight into the current situation with Donald Trump and his battle with the IC as the intelligence community calls itself, but I can offer a few first hand observations about the labyrinth of shadows, light, reflections, paranoia, perceptions and misperceptions through which he finds himself wandering, blindly. More baffling and scary is the thought he may have no idea his ankles are already bound together in a cluster of quadruple gordian knots, the likes of which very few people ever escape. Criminal underworlds, of which the Trump administration is just one, are terrifying and confusing places. They become far more complicated once they've been penetrated by authorities and faux-authorities who often represent competing interests, but are nearly always in it for themselves. One big complication - and I've written about this before - is that you never know who's working for whom . Another problem is that the hierarchy of handlers, informants, assets and sources is never defined. People who believe, for example, they are CIA assets are really just being used by people who are perhaps not in the CIA at all but depend on controlling the dupe in question. It is very simple - and I have seen this happen - for the subject of an international investigation to claim that he is part of that operation. [emphasis added] Which leads Sevigny to this observation about Trump, which I partially quoted above: "Donald Trump may be crazy, stupid, evil or all three but he knows the knives are being sharpened and there are now too many blades for him to count. The intel people are against him, as are the counter intel people. His phone conversations were almost certainly recorded by one organization or another, legal or quasi legal. His enemies include Republican lawmakers, journalists, the Clintons, the Bush family, Barack Obama, the ACLU, every living Democrat and even Rand Paul. Putin is not on his side - that's a business matter and not an alliance." Again, this is not to defend Trump, or even to generate sympathy for him - I personally have none. It's to characterize where he is, and we are, at in this pivotal moment. Pivotal not for what they're doing, the broad intelligence community. But pivotal for what we're finding out, the extent and blatancy of the violations. All of this creates an incredibly complex story, with only a tenth or less being covered by anything like the mainstream press. For example, the Trump-Putin tale is much more likely to be part of a much broader "international mobster" story, whose participants include not only Trump and Putin, but Wall Street (think HSBC) and major international banks, sovereign wealth funds, major hedge funds, venture capital (vulture capital) firms, international drug and other trafficking cartels, corrupt dictators and presidents around the world and much of the highest reaches of the "Davos crowd." Much of the highest reaches of the .01 percent, in other words, all served, supported and "curated" by the various, often competing elements of the first-world military and intelligence communities. What a stew of competing and aligned interests, of marriages and divorces of convenience, all for the common currencies of money and power, all of them dealing in death . What this new WikiLeaks revelation shows us is what just one arm of that community, the CIA, has been up to. Again, the breadth of the spying and hacking capability is beyond imagination. This is where we've come to as a nation. What the CIA Is Up To - A Brief Sample Now about those CIA spooks and their surprising capabilities. A number of other outlets have written up the story, but this from Zero Hedge has managed to capture the essence as well as the breadth in not too many words (emphasis mine throughout): WikiLeaks has published what it claims is the largest ever release of confidential documents on the CIA. It includes more than 8,000 documents as part of 'Vault 7', a series of leaks on the agency, which have allegedly emerged from the CIA's Center For Cyber Intelligence in Langley , and which can be seen on the org chart below, which Wikileaks also released : [org chart reproduced above] A total of 8,761 documents have been published as part of 'Year Zero', the first in a series of leaks the whistleblower organization has dubbed 'Vault 7.' WikiLeaks said that 'Year Zero' revealed details of the CIA's "global covert hacking program," including "weaponized exploits" used against company products including " Apple's iPhone , Google's Android and Microsoft's Windows and even Samsung TVs , which are turned into covert microphones." WikiLeaks tweeted the leak, which it claims came from a network inside the CIA's Center for Cyber Intelligence in Langley, Virginia. Among the more notable disclosures which, if confirmed, " would rock the technology world ", the CIA had managed to bypass encryption on popular phone and messaging services such as Signal, WhatsApp and Telegram. According to the statement from WikiLeaks, government hackers can penetrate Android phones and collect "audio and message traffic before encryption is applied." With respect to hacked devices like you smart phone, smart TV and computer, consider the concept of putting these devices in "fake-off" mode: Among the various techniques profiled by WikiLeaks is "Weeping Angel", developed by the CIA's Embedded Devices Branch (EDB), which infests smart TVs , transforming them into covert microphones. After infestation, Weeping Angel places the target TV in a 'Fake-Off' mode , so that the owner falsely believes the TV is off when it is on. In 'Fake-Off' mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server. As Kim Dotcom chimed in on Twitter, "CIA turns Smart TVs, iPhones, gaming consoles and many other consumer gadgets into open microphones" and added "CIA turned every Microsoft Windows PC in the world into spyware. Can activate backdoors on demand, including via Windows update "[.] Do you still trust Windows Update? About "Russia did it" Adding to the "Russia did it" story, note this: Another profound revelation is that the CIA can engage in "false flag" cyberattacks which portray Russia as the assailant . Discussing the CIA's Remote Devices Branch's UMBRAGE group, Wikileaks' source notes that it "collects and maintains a substantial library of attack techniques 'stolen' from malware produced in other states including the Russian Federation.["] As Kim Dotcom summarizes this finding, " CIA uses techniques to make cyber attacks look like they originated from enemy state ." This doesn't prove that Russia didn't do it ("it" meaning actually hacking the presidency for Trump, as opposed to providing much influence in that direction), but again, we're in spook world, with all the phrase implies. The CIA can clearly put anyone's fingerprints on any weapon they wish, and I can't imagine they're alone in that capability. Hacking Presidential Devices? If I were a president, I'd be concerned about this, from the WikiLeaks " Analysis " portion of the Press Release (emphasis added): "Year Zero" documents show that the CIA breached the Obama administration's commitments [that the intelligence community would reveal to device manufacturers whatever vulnerabilities it discovered]. Many of the vulnerabilities used in the CIA's cyber arsenal are pervasive [across devices and device types] and some may already have been found by rival intelligence agencies or cyber criminals. As an example, specific CIA malware revealed in "Year Zero" [that it] is able to penetrate, infest and control both the Android phone and iPhone software that runs or has run presidential Twitter accounts . The CIA attacks this software by using undisclosed security vulnerabilities ("zero days") possessed by the CIA[,] but if the CIA can hack these phones then so can everyone else who has obtained or discovered the vulnerability. As long as the CIA keeps these vulnerabilities concealed from Apple and Google (who make the phones) they will not be fixed, and the phones will remain hackable. Does or did the CIA do this (hack presidential devices), or is it just capable of it? The second paragraph implies the latter. That's a discussion for another day, but I can say now that both Lawrence Wilkerson, aide to Colin Powell and a non-partisan (though an admitted Republican) expert in these matters, and William Binney, one of the triumvirate of major pre-Snowden leakers, think emphatically yes. (See Wilkerson's comments here . See Binney's comments here .) Whether or not you believe Wilkerson and Binney, do you doubt that if our intelligence people can do something, they would balk at the deed itself, in this world of "collect it all "? If nothing else, imagine the power this kind of bugging would confer on those who do it. The Breadth of the CIA Cyber-Hacking Scheme But there is so much more in this Wikileaks release than suggested by the brief summary above. Here's a bullet-point overview of what we've learned so far, again via Zero Hedge: Key Highlights from the Vault 7 release so far: "Year Zero" introduces the scope and direction of the CIA's global covert hacking program, its malware arsenal and dozens of "zero day" weaponized exploits against a wide range of U.S. and European company products , include Apple's iPhone, Google's Android and Microsoft's Windows and even Samsung TVs, which are turned into covert microphones. Wikileaks claims that the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation . This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive. By the end of 2016, the CIA's hacking division, which formally falls under the agency's Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other "weaponized" malware . Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its "own NSA" with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified. Once a single cyber 'weapon' is 'loose' it can spread around the world in seconds , to be used by rival states, cyber mafia and teenage hackers alike. Also this scary possibility: As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations . Journalist Michael Hastings, who in 2010 destroyed the career of General Stanley McChrystal and was hated by the military for it, was killed in 2013 in an inexplicably out-of-control car. This isn't to suggest the CIA, specifically, caused his death. It's to ask that, if these capabilities existed in 2013, what would prevent their use by elements of the military, which is, after all a death-delivery organization? And lest you consider this last speculation just crazy talk, Richard Clarke (that Richard Clarke ) agrees: "Richard Clarke, the counterterrorism chief under both Bill Clinton and George W. Bush, told the Huffington Post that Hastings's crash looked consistent with a car cyber attack.'" Full and fascinating article here . WiliLeaks Press Release Here's what WikiLeaks itself says about this first document cache (again, emphasis mine): Press Release Today, Tuesday 7 March 2017, WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency. Code-named "Vault 7" by WikiLeaks, it is the largest ever publication of confidential documents on the agency. The first full part of the series, "Year Zero", comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA's Center for Cyber Intelligence in Langley, Virgina. It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election . Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive. "Year Zero" introduces the scope and direction of the CIA's global covert hacking program, its malware arsenal and dozens of "zero day" weaponized exploits against a wide range of U.S. and European company products, include Apple's iPhone, Google's Android and Microsoft's Windows and even Samsung TVs, which are turned into covert microphones. Since 2001 the CIA has gained political and budgetary preeminence over the U.S. National Security Agency (NSA). The CIA found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force - its own substantial fleet of hackers. The agency's hacking division freed it from having to disclose its often controversial operations to the NSA (its primary bureaucratic rival) in order to draw on the NSA's hacking capacities. By the end of 2016, the CIA's hacking division, which formally falls under the agency's Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other "weaponized" malware. Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its "own NSA" with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified. In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public , including whether the CIA's hacking capabilities exceed its mandated powers and the problem of public oversight of the agency. The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons. Once a single cyber 'weapon' is 'loose' it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike. Julian Assange, WikiLeaks editor stated that "There is an extreme proliferation risk in the development of cyber 'weapons'. Comparisons can be drawn between the uncontrolled proliferation of such 'weapons', which results from the inability to contain them combined with their high market value, and the global arms trade. But the significance of "Year Zero" goes well beyond the choice between cyberwar and cyberpeace. The disclosure is also exceptional from a political, legal and forensic perspective." Wikileaks has carefully reviewed the "Year Zero" disclosure and published substantive CIA documentation while avoiding the distribution of 'armed' cyberweapons until a consensus emerges on the technical and political nature of the CIA's program and how such 'weapons' should analyzed, disarmed and published. Wikileaks has also decided to redact and anonymise some identifying information in "Year Zero" for in depth analysis. These redactions include ten of thousands of CIA targets and attack machines throughout Latin America, Europe and the United States. While we are aware of the imperfect results of any approach chosen, we remain committed to our publishing model and note that the quantity of published pages in "Vault 7" part one ("Year Zero") already eclipses the total number of pages published over the first three years of the Edward Snowden NSA leaks. Be sure to click through for the Analysis, Examples and FAQ sections as well. "O brave new world," someone once wrote . Indeed. Brave new world, that only the brave can live in. ____ 1 Mind you, the leakers may have had a comprehensive enough view to be making an accurate call. But the real point is there are no actors who will be allowed to make an independent assessment. 34 0 42 1 0 This entry was posted in Banana republic , Guest Post , Legal , Politics , Surveillance state , Technology and innovation on March 9, 2017 by Yves Smith . Subscribe to Post Comments 64 comments Code Name D , March 9, 2017 at 2:38 am Senator John McCain passed documents to the FBI director, James Comey, last month alleging secret contacts between the Trump campaign and Moscow and that Russian intelligence had personally compromising material on the president-elect himself. The material, which has been seen by the Guardian, is a series of reports on Trump's relationship with Moscow. They were drawn up by a former western counter-intelligence official, now working as a private consultant. BuzzFeed on Tuesday published the documents, which it said were "unverified and potentially unverifiable". The Guardian has not been able to confirm the veracity of the documents' contents, Emphases mine. I had been sitting on this link trying to make sense of this part. Clearly, the Trump Whitehouse has some major leaks, which the MSM is exploiting. But the start of this article suggests that para-intelligence (is that a word? Eh, it is now) was the source of the allegedly damaging info. This is no longer about the deep-state, but a rouge state, possibly guns for higher, each having fealty to specific political interests. The CIA arsenal wasn't leaked. It was delivered. salvo , March 9, 2017 at 3:13 am hmm.. as far as I can see, noone seems to care here in Germany anymore about being spied on by our US friends, apart from a few alternative sources which are being accused of spreading fake news, of being anti-american, russian trolls, the matter is widely ignored visitor , March 9, 2017 at 3:40 am I have read a few articles about the Vault 7 leak that typically raise a few alarms I would like to comment on. 1) The fact that the CIA had managed to bypass encryption on popular phone and messaging services does not mean that it has broken encryption, just that it has a way to install a program at a lower level, close to the operating system, that will read messages before they are encrypted and sent by the messaging app, or just after they have been decrypted by it. As a side note: banks have now largely introduced two-factor authentication when accessing online services. One enters username (or account number) and password; the bank site returns a code; the user must then enter this code into a smartphone app or a tiny specialized device, which computes and returns a value out of it; the user enters this last value into the entry form as a throw-away additional password, and gains access to the bank website. I have always refused to use such methods on a smartphone and insist on getting the specialized "single-use password computer", precisely because the smartphone platform can be subverted. 2) The fact that "Weeping Angel", developed by the CIA's Embedded Devices Branch (EDB), [ ] infests smart TVs, transforming them into covert microphones. is possible largely because smart TVs are designed by their manufacturers to serve as spying devices. "Weeping Angel" is not some kind of virus that turns normal devices into zombies, but a tool to take control of existing zombie devices. The fact that smart TVs from Vizio , Samsung or LG constitute an outrageous intrusion into the privacy of their owners has been a known topic for years already. 3) The CIA [ ] also looking at infecting the vehicle control systems used by modern cars and trucks is not a "scary possibility" either; various demonstrations of such feats on Tesla , Nissan , or Chrysler vehicles have been demonstrated in the past few years. And the consequences have already been suggested (killing people by disabling their car controls on the highway for instance). My take on this is that we should seriously look askance not just at the shenanigans of the CIA, but at the entire "innovative technology" that is imposed upon (computerized cars) or joyfully adopted by (smartphones) consumers. Of course, most NC readers are aware of the pitfalls already, but alas not the majority of the population. 4) Finally this: He's so impossibly erratic, so impossibly unfit for his office, Trump is arguably unfit for office, does not have a clue about many things (such as foreign relations), but by taxing him of being "erratic" Gaius Publius shows that he still does not "get" the Donald. Trump has a completely different modus operandi than career politicians, formed by his experience as a real-estate mogul and media star. His world has been one where one makes outrageous offers to try anchoring the negotiation before reducing one's claims - even significantly, or abruptly exiting just before an agreement to strike a deal with another party that has been lured to concessions through negotiations with the first one. NC once included a video of Trump doing an interactive A/B testing of his slogans during a campaign meeting; while changing one's slogans on the spot might seem "erratic", it is actually a very systematic market probing technique. So stop asserting that Trump is "unpredictable" or "irrational"; this is underestimating him (a dangerous fault), as he is very consistent, though in an uncommon fashion amongst political pundits. Yves Smith Post author , March 9, 2017 at 5:53 am While I agree that it's worth pointing out that the CIA has not broken any of the major encryption tools, even Snowden regards being able to circumvent them as worse, since people using encryption are presumably those who feel particularly at risk and will get a false sense of security and say things or keep data on their devices that they never never would if they thought they were insecure. Re Gaius on Trump, I agree the lady doth protest too much. But I said repeatedly that Trump would not want to be President if he understood the job. It is not like being the CEO of a private company. Trump has vastly more control over his smaller terrain in his past life than he does as President. And Trump is no longer campaigning. No more a/b testing. The fact is that he still does not have effective control of the Executive branch. He has lots of open positions in the political appointee slots (largely due to not having even submitted candidates!) plus has rebellion in some organizations (like folks in the EPA storing data outside the agency to prevent its destruction). You cannot pretend that Trump's former MO is working at all well for him. And he isn't showing an ability to adapt or learn (not surprising at his age). For instance, he should have figured out by now that DC is run by lawyers, yet his team has hardly any on it. This is continuing to be a source of major self inflicted wounds. His erraticness may be keeping his opponents off base, but it is also keeping him from advancing any of his goals. visitor , March 9, 2017 at 6:59 am I believe we are in agreement. Yes, not breaking encryption is devious, as it gives a false sense of security - this is precisely why I refuse to use those supposedly secure e-banking login apps on smartphones whose system software can be subverted, and prefer those non-connected, non-reprogrammable, special-purpose password generating devices. As for Trump being incompetent for his job, and his skills in wheeling-dealing do not carrying over usefully to conducting high political offices, that much is clear. But he is not "erratic", rather he is out of place and out of his depth. RBHoughton , March 9, 2017 at 9:00 pm I am writing this in the shower with a paper bag over my head and my iPhone in the microwave. I have for years had a password-protected document on computer with all my important numbers and passwords. I have today deleted that document and reverted to a paper record. Ivy , March 9, 2017 at 10:09 am Please tell readers more about the following for our benefit: "single-use password computer" visitor , March 9, 2017 at 11:34 am That is an example of the sort of thing I am talking about. PhilM , March 9, 2017 at 11:35 am I think he means a machine dedicated to high-security operations like anything financial or bill-pay. Something that is not exposed to email or web-browsing operations that happen on a casual-use computer that can easily compromise. That's not a bad way to go; it's cheaper in terms of time than the labor-intensive approaches I use, but those are a hobby more than anything else. It depends on how much you have at stake if they get your bank account or brokerage service password. I take a few basic security measures, which would not impress the IT crowd I hang out with elsewhere, but at least would not make me a laughingstock. I run Linux and use only open-source software; run ad-blockers and script blockers; confine risky operations, which means any non-corporate or non-mainstream website to a virtual machine that is reset after each use; use separate browsers with different cookie storage policies and different accounts for different purposes. I keep a well-maintained pfSense router with a proxy server and an intrusion detection system, allowing me to segregate my secure network, home servers, guest networks, audiovisual streaming and entertainment devices, and IoT devices each on their own VLANs with appropriate ACLs between them. No device on the more-secured network is allowed out to any port without permission, and similar rules are there for the IoT devices, and the VoIP tools. The hardware to do all of that costs at least700, but the real expense is in the time to learn the systems properly. Of course if you use Linux, you could save that on software in a year if you are too cheap to send a contribution to the developers.

It's not perfect, because I still have computers turned on :) , but I feel a bit safer this way.

That said, absolutely nothing that I have here would last 30 milliseconds against anything the "hats" could use, if they wanted in. It would be over before it began. If I had anything to hide, really, I would have something to fear; so guess I'm OK.

jrs , March 9, 2017 at 2:36 pm

open source software often has a lot of bugs to be exploioted. Wouldn't it be easier to just do banking in person?

visitor , March 9, 2017 at 2:45 pm

Banks discourage that by

a) charging extortionate fees for "in-person" operations at the counter;

b) closing subsidiaries, thus making it tedious and time-consuming to visit a branch to perform banking operations in person;

c) eliminating the possibility to perform some or even all usual operations in any other form than online (see the advent of "Internet only" banks).

In theoretical terms, all this is called "nudging".

cfraenkel , March 9, 2017 at 12:07 pm

They're key fobs handed to you by your IT dept. The code displayed changes every couple of minutes. The plus is there's nothing sent over the air. The minus is the fobs are subject to theft, and are only good for connecting to 'home'. And since they have a cost, and need to be physically handed to you, they're not good fit for most two factor login applications (ie logging into your bank account).

meme , March 9, 2017 at 3:53 am

I watched (fast forwarded through, really) Morning Joe yesterday to see what they would have to say about Wikileaks. The show mostly revolved around the health care bill and Trump's lying and tweeting about Obama wiretapping him. They gave Tim Kaine plenty of time to discuss his recent trip to London talking to "some of our allies there" saying that they are concerned that "all the intelligence agencies" say the Rooskies "cyber hacked" our election, and since it looks like we aren't doing anything when we are attacked, they KNOW we won't do anything when they are attacked. (more red baiting)

The only two mentions I saw was about Wikileaks were, first, a question asked of David Cohen, ex Deputy Director of the CIA, who refused to confirm the Wikileaks were authentic, saying whatever tools and techniques the CIA had were used against foreign persons overseas, so there is no reason to worry that your TV is looking at you. And second, Senator Tom Cotton, who didn't want to comment on the contents of Wikileaks, only saying that the CIA is a foreign intelligence service, collecting evidence on foreign targets to keep our country safe, and it does not do intelligence work domestically.

So that appears to be their story, the CIA doesn't spy on us, and they are sticking with it, probably hoping the whole Wikileaks thing just cycles out of the news.

Direction , March 9, 2017 at 4:23 am

Thanks for mentioning Hastings. His death has always been more than suspicious.

skippy , March 9, 2017 at 5:46 am

Elite risk management reduction tool goes walkabout inverting its potential ..

disheveled . love it when a plan comes together ..

james wordsworth , March 9, 2017 at 5:50 am

The unwillingness of the main stream media (so far) to really cover the Wikileaks reveal is perhaps the bigger story. This should be ongoing front page stuff .. but it is not.

As for using ZeroHedge as a source for anything, can we give that a rest. That site has become a cesspool of insanity. It used to have some good stuff. Now it is just unreadable. SAD

And yes I know the hypocrisy of slamming ZH and the MSM at the same time we live in interesting times.

Yves Smith Post author , March 9, 2017 at 7:52 am

Your remarks on ZH are an ad hominem attack and therefore a violation of site policies. The onus is on you to say what ZH got wrong and not engage in an ungrounded smear. The mainstream media often cites ZH.

NC more than just about any other finance site is loath to link to ZH precisely because it is off base or hyperventilating a not acceptably high percent of the time, and is generally wrong about the Fed (as in governance and how money works). We don't want to encourage readers to see it as reliable. However, it is good on trader gossip and mining Bloomberg data.

And I read through its summary of the Wikileaks material as used by Gaius and there was nothing wrong with it. It was careful about attributing certain claims to Wikileaks as opposed to depicting them as true.

3urypteris , March 9, 2017 at 12:14 pm

1- Skip every article with no picture
2- Skip every article where the picture is a graph
3- Skip every article where the picture is of a single person's face
4- Skip every afticle where the picture is a cartoon
6- Skip all the "Guest Posts"
7- ALWAYS click through to the source

It is in my opinion a very high noise-to-signal source, but there is some there there.

sunny129 , March 9, 2017 at 7:20 pm

Finding the TRUTH is NOT that easy.

Discerning a 'news from noise' is NEVER that easy b/c it is an art, developed by years of shifting through ever increasing 'DATA information' load. This again has to be filtered and tested against one's own 'critical' thinking or reasoning! You have to give ZH, deserved credit, when they are right!

There is no longer a Black or white there, even at ZH! But it is one of the few, willing to challenge the main stream narrative 'kool aid'

TheCatSaid , March 9, 2017 at 6:14 am

In addition to the "para-intelligence" community (hat tip Code named D) there are multiple enterprises with unique areas of expertise that interface closely with the CIA. The long-exposed operations, which include entrapment and blackmailing of key actors to guarantee complicity, "loyalty" and/or sealed lips, infect businesses, NGOs, law enforcement agencies, judges, politicians, and other government agencies. Equal opportunity employment for those with strong stomachs and a weak moral compass.

Romancing The Loan , March 9, 2017 at 8:43 am

Yes I can't remember where I read it but it was a tale passed around supposedly by an FBI guy that had, along with his colleagues, the job of vetting candidates for political office. They'd do their background research and pass on either a thick or thin folder full of all the compromising dirt on each potential appointee. Over time he said he was perturbed to notice a persistent pattern where the thickest folders were always the ones who got in.

nobody , March 9, 2017 at 10:10 am

I learned this when I was in my 20s. The Catholic Church was funding my early critique of American foreign aid as being imperialist. I asked whether they thought I should go into politics. They said, "No, you'd never make it". And I said, "Why?" and they said, "Well, nobody has a police record or any other dirt on you." I asked what they meant. They said, "Unless they have something over you to blackmail you with, you're not going to be able to get campaign funding. Because they believe that you might do something surprising," in other words, something they haven't asked you to do. So basically throughout politics, on both sides of the spectrum, voters have candidates who are funded by backers who have enough over them that they can always blackmail.

craazyboy , March 9, 2017 at 8:20 am

I find the notion that my consumer electronics may be CIA microphones somewhat irritating, but my imagination quickly runs off to far worse scenarios. (although the popular phase, "You're tax dollars at work." keeps running thru my head like a earworm. And whenever I hear "conservatives" speak of their desire for "small government", usually when topics of health care, Medicare and social security come up, I can only manage a snort of incredulousness anymore)

One being malware penetrating our nuke power plants and shutting down the cooling system. Then the reactor slowly overheats over the next 3 days, goes critical, and blows the surrounding area to high heaven. We have plants all around the coast of the country and also around the Great Lakes Region – our largest fresh water store in a drought threatened future.

Then the same happening in our offensive nuke missile systems.

Some other inconvenient truths – the stuxnet virus has been redesigned. Kaspersky – premier anti malware software maker – had a variant on their corporate network for months before finally discovering it. What chance have we?

In China, hacking is becoming a consumer service industry. There are companies building high power data centers with a host of hacking tools. Anyone, including high school script kiddies, can rent time to use the sophisticated hacking tools, web search bots, and whatever, all hosted on powerful servers with high speed internet bandwidth.

Being a bit "spooked" by all this, I began to worry about my humble home computer and decided to research whatever products I could get to at least ward off annoying vandalism. Among other things, I did sign up for a VPN service. I'm looking at the control app for my VPN connection here and I see that with a simple checkbox mouse click I can make my IP address appear to be located in my choice of 40 some countries around the world. Romania is on the list!

flora , March 9, 2017 at 11:11 am

"my consumer electronics may be CIA microphones "

I haven't tested this, so can't confirm it works, but it sounds reasonable.
http://www.komando.com/tips/390304/secure-your-webcam-and-microphone-from-hackers

craazyboy , March 9, 2017 at 12:40 pm

Actually, I very much doubt that does work. The mic "pickup" would feed its analog output to a DAC (digital to analog converter) which would convert the signal to digital. This then goes to something similar to a virtual com port in the operating system. Here is where a malware program would pick it up and either create a audio file to be sent to an internet address, or stream it directly there.

The article is just plugging in a microphone at the output jack. The malware got the data long before it goes thru another DAC and analog amp to get to the speakers or output jack.

craazyboy , March 9, 2017 at 12:46 pm

s/b "plugging in a earbud at the output jack". They're confusing me too.

flora , March 9, 2017 at 2:43 pm

ah. thanks for vetting.

Stephen Gardner , March 9, 2017 at 2:53 pm

It's actually a input/output jack or, if you will, a mic/headphone jack.

Stephen Gardner , March 9, 2017 at 2:52 pm

It depends on how it is hooked up internally. Old fashioned amateur radio headphones would disable the speakers when plugged in because the physical insertion of the plug pushed open the connection to the speakers. The jack that you plug the ear buds into might do the same, disconnecting the path between the built-in microphone and the ADC (actually it is an ADC not a DAC). The only way to know is to take it apart and see how it is connected.

Pat , March 9, 2017 at 8:27 am

The CIA is not allowed to operate in the US is also the panacea for the public. And some are buying it. Along with everyone knows they can do this is fueling the NOTHING to see here keep walking weak practically non existent coverage.

Eureka Springs , March 9, 2017 at 8:31 am

At what point do people quit negotiating in terrorism and errorism? For this is what the police, the very State itself has long been. Far beyond being illegitimate, illegal, immoral, this is a clear and ever present danger to not just it's own people, but the rule of law itself. Blanket statements like we all know this just makes the dangerously absurd normal I'll never understand that part of human nature. But hey, the TSA literally just keeps probing further each and every year. Bend over!

Trump may not be the one for the task but we the people desperately need people 'unfit', for it is the many fit who brought us to this point. His unfit nature is as refreshing on these matters in its chaotic honest disbelief as Snowden and Wiki revelations. Refreshing because it's all we've got. One doesn't have to like Trump to still see missed opportunity so many should be telling him he could be the greatest pres ever if (for two examples) he fought tirelessly for single payer and to bring down this police state rather than the EPA or public education.

This cannot stand on so many levels. Not only is the fourth amendment rendered utterly void, but even if it weren't it falls far short of the protections we deserve.

No enemy could possibly be as bad as who we are and what we allow/do among ourselves. If an election can be hacked (not saying it was by Russia).. as these and other files prove anything can and will be hacked then our system is to blame, not someone else.

What amazes me is that the spooks haven't manufactured proof needed to take Trump out of office Bonfire of The Vanities style. I'd like to think the people have moved beyond the point they would believe manufactured evidence but the Russia thing proves otherwise.

These people foment world war while probing our every move and we do nothing!

If we wait for someone fit nothing will ever change because we wait for the police/media/oligarch state to tell us who is fit.

Anon , March 9, 2017 at 2:40 pm

being "unfit" does not automatically make someone a savior.

Stephen Gardner , March 9, 2017 at 3:05 pm

But being fit by the standards of our ruling class, the "real owners" as Carlin called them is, in my book, an automatic proof that they are up to no good. Trump is not my cup of tea as a president but no one we have had in a while wasn't clearly compromised by those who fund them. Did you ever wonder why we have never had a president or even a powerful member of congress that was not totally in the tank for that little country on the Eastern Mediterranean? Or the Gulf Monarchies? Do you think that is by accident? Do you think money isn't involved? Talk about hacked elections! We should be so lucky as to have ONLY Russians attempting to affect our elections. Money is what hacks US elections and never forget that. To me it is laughable to discuss hacking the elections without discussing the real way our "democracy" is subverted–money not document leaks or voting machine hacks. It's money.

Why isn't Saudi Arabia on Trump's list? Iran that has never been involved in a terrorist act on US soil is but not Saudi Arabia? How many 911 hijackers came from Iran? If anything saves Trump from destruction by the real owners of our democracy it is his devotion to the aforementioned countries.

Allegorio , March 9, 2017 at 4:00 pm

The point again is not to remove him from office but to control him. With Trump's past you better believe the surveillance state has more than enough to remove him from office. Notice the change in his rhetoric since inauguration? More and more he is towing the establishment Republican line. Of course this depends on whether you believe Trump is a break with the past or just the best liar out there. A very unpopular establishment would be clever in promoting their agent by pretending to be against him.

Anyone who still believes that the US is a democratic republic and not a mafia state needs to stick their heads deeper into the sands. When will the low information voters and police forces on whom a real revolution depends realize this is anyone's guess. The day is getting closer especially for the younger generation. The meme among the masses is that government has always been corrupt and that this is nothing new. I do believe the level of immorality among the credentialed classes is indeed very new and has become the new normal. Generations of every man for himself capitalist philosophy undermining any sense of morality or community has finally done its work.

HBE , March 9, 2017 at 8:47 am

Go take a jaunt over to huffpo, at the time of this post there was not a single mention of vault 7 on the front page. Just a long series of anti trump administration articles.

Glad to know for sure who the true warmongers were all along.

Arizona Slim , March 9, 2017 at 8:50 am

We need another Church Commission.

Eureka Springs , March 9, 2017 at 8:59 am

No.. The Church commission was a sweep it under the rug operation. It got us FISA courts. More carte blanche secrecy, not less. The commission nor the rest of the system didn't even hold violators of the time accountable.

We have files like Vault 7. Commissions rarely get in secret what we have right here before our eyes.

Arizona Slim , March 9, 2017 at 1:31 pm

Well, how about a Truth and Reconciliation Commission?

Foppe , March 9, 2017 at 1:55 pm

Cute but the ANC lost the war by acceding to WTO entry (which "forbade" distributive politics, land/resource redistribution, nationalizations, etc.).

River , March 9, 2017 at 10:59 am

Need Langley surrounded and fired upon by tanks at this point.

Err on the side of caution.

DJG , March 9, 2017 at 12:49 pm

River: Interesting historic parallel? I believe that the Ottomans got rid of the Janissaries that way, after the Janissaries had become a state within a state, by using cannons on their HQ

From Wiki entry, Janissaries:

The corps was abolished by Sultan Mahmud II in 1826 in the Auspicious Incident in which 6,000 or more were executed.[8]

polecat , March 9, 2017 at 12:53 pm

"Nuke it from orbit it's the only way to be sure . "

knowbuddhau , March 9, 2017 at 9:01 am

Took less than a minute to download the 513.33MB file. The passphrase is what JFK said he'd like to do to CIA: SplinterItIntoAThousandPiecesAndScatterItIntoTheWinds.

"The illegal we do immediately; the unconstitutional takes a little longer." Henry Kissinger, 1975.

Stormcrow , March 9, 2017 at 9:35 am

Here is Raimondo's take:
Spygate
http://original.antiwar.com/justin/2017/03/07/spygate-americas-political-police-vs-donald-j-trump/

The campaign to frame up and discredit Trump and his associates is characteristic of how a police state routinely operates. A national security apparatus that vacuums up all our communications and stores them for later retrieval has been utilized by political operatives to go after their enemies – and not even the President of the United States is immune. This is something that one might expect to occur in, say, Turkey, or China: that it is happening here, to the cheers of much of the media and the Democratic party, is beyond frightening.

The irony is that the existence of this dangerous apparatus – which civil libertarians have warned could and probably would be used for political purposes – has been hailed by Trump and his team as a necessary and proper function of government. Indeed, Trump has called for the execution of the person who revealed the existence of this sinister engine of oppression – Edward Snowden. Absent Snowden's revelations, we would still be in the dark as to the existence and vast scope of the NSA's surveillance.

And now the monster Trump embraced in the name of "national security" has come back to bite him.

We hear all the time that what's needed is an open and impartial "investigation" of Trump's alleged "ties" to Russia. This is dangerous nonsense: does every wild-eyed accusation from embittered losers deserve a congressional committee armed with subpoena power bent on conducting an inquisition? Certainly not.

What must be investigated is the incubation of a clandestine political police force inside the national security apparatus, one that has been unleashed against Trump – and could be deployed against anyone.

This isn't about Donald Trump. It's about preserving what's left of our old republic.

Perhapps overstated but well worth pondering.

SplinterItIntoAThousandPiecesAndScatterItIntoTheWinds. , March 9, 2017 at 10:06 am

Yeah I downloaded it the day it came out and spent an hour or so looking at it last night. First impressions – "heyyy this is like a Hackers Guide – the sort I used in the 80s, or DerEngel's Cable Modem Hacking" of the 00s.

2nd impressions – wow it really gives foundational stuff – like "Enable Debug on PolarSSL".

3rd impressions – "I could spend hours going thru this happily ".

4th impressions – I went looking for the "juicy bits" of interest to me – SOHO routers, small routers – sadly its just a table documenting routers sold around the world, and whether these guys have put the firmware in their Stash Repository. Original firmware, not hacked one. But the repository isn't in the vault dump, AFAIK.

Its quite fascinating. But trying to find the "juicy stuff" is going to be tedious. One can spend hours and hours going thru it. To speed up going thru it, I'm going to need some tech sites to say "where to go".

flora , March 9, 2017 at 11:21 am

It seems clear that Wikileaks has not and will not release actual ongoing method "how-to" info or hacking scripts. They are releasing the "whats", not the tech level detailed "hows". This seems like a sane approach to releasing the data. The release appears to be for political discussion, not for spreading the hacking tools. So I wouldn't look for "juicy bits" about detailed methodology. Just my guess.

That said, love what you're doing digging into this stuff. I look forward to a more detailed report in future. Thanks.

Sam F , March 9, 2017 at 10:10 am

Yves, I think that you much underestimate the extremity of these exposed violations of the security of freedom of expression, and of the security of private records. The WikiLeaks docs show that CIA has developed means to use all personal digital device microphones and cameras even when they are "off," and to send all of your files and personal data to themselves, and to send your private messages to themselves before they are encrypted. They have installed these spyware in the released version of Windows 10, and can easily install them on all common systems and devices.

This goes far beyond the kind of snooping that required specialized devices installed near the target, which could be controlled by warrant process. There is no control over this extreme spying. It is totalitarianism now.

This is probably the most extreme violation of the rights of citizens by a government in all of history. It is far worse than the "turnkey tyranny" against which Snowden warned, on the interception of private messages. It is tyranny itself, the death of democracy.

Outis Philalithopoulos , March 9, 2017 at 10:58 am

Your first sentence is a bit difficult to understand. If you read Yves' remarks introducing the post, she says that the revelations are "a big deal" "if the Wikileaks claim is even halfway true," while coming down hard on the MSM and others for "pooh-pooh[ing]" the story. Did you want her to add more exclamation points?

susan the other , March 9, 2017 at 10:59 am

So we have a zillion ways to spy and hack and deceive and assassinate, but no control. I think this is what the military refers to as "being overtaken by events."

It's easy to gather information; not so easy to analyze it, and somehow impossible to act on it in good faith. With all this ability to know stuff and surveil people the big question is, Why does everything seem so beyond our ability to control it?

We should know well in advance that banks will fail catastrophically; that we will indeed have sea level rise; that resources will run out; that water will be undrinkable; that people will be impossible to manipulate when panic hits – but what do we do? We play dirty tricks, spy on each other like voyeurs, and ignore the inevitable. Like the Stasi, we clearly know what happened, what is happening and what is going to happen. But we have no control.

NotTimothyGeithner , March 9, 2017 at 11:34 am

My godfather was in the CIA in the late sixties and early seventies, and he said that outside of the President's pet projects there was no way to sift through and bring important information to decision makers before it made the Washington Post (he is aware of the irony) and hit the President's breakfast table.

Arizona Slim , March 9, 2017 at 1:33 pm

Do you mean to say that the CIA leaked like a sieve? That's my understanding of your post.

Old Jake , March 9, 2017 at 6:05 pm

AS, I would interpret it as saying that there was so much coming in it was like trying to classify snowflakes in a snowstorm. They could pick a few subject areas to look at closely but the rest just went into the files.

Leaking like a sieve is also likely, but perhaps not the main point.

Andrew , March 9, 2017 at 11:14 am

The archive appears to have been circulated among government hackers and contractors in a authorized manner

There, that looks the more likely framing considering CIA & DNI on behalf of the whole US IC seemingly fostered wide dissimilation of these tools, information. Demonstration of media control an added plus.

Cheers Yves

Stormcrow , March 9, 2017 at 11:20 am

The Empire Strikes Back

WikiLeaks Has Joined the Trump Administration
Max Boot
Foreign Policy magazine

I guess we can only expect more of this.

Todd Pierce , on the other hand, nails it. (From his Facebook page.)
The East German Stasi could only dream of the sort of surveillance the NSA and CIA do now, with just as nefarious of purposes.

lyman alpha blob , March 9, 2017 at 11:42 am

Perhaps the scare quotes around "international mobster" aren't really necessary.

In all this talk about the various factions aligned with and against Trump, that's one I haven't heard brought up by anybody. With all the cement poured in Trump's name over the years, it would be naive to think his businesses had not brushed up against organized crime at some point. Question is, whose side are they on?

JTMcPhee , March 9, 2017 at 3:02 pm

Like all the other players, the "side" they are on is them-effing-selves. And isn't that the whole problem with our misbegotten species, writ large?

Then there's this: https://www.youtube.com/watch?v=s1Hzds9aGdA Maybe these people will be around and still eating after us urban insects and rodents are long gone? Or will our rulers decide no one should survive if they don't?

Skip Intro , March 9, 2017 at 12:55 pm

To what extent do these hacks represent the CIA operating within the US? To what extent is that illegal? With the democrats worshipping the IC, will anyone in an official position dare to speak out?

tegnost , March 9, 2017 at 1:05 pm

Well we know chuckie won't speak out..

FTA "Schumer said that as he understands, intelligence officials are "very upset with how [Trump] has treated them and talked about them.""

Oregoncharles , March 9, 2017 at 2:17 pm

I've long thought that the reason Snowden was pursued so passionately was that he exposed the biggest, most embarrassing secret: that the National "Security" Agency's INTERNAL security was crap.

And here it is: "Wikileaks claims that the CIA lost control of the majority of its hacking arsenal "

The CIA's internal security is crap, too. Really a lot of people should be fired over that, as well as over Snowden's release. We didn't hear of it happening in the NSA, though I'm not sure we would have. Given Gaius's description of Trump's situation, it seems unlikely it will happen this time, either. One of my hopes for a Trump administration, as long as we're stuck with it, was a thorough cleanout of the upper echelons in the IC. It's obviously long overdue, and Obama wasn't up to it. But I used the past tense because I don't think it's going to happen. Trump seems more interested in sucking up to them, presumably so they won't kill him or his family. That being one of their options.

Stephen Gardner , March 9, 2017 at 3:51 pm

Ah, that's the beauty of contracting it out. No one gets fired. Did anyone get fired because of Snowden? It was officially a contractor problem and since there are only a small number of contractors capable of doing the work, well you know. We can't get new ones.

tiebie66 , March 9, 2017 at 2:59 pm

What I find by far the most distressing is this: "The CIA had created, in effect, its "own NSA" with even less accountability ." [My emphasis]. It seems to characterize an organization that operates outside of any control and oversight – and one that is intentionally structuring itself that way. That worries me.

It is becoming increasingly clear that the Republic is lost because we didn't stand guard for it. Blaming others don't cut it either – we let it happen. And like the Germans about the Nazi atrocities, we will say that we didn't know about it.

JTMcPhee , March 9, 2017 at 3:06 pm

Hey, I didn't let it happen. Stuff that spooks and sh!tes do behind the Lycra ™ curtain happens because it is, what is the big word again, "ineluctable." Is my neighbor to blame for having his house half eaten by both kinds of termites, where the construction is such that the infestation and damage are invisible until the vast damage is done?

Stephen Gardner , March 9, 2017 at 4:08 pm

And just how were we supposed to stand guard against a secret and unaccountable organization that protected itself with a shield of lies? And every time some poor misfit complained about it they were told that they just didn't know the facts. If they only knew what our IC knows they would not complain.

It's a dangerous world out there and only our brave IC can protect us from it. Come on. Stop blaming the victim and place the blame where it belongs–our IC and MIC. I say stop feeding the beast with your loyalty to a government that has ceased to be yours.

Studiously avoid any military celebrations. Worship of the military is part of the problem. Remember, the people you thank for "their service" are as much victims as you are. Sadly they don't realize that their service is to a rotten empire that is not worthy of their sacrifice but every time we perform the obligatory ritual of thankfulness we participate in the lie that the service is to a democratic country instead of an undemocratic empire.

It's clearly a case of Wilfred Owen's classic "Dulce et Decorum Est". Read the poem, google it and read it. It is instructive: " you would not tell with such high zest To children ardent for some desperate glory, The old Lie: Dulce et decorum est Pro patria mori." Make no mistake. It is a lie and it can only be undone if we all cease to tell it.

nonsense factory , March 9, 2017 at 8:57 pm

Here's a pretty decent review of the various CIA programs revealed by Wikileaks:

http://www.libertyforjoe.com/2017/03/what-is-vault-7.html

"These CIA revelations in conjunction with those of the NSA paints a pretty dark future for privacy and freedom. Edward Snowden made us aware of the NSA's program XKEYSCORE and PRISM which are utilized to monitor and bulk collect information from virtually any electronic device on the planet and put it into a searchable database. Now Wikileaks has published what appears to be additional Big Brother techniques used by a competing agency. Say what you want about the method of discovery, but Pandora's box has been opened."

#### [Feb 21, 2017] Stockman Warns Trump Flynns Gone But They are Still Gunning For You, Donald

##### "... The Donald has been warned. ..."
###### Feb 21, 2017 | www.zerohedge.com
Submitted via The Ron Paul Institute for Peace & Prosperity,

General Flynn's tenure in the White House was only slightly longer than that of President-elect William Henry Harrison in 1841. Actually, with just 24 days in the White House, General Flynn's tenure fell a tad short of old "Tippecanoe and Tyler Too". General Harrison actually lasted 31 days before getting felled by pneumonia.

And the circumstances were considerably more benign. It seems that General Harrison had a fondness for the same "firewater" that agitated the native Americans he slaughtered at the famous battle memorialized in his campaign slogan. In fact, during the campaign a leading Democrat newspaper skewered the old general, who at 68 was the oldest US President prior to Ronald Reagan, saying:

Give him a barrel of hard [alcoholic] cider, and a pension of two thousand [dollars] a year and he will sit the remainder of his days in his log cabin.

That might have been a good idea back then (or even now), but to prove he wasn't infirm, Harrison gave the longest inaugural address in US history (2 hours) in the midst of seriously inclement weather wearing neither hat nor coat.

That's how he got pneumonia! Call it foolhardy, but that was nothing compared to that exhibited by Donald Trump's former national security advisor.

General Flynn got the equivalent of political pneumonia by talking for hours during the transition to international leaders, including Russia's ambassador to the US, on phone lines which were bugged by the CIA. Or more accurately, making calls which were "intercepted" by the very same NSA/FBI spy machinery that monitors every single phone call made in America.

Ironically, we learned what Flynn should have known about the Deep State's plenary surveillance from Edward Snowden. Alas, Flynn and Trump wanted the latter to be hung in the public square as a "traitor", but if that's the solution to intelligence community leaks, the Donald is now going to need his own rope factory to deal with the flood of traitorous disclosures directed against him.

In any event, it was "intercepts" leaked from deep in the bowels of the CIA to the Washington Post and then amplified in a 24/7 campaign by the War Channel (CNN) that brought General Flynn down.

But here's the thing. They were aiming at Donald J. Trump. And for all of his puffed up bluster about being the savviest negotiator on the planet, the Donald walked right into their trap, as we shall amplify momentarily.

But let's first make the essence of the matter absolutely clear. The whole Flynn imbroglio is not about a violation of the Logan Act owing to the fact that the general engaged in diplomacy as a private citizen.

It's about re-litigating the 2016 election based on the hideous lie that Trump stole it with the help of Vladimir Putin. In fact, Nancy Pelosi was quick to say just that:

'The American people deserve to know the full extent of Russia's financial, personal and political grip on President Trump and what that means for our national security,' House Minority Leader Nancy Pelosi said in a press release.

Yet, we should rephrase. The re-litigation aspect reaches back to the Republican primaries, too. The Senate GOP clowns who want a war with practically everybody, John McCain and Lindsey Graham, are already launching their own investigation from the Senate Armed Services committee.

And Senator Graham, the member of the boobsey twins who ran for President in 2016 while getting a GOP primary vote from virtually nobody, made clear that General Flynn's real sin was a potential peace overture to the Russians:

Sen. Lindsey Graham also said he wants an investigation into Flynn's conversations with a Russian ambassador about sanctions: "I think Congress needs to be informed of what actually Gen. Flynn said to the Russian ambassador about lifting sanctions," the South Carolina Republican told CNN's Kate Bolduan on "At This Hour. And I want to know, did Gen. Flynn do this by himself or was he directed by somebody to do it?"

We say good riddance to Flynn, of course, because he was a shrill anti-Iranian warmonger. But let's also not be fooled by the clinical term at the heart of the story. That is, "intercepts" mean that the Deep State taps the phone calls of the President's own closest advisors as a matter of course.

This is the real scandal as Trump himself has rightly asserted. The very idea that the already announced #1 national security advisor to a President-elect should be subject to old-fashion "bugging," albeit with modern day technology, overwhelmingly trumps the utterly specious Logan Act charge at the center of the case.

As one writer for LawNewz noted regarding acting Attorney General Sally Yates' voyeuristic pre-occupation with Flynn's intercepted conversations, Nixon should be rolling in his grave with envy:

Now, information leaks that Sally Yates knew about surveillance being conducted against potential members of the Trump administration, and disclosed that information to others. Even Richard Nixon didn't use the government agencies themselves to do his black bag surveillance operations. Sally Yates involvement with this surveillance on American political opponents, and possibly the leaking related thereto, smacks of a return to Hoover-style tactics. As writers at Bloomberg and The Week both noted, it wreaks of 'police-state' style tactics. But knowing dear Sally as I do, it comes as no surprise.

Yes, that's the same career apparatchik of the permanent government that Obama left behind to continue the 2016 election by other means. And it's working. The Donald is being rapidly emasculated by the powers that be in the Imperial City due to what can only be described as an audacious and self-evident attack on Trump's Presidency by the Deep State.

Indeed, it seems that the layers of intrigue have gotten so deep and convoluted that the nominal leadership of the permanent government machinery has lost track of who is spying on whom. Thus, we have the following curious utterance by none other than the Chairman of the House Intelligence Committee, Rep. Devin Nunes:

'I expect for the FBI to tell me what is going on, and they better have a good answer,' he told The Washington Post. 'The big problem I see here is that you have an American citizen who had his phone calls recorded.'

Well, yes. That makes 324 million of us, Congressman.

But for crying out loud, surely the oh so self-important chairman of the House intelligence committee knows that everybody is bugged. But when it reaches the point that the spy state is essentially using its unconstitutional tools to engage in what amounts to "opposition research" with the aim of election nullification, then the Imperial City has become a clear and present danger to American democracy and the liberties of the American people.

As Robert Barnes of LawNewz further explained, Sally Yates, former CIA director John Brennan and a large slice of the Never Trumper intelligence community were systematically engaged in "opposition research" during the campaign and the transition:

According to published reports, someone was eavesdropping, and recording, the conversations of Michael Flynn, while Sally Yates was at the Department of Justice. Sally Yates knew about this eavesdropping, listened in herself (Pellicano-style for those who remember the infamous LA cases), and reported what she heard to others. For Yates to have such access means she herself must have been involved in authorizing its disclosure to political appointees, since she herself is such a political appointee. What justification was there for an Obama appointee to be spying on the conversations of a future Trump appointee?

Consider this little tidbit in The Washington Post . The paper, which once broke Watergate, is now propagating the benefits of Watergate-style surveillance in ways that do make Watergate look like a third-rate effort. (With the) FBI 'routinely' monitoring conversations of Americans...... Yates listened to 'the intercepted call,' even though Yates knew there was 'little chance' of any credible case being made for prosecution under a law 'that has never been used in a prosecution.'

And well it hasn't been. After all, the Logan Act was signed by President John Adams in 1799 in order to punish one of Thomas Jefferson's supporters for having peace discussions with the French government in Paris. That is, it amounted to pre-litigating the Presidential campaign of 1800 based on sheer political motivation.

According to the Washington Post itself, that is exactly what Yates and the Obama holdovers did day and night during the interregnum:

Indeed, the paper details an apparent effort by Yates to misuse her office to launch a full-scale secret investigation of her political opponents, including 'intercepting calls' of her political adversaries.

So all of the feigned outrage emanating from Democrats and the Washington establishment about Team Trump's trafficking with the Russians is a cover story. Surely anyone even vaguely familiar with recent history would have known there was absolutely nothing illegal or even untoward about Flynn's post-Christmas conversations with the Russian Ambassador.

Indeed, we recall from personal experience the thrilling moment on inauguration day in January 1981 when word came of the release of the American hostages in Tehran. Let us assure you, that did not happen by immaculate diplomatic conception -- nor was it a parting gift to the Gipper by the outgoing Carter Administration.

To the contrary, it was the fruit of secret negotiations with the Iranian government during the transition by private American citizens. As the history books would have it because it's true, the leader of that negotiation, in fact, was Ronald Reagan's national security council director-designate, Dick Allen.

As the real Washington Post later reported, under the by-line of a real reporter, Bob Woodward:

Reagan campaign aides met in a Washington DC hotel in early October, 1980, with a self-described 'Iranian exile' who offered, on behalf of the Iranian government, to release the hostages to Reagan, not Carter, in order to ensure Carter's defeat in the November 4, 1980 election.

The American participants were Richard Allen, subsequently Reagan's first national security adviser, Allen aide Laurence Silberman, and Robert McFarlane, another future national security adviser who in 1980 was on the staff of Senator John Tower (R-TX).

To this day we have not had occasion to visit our old friend Dick Allen in the US penitentiary because he's not there; the Logan Act was never invoked in what is surely the most blatant case ever of citizen diplomacy.

So let's get to the heart of the matter and be done with it. The Obama White House conducted a sour grapes campaign to delegitimize the election beginning November 9th and it was led by then CIA Director John Brennan.

That treacherous assault on the core constitutional matter of the election process culminated in the ridiculous Russian meddling report of the Obama White House in December. The latter, of course, was issued by serial liar James Clapper, as national intelligence director, and the clueless Democrat lawyer and bag-man, Jeh Johnson, who had been appointed head of the Homeland Security Department.

Yet on the basis of the report's absolutely zero evidence and endless surmise, innuendo and "assessments", the Obama White House imposed another round of its silly school-boy sanctions on a handful of Putin's cronies.

Of course, Flynn should have been telling the Russian Ambassador that this nonsense would be soon reversed!

But here is the ultimate folly. The mainstream media talking heads are harrumphing loudly about the fact that the very day following Flynn's call -- Vladimir Putin announced that he would not retaliate against the new Obama sanctions as expected; and shortly thereafter, the Donald tweeted that Putin had shown admirable wisdom.

That's right. Two reasonably adult statesman undertook what might be called the Christmas Truce of 2016. But like its namesake of 1914 on the bloody no man's land of the western front, the War Party has determined that the truce-makers shall not survive.

The Donald has been warned.

Assange is about to face censorship from one LENIN Moreno (next Ecuadorian president)

How ironic

Darktarra -> xythras , Feb 20, 2017 10:11 PM

We haven't had deep state (successfully) take out a President since JFK. I am sure they will literally be gunning for Donald Trump! His election screwed up the elite's world order plans ... poor Soros ... time for him to take a dirt knap!

Be careful Trump! They will try and kill you! The United States government is COMPLETELY corrupt. Draining the swamp means its either you or they die!

wanglee -> Darktarra , Feb 20, 2017 10:18 PM

Let us help Trump's presidency to make America (not globalist) great again.

Not only democrats rigged Primary to elect Clinton as presidential candidate last year even though she has poor judgement (violating government cyber security policy) and is incompetent (her email server was not secured) when she was the Secretary of State, and was revealed to be corrupt by Bernie Sanders during the Primary, but also democrats encourage illegal immigration, discourage work, and "conned" young voters with free college/food/housing/health care/Obama phone. Democratic government employees/politicians also committed crimes to leak classified information which caused former National Security Adviser Michael Flynn losing his job and undermined Trump's presidency.

However middle/working class used their common senses voting against Clinton last November. Although I am not a republican and didn't vote in primary but I voted for Trump and those Republicans who supported Trump in last November since I am not impressed with the "integrity" and "judgement" of democrats, Anti-Trump protesters, Anti-Trump republicans, and those media who endorsed Clinton during presidential election and they'll work for globalists, the super rich, who moved jobs/investment overseas for cheap labor/tax and demanded middle/working class to pay tax to support welfare of illegal aliens and refugees who will become globalist's illegal voters and anti-Trump protesters.

To prevent/detect voter fraud, "voter ID" and "no mailing ballots" must be enforced to reduce possible "voter frauds on a massive scale" committed by democratic/republic/independent party operatives. All the sanctuary counties need to be recounted and voided county votes if recount fails since the only county which was found to count one vote many times is the only "Sanctuary" county, Wayne county, in recount states (Pennsylvania, Michigan and Wisconsin) last year. The integrity of voting equipment and voting system need to be tested, protected and audited. There were no voting equipment stuck to Trump. Yet, many voting equipment were found to switch votes to Clinton last November. Voter databases need to be kept current. Encourage reporting of "voter fraud on a massive scale" committed by political party operatives with large reward.

Cashing in: Illegal immigrants get $1,261 more welfare than American families,$5,692 vs. $4,431 ( http://www.washingtonexaminer.com/cashing-in-illegal-immigrants-get-1261... ) DEA Report Shows Infiltration of Mexican Drug Cartels in Sanctuary Cities ( http://www.breitbart.com/texas/2015/09/08/dea-report-shows-infiltration-... ) Welfare Discourages Work( http://www.breitbart.com/big-government/2015/04/27/the-science-is-settle... ) Hillary Clinton Says Bernie Sanders's "Free College" Tuition Plan Is All a Lie ( http://www.teenvogue.com/story/clinton-says-sanders-free-tuition-wont-wo... UC Berkeley Chancellor: Hillary Clinton 'Free' College Tuition Plan Won't Happen ( http://www.breitbart.com/big-government/2016/09/30/uc-berkeley-chancello... ) Bill Clinton Impeachment Chief Investigator: I'm 'Terrified' of Hillary because we know that there were "People" who "Disappeared" ( http://www.breitbart.com/2016-presidential-race/2016/10/30/exclusive-bil... ) Former FBI Asst. Director Accuses Clintons Of Being A "Crime Family" ( http://www.zerohedge.com/news/2016-10-30/former-fbi-asst-director-accuse... ) FBI boss Comey's 7 most damning lines on Clinton ( http://www.cnn.com/2016/07/05/politics/fbi-clinton-email-server-comey-da... ). Aides claiming she "could not use a computer," and didn't know her email password– New FBI docs ( https://www.rt.com/usa/360528-obama-implicated-clinton-email/ ). 23 Shocking Revelations From The FBI's Clinton Email Report ( http://dailycaller.com/2016/09/02/23-shocking-revelations-from-the-fbis-... ) DOJ grants immunity to ex-Clinton staffer who set up her email server ( http://www.cnn.com/2016/03/02/politics/hillary-clinton-email-server-just... ) Former House Intelligence Chairman: I'm '100 Percent' Sure Hillary's Server Was Hacked ( http://www.breitbart.com/2016-presidential-race/2016/11/06/former-house-... ) Exclusive - Gen. Mike Flynn: Hillary Clinton's Email Setup Was 'Unbelievable Active Criminal Behavior' ( http://www.breitbart.com/2016-presidential-race/2016/11/06/exclusive-gen... ) Clinton directed her maid to print out classified materials ( http://nypost.com/2016/11/06/clinton-directed-her-maid-to-print-out-clas... ) Obama lied to the American people about his secret communications with Clinton( http://www.thepoliticalinsider.com/president-barack-obama-hillary-email-... ) Former U.S. Attorney General, John Ashcroft: FBI didn't 'clear' Clinton ( https://www.youtube.com/watch?v=VFYQ3Cdp0zQ ) When the Clintons Loved Russia Enough to Sell Them Our Uranium ( http://www.breitbart.com/2016-presidential-race/2016/07/25/flashback-cli... ) Wikileaks: Clinton Foundation Chatter with State Dept on Uranium Deal with Russia ( http://www.breitbart.com/big-government/2016/10/08/wikileaks-putting-on-... ) Russian officials donated $$to Clinton Foundation for Russian military research ( http://www.breitbart.com/radio/2016/12/16/schweizer-insecure-left-wants-... ) Cash Flowed to Clinton Foundation Amid Russian Uranium Deal ( https://www.nytimes.com/2015/04/24/us/cash-flowed-to-clinton-foundation-... ) HILLARY CAMPAIGN CHIEF LINKED TO MONEY-LAUNDERING IN RUSSIA ( HTTP://WWW.WND.COM/2016/10/HILLARY-CAMPAIGN-CHIEF-LINKED-TO-MONEY-LAUNDE... ) The largest source of Trump campaign funds is small donors giving under 200 ( http://www.huffingtonpost.com/entry/donald-trump-self-fund_us_57fd4556e4... ) How mega-donors helped raise 1 billion for Hillary Clinton ( https://www.washingtonpost.com/politics/how-mega-donors-helped-raise-1-b... ) Final newspaper endorsement count: Clinton 57, Trump 2 ( http://thehill.com/blogs/ballot-box/presidential-races/304606-final-news... ) Journalists shower Hillary Clinton with campaign cash ( https://www.publicintegrity.org/2016/10/17/20330/journalists-shower-hill... ) Judicial Watch Planning to Sue FBI, NSA, CIA for Flynn Records ( http://www.breitbart.com/big-government/2017/02/16/judicial-watch-planni... ) President Trump Vowed to Investigate Voter Fraud. Then Lawmakers Voted to "Eliminate" Election Commission Charged with Helping States Improve their Voting Systems ( http://time.com/4663250/house-committee-eliminates-election-commission-v... ) California's Recipe for Voter Fraud on a Massive Scale( http://www.breitbart.com/california/2017/01/27/voter-fraud/ ) California Republican Party Official Alleges Voter Fraud In California, a "Sanctuary" state ( http://sanfrancisco.cbslocal.com/2016/11/28/trump-among-those-saying-vot... ) BREAKING: Massive Voter Fraud Discovered In Mailing Ballots In Pennsylvania! See Huge Twist In Results! ( http://www.usapoliticstoday.com/massive-voter-fraud-pennsylvania/ ) "Voting Fraud" revealed during "Recount": Scanners were used to count one vote many times to favor Clinton in Wayne County, a "Sanctuary" county including Detroit and surrounding areas.( http://www.zerohedge.com/news/2016-12-06/michigan-republicans-file-emerg... ) Illegal Voters Tipping Election Scales ( http://www.frontpagemag.com/fpm/243947/illegal-voters-tipping-election-s... ) Voter Fraud: We've Got Proof It's Easy ( http://www.nationalreview.com/article/368234/voter-fraud-weve-got-proof-... ) Voter Fraud Is Real. Here's The Proof ( http://thefederalist.com/2016/10/13/voter-fraud-real-heres-proof/ ) Here's Why State Election Officials Think Voter Fraud Is a Serious Problem ( http://dailysignal.com/2017/02/17/heres-why-state-election-officials-thi... ) Documented Voter Fraud in US ( http://www.discoverthenetworks.org/ViewSubCategory.asp?id=2216 ) No, voter fraud isn't a myth: 10 cases where it's all too real ( http://www.washingtontimes.com/news/2016/oct/17/no-voter-fraud-isnt-myth... ) Non-US citizen gets eight years for voter fraud in Texas after "Sucessfully Illegally Voted for at least Five Times" in Dallas county, a "Sanctuary" county( http://www.theblaze.com/news/2017/02/09/non-us-citizen-gets-eight-years-... ) Democratic party operatives tell us how to successfully commit voter fraud on a massive scale ( http://www.thegatewaypundit.com/2016/10/james-okeefe-rigging-elections-d... ) Texas Rigged? Reports Of Voting Machines Switching Votes To Hillary In Texas( http://www.zerohedge.com/news/2016-10-25/texas-rigged-first-reports-voti... ) Voting Machine "Irregularities" Reported in Utah, Tennessee, Pennsylvania, & North Carolina ( http://www.zerohedge.com/news/2016-11-08/voting-machine-irregularities-r... ) Video: Machine Refuses to Allow Vote For Trump in Pennsylvania ( http://www.infowars.com/video-machine-refuses-to-allow-vote-for-trump-in... ) Electoral fraud ( https://en.wikipedia.org/wiki/Electoral_fraud ) Voter fraud ( https://ballotpedia.org/Voter_fraud ) Sanctuary Cities Continue to Obstruct Enforcement, Threaten Public Safety( http://cis.org/Sanctuary-Cities-Map ) List of Sanctuary cities( http://www.apsanlaw.com/law-246.List-of-Sanctuary-cities.html ) Map Shows Sanctuary City Islands of Blue In Sea of Red ( http://www.infowars.com/map-shows-sanctuary-city-islands-of-blue-in-sea-... ) Chris Dakota -> wanglee , Feb 20, 2017 10:59 PM I hit some long click bait about famous people IQ Barack Obama 140 Donald Trump 156 Trump knows whats coming. Rush Limbaugh said "I've known Trump for a long time, he is a winner and I am sure none of this phases him at all. The media didn't create him, the media can't destroy him." CheapBastard -> Darktarra , Feb 20, 2017 10:19 PM Flynn has been there for several years. If he was such a threat why did they not take action sooner since Soweeto appointed him in 2012? It must be that Soweto Obama is his spy buddy then, both of them in league with the Russians since Obama has been with Flynn for a much longer time he had to know if something was up. The entire Russian spy story is a complete Fake news rouse. I am wondering what they'll say tomorrow to draw attention awya form the muslim riots in Sweden. If the news of Muslim riots in Sweden, then Trump will be even more vindicated and the MSM will look even more stupid and Fake. Chupacabra-322 -> CheapBastard , Feb 20, 2017 10:54 PM The Deep State has accentually lost control of the Intelligence Community via its Agents / Operatives & Presstitute Media vehicle's to Gas Light the Masses. So what Criminals at large Obama, Clapper & Lynch have done 17 days prior to former CEO Criminal Obama leaving office was to Decentralize & weaken the NSA. As a result, Intel gathering was then regulated to the other 16 Intel Agencies. Thus, taking Centuries Old Intelligence based on a vey stringent Centralized British Model, De Centralized it, filling the remaining 16 Intel Agenices with potential Spies and a Shadow Deep State Mirror Government. All controlled from two blocks away at Pure Evil Criminal War Criminal Treasonous at large, former CEO Obama's Compound / Lair. It's High Treason being conducted "Hidden In Plain View" by the Deep State. It's the most Bizzare Transition of Power I've ever witnessed. Unprecedented. oncefired -> CheapBastard , Feb 20, 2017 11:07 PM http://www.thomaswictor.com/leakers-beware/ Duc888 -> CheapBastard , Feb 20, 2017 11:11 PM Flynn did not tell Pence that Pence's best friend was front and center on the Pizzagate list. That's what cost Flynn his job...it had fuck all do do with the elections. #### [Feb 15, 2017] Flynn Resignation Is a Surveillance State Coup Nightmare ##### The globalist mafia is trying to destroy Trump. There might be the same part of intelligence community which is still loyal to Bill and Hillary Clinton. ##### Still Flynn discussing sanctions, which could have been a violation of an 18th century law, the Logan Act, that bars unauthorized citizens from brokering deals with foreign governments involved in disputes with the United States. ##### Keith Kellogg links with Oracle my be as asset to Trump team. ###### Feb 15, 2017 | www.breitbart.com As far back as the passage of the Patriot Act after 9/11, civil libertarians worried about the surveillance state, the Panopticon, the erosion of privacy rights and due process in the name of national security. Paranoid fantasies were floated that President George W. Bush was monitoring the library cards of political dissidents. Civil libertarians hailed NSA contractor Edward Snowden as a hero, or at least accepted him as a necessary evil, for exposing the extent of Internet surveillance under President Barack Obama. Will civil libertarians now speak up for former National Security Adviser Michael Flynn, whose career has been destroyed with a barrage of leaked wiretaps? Does anyone care if those leaks were accurate or legal? Over the weekend, a few honest observers of the Flynn imbroglio noted that none of the strategically leaked intercepts of his conversations with Russian Ambassador Sergey Kislyak proved he actually did anything wrong . The media fielded accusations that Flynn discussed lifting the Obama administration's sanctions on Russia – a transgression that would have been a serious violation of pre-inauguration protocol at best, and a prosecutable offense at worst. Flynn ostensibly sealed his fate by falsely assuring Vice President Mike Pence he had no such discussions with Kislyak, prompting Pence to issue a robust defense of Flynn that severely embarrassed Pence in retrospect. On Tuesday, Eli Lake of Bloomberg News joined the chorus of skeptics who said the hive of anonymous leakers infesting the Trump administration never leaked anything that proved Flynn lied to Pence: He says in his resignation letter that he did not deliberately leave out elements of his conversations with Ambassador Sergey Kislyak when he recounted them to Vice President Mike Pence. The New York Times and Washington Post reported that the transcript of the phone call reviewed over the weekend by the White House could be read different ways. One White House official with knowledge of the conversations told me that the Russian ambassador raised the sanctions to Flynn and that Flynn responded that the Trump team would be taking office in a few weeks and would review Russia policy and sanctions . That's neither illegal nor improper. Lake also noted that leaks of sensitive national security information, such as the transcripts of Flynn's phone calls to Kislyak, are extremely rare. In their rush to collect a scalp from the Trump administration, the media forgot to tell its readers how unusual and alarming the Flynn-quisition was: It's very rare that reporters are ever told about government-monitored communications of U.S. citizens, let alone senior U.S. officials. The last story like this to hit Washington was in 2009 when Jeff Stein, then of CQ, reported on intercepted phone calls between a senior Aipac lobbyist and Jane Harman, who at the time was a Democratic member of Congress. Normally intercepts of U.S. officials and citizens are some of the most tightly held government secrets. This is for good reason. Selectively disclosing details of private conversations monitored by the FBI or NSA gives the permanent state the power to destroy reputations from the cloak of anonymity. This is what police states do. In the past it was considered scandalous for senior U.S. officials to even request the identities of U.S. officials incidentally monitored by the government (normally they are redacted from intelligence reports). John Bolton's nomination to be U.S. ambassador to the United Nations was derailed in 2006 after the NSA confirmed he had made 10 such requests when he was Undersecretary of State for Arms Control in George W. Bush's first term. The fact that the intercepts of Flynn's conversations with Kislyak appear to have been widely distributed inside the government is a red flag. While President Trump contemplated Flynn's fate on Monday evening, the Wall Street Journal suggested: "How about asking if the spooks listening to Mr. Flynn obeyed the law?" Among the questions the WSJ posed was whether intelligence agents secured proper FISA court orders for the surveillance of Flynn. That s the sort of question that convulsed the entire political spectrum, from liberals to libertarians, after the Snowden revelations. Not long ago, both Democrats and Republicans were deeply concerned about accountability and procedural integrity for the sprawling surveillance apparatus developed by our law enforcement and intelligence agencies. Those are among the most serious concerns of the Information Age, and they should not be cast aside in a mad dash to draw some partisan blood. There are several theories as to exactly who brought Flynn down and why. Was it an internal White House power struggle, the work of Obama administration holdovers, or the alligators of the "Deep State" lunging to take a bite from the president who promised to "drain the swamp?" The Washington Free Beacon has sources who say Flynn's resignation is "the culmination of a secret, months-long campaign by former Obama administration confidantes to handicap President Donald Trump's national security apparatus and preserve the nuclear deal with Iran." Flynn has prominently opposed that deal. According to the Free Beacon, this "small task force of Obama loyalists" are ready to waylay anyone in the Trump administration who threatens the Iran deal, their efforts coordinated by the sleazy Obama adviser who boasted of his ability to manipulate the press by feeding them lies, Ben Rhodes. Some observers are chucking at the folly of Michael Flynn daring to take on the intelligence community, and paying the price for his reckless impudence. That is not funny – it is terrifying. In fact, it is the nightmare of the rogue NSA come to life, the horror story that kept privacy advocates tossing in their sheets for years. Michael Flynn was appointed by the duly elected President of the United States. He certainly should not have been insulated from criticism, but if he was brought down by entrenched, unelected agency officials, it is nearly a coup – especially if, as Eli Lake worried on Twitter, Flynn's resignation inspires further attacks with even higher-ranking targets: This was a major error for @Reince & @mike_pence It's now open season on this administration from without and within. #FlynnResignation - Eli Lake (@EliLake) February 14, 2017 Lake's article caught the eye of President Trump, who endorsed his point that intelligence and law enforcement agencies should not interfere in U.S. politics: Thank you to Eli Lake of The Bloomberg View – "The NSA & FBI should not interfere in our politics and is" Very serious situation for USA - Donald J. Trump (@realDonaldTrump) February 15, 2017 On the other hand, Bill Kristol of the Weekly Standard openly endorsed the Deep State overthrowing the American electorate and overturning the results of the 2016 election: Obviously strongly prefer normal democratic and constitutional politics. But if it comes to it, prefer the deep state to the Trump state. - Bill Kristol (@BillKristol) February 14, 2017 Among the many things hideously wrong with this sentiment is that the American people know absolutely nothing about the leakers who brought Flynn down, and might be lining up their next White House targets at this very moment. We have no way to evaluate their motives or credibility. We didn't vote for them, and we will have no opportunity to vote them out of office if we dissent from their agenda. As mentioned above, we do not know if the material they are leaking is accurate . Byron York of the Washington Examiner addressed the latter point by calling for full disclosure: Important that entire transcript of Flynn-Kislyak conversation be released. Leakers have already cherrypicked. Public needs to see it all. - Byron York (@ByronYork) February 14, 2017 That is no less important with Flynn's resignation in hand. We still need to know the full story of his downfall. The American people deserve to know who is assaulting the government they voted for in 2016. They deserve protection from the next attempt to manipulate our government with cherry picked leaks. They also deserve some intellectual consistency from those who have long and loudly worried about the emergence of a surveillance state, and from conservatives who claim to value the rule of law. Unknown persons with a mysterious agenda just made strategic use of partial information from a surveillance program of uncertain legality to take out a presidential adviser. Whether it's an Obama shadow government staging a Beltway insurrection, or Deep State officials protecting their turf, this is the nightmare scenario of the post-Snowden era or are we not having that nightmare anymore, if we take partisan pleasure in the outcome? #### [Feb 07, 2017] How the CIA made Google ###### Feb 07, 2017 | www.zerohedge.com Pinto Currency -> J S Bach , Feb 6, 2017 10:47 PM How the CIA made Google 918pigpen -> buckstopshere , Feb 6, 2017 10:42 PM People ask me why I refused to use google many years ago. THIS!!! Yars Revenge , Feb 6, 2017 10:39 PM (((GOOGLE))) rlouis , Feb 6, 2017 10:45 PM So, the alphabet company, aka CIA is funding this? wisefool , Feb 6, 2017 10:45 PM Who would have think some kids working on bublesort 2.0 (1980s era search engine tech) could have bootstrapped themselves to the biggest brand in the world. Until facebook came along. They did not get a 1 million dollar loan from their dad like donald trump did. They might have got some money from big brother. But we don't talk about that in polite company. Neochrome , Feb 6, 2017 10:48 PM If you're a thief, it's your "duty" to break the law. Google's chairman says he is "proud" of the way his company avoids paying taxes. "It's called capitalism," Eric Schmidt told Bloomberg in a Wednesday article. "We are proudly capitalistic. I'm not confused about this." Google's effective U.S. tax rate is unclear. Citizens for Tax Justice did not analyze Google in a 2011 study because Google reports most of its profits as foreign, even though that may not be true. #### [Jan 21, 2017] Obama promised to reverse the growth of the surveillance state. He did the opposite. ##### Notable quotes: ##### "... President Obama will go down in history as the man who helped entrench history's largest and most powerful surveillance state ..." ##### "... Obama didn't just fall short of progressive hopes - he went in the opposite direction ..." ##### "... he broke a campaign promise and voted for a bill expanding government surveillance and granting immunity to telecommunications companies who helped Bush spy on Americans. ..." ##### "... Upon becoming president, the already vast surveillance powers of the United States have expanded . By 2010, the NSA was collecting 1.7 billion emails, phone calls, and other types of communications. By 2012, XKeyscore - which sweeps up "everything a user typically does on the internet" - was storing as much as forty-one billion records in thirty days. This gargantuan volume of data has the ironic effect of making it harder to detect security threats. ..." ##### "... The use of secret laws - hidden from public eyes and often related to surveillance activities - shot up under Obama. The administration tried (and failed) to force Apple to insert security flaws in its phones, to give law enforcement a potential "back door" around encryption. ..." ##### "... But this would not have happened - and the scope of US surveillance would have stayed secret - had it not been for the disclosures by Edward Snowden, whom Obama criticized and refused to pardon in the waning days of his administration, even as he claimed to " welcome " a debate on surveillance. ..." ###### Jan 21, 2017 | www.jacobinmag.com President Obama will go down in history as the man who helped entrench history's largest and most powerful surveillance state, providing it with a liberal legitimacy that left it largely immune from criticism during his two terms. As President Trump takes the reins of that surveillance state's power in whatever terrifying ways he chooses, we should remember that it was Obama who paved the way for him. Obama has often been painted as a disappointing president, one who reached for the stars but ultimately, whether due to Republican obstructionism or the disappointing realities of governing, fell short. In the area of state surveillance, however, Obama didn't just fall short of progressive hopes - he went in the opposite direction. Obama built his career opposing the Patriot Act and Bush-era secrecy. He made this opposition a centerpiece of his presidential campaign, promising "no more illegal wiretapping of American citizens. No more national security letters to spy on citizens who are not suspected of a crime . . . No more ignoring the law when it is convenient." The first sign of his waning commitment came three months after a glowing Times op-ed declared him potentially the first civil libertarian president, when he broke a campaign promise and voted for a bill expanding government surveillance and granting immunity to telecommunications companies who helped Bush spy on Americans. Upon becoming president, the already vast surveillance powers of the United States have expanded . By 2010, the NSA was collecting 1.7 billion emails, phone calls, and other types of communications. By 2012, XKeyscore - which sweeps up "everything a user typically does on the internet" - was storing as much as forty-one billion records in thirty days. This gargantuan volume of data has the ironic effect of making it harder to detect security threats. The use of secret laws - hidden from public eyes and often related to surveillance activities - shot up under Obama. The administration tried (and failed) to force Apple to insert security flaws in its phones, to give law enforcement a potential "back door" around encryption. It extended controversial Patriot Act provisions year after year. Less than a week before Donald Trump, a man he has called "unfit" for office, took power, Obama expanded the NSA's power to share its data with other agencies. Meanwhile, the FBI is paying Best Buy employees to snoop through your computer. Where there have been privacy wins on Obama's watch, they have largely been inadvertent. The NSA collects a much smaller proportion of Americans' phone records today than it did eleven years ago because cell phone use has exploded. Furthermore, the USA Freedom Act passed in 2015, ending bulk collection of US phone records ( only of phone records, it must be said), something Obama tried to claim as part of his legacy in his farewell speech. But this would not have happened - and the scope of US surveillance would have stayed secret - had it not been for the disclosures by Edward Snowden, whom Obama criticized and refused to pardon in the waning days of his administration, even as he claimed to " welcome " a debate on surveillance. All of this happened under a liberal former constitutional law professor. The question must be asked: What will follow under Trump? -Branko Marcetic #### [Jan 15, 2017] Gaius Publius Who's Blackmailing the President Why Arent Democrats Upset About It ##### Notable quotes: ##### "... William Binney,another NSA whistleblower and hero, stated on his Truthdig interview with Sheer (who talked and repeated himself way too much, not leaving much time for Binney to talk) that Snowden knew from watching what happened to the five of them (among them,Thomas Drake/currently pensionless and an apple store worker ) and that Snowden did it the only way it could be done and did the leak well by gathering so much information up there was no chance of plausible deniability. ..." ##### "... First they gaslight you. "There is no surveillance. You have no evidence." ..." ##### "... As soon as there's evidence, they downplay it. "Everyone knew there was surveillance. This is nothing new!" ..." ##### "... Snowden's leaks were crucial and necessary. State surveillance had been normalized long before him. He only told us it had happened. What happens next is a battle that is still being fought, despite the best efforts of people who weasel about "ambivalence". ..." ##### "... Exposing the workings of the deep state is necessary if we are to ever reclaim democracy, if in fact we ever had it. ..." ##### "... Greenwald isn't defending the Russians– he is asking for evidence so we don't have to rely on the intelligence community. ..." ###### Jan 15, 2017 | www.nakedcapitalism.com HopeLB , January 14, 2017 at 5:22 pm William Binney,another NSA whistleblower and hero, stated on his Truthdig interview with Sheer (who talked and repeated himself way too much, not leaving much time for Binney to talk) that Snowden knew from watching what happened to the five of them (among them,Thomas Drake/currently pensionless and an apple store worker ) and that Snowden did it the only way it could be done and did the leak well by gathering so much information up there was no chance of plausible deniability. reslez , January 14, 2017 at 6:28 pm Your "ambivalence" is one of the favorite tactics of people in CTR, who start off all their comments with "I love Bernie, but ". Here's how it works: 1. First they gaslight you. "There is no surveillance. You have no evidence." 2. As soon as there's evidence, they downplay it. "Everyone knew there was surveillance. This is nothing new!" Snowden's leaks were crucial and necessary. State surveillance had been normalized long before him. He only told us it had happened. What happens next is a battle that is still being fought, despite the best efforts of people who weasel about "ambivalence". Jack , January 14, 2017 at 9:29 am SantaFe you said "his career was literally made by a document dump from guy who increasungly appears to be much more nefarious". Glenn Greenwald's "career" was made long before Snowden appeared on the scene. That's why Snowden chose him to release the documents to. He has long been known as a journalist who speaks truth to power. And what do you mean by this; " He is quickly losing credibility among many who admired him." ? Yourself? I see no reason why Greenwald should be losing credibility. Primarily what he is doing is in this particular instance is questioning the veracity of the documents being used against Trump and the means by which they are being "released". That is one of Greenwald's greatest strengths. He plays no favorites. As far as the WSJ article on Snowden, I assume you are referring to the now discredited op-ed (not an article) piece by Epstein? This self serving op-ed was clearly written by Epstein to promote his recent book and the "points" he made about Snowden have been discredited by many sources. Michael C. , January 14, 2017 at 10:39 am I agree with you wholeheartedly. Exposing the workings of the deep state is necessary if we are to ever reclaim democracy, if in fact we ever had it. DJG , January 14, 2017 at 12:01 pm Agreed: Further, the recent article in the New Yorker, in which Malcolm Gladwell (who isn't glib, of course) decides that Snowden isn't classy enough is more of the same. Santa Fe: Greenwald losing credibility? Sorry. You just lost credibility, if you ever had any. Donald , January 14, 2017 at 10:05 am Speak for yourself. Greenwald isn't defending the Russians– he is asking for evidence so we don't have to rely on the intelligence community. And while Assange appears motivated by animus against Clinton, I have yet to see anything about Snowden that would make me distrust him more than the press. What I do see are a lot of centrist liberals acting like Joseph McCarthy. And even with Assange, wikileaks has been invaluable. The mainstream press largely gored its most interesting revelations - for instance, the Clinton camp privately acknowledged that the Saudi government supports ISIS. We hear much more shooting the messenger stories about dissenters than we hear stories about the message. Donald , January 14, 2017 at 10:14 am Here is a link about the Isis, Saudi, Clinton story. I didn't see anything about this in the US mainstream press, though I won't swear it didn't appear somewhere. But I have heard much more about how the wikileaks releases contained little of substance. #### [Jan 15, 2017] Days before far-right President-elect Donald Trump is sworn in, President Barack Obama has expanded all intelligence agencies access to private communications obtained via warrentless spying ###### economistsview.typepad.com JohnH -> Peter K.... , January 14, 2017 at 12:28 PM Obama continues to set the table for Trump: "Days before far-right President-elect Donald Trump is sworn in, President Barack Obama has expanded all intelligence agencies' access to private communications obtained via warrentless spying. An executive order allows the National Security Agency (NSA) to share data collected via its global surveillance dragnet with all other U.S. intelligence agencies, without redacting untargeted American citizens' private information. "The change means that far more officials will be searching through raw data," explained the New York Times, which broke the story late Thursday. The Times also shared the 23-page declassified version of the president's order." http://www.commondreams.org/news/2017/01/13/obama-expands-spy-agencies-access-private-data-just-time-trump Not that Democrats like Pelosi/Schumer/Feinstein care...they're apparently quite happy to give Trump's people access to all Americans' most private data. #### [Jan 13, 2017] Mystery Hackers Blow Up Secret NSA Hacking Tools in 'Final F--k You' ##### Notable quotes: ##### "... The message was accompanied by a parting gift...an apparently complete NSA backdoor kit targeting the Windows operating system. The kit is comprised of 61 malicious Windows executables, only one of which was previously known to antivirus vendors... ..." ###### Jan 13, 2017 | www.thedailybeast.com by Kevin Poulsen "A mysterious hacking group has been bedeviling the U.S. intelligence community for months, releasing a tranche of secret National Security Agency hacking tools to the public while offering to sell even more for the right price. Now with barely a week to go before Donald Trump's inauguration, the self-styled "Shadow Brokers" on Thursday announced that they were packing it in. "So long, farewell peoples. TheShadowBrokers is going dark, making exit," the group wrote on its darknet site... The message was accompanied by a parting gift...an apparently complete NSA backdoor kit targeting the Windows operating system. The kit is comprised of 61 malicious Windows executables, only one of which was previously known to antivirus vendors... ... ... ... The Shadow Brokers emerged in August with the announcement that they'd stolen the hacking tools used by a sophisticated computer-intrusion operation known as the Equation Group, and were putting them up for sale to the highest bidder. It was a remarkable claim, because the Equation Group is generally understood to be part of the NSA's elite Tailored Access Operations program and is virtually never detected, much less penetrated. ... ... ... Released along with the announcement was a huge cache of specialized malware, including dozens of backdoor programs and 10 exploits, two of them targeting previously unknown security holes in Cisco routers-a basic building block of the internet. While Cisco and other companies scrambled for a fix, security experts pored over the Shadow Brokers tranche like it was the Rosetta Stone. "It was the first time, as threat-intelligence professionals, that we've had access to what appears to be a relatively complete toolkit of a nation-state attacker," says Jake Williams, founder of Rendition Infosec. "It was excitement in some circles, dismay in other circles, and panic and a rush to patch if you're running vulnerable hardware." #### [Dec 26, 2016] Congress Passes BOTS Act To Ban Ticket-Buying Software ###### Dec 26, 2016 | yro.slashdot.org (arstechnica.com) 221 Posted by BeauHD on Thursday December 08, 2016 @05:05PM from the level-the-playing-field dept. Congress passed a bill yesterday that will make it illegal for people to use software bots to buy concert tickets . Ars Technica reports: The Better Online Ticket Sales (BOTS) Act makes it illegal to bypass any computer security system designed to limit ticket sales to concerts, Broadway musicals, and other public events with a capacity of more than 200 persons. Violations will be treated as "unfair or deceptive acts" and can be prosecuted by the Federal Trade Commission or the states. The bill passed the Senate by unanimous consent last week, and the House of Representatives voted yesterday to pass it as well. It now proceeds to President Barack Obama for his signature. Computer programs that automatically buy tickets have been a frustration for the concert industry and fans for a few years now. The issue had wide exposure after a 2013 New York Times story on the issue. Earlier this year, the office of New York Attorney General Eric Schneiderman completed an investigation into bots. The New York AG's ticket sales report (PDF) found that the tens of thousands of tickets snatched up by bots were marked up by an average of 49 percent. #### [Dec 26, 2016] You Can Now Rent A Mirai Botnet Of 400,000 Bots ###### Dec 26, 2016 | it.slashdot.org (bleepingcomputer.com) 62 Posted by EditorDavid on Sunday November 27, 2016 @05:35PM from the telnetting-for-dollars dept. An anonymous reader writes: Two hackers are renting access to a massive Mirai botnet , which they claim has more than 400,000 infected bots, ready to carry out DDoS attacks at anyone's behest. The hackers have quite a reputation on the hacking underground and have previously been linked to the GovRAT malware, which was used to steal data from several US companies. Renting around 50,000 bots costs between 3,000-4,000 for 2 weeks, meaning renting the whole thing costs between 20,000-30,000. After the Mirai source code leaked, there are countless smaller Mirai botnets around, but this one is [believed to be the one] accounting for more than half of all infected IoT devices...that supposedly shut down Internet access in Liberia . The original Mirai botnet was limited to only 200,000 bots because there were only 200,000 IoT devices connected online that had their Telnet ports open. The botnet that's up for rent now has received improvements and can also spread to IoT devices via SSH, hence the 400,000 bots total. Interestingly, the article claims the botnet's creators had access \to the Mirai source code "long before it went public ." #### [Dec 26, 2016] Uber Wants To Track Your Location Even When You're Not Using the App, Here's Why ###### Dec 26, 2016 | yro.slashdot.org (businessinsider.com) 131 Posted by msmash on Wednesday November 30, 2016 @04:00PM from the why-they-do-what-they-do dept. With the most recent update to Uber's ride-hailing app, the company has begun requesting users if they are willing to share their location data with Uber app even while the app is not in use . The company says it plans to use the data gained to improve user experience -- including offering improved pick-up times and locations. From an article on Business Insider: In August the company moved away from using Google Maps for its service and began using its own mapping technology. Google's lack of accuracy in many non-Western countries led to increased friction between consumers and drivers. This means the company needs to boost the amount of location data it has. Location data could also be used to provide new channels of revenue for the digital platform. This could include serving ads of local businesses or recommending nearby places of interest to users. Mobile marketing, which relies on accurate location data is a rapidly growing industry and could serve as a revenue windfall for Uber in the years ahead as it faces increasing competition. In fact, revenue from location-targeted mobile ads is expected to grow at an annualized rate of almost 34% between 2014 and 2019, surpassing 18 billion, according to a forecast from BIA/Kelsey. #### [Dec 26, 2016] International Authorities Take Down Massive 'Avalanche' Botnet, Sinkhole Over 800,000 Domains ###### Dec 26, 2016 | it.slashdot.org (arstechnica.com) 53 Posted by BeauHD on Thursday December 01, 2016 @10:30PM from the largest-ever dept. plover writes: Investigators from the U.S. Department of Justice, the FBI, Eurojust, Europol, and other global partners announced the takedown of a massive botnet named "Avalanche ," estimated to have involved as many as 500,000 infected computers worldwide on a daily basis. A Europol release says: "The global effort to take down this network involved the crucial support of prosecutors and investigators from 30 countries. As a result, five individuals were arrested, 37 premises were searched, and 39 servers were seized. Victims of malware infections were identified in over 180 countries. In addition, 221 servers were put offline through abuse notifications sent to the hosting providers. The operation marks the largest-ever use of sinkholing to combat botnet infrastructures and is unprecedented in its scale, with over 800,000 domains seized, sinkholed or blocked." Sean Gallagher writes via Ars Technica: "The domains seized have been 'sinkholed' to terminate the operation of the botnet, which is estimated to have spanned over hundreds of thousands of compromised computers around the world. The Justice Department's Office for the Western Federal District of Pennsylvania and the FBI's Pittsburgh office led the U.S. portion of the takedown. 'The monetary losses associated with malware attacks conducted over the Avalanche network are estimated to be in the hundreds of millions of dollars worldwide, although exact calculations are difficult due to the high number of malware families present on the network,' the FBI and DOJ said in their joint statement. In 2010, an Anti-Phishing Working Group report called out Avalanche as 'the world's most prolific phishing gang,' noting that the Avalanche botnet was responsible for two-thirds of all phishing attacks recorded in the second half of 2009 (84,250 out of 126,697). 'During that time, it targeted more than 40 major financial institutions, online services, and job search providers,' APWG reported. In December of 2009, the network used 959 distinct domains for its phishing campaigns. Avalanche also actively spread the Zeus financial fraud botnet at the time." #### [Dec 26, 2016] Watchdog Group Claims Smart Toys Are Spying On Kids ###### Dec 26, 2016 | yro.slashdot.org (mashable.com) 70 Posted by BeauHD on Thursday December 08, 2016 @07:05PM from the always-listening dept. The Center for Digital Democracy has filed a complaint with the Federal Trade Commission warning of security and privacy holes associated with a pair of smart toys designed for children. Mashable reports: "This complaint concerns toys that spy," reads the complaint, which claims the Genesis Toys' My Friend Cayla and i-QUE Intelligent Robot can record and collect private conversations and offer no limitations on the collection and use of personal information . Both toys use voice recognition, internet connectivity and Bluetooth to engage with children in conversational manner and answer questions. The CDD claims they do all of this in wildly insecure and invasive ways. Both My Friend Cayla and i-QUE use Nuance Communications' voice-recognition platform to listen and respond to queries. On the Genesis Toy site, the manufacturer notes that while "most of Cayla's conversational features can be accessed offline," searching for information may require an internet connection. The promotional video for Cayla encourages children to "ask Cayla almost anything." The dolls work in concert with mobile apps. Some questions can be asked directly, but the toys maintain a constant Bluetooth connection to the dolls so they can also react to actions in the app and even appear to identify objects the child taps on on screen. While some of the questions children ask the dolls are apparently recorded and sent to Nuance's servers for parsing, it's unclear how much of the information is personal in nature. The Genesis Privacy Policy promises to anonymize information. The CDD also claims, however, that My Friend Cayla and i-Que employ Bluetooth in the least secure way possible. Instead of requiring a PIN code to complete pairing between the toy and a smartphone or iPad, "Cayla and i-Que do not employ... authentication mechanisms to establish a Bluetooth connection between the doll and a smartphone or tablet. The dolls do not implement any other security measure to prevent unauthorized Bluetooth pairing." Without a pairing notification on the toy or any authentication strategy, anyone with a Bluetooth device could connect to the toys' open Bluetooth networks, according to the complaint. #### [Dec 26, 2016] Ransomware Compromises San Francisco's Mass Transit System ###### Dec 26, 2016 | news.slashdot.org (cbslocal.com) 141 Posted by EditorDavid on Sunday November 27, 2016 @01:34PM from the conquering-the-cable-cars dept. Buses and light rail cars make San Francisco's "Muni" fleet the seventh largest mass transit system in America. But yesterday its arrival-time screens just displayed the message "You Hacked, ALL Data Encrypted" -- and all the rides were free, according to a local CBS report shared by RAYinNYC : Inside sources say the system has been hacked for days . The San Francisco Municipal Transportation Agency has officially confirmed the hack, but says it has not affected any service... The hack affects employees, as well. According to sources, SFMTA workers are not sure if they will get paid this week. Cyber attackers also hit Muni's email systems. Though the article claims "The transit agency has no idea who is behind it, or what the hackers are demanding in return," Business Insider reports "The attack seems to be an example of ransomware, where a computer system is taken over and the users are locked out until a certain amount of money is sent to the attacker." In addition, they're reporting the attack "reportedly included an email address where Muni officials could ask for the key to unlock its systems." One San Francisco local told CBS, "I think it is terrifying. I really do I think if they can start doing this here, we're not safe anywhere." #### [Dec 26, 2016] Adobe Flash Responsible For Six of the Top 10 Bugs Used By Exploit Kits In 2016 ###### Dec 26, 2016 | it.slashdot.org (onthewire.io) 72 Posted by BeauHD on Wednesday December 07, 2016 @09:05PM from the majority-rules dept. Trailrunner7 quotes a report from On the Wire: Vulnerabilities in Flash and Internet Explorer dominated the exploit kit landscape in the last year , with a high-profile bug in Flash being found in seven separate kits, new research shows. Exploit kits have long been a key tool in the arsenal of many attackers, from low-level gangs to highly organized cybercrime crews. Their attraction stems from their ease of use and the ability for attackers to add exploits for new vulnerabilities as needed. While there are dozens of exploit kits available, a handful of them attract the most use and attention, including Angler, Neutrino, Nuclear, and Rig. Researchers at Recorded Future looked at more than 140 exploit kits and analyzed which exploits appeared in the most kits in the last year, and it's no surprise that Flash and IE exploits dominated the landscape. Six of the top 10 most-refquently targeted vulnerabilities in the last year were in Flash, while the other four were in Microsoft products, including IE, Windows, and Silverlight. Flash has been a favorite target for attackers for a long time, for two main reasons: it's deployed on hundreds of millions of machines, and it has plenty of vulnerabilities. Recorded Future's analysis shows that trend is continuing, and one Flash bug disclosed October 2015 was incorporated into seven individual exploit kits. The flaw was used by a number of high-level attackers, including some APT groups. "Adobe Flash Player's CVE-2015-7645, number 10 in terms of references to exploit kits, stands out as the vulnerability with the most adoption by exploit kits. Exploit kits adopting the Adobe bug in the past year include Neutrino, Angler, Magnitude, RIG, Nuclear Pack, Spartan, and Hunter," the analysis by Recorded Future says . #### [Dec 26, 2016] Snowden: 'The Central Problem of the Future' Is Control of User Data ###### Dec 26, 2016 | tech.slashdot.org (techcrunch.com) 157 Posted by BeauHD on Wednesday December 14, 2016 @05:00AM from the no-place-to-hide dept. Twitter CEO Jack Dorsey interviewed Edward Snowden via Periscope about the wide world of technology. The NSA whistleblower " discussed the data that many online companies continue to collect about their users , creating a 'quantified world' -- and more opportunities for government surveillance," reports TechCrunch. Snowden said, "If you are being tracked, this is something you should agree to, this is something you should understand, this is something you should be aware of and can change at any time." TechCrunch reports: Snowden acknowledged that there's a distinction between collecting the content of your communication (i.e., what you said during a phone call) and the metadata (information like who you called and how long it lasted). For some, surveillance that just collects metadata might seem less alarming, but in Snowden's view, "That metadata is in many cases much more dangerous and much more intrusive, because it can be understood at scale." He added that we currently face unprecedented perils because of all the data that's now available -- in the past, there was no way for the government to get a list of all the magazines you'd read, or every book you'd checked out from the library. "[In the past,] your beliefs, your future, your hopes, your dreams belonged to you," Snowden said. "Increasingly, these things belong to companies, and these companies can share them however they want, without a lot of oversight." He wasn't arguing that companies shouldn't collect user data at all, but rather that "the people who need to be in control of that are the users." "This is the central problem of the future, is how do we return control of our identities to the people themselves?" Snowden said. #### [Dec 26, 2016] NSA's Best Are 'Leaving In Big Numbers,' Insiders Say ###### Dec 26, 2016 | yro.slashdot.org (cyberscoop.com) 412 Posted by EditorDavid on Sunday December 11, 2016 @11:34AM from the blaming-Oliver-Stone dept. schwit1 quotes CyberScoop: Low morale at the National Security Agency is causing some of the agency's most talented people to leave in favor of private sector jobs , former NSA Director Keith Alexander told a room full of journalism students, professors and cybersecurity executives Tuesday. The retired general and other insiders say a combination of economic and social factors including negative press coverage -- have played a part... "I am honestly surprised that some of these people in cyber companies make up to seven figures. That's five times what the chairman of the Joint Chiefs of Staff makes. Right? And these are people that are 32 years old. Do the math. [The NSA] has great competition," he said. The rate at which these cyber-tacticians are exiting public service has increased over the last several years and has gotten considerably worse over the last 12 months, multiple former NSA officials and D.C. area-based cybersecurity employers have told CyberScoop in recent weeks... In large part, Alexander blamed the press for propagating an image of the NSA that causes people to believe they are being spied on at all times by the U.S. government regardless of their independent actions. "What really bothers me is that the people of NSA, these folks who take paltry government salaries to protect this nation, are made to look like they are doing something wrong," the former NSA Director added. "They are doing exactly what our nation has asked them to do to protect us. They are the heroes." #### [Nov 25, 2016] Is Obama presiding over a national security state gone rogue? ##### National security state gone rogue is fascism. Frankly, I don't see evidence of huge abuse of US liberties. But I do see our foreign policy distorted by a counter-terror obsession ##### Notable quotes: ##### "... the government's interpretation of that law ..." ##### "... "One reports a crime; and one commits a crime." ..." ##### "... but does not include differences of opinion concerning public policy matters ..." ###### Jun 21, 2013 | The Guardian Two weeks ago, the Guardian began publishing a series of eye-opening revelations about the National Security Agency and its surveillance efforts both in the United States and overseas. These stories raised long-moribund and often-ignored questions about the pervasiveness of government surveillance and the extent to which privacy rights are being violated by this secret and seemingly unaccountable security apparatus. However, over the past two weeks, we've begun to get a clearer understanding of the story and the implications of what has been published – informed in part by a new-found (if forced upon them) transparency from the intelligence community. So here's one columnist's effort to sort the wheat from the chaff and offer a few answers to the big questions that have been raised. These revelations are a big deal, right? To fully answer this question, it's important to clarify the revelations that have sparked such controversy. The Guardian (along with the Washington Post) has broken a number of stories, each of which tells us very different things about what is happening inside the US government around matters of surveillance and cyber operations. Some are relatively mundane, others more controversial. The story that has shaped press coverage and received the most attention was the first one – namely, the publication of a judicial order from the Fisa court to Verizon that indicated the US is "hoovering" up millions of phone records (so-called "metadata") into a giant NSA database. When it broke, the story was quickly portrayed as a frightening tale of government overreach and violation of privacy rights. After all, such metadata – though it contains no actual content – can be used rather easily as a stepping-stone to more intrusive forms of surveillance. But what is the true extent of the story here: is this picture of government Big Brotherism correct or is this massive government surveillance actually quite benign? First of all, such a collection of data is not, in and of itself, illegal. The Obama administration was clearly acting within the constraints of federal law and received judicial approval for this broad request for data. That doesn't necessarily mean that the law is good or that the government's interpretation of that law is not too broad, but unlike the Bush "warrantless wiretapping" stories of several years ago, the US government is here acting within the law. The real question that should concern us is one raised by the TV writer David Simon in a widely cited blogpost looking at the issues raised by the Guardian's reporting, namely: "Is government accessing the data for the legitimate public safety needs of the society, or are they accessing it in ways that abuse individual liberties and violate personal privacy – and in a manner that is unsupervised." We know, for example, that the NSA is required to abide by laws that prevent the international targeting of American citizens (you can read more about that here). So, while metadata about phone calls made can be used to discover information about the individuals making the calls, there are "minimization" rules, procedures and laws that guide the use of such data and prevent possible abuse and misuse of protected data. The minimization procedures used by the NSA are controlled by secret Fisa courts. In fact, last year, the Fisa court ruled that these procedures didn't pass constitutional muster and had to be rewritten. Sure, the potential for abuse exists – but so, too, does the potential for the lawful use of metadata in a way that protects the privacy of individual Americans – and also assists the US government in pursuit of potential terrorist suspects. Of course, without information on the specific procedures used by the NSA to minimize the collection of protected data, it is impossible to know that no laws are being broken or no abuse is occurring. In that sense, we have to take the government's word for it. And that is especially problematic when you consider the Fisa court decisions authorizing this snooping are secret and the congressional intelligence committees tasked with conducting oversight tend to be toothless. But assumptions of bad faith and violations of privacy by the US government are just that assumptions. When President Obama says that the NSA is not violating privacy rights because it would be against the law, we can't simply disregard such statements as self-serving. Moreover, when one considers the privacy violations that Americans willingly submit to at airports, what personal data they give to the government in their tax returns, and what is regularly posted voluntarily on Facebook, sent via email and searched for online, highly-regulated data-mining by the NSA seems relatively tame. Edward Snowden: is he a hero or a traitor? One of the key questions that have emerged over this story is the motivation of the leaker in question, Edward Snowden. In his initial public interview, with Glenn Greenwald on 9 June, Snowden explained his actions, in part, thus: "I'm willing to sacrifice because I can't in good conscience allow the US government to destroy privacy, internet freedom and basic liberties for people around the world with this massive surveillance machine they're secretly building." Now, while one can argue that Snowden's actions do not involve personal sacrifice, whether they are heroic is a much higher bar to cross. First of all, it's far from clear that the US government is destroying privacy, internet freedom and basic liberties for people around the world. Snowden may sincere about being "valiant for truth", but he wouldn't be the first person to believe himself such and yet be wrong. Second, one can make the case that there is a public interest in knowing that the US is collecting reams of phone records, but where is the public interest – and indeed, to Snowden's own justification, the violation of privacy – in leaking a presidential directive on cyber operations or leaking that the US is spying on the Russian president? The latter is both not a crime it's actually what the NSA was established to do! In his recent online chat hosted by the Guardian, Snowden suggested that the US should not be spying on any country with whom it's not formally at war. That is, at best, a dubious assertion, and one that is at odds with years of spycraft. On the presidential directive on cyber operations, the damning evidence that Snowden revealed was that President Obama has asked his advisers to create a list of potential targets for cyber operations – but such planning efforts are rather routine contingency operations. For example, if the US military drew up war plans in case conflict ever occurred between the US and North Korea – and that included offensive operations – would that be considered untoward or perhaps illegitimate military planning? This does not mean, however, that Snowden is a traitor. Leaking classified data is a serious offense, but treason is something else altogether. The problem for Snowden is that he has now also leaked classified information about ongoing US intelligence-gathering efforts to foreign governments, including China and Russia. That may be crossing a line, which means that the jury is still out on what label we should use to describe Snowden. Shouldn't Snowden be protected as a whistleblower? This question of leakers v whistleblowers has frequently been conflated in the public reporting about the NSA leak (and many others). But this is a crucial error. As Tara Lee, a lawyer at the law firm DLA Piper, with expertise in defense industry and national security litigation said to me there is an important distinction between leakers and whistleblowers, "One reports a crime; and one commits a crime." Traditionally (and often technically), whistleblowing refers to specific actions that are taken to bring to attention illegal behavior, fraud, waste, abuse etc. Moreover, the US government provides federal employees and contractors with the protection to blow the whistle on wrongdoing. In the case of Snowden, he could have gone to the inspector general at the Department of Justice or relevant congressional committees. From all accounts, it appears that he did not go down this path. Of course, since the material he was releasing was approved by the Fisa court and had the sign-off of the intelligence committee, he had good reason to believe that he would have not received the most receptive hearing for his complaints. Nevertheless, that does not give him carte blanche to leak to the press – and certainly doesn't give him carte blanche to leak information on activities that he personally finds objectionable but are clearly legal. Indeed, according to the Intelligence Community Whistleblower Protection Act (ICWPA), whistleblowers can make complaints over matter of what the law calls "urgent concern", which includes "a serious or flagrant problem, abuse, violation of law or executive order, or deficiency relating to the funding, administration, or operations of an intelligence activity involving classified information, but does not include differences of opinion concerning public policy matters [my italics]." In other words, simply believing that a law or government action is wrong does not give one the right to leak information; and in the eyes of the law, it is not considered whistleblowing. Even if one accepts the view that the leaked Verizon order fell within the bounds of being in the "public interest", it's a harder case to make for the presidential directive on cyber operations or the eavesdropping on foreign leaders. The same problem is evident in the incorrect description of Bradley Manning as a whistleblower. When you leak hundreds of thousands of documents – not all of which you reviewed and most of which contain the mundane and not illegal diplomatic behavior of the US government – you're leaking. Both Manning and now Snowden have taken it upon themselves to decide what should be in the public domain; quite simply, they don't have the right to do that. If every government employee decided actions that offended their sense of morality should be leaked, the government would never be able to keep any secrets at all and, frankly, would be unable to operate effectively. So, like Manning, Snowden is almost certainly not a whistleblower, but rather a leaker. And that would mean that he, like Manning, is liable to prosecution for leaking classified material. Are Democrats hypocrites over the NSA's activities? A couple of days ago, my Guardian colleague, Glenn Greenwald made the following assertion: "The most vehement defenders of NSA surveillance have been, by far, Democratic (especially Obama-loyal) pundits. One of the most significant aspects of the Obama legacy has been the transformation of Democrats from pretend-opponents of the Bush "war on terror" and national security state into their biggest proponents." This is regular line of argument from Glenn, but it's one that, for a variety of reasons, I believe is not fair. (I don't say this because I'm an Obama partisan – though I may be called one for writing this.) First, the lion's share of criticism of these recent revelations has come, overwhelmingly, from Democrats and, indeed, from many of the same people, including Greenwald, who were up in arms when the so-called warrantless wiretapping program was revealed in 2006. The reality is that outside a minority of activists, it's not clear that many Americans – Democrats or Republicans get all that excited about these types of stories. (Not that this is necessarily a good thing.) Second, opposition to the Bush program was two-fold: first, it was illegal and was conducted with no judicial or congressional oversight; second, Bush's surveillance policies did not occur in a vacuum – they were part of a pattern of law-breaking, disastrous policy decisions and Manichean rhetoric over the "war on terror". So, if you opposed the manner in which Bush waged war on the "axis of evil", it's not surprising that you would oppose its specific elements. In the same way, if you now support how President Obama conducts counter-terrorism efforts, it's not surprising that you'd be more inclined to view specific anti-terror policies as more benign. Critics will, of course, argue – and rightly so – that we are a country of laws first. In which case it shouldn't matter who is the president, but rather what the laws are that govern his or her conduct. Back in the world of political reality, though, that's not how most Americans think of their government. Their perceptions are defined in large measure by how the current president conducts himself, so there is nothing at all surprising about Republicans having greater confidence in a Republican president and Democrats having greater confidence in a Democratic one, when asked about specific government programs. Beyond that, simply having greater confidence in President Obama than President Bush to wield the awesome powers granted the commander-in-chief to conduct foreign policy is not partisanship. It's common sense. George Bush was, undoubtedly, one of the two or three worst foreign policy presidents in American history (and arguably, our worst president, period). He and Dick Cheney habitually broke the law, including but not limited to the abuse of NSA surveillance. President Obama is far from perfect: he made the terrible decision to surge in Afghanistan, and he's fought two wars of dubious legality in Libya and Pakistan, but he's very far from the sheer awfulness of the Bush/Cheney years. Unless you believe the US should have no NSA, and conduct no intelligence-gathering in the fight against terrorism, you have to choose a president to manage that agency. And there is nothing hypocritical or partisan about believing that one president is better than another to handle those responsibilities. Has NSA surveillance prevented terrorist attacks, as claimed? In congressional testimony this week, officials from the Department of Justice and the NSA argued that surveillance efforts stopped "potential terrorist events over 50 times since 9/11". Having spent far too many years listening to public officials describe terrifying terror plots that fell apart under greater scrutiny, this assertion sets off for me a set of red flags (even though it may be true). I have no doubt that NSA surveillance has contributed to national security investigations, but whether it's as extensive or as vital as the claims of government officials is more doubtful. To be honest, I'm not sure it matters. Part of the reason the US government conducts NSA surveillance in the first place is not necessarily to stop every potential attack (though that would be nice), but to deter potential terrorists from acting in the first place. Critics of the program like to argue that "of course, terrorists know their phones are being tapped and emails are being read", but that's kind of the point. If they know this, it forces them to choose more inefficient means of communicating, and perhaps to put aside potential attacks for fear of being uncovered. We also know that not every terrorist has the skills of a Jason Bourne. In fact, many appear to be not terribly bright, which means that even if they know about the NSA's enormous dragnet, it doesn't mean they won't occasionally screw up and get caught. Yet, this gets to a larger issue that is raised by the NSA revelations. When is enough counter-terrorism enough? Over the past 12 years, the US has developed what can best be described as a dysfunctional relationship with terrorism. We've become obsessed with it and with a zero-tolerance approach to stopping it. While the former is obviously an important goal, it has led the US to take steps that not only undermine our values (such as torture), but also make us weaker (the invasion of Iraq, the surge in Afghanistan, etc). To be sure, this is not true of every anti-terror program of the past dozen years. For example, the US does a better job of sharing intelligence among government agencies, and of screening those who are entering the country. And military efforts in the early days of the "war on terror" clearly did enormous damage to al-Qaida's capabilities. In general, though, when one considers the relatively low risk of terrorist attacks – and the formidable defenses of the United States – the US response to terrorism has been one of hysterical over-reaction. Indeed, the balance we so often hear about when it comes to protecting privacy while also ensuring security is only one part of the equation. The other is how do we balance the need to stop terrorists (who certainly aspire to attack the United States) and the need to prevent anti-terrorism from driving our foreign policy to a disproportionate degree. While the NSA revelations might not be proof that we've gone too far in one direction, there's not doubt that, for much of the past 12 years, terrorism has distorted and marred our foreign policy. Last month, President Obama gave a seminal speech at the National Defense University, in which he essentially declared the "war on terror" over. With troops coming home from Afghanistan, and drone strikes on the decline, that certainly seems to be the case. But as the national freakout over the Boston Marathon bombing – and the extraordinary over-reaction of a city-wide lockdown for one wounded terrorist on the loose – remind us, we still have a ways to go. Moreover, since no politician wants to find him- or herself in a situation after a terrorist attack when the criticism "why didn't you do more?" can be aired, that political imperative of zero tolerance will drive our counterterrorism policies. At some point, that needs to end. In fact, nine years ago, our current secretary of state, John Kerry, made this exact point; it's worth reviewing his words: "We have to get back to the place we were, where terrorists are not the focus of our lives, but they're a nuisance I know we're never going to end prostitution. We're never going to end illegal gambling. But we're going to reduce it, organized crime, to a level where it isn't on the rise. It isn't threatening people's lives every day, and fundamentally, it's something that you continue to fight, but it's not threatening the fabric of your life.'' What the NSA revelations should spark is not just a debate on surveillance, but on the way we think about terrorism and the steps that we should be willing to take both to stop it and ensure that it does not control us. We're not there yet. 007Prometheus No GCHQ - MI5 - MI6 - NSA - CIA - FBI etc........... ad nausem! How many Billions / Trillions are spent on these services? If 11/9 and 7/7 were homegrown attacks, then i think, they will take us all down with them. NOTaREALmerican @007Prometheus Re: How many Billions / Trillions are spent on these services? The wonderful thing about living in a "Keynesian" perpetually increasing debt paradise is you NEVER have to say you can't afford anything. (Well, unless you want to say it, but if you do it's just political bullshit). So, to answer your question... A "Keynesian" never asks how much, just how much do you want. "Frankly, I don't see evidence of huge abuse of US liberties" Just wait until they come for you. bloopie2 "When one considers the privacy violations that Americans willingly submit to at airports, what personal data they give to the government in their tax returns, and what is regularly posted voluntarily on Facebook, sent via email and searched for online, highly-regulated data-mining by the NSA seems relatively tame." Dear Sir: Please post your email addresses, bank accounts, and passwords. We'd like to look at everything. Got a problem with that? Tonieja "When one considers the privacy violations that Americans willingly submit to at airports, what personal data they give to the government in their tax returns, and what is regularly posted voluntarily on Facebook, sent via email and searched for online [...]" Wow! I don't really care about my personal email. I do care about all political activists, journalists, lawyers etc. That a journalist would support Stasi style surveillance state is astonishing. I wish I had the time to go through this article and demolish it sentence by sentence as it so richly deserves, but at the moment I don't. Instead, might I suggest to the author that he go to the guardian archive, read every single story about this in chronological order and then read every damn link posted in the comment threads on the three most recent stories. Most especially the links in the comment threads. If after that, he cannot see why we "civil libertarian freaks" are not just outraged, but frightened, he frankly lacks both historical knowledge and any ability to analyze the facts that are staring him in the face. I can't believe I am going to have to say this again but here goes: YOU do not get to give away my contitutional rights, Mr. Cohen. I don't give a shit how much you trust Obama compared to dubya. The Bill of Rights states in clear, unambiguous language what the Federal government may NOT do do its citizens no matter WHO is president. goodkurtz Michael Cohen Frankly, I don't see evidence of huge abuse of US liberties. Well of course you wont see them. But the abuses are very probably already happening on a one to one basis in the same shadows in which the intelligence was first gathered. #### [Nov 24, 2016] Dutch media company VPRO and Amsterdam based interactive design company Studio Moniker have created the site to remind online users about the big data and privacy ###### Nov 24, 2016 | yro.slashdot.org (news.com.au) 74 Posted by BeauHD on Tuesday November 22, 2016 @05:00AM from the creepy-websites dept. mi writes: The site called ClickClickClick annotates your every move on its one and only page . Turn on the sound to listen to verbal annotations in addition to reading them. The same is possible for, and therefore done by, the regular sites as they attempt to study visitors looking for various trends -- better to gauge our opinions and sell us things. While not a surprise to regular Slashdotters, it is certainly a good illustration... Dutch media company VPRO and Amsterdam based interactive design company Studio Moniker have created the site to remind online users about the "serious themes of big data and privacy." Studio Monkier designer Roel Wouters said , "It seemed fun to thematize this in a simple and lighthearted way." #### [Nov 18, 2016] On Clapper resignation ##### Notable quotes: ##### "... "Top US intelligence official: I submitted my resignation" As of January 20th or so. When he was going to be gone anyway. Just had to get his name in the news one more time. ..." ##### "... Clapper has been like a difficult to eradicate sexually transmitted disease in the intelligence community. Unfortunately, I suspect he may have already infected others who will remain and pass it around. ..." ###### Nov 18, 2016 | www.nakedcapitalism.com paulmeli November 17, 2016 at 3:00 pm "Top US intelligence official: I submitted my resignation" As of January 20th or so. When he was going to be gone anyway. Just had to get his name in the news one more time. Peter Pan November 17, 2016 at 6:37 pm Clapper has been like a difficult to eradicate sexually transmitted disease in the intelligence community. Unfortunately, I suspect he may have already infected others who will remain and pass it around. fresno dan November 17, 2016 at 6:54 pm paulmeli November 17, 2016 at 3:00 pm So, is Obama gonna pardon him? Silly me, I keep forgetting that indisputable violations of the law are not prosecuted when done by those at the top #### [Nov 07, 2016] Under the Din of the Presidential Race Lies a Once and Future Threat Cyberwarfare ##### This neocon propagandists (or more correctly neocon provocateur) got all major facts wrong. And who unleashed Flame and Stuxnet I would like to ask him. Was it Russians? And who invented the concept of "color revolution" in which influencing of election was the major part of strategy ? And which nation instituted the program of covert access to email boxes of all major webmail providers? He should study the history of malware and the USA covert operations before writing this propagandist/provocateur opus to look a little bit more credible... ##### Notable quotes: ##### "... Email, a main conduit of communication for two decades, now appears so vulnerable that the nation seems to be wondering whether its bursting inboxes can ever be safe. ..." ###### www.nytimes.com The 2016 presidential race will be remembered for many ugly moments, but the most lasting historical marker may be one that neither voters nor American intelligence agencies saw coming: It is the first time that a foreign power has unleashed cyberweapons to disrupt, or perhaps influence, a United States election. And there is a foreboding sense that, in elections to come, there is no turning back. The steady drumbeat of allegations of Russian troublemaking - leaks from stolen emails and probes of election-system defenses - has continued through the campaign's last days. These intrusions, current and former administration officials agree, will embolden other American adversaries, which have been given a vivid demonstration that, when used with some subtlety, their growing digital arsenals can be particularly damaging in the frenzy of a democratic election. "Most of the biggest stories of this election cycle have had a cybercomponent to them - or the use of information warfare techniques that the Russians, in particular, honed over decades," said David Rothkopf, the chief executive and editor of Foreign Policy, who has written two histories of the National Security Council. "From stolen emails, to WikiLeaks, to the hacking of the N.S.A.'s tools, and even the debate about how much of this the Russians are responsible for, it's dominated in a way that we haven't seen in any prior election." The magnitude of this shift has gone largely unrecognized in the cacophony of a campaign dominated by charges of groping and pay-for-play access. Yet the lessons have ranged from the intensely personal to the geostrategic. Email, a main conduit of communication for two decades, now appears so vulnerable that the nation seems to be wondering whether its bursting inboxes can ever be safe. Election systems, the underpinning of democracy, seem to be at such risk that it is unimaginable that the United States will go into another national election without treating them as "critical infrastructure." But President Obama has been oddly quiet on these issues. He delivered a private warning to President Vladimir V. Putin of Russia during their final face-to-face encounter two months ago, aides say. Still, Mr. Obama has barely spoken publicly about the implications of foreign meddling in the election. His instincts, those who have worked with him on cyberissues say, are to deal with the problem by developing new norms of international behavior or authorizing covert action rather than direct confrontation. After a series of debates in the Situation Room, Mr. Obama and his aides concluded that any public retaliation should be postponed until after the election - to avoid the appearance that politics influenced his decision and to avoid provoking Russian counterstrikes while voting is underway. It remains unclear whether Mr. Obama will act after Tuesday, as his aides hint, or leave the decision about a "proportional response" to his successor. Cybersleuths, historians and strategists will debate for years whether Russia's actions reflected a grand campaign of interference or mere opportunism on the part of Mr. Putin. While the administration has warned for years about the possibility of catastrophic attacks, what has happened in the past six months has been far more subtle. Russia has used the techniques - what they call "hybrid war," mixing new technologies with old-fashioned propaganda, misinformation and disruption - for years in former Soviet states and elsewhere in Europe. The only surprise was that Mr. Putin, as he intensified confrontations with Washington as part of a nationalist campaign to solidify his own power amid a deteriorating economy, was willing to take them to American shores. The most common theory is that while the Russian leader would prefer the election of Donald J. Trump - in part because Mr. Trump has suggested that NATO is irrelevant and that the United States should pull its troops back to American shores - his primary motive is to undercut what he views as a smug American sense of superiority about its democratic processes. Madeleine K. Albright, a former secretary of state who is vigorously supporting Hillary Clinton, wrote recently that Mr. Putin's goal was "to create doubt about the validity of the U.S. election results, and to make us seem hypocritical when we question the conduct of elections in other countries." If so, this is a very different use of power than what the Obama administration has long prepared the nation for. Four years ago, Leon E. Panetta, the defense secretary at the time, warned of an impending "cyber Pearl Harbor" in which enemies could "contaminate the water supply in major cities or shut down the power grid across large parts of the country," perhaps in conjunction with a conventional attack. #### [Oct 22, 2016] Botnets can use internet enabled devices other then PC, tablets and phones ###### Oct 22, 2016 | www.nakedcapitalism.com Not mentioned in the News of the Wired snips: the Dyn DDOS was the latest using a megascale IOT botnet. Coming soon to a Smart Toaster|Thermostat|Fridge|WasherDryer|EggTimer|PencilSharpener|Dishwasher|GarbageCompacter|BabyMonitor near you! hunkerdown October 21, 2016 at 7:36 pm I suspect various enforcement agencies are using those cameras for something else, like mass video surveillance, and having just lost a lot of TLS vulnerabilities, are motivated to keep their sources' name out of the news (as befits TS/SI NOFORN projects), though steering the industry's and the commercial market economy's Confidence Fairy out of an imminent uncontrolled landing would suffice to explain the quiet. OpenThePodBayDoorsHAL October 21, 2016 at 7:38 pm For people who understand what that means it is mind-blowing, the processors in your parking garage gate or your nursery's NannyCam being used in a giant global concerto of digital disruption. Smells like the NSA in a desperate attempt to disrupt the flows from Wiki, they already gave the Clinton camp their best spyware (FoxAcid) and this would be par for the course given the level of lawbreaking and dirty tricks. cm October 22, 2016 at 1:13 am Will be illuminating to see if Congress demands IOT accountabilty. IMO the IOT manufacturers should be held to the same level of accountability as car manufacturers, #### [Oct 08, 2016] Yahoo Email Scanner Was Installed by Government ###### Oct 07, 2016 | news.antiwar.com ###### Software Could've Given NSA Much More Access Than Just Emails Former employees of Yahoo have corroborated this week's stories about the company scanning all emails coming into their servers on behalf of the NSA, saying that the "email scanner" software was not Yahoo-built, but actually made and installed by the US government . The employees, including at least one on Yahoo's own internal security team, reported finding the software on the email server and believing they were begin hacked, before executives informed them the government had done it. They described the software as a broader "rootkit" that could give the NSA access to much more than just emails. To make matters worse, the employees say the government's software was "buggy" and poorly-designed , meaning it could've given other hackers who discovered it the same access to the Yahoo server, adding to the danger it posed to customers' privacy. Yahoo itself has been mostly mum on the matter, issuing a statement claiming the initial reports were "misleading" but not elaborating at all. The NSA denied the claim outright, though they have been repeatedly caught lying about similar programs in the past. #### [Sep 26, 2016] Probe of leaked U.S. NSA hacking tools examines operatives mistake ##### Notable quotes: ##### "... A U.S. investigation into a leak of hacking tools used by the National Security Agency is focusing on a theory that one of its operatives carelessly left them available on a remote computer ..." ##### "... The tools, which enable hackers to exploit software flaws in computer and communications systems from vendors such as Cisco Systems and Fortinet Inc, were dumped onto public websites last month by a group calling itself Shadow Brokers. ..." ##### "... But officials heading the FBI-led investigation now discount both of those scenarios, the people said in separate interviews. NSA officials have told investigators that an employee or contractor made the mistake about three years ago during an operation that used the tools, the people said. ..." ##### "... That person acknowledged the error shortly afterward, they said. But the NSA did not inform the companies of the danger when it first discovered the exposure of the tools, the sources said. Since the public release of the tools, the companies involved have issued patches in the systems to protect them. ..." ##### "... Because the sensors did not detect foreign spies or criminals using the tools on U.S. or allied targets, the NSA did not feel obligated to immediately warn the U.S. manufacturers, an official and one other person familiar with the matter said. ..." ###### Reuters A U.S. investigation into a leak of hacking tools used by the National Security Agency is focusing on a theory that one of its operatives carelessly left them available on a remote computer and Russian hackers found them, four people with direct knowledge of the probe told Reuters. The tools, which enable hackers to exploit software flaws in computer and communications systems from vendors such as Cisco Systems and Fortinet Inc, were dumped onto public websites last month by a group calling itself Shadow Brokers. The public release of the tools coincided with U.S. officials saying they had concluded that Russia or its proxies were responsible for hacking political party organizations in the run-up to the Nov. 8 presidential election. On Thursday, lawmakers accused Russia of being responsible ... ... ... But officials heading the FBI-led investigation now discount both of those scenarios, the people said in separate interviews. NSA officials have told investigators that an employee or contractor made the mistake about three years ago during an operation that used the tools, the people said. That person acknowledged the error shortly afterward, they said. But the NSA did not inform the companies of the danger when it first discovered the exposure of the tools, the sources said. Since the public release of the tools, the companies involved have issued patches in the systems to protect them. Investigators have not ruled out the possibility that the former NSA person, who has since departed the agency for other reasons, left the tools exposed deliberately. Another possibility, two of the sources said, is that more than one person at the headquarters or a remote location made similar mistakes or compounded each other's missteps. Representatives of the NSA, the Federal Bureau of Investigation and the office of the Director of National Intelligence all declined to comment. After the discovery, the NSA tuned its sensors to detect use of any of the tools by other parties, especially foreign adversaries with strong cyber espionage operations, such as China and Russia. That could have helped identify rival powers' hacking targets, potentially leading them to be defended better. It might also have allowed U.S officials to see deeper into rival hacking operations while enabling the NSA itself to continue using the tools for its own operations. Because the sensors did not detect foreign spies or criminals using the tools on U.S. or allied targets, the NSA did not feel obligated to immediately warn the U.S. manufacturers, an official and one other person familiar with the matter said. In this case, as in more commonplace discoveries of security flaws, U.S. officials weigh what intelligence they could gather by keeping the flaws secret against the risk to U.S. companies and individuals if adversaries find the same flaws. #### [Sep 18, 2016] Long-Secret Stingray Manuals Detail How Police Can Spy on Phones ###### Sep 18, 2016 | theintercept.com Richard Tynan, a technologist with Privacy International, told The Intercept that the " manuals released today offer the most up-to-date view on the operation of" Stingrays and similar cellular surveillance devices, with powerful capabilities that threaten civil liberties, communications infrastructure, and potentially national security. He noted that the documents show the "Stingray II" device can impersonate four cellular communications towers at once, monitoring up to four cellular provider networks simultaneously, and with an add-on can operate on so-called 2G, 3G, and 4G networks simultaneously. #### [Sep 16, 2016] Edward Snowdens New Revelations Are Truly Chilling ##### Notable quotes: ##### "... Submitted by Sophie McAdam via TrueActivist.com, ..." ##### "... He disclosed that government spies can legally hack into any citizen's phone to listen in to what's happening in the room, view files, messages and photos, pinpoint exactly where a person is (to a much more sophisticated level than a normal GPS system), and monitor a person's every move and every conversation, even when the phone is turned off. ..." ##### "... "Nosey Smurf": lets spies turn the microphone on and listen in on users, even if the phone itself is turned off ..." ##### "... Snowden says: "They want to own your phone instead of you." It sounds very much like he means we are being purposefully encouraged to buy our own tracking devices. That kinda saved the government some money, didn't it? ..." ##### "... It's one more reason to conclude that smartphones suck. And as much as we convince ourselves how cool they are, it's hard to deny their invention has resulted in a tendency for humans to behave like zombies , encouraged child labor, made us more lonely than ever, turned some of us into narcissistic selfie – addicts , and prevented us from communicating with those who really matter (the ones in the same room at the same time). Now, Snowden has given us yet another reason to believe that smartphones might be the dumbest thing we could have ever inflicted on ourselves. ..." ###### Oct 08, 2015 | Zero Hedge reprinted from TrueActivist.com Submitted by Sophie McAdam via TrueActivist.com, In an interview with the BBC's 'Panorama' which aired in Britain last week, Edward Snowden spoke in detail about the spying capabilities of the UK intelligence agency GCHQ. He disclosed that government spies can legally hack into any citizen's phone to listen in to what's happening in the room, view files, messages and photos, pinpoint exactly where a person is (to a much more sophisticated level than a normal GPS system), and monitor a person's every move and every conversation, even when the phone is turned off. These technologies are named after Smurfs, those little blue cartoon characters who had a recent Hollywood makeover. But despite the cute name, these technologies are very disturbing; each one is built to spy on you in a different way: • "Dreamy Smurf": lets the phone be powered on and off • "Nosey Smurf": lets spies turn the microphone on and listen in on users, even if the phone itself is turned off • "Tracker Smurf":a geo-location tool which allows [GCHQ] to follow you with a greater precision than you would get from the typical triangulation of cellphone towers. • "Paranoid Smurf": hides the fact that it has taken control of the phone. The tool will stop people from recognizing that the phone has been tampered with if it is taken in for a service, for instance. Snowden says: "They want to own your phone instead of you." It sounds very much like he means we are being purposefully encouraged to buy our own tracking devices. That kinda saved the government some money, didn't it? His revelations should worry anyone who cares about human rights, especially in an era where the threat of terrorism is used to justify all sorts of governmental crimes against civil liberties. We have willingly given up our freedoms in the name of security; as a result we have neither. We seem to have forgotten that to live as a free person is a basic human right: we are essentially free beings. We are born naked and without certification; we do not belong to any government nor monarchy nor individual, we don't even belong to any nation or culture or religion- these are all social constructs. We belong only to the universe that created us, or whatever your equivalent belief. It is therefore a natural human right not to be not be under secret surveillance by your own government, those corruptible liars who are supposedly elected by and therefore accountable to the people. The danger for law-abiding citizens who say they have nothing to fear because they are not terrorists, beware: many peaceful British protesters have been arrested under the Prevention Of Terrorism Act since its introduction in 2005. Edward Snowden's disclosure confirms just how far the attack on civil liberties has gone since 9/11 and the London bombings. Both events have allowed governments the legal right to essentially wage war on their own people, through the Patriot Act in the USA and the Prevention Of Terrorism Act in the UK. In Britain, as in the USA, terrorism and activism seem to have morphed into one entity, while nobody really knows who the real terrorists are any more. A sad but absolutely realistic fact of life in 2015: if you went to a peaceful protest at weekend and got detained, you're probably getting hacked right now. It's one more reason to conclude that smartphones suck. And as much as we convince ourselves how cool they are, it's hard to deny their invention has resulted in a tendency for humans to behave like zombies, encouraged child labor, made us more lonely than ever, turned some of us into narcissistic selfieaddicts, and prevented us from communicating with those who really matter (the ones in the same room at the same time). Now, Snowden has given us yet another reason to believe that smartphones might be the dumbest thing we could have ever inflicted on ourselves. #### [Sep 16, 2016] Leaked Demo Video Shows How Government Spyware Infects a Computer ###### Sep 16, 2016 | news.slashdot.org (vice.com) 116 Posted by BeauHD on Thursday September 08, 2016 @03:00AM from the never-before-seen dept. An anonymous reader quotes a report from Motherboard: Motherboard has obtained a never-before-seen 10-minute video showing a live demo for a spyware solution made by a little known Italian surveillance contractor called RCS Lab . Unlike Hacking Team, RCS Lab has been able to fly under the radar for years, and very little is known about its products, or its customers. The video shows an RCS Lab employee performing a live demo of the company's spyware to an unidentified man , including a tutorial on how to use the spyware's control software to perform a man-in-the-middle attack and infect a target computer who wanted to visit a specific website. RCS Lab's spyware, called Mito3 , allows agents to easily set up these kind of attacks just by applying a rule in the software settings. An agent can choose whatever site he or she wants to use as a vector, click on a dropdown menu and select "inject HTML" to force the malicious popup to appear, according to the video. Mito3 allows customers to listen in on the target, intercept voice calls, text messages, video calls, social media activities, and chats, apparently both on computer and mobile platforms. It also allows police to track the target and geo-locate it thanks to the GPS. It even offers automatic transcription of the recordings, according to a confidential brochure obtained by Motherboard. The company's employee shows how such an attack would work, setting mirc.com (the site of a popular IRC chat client) to be injected with malware (this is shown around 4:45 minutes in). Once the fictitious target navigates to the page, a fake Adobe Flash update installer pops up, prompting the user to click install. Once the user downloads the fake update, he or she is infected with the spyware. A direct link to the YouTube video can be found here . #### [Sep 16, 2016] Modified USB Ethernet Adapter Can Steal Windows and Mac Credentials ###### Sep 16, 2016 | apple.slashdot.org (softpedia.com) 82 Posted by BeauHD on Wednesday September 07, 2016 @08:30PM from the stolen-credentials dept. An anonymous reader writes from a report via Softpedia: An attacker can use a modified USB Ethernet adapter to fool Windows and Mac computers into giving away their login credentials . The attack relies on using a modified USB Ethernet adapter that runs special software, which tricks the attacked computer into accepting the Ethernet adapter as the network gateway, DNS, and WPAD server. The attack is possible because most computers will automatically install any plug-and-play (PnP) USB device. Even worse, when installing the new (rogue) USB Ethernet adapter, the computer will give out the local credentials needed to install the device. The custom software installed on the USB intercepts these credentials and logs them to an SQLite database. This attack can take around 13 seconds to carry out, and the USB Ethernet adapter can be equipped with an LED that tells the attacker when the login credentials have been stolen. #### [Sep 16, 2016] Wyden Calls on Senate to Prevent Expansion of Government Hacking On the Wire ###### Sep 16, 2016 | www.onthewire.io A proposed change to a little-known criminal procedure "would make us less safe, not more" by allowing law enforcement agencies to hack an unlimited number of computers with a single warrant, Sen. Ron Wyden said Thursday. Wyden (D-Ore.) spoke on the Senate floor about the proposed change to Rule 41 of the Federal Rules of Criminal Procedure, which covers the limits of search and seizure. The modification would would simplify the process for a judge to issue a search warrant for a remote search of an electronic device. It would allow judges to authorize the search of any number of devices anywhere in the United States. Because of the way the rule making process works, the change, proposed by the Department of Justice, will go into effect on Dec. 1 unless Congress passes legislation to prevent it. In May, Wyden introduced a one-sentence bill that would prevent the change. The Senate has taken no action on the bill thus far and Wyden on Thursday warned that continued inaction on the issue would be dangerous. "If the Senate does nothing, if the Senate fails to act, what's ahead for Americans is a massive expansion of government hacking and surveillance powers," he said. "If the Congress just says, aw gee, we have other things to do, these rules go into effect." "What's ahead for Americans is a massive expansion of government hacking." Wyden asked the Senate to pass his bill by unanimous consent, but Sen. John Cornyn (R-Texas) objected, saying that the change to Rule 41 was a simple one that would help law enforcement agencies know which venue is the correct one to ask for a warrant. "These aren't substantive changes. The government must still go before a judge and make the requisite showing in order to get a search warrant," Cornyn said. "I can't imagine circumstances where we'd say the Fourth Amendment is trumped by the right to privacy. We can't let that happen and that's why these changes are so important." Cornyn cited recent reports about hacks of the election systems in some states, possibly by foreign governments, as evidence of the need for the change. "This isn't a time to retreat and allow cyberspace to be run amok by cybercriminals," Cornyn said. "This is a very sensible tool of venue." Wyden said there is nothing "routine at all" about the change to Rule 41, and scolded his colleagues for not taking any action on his bill. "The government can search potentially millions of computers with one single warrant issued by one single judge. This isn't an issue where the Seate can do some kind of ostrich act and do nothing. In my view, the limits of search and seizure are unquestionably an issue for Congress to debate." #### [Sep 16, 2016] Malware Infects 70% of Seagate Central NAS Drives, Earns 86,400 ###### Sep 16, 2016 | news.slashdot.org (softpedia.com) 98 Posted by EditorDavid on Saturday September 10, 2016 @09:50PM from the malware-mining-money dept. An anonymous Slashdot reader writes: A new malware family has infected over 70% of all Seagate Central NAS devices connected to the Internet . The malware, named Miner-C or PhotoMiner, uses these hard-drives as an intermediary point to infect connected PCs and install software that mines for the Monero cryptocurrency... The crooks made over 86,000 from Monero mining so far. The hard drives are easy to infect because Seagate does not allow users to delete or deactivate a certain "shared" folder when the device is exposed to the Internet. Over 5,000 Seagate Central NAS devices are currently infected. Researchers estimates the malware is now responsible for 2.5% of all mining activity for the Monero cryptocurrency , according to the article. "The quandary is that Seagate Central owners have no way to protect their device. Turning off the remote access NAS feature can prevent the infection, but also means they lose the ability to access the device from a remote location, one of the reasons they purchased the hard drive in the first place." #### [Sep 16, 2016] Unredacted User Manuals Of Stingray Device Show How Accessible Surveillance Is ###### Sep 16, 2016 | yro.slashdot.org (theintercept.com) 94 Posted by manishs on Monday September 12, 2016 @04:00PM from the truth-is-out-there dept. The Intercept has today published 200-page documents revealing details about Harris Corp's Stingray surveillance device , which has been one of the closely guarded secrets in law enforcement for more than 15 years. The firm, in collaboration with police clients across the U.S. have "fought" to keep information about the mobile phone-monitoring boxes from the public against which they are used. The publication reports that the surveillance equipment carries a price tag in the "low six figures." From the report: The San Bernardino Sheriff's Department alone has snooped via Stingray, sans warrant, over 300 times. Richard Tynan, a technologist with Privacy International, told The Intercept that the "manuals released today offer the most up-to-date view on the operation of " Stingrays and similar cellular surveillance devices, with powerful capabilities that threaten civil liberties, communications infrastructure, and potentially national security. He noted that the documents show the "Stingray II" device can impersonate four cellular communications towers at once, monitoring up to four cellular provider networks simultaneously, and with an add-on can operate on so-called 2G, 3G, and 4G networks simultaneously. #### [Sep 12, 2016] Hard Drive Firmware Provides New Backdoor into YOUR Data ###### Sep 12, 2016 | dataclinic.co.uk # Hard Drive Firmware Provides New Backdoor into YOUR Data July 24, 2015 / Chris Seeley / Data Clinic Ltd , News Various software tools now exist that create backdoors into people's data by exploiting the resident firmware code in their computer hard drives. Put simply, firmware is the computer program that runs a hard drive and is executed when the hard drive first starts up. It operates at a lower level than the computer's operating system and therefore, computer security programs like anti-virus products can not interact or detect modifications to it. These tools aren't crappy pieces of software written by adolescent kids, these are state sponsored professional pieces of software written by governments (eg. America's NSA et al). Their purpose is simple – surveillance and control of the systems they are installed on. Exploiting hard drive firmware to provide a covert way in to computer systems is a technique that many cyber security professionals see as the new next step in digital terrorism and counter-terrorism. To flag wave for just a moment, Data Clinic documented this technique over 10 years ago, back in 2004 – see here: http://www.dataclinic.it/data-recovery/DRF-Hiding-data-on-a-hard-disk-tech1.pdf With larger amounts of information and manufacturing processes now being controlled by computers, and security and encryption programs now being so strong they are almost unbreakable, increasingly clever ways have to be found of gaining access to important computer systems via backdoors. This government sponsored spying software isn't interested in stealing credit card details, it's purpose is international espionage. ### The US-Iran Nuclear Agreement (July 2015) This recent undated satellite image provided by Space Imaging/Inta SpaceTurk shows the once-secret Natanz nuclear complex in Natanz, Iran, about 150 miles south of Tehran. AP Photo/Space Imaging/Inta SpaceTurk, HO In the last few days, you'll be aware that a nuclear "agreement" has now been reached between the US and Iran ( http://www.bbc.co.uk/news/world-us-canada-33636922 ). Wrecking Iran's attempts to become a nuclear power has been high on the US agenda for years: Stuxnet was a state sponsored piece of software designed to infiltrate computers that were part of Iran's nuclear development programme. It's target was machines that controlled the centrifuges that enriched uranium. Once a system was detected, Stuxnet deliberately reprogrammed it to not only wreck the centrifuges but also ruin the enrichment process. Read about how Stuxnet successfully infiltrated Iran's nuclear program here: http://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/ . ### Hard Drive Manufacturers Fight Back Seagate has become the first hard drive manufacturer to "lock down" it's firmware. For example, the STxxxxDM03 series of hard drives has firmware that can no longer be manipulated or reprogrammed. This is bad news for data recovery companies, as firmware often becomes corrupted and prevents the hard drive working correctly. For us to retrieve data from these drives, we have to reprogram the hard drive's firmware, something that is no longer possible (yet) with some of the the latest Seagate drives. Recommended: Read more about the NSA firmware hacking here http://www.wired.com/2015/02/nsa-firmware-hacking/ data recovery , hard drive firmware , stuxnet #### [Sep 09, 2016] Some thoughts on the DNC email hacking scandal ##### Notable quotes: ##### "... Cybersecurity company FireEye first discovered APT 29 in 2014 and was quick to point out a clear Kremlin connection. "We suspect the Russian government sponsors the group because of the organizations it targets and the data it steals. because of evidence from FireEye." ..." ##### "... FireEye is also interesting as it, along with the US Department of Defense, funds the CEPA (publishers of Ed Lucas's and Pomerantsev's screed on fighting Kremlin influence): ..." ##### "... I recall the FireEye story well – they used the exact same logic; the code was written on Cyrillic-keyboard machines and during Moscow working hours. Their conclusion was "It just looks so much like something the Russians would do that it must be them". No allowance for the possibility that someone else did it who wanted the USA to arrive at exactly that conclusion. Someone who has done it before, lots of times, and who makes a science out of picking fights on Uncle Sam's behalf. ..." ##### "... Cozy Bear and Fancy Bear? Is there proof that they actually exist? I mean real proof, not WADA proof. ..." ##### "... They are just code names given by a particular security outfit. Different outfits will use different names for the same entities, much in the same way that a given virus/trojan/etc will be given different names by different AV corporations. The names reflect observable characteristics such as threat type, coding style, code structure, distribution network, similar earlier threats, etc rather than a specific single person. ..." ###### Aug 07, 2016 | marknesop.wordpress.com Jeremn , August 5, 2016 at 2:53 am Some thoughts on the hacking "scandal". This article blames the Russians thus: "On June 14, cybersecurity company CrowdStrike, under contract with the DNC, announced in a blog post that two separate Russian intelligence groups had gained access to the DNC network. One group, FANCY BEAR or APT 28, gained access in April. The other, COZY BEAR, (also called Cozy Duke and APT 29) first breached the network in the summer of 2015. Cybersecurity company FireEye first discovered APT 29 in 2014 and was quick to point out a clear Kremlin connection. "We suspect the Russian government sponsors the group because of the organizations it targets and the data it steals. because of evidence from FireEye." Crowdstrike – their Co-Founder, Alperovitch, is an Atlantic Council fellow. The other firm, FireEye, has the CIA as a stakeholder: Should give pause to thought that the intelligence services are interfering in US democracy? No? FireEye is also interesting as it, along with the US Department of Defense, funds the CEPA (publishers of Ed Lucas's and Pomerantsev's screed on fighting Kremlin influence): marknesop , August 5, 2016 at 9:56 am I recall the FireEye story well – they used the exact same logic; the code was written on Cyrillic-keyboard machines and during Moscow working hours. Their conclusion was "It just looks so much like something the Russians would do that it must be them". No allowance for the possibility that someone else did it who wanted the USA to arrive at exactly that conclusion. Someone who has done it before, lots of times, and who makes a science out of picking fights on Uncle Sam's behalf. In the case of both FireEye and Crowdstrike, they would stop looking as soon as they arrived upon a conclusion which suited them anyway. ucgsblog , August 5, 2016 at 12:58 pm Cozy Bear and Fancy Bear? Is there proof that they actually exist? I mean real proof, not WADA proof. Yonatan , August 5, 2016 at 3:04 pm They are just code names given by a particular security outfit. Different outfits will use different names for the same entities, much in the same way that a given virus/trojan/etc will be given different names by different AV corporations. The names reflect observable characteristics such as threat type, coding style, code structure, distribution network, similar earlier threats, etc rather than a specific single person. marknesop , August 5, 2016 at 3:23 pm Yes, 'APT' stands for something, I forget what it was but they said it. Advanced Persistent Threat, something like that. Reply #### [Sep 03, 2016] There is interesting and expert commentary to NSO group software in the Hacker News forum ###### Sep 03, 2016 | www.nakedcapitalism.com Pavel , September 3, 2016 at 8:11 am I just found this via Hacker News… perhaps it was in yesterday's links and I missed it. Truly scary in the Orwellian sense and yet another reason not to use a smartphone. Chilling read. SAN FRANCISCO - Want to invisibly spy on 10 iPhone owners without their knowledge? Gather their every keystroke, sound, message and location? That will cost you 650,000, plus a 500,000 setup fee with an Israeli outfit called the NSO Group. You can spy on more people if you would like - just check out the company's price list. The NSO Group is one of a number of companies that sell surveillance tools that can capture all the activity on a smartphone, like a user's location and personal contacts. These tools can even turn the phone into a secret recording device. Since its founding six years ago, the NSO Group has kept a low profile. But last month, security researchers caught its spyware trying to gain access to the iPhone of a human rights activist in the United Arab Emirates. They also discovered a second target, a Mexican journalist who wrote about corruption in the Mexican government. Now, internal NSO Group emails, contracts and commercial proposals obtained by The New York Times offer insight into how companies in this secretive digital surveillance industry operate. The emails and documents were provided by two people who have had dealings with the NSO Group but would not be named for fear of reprisals. There is interesting and expert commentary in the Hacker News forum: https://news.ycombinator.com/item?id=12417938. I could be wrong, but the promos for Sixty Minutes on the local news make it seem they might be about this subject. Either way it is another scare you about what your cell phone can do story, possibly justified this time. Jeotsu , September 3, 2016 at 2:15 pm An anecdote which I cannot support with links or other evidence: A friend of mine used to work for a (non USA) security intelligence service. I was bouncing ideas off him for a book I'm working on, specifically ideas about how monitoring/electronics/spying can be used to measure and manipulate societies. He was useful for telling if my ideas (for a Science Fiction novel) were plausible without ever getting into details. Always very careful to keep his replies in the "white" world of what any computer security person would know, without delving into anything classified. One day we were way out in the back blocks, and I laid out one scenario for him to see if it would be plausible. All he did was small cryptically, and point at a cell phone lying on a table 10 meters away. He wouldn't say a word on the subject. It wasn't his cellphone, and we were in a relatively remote region with no cell phone coverage. It told me that my book idea was far too plausible. It also told me that every cellphone is likely recording everything all the time, for later upload when back in signal range. (Or at least there was the inescapable possibility that the cell phones were doing so, and that he had to assume foreign (or domestic?) agencies could be following him through monitoring of cell phones of friends and neighbors.) It was a clarifying moment for me. Every cellphone has a monumental amount of storage space (especially for audio files). Almost every cellphone only has a software "switch" for turning it off, not a hardware interlock where you can be sure off is off. So how can you ever really be sure it is "off"? Answer- you can't Sobering thought. Especially when you consider the Bluffdale facility in the USA. #### [Sep 03, 2016] How Spy Tech Firms Let Governments See Everything on a Smartphone ###### Sep 03, 2016 | www.nytimes.com There are dozens of digital spying companies that can track everything a target does on a smartphone. Credit Spencer Platt/Getty Images SAN FRANCISCO - Want to invisibly spy on 10 iPhone owners without their knowledge? Gather their every keystroke, sound, message and location? That will cost you 650,000, plus a 500,000 setup fee with an Israeli outfit called the NSO Group. You can spy on more people if you would like - just check out the company's price list. The NSO Group is one of a number of companies that sell surveillance tools that can capture all the activity on a smartphone, like a user's location and personal contacts. These tools can even turn the phone into a secret recording device. Since its founding six years ago, the NSO Group has kept a low profile. But last month, security researchers caught its spyware trying to gain access to the iPhone of a human rights activist in the United Arab Emirates. They also discovered a second target, a Mexican journalist who wrote about corruption in the Mexican government. Now, internal NSO Group emails, contracts and commercial proposals obtained by The New York Times offer insight into how companies in this secretive digital surveillance industry operate. The emails and documents were provided by two people who have had dealings with the NSO Group but would not be named for fear of reprisals. The company is one of dozens of digital spying outfits that track everything a target does on a smartphone. They aggressively market their services to governments and law enforcement agencies around the world. The industry argues that this spying is necessary to track terrorists, kidnappers and drug lords. The NSO Group's corporate mission statement is "Make the world a safe place." Ten people familiar with the company's sales, who refused to be identified, said that the NSO Group has a strict internal vetting process to determine who it will sell to. An ethics committee made up of employees and external counsel vets potential customers based on human rights rankings set by the World Bank and other global bodies. And to date, these people all said, NSO has yet to be denied an export license. But critics note that the company's spyware has also been used to track journalists and human rights activists. "There's no check on this," said Bill Marczak, a senior fellow at the Citizen Lab at the University of Toronto's Munk School of Global Affairs. "Once NSO's systems are sold, governments can essentially use them however they want. NSO can say they're trying to make the world a safer place, but they are also making the world a more surveilled place." The NSO Group's capabilities are in higher demand now that companies like Apple, Facebook and Google are using stronger encryption to protect data in their systems, in the process making it harder for government agencies to track suspects. The NSO Group's spyware finds ways around encryption by baiting targets to click unwittingly on texts containing malicious links or by exploiting previously undiscovered software flaws. It was taking advantage of three such flaws in Apple software - since fixed - when it was discovered by researchers last month. The cyberarms industry typified by the NSO Group operates in a legal gray area, and it is often left to the companies to decide how far they are willing to dig into a target's personal life and what governments they will do business with. Israel has strict export controls for digital weaponry, but the country has never barred the sale of NSO Group technology. Since it is privately held, not much is known about the NSO Group's finances, but its business is clearly growing. Two years ago, the NSO Group sold a controlling stake in its business to Francisco Partners, a private equity firm based in San Francisco, for 120 million. Nearly a year later, Francisco Partners was exploring a sale of the company for 10 times that amount, according to two people approached by the firm but forbidden to speak about the discussions. The company's internal documents detail pitches to countries throughout Europe and multimillion-dollar contracts with Mexico, which paid the NSO Group more than 15 million for three projects over three years, according to internal NSO Group emails dated in 2013. "Our intelligence systems are subject to Mexico's relevant legislation and have legal authorization," Ricardo Alday, a spokesman for the Mexican embassy in Washington, said in an emailed statement. "They are not used against journalists or activists. All contracts with the federal government are done in accordance with the law." Zamir Dahbash, an NSO Group spokesman, said that the sale of its spyware was restricted to authorized governments and that it was used solely for criminal and terrorist investigations. He declined to comment on whether the company would cease selling to the U.A.E. and Mexico after last week's disclosures. For the last six years, the NSO Group's main product, a tracking system called Pegasus, has been used by a growing number of government agencies to target a range of smartphones - including iPhones, Androids, and BlackBerry and Symbian systems - without leaving a trace. Among the Pegasus system's capabilities, NSO Group contracts assert, are the abilities to extract text messages, contact lists, calendar records, emails, instant messages and GPS locations. One capability that the NSO Group calls "room tap" can gather sounds in and around the room, using the phone's own microphone. Pegasus can use the camera to take snapshots or screen grabs. It can deny the phone access to certain websites and applications, and it can grab search histories or anything viewed with the phone's web browser. And all of the data can be sent back to the agency's server in real time. In its commercial proposals, the NSO Group asserts that its tracking software and hardware can install itself in any number of ways, including "over the air stealth installation," tailored text messages and emails, through public Wi-Fi hot spots rigged to secretly install NSO Group software, or the old-fashioned way, by spies in person. Much like a traditional software company, the NSO Group prices its surveillance tools by the number of targets, starting with a flat 500,000 installation fee. To spy on 10 iPhone users, NSO charges government agencies 650,000; 650,000 for 10 Android users; 500,000 for five BlackBerry users; or 300,000 for five Symbian users - on top of the setup fee, according to one commercial proposal. You can pay for more targets. One hundred additional targets will cost 800,000, 50 extra targets cost 500,000, 20 extra will cost 250,000 and 10 extra costs 150,000, according to an NSO Group commercial proposal. There is an annual system maintenance fee of 17 percent of the total price every year thereafter. What that gets you, NSO Group documents say, is "unlimited access to a target's mobile devices." In short, the company says: You can "remotely and covertly collect information about your target's relationships, location, phone calls, plans and activities - whenever and wherever they are." And, its proposal adds, "It leaves no traces whatsoever." #### [Aug 21, 2016] The NSA Leak Is Real, Snowden Documents Confirm ##### Notable quotes: ##### "... The evidence that ties the ShadowBrokers dump to the NSA comes in an agency manual for implanting malware, classified top secret, provided by Snowden, and not previously available to the public. The draft manual instructs NSA operators to track their use of one malware program using a specific 16-character string, "ace02468bdf13579." That exact same string appears throughout the ShadowBrokers leak in code associated with the same program, SECONDDATE. ..." ###### Aug 19, 2016 | theintercept.com On Monday, a hacking group calling itself the "ShadowBrokers" announced an auction for what it claimed were "cyber weapons" made by the NSA. Based on never-before-published documents provided by the whistleblower Edward Snowden, The Intercept can confirm that the arsenal contains authentic NSA software, part of a powerful constellation of tools used to covertly infect computers worldwide. The provenance of the code has been a matter of heated debate this week among cybersecurity experts, and while it remains unclear how the software leaked, one thing is now beyond speculation: The malware is covered with the NSA's virtual fingerprints and clearly originates from the agency. The evidence that ties the ShadowBrokers dump to the NSA comes in an agency manual for implanting malware, classified top secret, provided by Snowden, and not previously available to the public. The draft manual instructs NSA operators to track their use of one malware program using a specific 16-character string, "ace02468bdf13579." That exact same string appears throughout the ShadowBrokers leak in code associated with the same program, SECONDDATE. SECONDDATE plays a specialized role inside a complex global system built by the U.S. government to infect and monitor what one document estimated to be millions of computers around the world. Its release by ShadowBrokers, alongside dozens of other malicious tools, marks the first time any full copies of the NSA's offensive software have been available to the public, providing a glimpse at how an elaborate system outlined in the Snowden documents looks when deployed in the real world, as well as concrete evidence that NSA hackers don't always have the last word when it comes to computer exploitation. But malicious software of this sophistication doesn't just pose a threat to foreign governments, Johns Hopkins University cryptographer Matthew Green told The Intercept: The danger of these exploits is that they can be used to target anyone who is using a vulnerable router. This is the equivalent of leaving lockpicking tools lying around a high school cafeteria. It's worse, in fact, because many of these exploits are not available through any other means, so they're just now coming to the attention of the firewall and router manufacturers that need to fix them, as well as the customers that are vulnerable. So the risk is twofold: first, that the person or persons who stole this information might have used them against us. If this is indeed Russia, then one assumes that they probably have their own exploits, but there's no need to give them any more. And now that the exploits have been released, we run the risk that ordinary criminals will use them against corporate targets. The NSA did not respond to questions concerning ShadowBrokers, the Snowden documents, or its malware. ### A Memorable SECONDDATE The offensive tools released by ShadowBrokers are organized under a litany of code names such as POLARSNEEZE and ELIGIBLE BOMBSHELL, and their exact purpose is still being assessed. But we do know more about one of the weapons: SECONDDATE. SECONDDATE is a tool designed to intercept web requests and redirect browsers on target computers to an NSA web server. That server, in turn, is designed to infect them with malware. SECONDDATE's existence was first reported by The Intercept in 2014, as part of a look at a global computer exploitation effort code-named TURBINE. The malware server, known as FOXACID, has also been described in previously released Snowden documents. Other documents released by The Intercept today not only tie SECONDDATE to the ShadowBrokers leak but also provide new detail on how it fits into the NSA's broader surveillance and infection network. They also show how SECONDDATE has been used, including to spy on Pakistan and a computer system in Lebanon. The top-secret manual that authenticates the SECONDDATE found in the wild as the same one used within the NSA is a 31-page document titled "FOXACID SOP for Operational Management" and marked as a draft. It dates to no earlier than 2010. A section within the manual describes administrative tools for tracking how victims are funneled into FOXACID, including a set of tags used to catalogue servers. When such a tag is created in relation to a SECONDDATE-related infection, the document says, a certain distinctive identifier must be used: The same SECONDDATE MSGID string appears in 14 different files throughout the ShadowBrokers leak, including in a file titled SecondDate-3021.exe. Viewed through a code-editing program (screenshot below), the NSA's secret number can be found hiding in plain sight: All told, throughout many of the folders contained in the ShadowBrokers' package (screenshot below), there are 47 files with SECONDDATE-related names, including different versions of the raw code required to execute a SECONDDATE attack, instructions for how to use it, and other related files. . After viewing the code, Green told The Intercept the MSGID string's occurrence in both an NSA training document and this week's leak is "unlikely to be a coincidence." Computer security researcher Matt Suiche, founder of UAE-based cybersecurity startup Comae Technologies, who has been particularly vocal in his analysis of the ShadowBrokers this week, told The Intercept "there is no way" the MSGID string's appearance in both places is a coincidence. ### Where SECONDDATE Fits In This overview jibes with previously unpublished classified files provided by Snowden that illustrate how SECONDDATE is a component of BADDECISION, a broader NSA infiltration tool. SECONDDATE helps the NSA pull off a "man in the middle" attack against users on a wireless network, tricking them into thinking they're talking to a safe website when in reality they've been sent a malicious payload from an NSA server. According to one December 2010 PowerPoint presentation titled "Introduction to BADDECISION," that tool is also designed to send users of a wireless network, sometimes referred to as an 802.11 network, to FOXACID malware servers. Or, as the presentation puts it, BADDECISION is an "802.11 CNE [computer network exploitation] tool that uses a true man-in-the-middle attack and a frame injection technique to redirect a target client to a FOXACID server." As another top-secret slide puts it, the attack homes in on "the greatest vulnerability to your computer: your web browser." One slide points out that the attack works on users with an encrypted wireless connection to the internet. That trick, it seems, often involves BADDECISION and SECONDDATE, with the latter described as a "component" for the former. A series of diagrams in the "Introduction to BADDECISION" presentation show how an NSA operator "uses SECONDDATE to inject a redirection payload at [a] Target Client," invisibly hijacking a user's web browser as the user attempts to visit a benign website (in the example given, it's CNN.com). Executed correctly, the file explains, a "Target Client continues normal webpage browsing, completely unaware," lands on a malware-filled NSA server, and becomes infected with as much of that malware as possible - or as the presentation puts it, the user will be left "WHACKED!" In the other top-secret presentations, it's put plainly: "How do we redirect the target to the FOXACID server without being noticed"? Simple: "Use NIGHTSTAND or BADDECISION." The sheer number of interlocking tools available to crack a computer is dizzying. In the FOXACID manual, government hackers are told an NSA hacker ought to be familiar with using SECONDDATE along with similar man-in-the-middle wi-fi attacks code-named MAGIC SQUIRREL and MAGICBEAN. A top-secret presentation on FOXACID lists further ways to redirect targets to the malware server system. To position themselves within range of a vulnerable wireless network, NSA operators can use a mobile antenna system running software code-named BLINDDATE, depicted in the field in what appears to be Kabul. The software can even be attached to a drone. BLINDDATE in turn can run BADDECISION, which allows for a SECONDDATE attack: Elsewhere in these files, there are at least two documented cases of SECONDDATE being used to successfully infect computers overseas: An April 2013 presentation boasts of successful attacks against computer systems in both Pakistan and Lebanon. In the first, NSA hackers used SECONDDATE to breach "targets in Pakistan's National Telecommunications Corporation's (NTC) VIP Division," which contained documents pertaining to "the backbone of Pakistan's Green Line communications network" used by "civilian and military leadership." In the latter, the NSA used SECONDDATE to pull off a man-in-the-middle attack in Lebanon "for the first time ever," infecting a Lebanese ISP to extract "100+ MB of Hizballah Unit 1800 data," a special subset of the terrorist group dedicated to aiding Palestinian militants. SECONDDATE is just one method that the NSA uses to get its target's browser pointed at a FOXACID server. Other methods include sending spam that attempts to exploit bugs in popular web-based email providers or entices targets to click on malicious links that lead to a FOXACID server. One document, a newsletter for the NSA's Special Source Operations division, describes how NSA software other than SECONDDATE was used to repeatedly direct targets in Pakistan to FOXACID malware web servers, eventually infecting the targets' computers. ### A Potentially Mundane Hack Snowden, who worked for NSA contractors Dell and Booz Allen Hamilton, has offered some context and a relatively mundane possible explanation for the leak: that the NSA headquarters was not hacked, but rather one of the computers the agency uses to plan and execute attacks was compromised. In a series of tweets, he pointed out that the NSA often lurks on systems that are supposed to be controlled by others, and it's possible someone at the agency took control of a server and failed to clean up after themselves. A regime, hacker group, or intelligence agency could have seized the files and the opportunity to embarrass the agency. ### Documents Documents published with this story: #### [Aug 01, 2016] FSB Detects Cyberattacks on 20 Russian Organizations, Including Military Targets ##### Notable quotes: ##### "... "Instances of planting of malicious software designed for cyber espionage in computer networks of some 20 organizations located on the territory of Russia have been exposed Information resources of public authorities, scientific and military institutions, enterprises of the military - industrial complex and other objects of country's critical infrastructure were contaminated," the statement read. ..." ###### sputniknews.com Instances of planting of malicious software designed for cyber espionage in computer networks of some 20 organizations located on the territory of Russia have been exposed, according to FSB press service. MOSCOW (Sputnik) - Russian Federal Security Service (FSB) exposed planting of malicious software designed for cyber espionage in computer networks of about 20 Russian institutions, including government and military bodies, FSB press service said Saturday. "Instances of planting of malicious software designed for cyber espionage in computer networks of some 20 organizations located on the territory of Russia have been exposed Information resources of public authorities, scientific and military institutions, enterprises of the military - industrial complex and other objects of country's critical infrastructure were contaminated," the statement read. The press service stressed that the attack was professionally planned, has similar traits with the previously exposed attacks from all over the world. "The latest sets of software are made for each 'victim' individually, based on the unique characteristics of the targeted PC. The spread of the virus is carried out by the means of targeted attacks on PC by sending an e-mail containing a malicious attachment," the statement continued adding that the software made it possible to do screenshots, turn on web-camera and microphones, collect data from the keyboard use. FSB in cooperation with the ministries and agencies took a number of measures to identify all the "victims" of the malicious program on the Russian territory, as well as to localize the threats and minimize the consequences caused by its spread. #### [Aug 01, 2016] Google Bans Israeli Babylon ##### Notable quotes: ##### "... On paper, Babylon looks like an inoffensive provider of online dictionaries. In the screenshot reproduced below, one can see the home page featured in many Bolivian internet kiosks. It is a Babylon search page, designed to look like a Google search page; note the odd code appearing in its address line (a long string of nonsense numbers and letters serving as directives to the company's server, in contrast look at the address of this page), that's the first sign something is wrong. ..." ##### "... The second sign appears while using it; the computer reacts slowly since it is busy sending data to its Babylonian masters. This happens despite Bolivians being unable to spend money on the web; Bolivian money is not a free floating currency and thus it is banned by the international financial system. This search page is defined as a default in the user's browser while installing Babylon's dictionary. ..." ###### www.4thmedia.org ProPeace | Jul 30, 2016 9:53:10 AM | 99 @98 Reppz FYI: The 4th Media " Google Bans Israeli Babylon Bab·y·lon [noun] : In the Book of Revelation, the name of a whore who rules over the kings of the earth and rides upon a seven-headed beast. "Mystery, Babylon the Great, the Mother of Harlots and of the Abominations of the Earth."-Revelations 17:5 Internet giant Yahoo! announced on November 10, 2013, that it won't end its revenue sharing contract with Israeli Babylon, despite Google terminating its similar contract on November 30. Google provided above 40% of Babylon's revenues during the second quarter of 2013; Yahoo! provided over 30%, which amounts to almost 20 million... Babylon is the largest company in what is mockingly known as the Israeli Download Valley,* or in a more serious term the field of directing users. Israel has conquered several internet and information-technology niche markets. This is true to the extent that most American citizens are unwillingly sharing their secrets with the State of Israel. I reviewed Babylon a few months ago in Microsoft Strikes Israeli Software after the American giant limited the activity of Babylon and similar companies on its browsers. Google decision was the result of pressure coming from users of its browser Chrome that correctly understood they were being robbed by Babylon. "But, they are just nice kids translating stuff!" On paper, Babylon looks like an inoffensive provider of online dictionaries. In the screenshot reproduced below, one can see the home page featured in many Bolivian internet kiosks. It is a Babylon search page, designed to look like a Google search page; note the odd code appearing in its address line (a long string of nonsense numbers and letters serving as directives to the company's server, in contrast look at the address of this page), that's the first sign something is wrong. The second sign appears while using it; the computer reacts slowly since it is busy sending data to its Babylonian masters. This happens despite Bolivians being unable to spend money on the web; Bolivian money is not a free floating currency and thus it is banned by the international financial system. This search page is defined as a default in the user's browser while installing Babylon's dictionary. Since the page looks like Google's, few users realize that their home page has been replaced, or that they had clicked on a button asking for this change while installing the dictionary. "Same, same" they say to themselves and begin telling Babylon everything about themselves. The following week, they buy a book named "French Cooking;" a few days later-so that they won't suspect the link between the events-they get a pamphlet advertising a French restaurant near their home. In thanks for the blunt violation of privacy, the Babylonian masters in Israel get a few silver coins. [...] ProPeace | Jul 30, 2016 10:02:54 AM | 100 [...] *Mocking Silicon Valley, other players in the Israeli Download Valley are Waze, Perion, the manager of the IncrediMail, Smilebox and SweetIM brands, VisualBee, Montiera, Fried Cookie Software, WebPick, Linkury, Bundlore, iBario and KeyDownload. These are Israel's Weapons of Mass Distraction. Another niche market is far more dangerous. An offshoot of Golden Pages, the Israeli business phone directory company, Amdocs develops, implements and manages software and services for business support systems, including billing, customer relationship management, and for operations support systems. If your phone company is AT&T, BT Group, Sprint, T-Mobile, Vodafone, Bell Canada, Telus, Rogers Communications, Telekom Austria, Cellcom, Comcast, DirecTV, Elisa Oyj, TeliaSonera or O2-Ireland, then Israel has access to much of your communications and bills, including credit cards numbers. Also important in this context is Check Point, a provider of software and combined hardware and software products for IT security, including network security, endpoint security, data security and security management. In other words, the supermarket near your home probably uses products from this giant to secure its transactions. Israel has access to all of them. This apparently innocent company got so rich that its CEO sits in a penthouse office atop Tel Aviv's highest tower. See Waze of Israel: Google Beats Facebook for a detailed description of how one of this companies operates as more than a spying device allowing to coordinate agents on the field. #### [Jul 06, 2016] Researchers dubbed the malware HummingBad. ###### fortune.com The gang juiced clicks to make about 300,000 per month in fraudulent revenue. In case you needed a reminder that hacking is big business: a group of cybercriminals operating as part of a Chinese advertising firm, has been running a malicious ad racket that rakes in roughly 300,000 monthly, according to Check Point, an Israeli cybersecurity company. The researchers who exposed the alleged scam found that apps from Yingmob, the Chinese ad firm, were installed on nearly 85 million mobile devices running Google's goog Android operating system. Of those, nearly 10 million were found to be running malicious software developed by the firm to display ads, generate illegitimate clicks, download fraudulent apps, and make money. "It would just take a flip of the switch, and this could turn into a botnet that could do more nefarious things than serve advertisements," Dan Wiley, Check Point's chkp head of incident response, said on a call with Fortune. The malicious software, he said, could easily be used to steal data from its targets, wage denial of service attacks against companies, or spy on people's activities. He said that the group could turn all of Yingmob's apps (200, of which 50 were deemed malicious) into malware with a simple update, and then sell access to those tens of millions of compromised machines to the highest bidder who would then have free range to do as he or she pleased. The malware worked by installing a bundle of software known as a rootkit that gives computer crackers total control over infected devices, letting them engage in ad fraud. The campaign, dubbed "HummingBad" by the researchers, allowed the group to discreetly display a total of 20 million ads, generate 2.5 million clicks, and download 50,000 apps on the compromised machines per day, earning them about 10,000 daily. Infected devices were mostly in China (1.6 million) and India (1.4 million). The Philippines and Indonesia represented half a million infected devices each, while the United States accounted for about 287,000 and Russia 208,000, among other countries. #### [Jun 28, 2016] Malvertising, a hack that takes advantage of comprised ad networks and which is increasingly sited by privacy and security advocates as a reason to use ad-blockers. ##### Notable quotes: ##### "... The New York Times ..." ###### www.wired.com Last weekend, hackers hijacked ad campaigns that ran across the web sites of the BBC, The New York Times, Newsweek, and other high-profile news domains, according to the security firm Malwarebytes, whose researchers first spotted the activity. As reported by The Guardian, the malware targeted US visitors and took advantage of numerous exploits to attempt to download itself on people's computers, encrypt their hard-drives, and then demand bitcoin payment in order to decrypt their data. This episode combines two hot-button issues in online security right now: ransomware, the hostage-style hack that is on the rise, and malvertising, a hack that takes advantage of comprised ad networks and which is increasingly sited by privacy and security advocates as a reason to use controversial ad-blockers. #### [Jun 09, 2016] Mcrosoft wont back down from Windows 10 nagware trick ##### That's pretty disingenuous approach that means that Windows 10 is a malware. Shame on Microsoft leadership. This dirty trick with assuming that closing dialof means saying yes to upgrade is actually a typical malware authors approach. Like one commenter said "Total asshattery. "We decided to screw you over and we meant it"." ##### Notable quotes: ##### "... Redmond recently created a new Windows 10 nagware reminder that presented a dialog asking you to install the OS. But if users clicked the red "X" to close the dialog - standard behaviour for dispelling a dialog without agreeing to do anything - Microsoft took that as permission for the upgrade. ..." ##### "... The Close button on the title bar should have the same effect as the Cancel or Close button within the dialog box. Never give it the same effect as OK. ..." ###### May 26, 2016 | The Register ##### Recent Articles Microsoft is hurt and disappointed that people would think it was trying to "trick" them with a confusing Windows 10 upgrade dialog that scheduled an upgrade without users explicitly agreeing to do so. Redmond recently created a new Windows 10 nagware reminder that presented a dialog asking you to install the OS. But if users clicked the red "X" to close the dialog - standard behaviour for dispelling a dialog without agreeing to do anything - Microsoft took that as permission for the upgrade. Redmond (via its flacks) has e-mailed The Register – and, we presume, World+Dog – to say that the UI had worked like that for ages: "the UI of our 'your upgrade is scheduled' notification is nothing new (including the ability to just 'X-out' of the notification with no further action needed to schedule your upgrade) – it's been part of the notification UI for months" (their emphasis, not ours). In this Knowledge Base article, Microsoft notes that "Based on customer feedback, in the most recent version of the Get Windows 10 (GWX) app, we confirm the time of your scheduled upgrade and provide you an additional opportunity for cancelling or rescheduling the upgrade." +Comment: You'll have noticed that Microsoft didn't say it would re-write the app so that closing the app is taken as a "no", as happens for just about every other dialog Windows offers. Or is Redmond saying users who didn't like the UI sleight-of-hand are at fault for delving into its Knowledge Base every time they find a dialog confusing? We'd expect commenters to have an opinion on this … Ralph B My opinion on this? robidy Re: My opinion on this? Ralph, you post doesn't do the link justice. You should clarify that the link is to a remarkably helpful tool that will stop the nagware, prevent inadvertent deployment of Windows 10 by desktop users, recover lost disk space and hopefully prevent mobile users busting their data limits downloading a large Windows 10 installer. It has a helpful command line interface for use in enterprise environments which is vital for smooth and effective deployment. It will also clear up gigabytes of disk space lost when GWX installs, some people have claimed it's freed up over 10GB! PS. I have no connection with the author. PPS. User beware - take the usual precautions before deploying any application...test it! Anonymous Coward Re: My opinion on this? OK, so I've run the software and restarted, and the nagware is gone from my system tray but the Windows 10 update is still in the Control Panel Windows Update and still a default selection. Was I just expecting too much? Ralph B Re: My opinion on this? > Was I just expecting too much? Never10 doesn't/can't stop the Windows Update from downloading the Control Panel Windows Update. It just stops the update from being used - via Microsoft's official group policy settings. cornz 1 Re: My opinion on this? Hmm, this is nothing more than a tool to automate the creation/destruction of 2 registry keys. Surrounded (as typical for GRC) with a great deal of fanfare, like its some major achievement. He moans about the file size being 56k, well, here you go, in 244 bytes. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Gwx] "DisableGwx"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate] "DisableOSUpgrade"=dword:00000001 Because all the program does is create or delete those 2 keys. That's it.. And this is new information how exactly? RayStantz Re: My opinion on this? Awwww Microsofts feelings are hurt.... I DOUBT IT!!! It doesn't take a genius or even someone with a degrees in social behavior or even Engineering to point out how right out horrible an idea this is to FORCE people to download Windows 10, this is NOTHING to do with if its a good program or not, it has all to do with people and their right to choose as well as the damage this has done by ignorantly having the program install without even the knowledge of the owner of the computer even being aware of it if they happen to not be around the computer at the time it installs. The damage it has done to some computers, the loss of personal information and money its caused not to mention how it interrupted people at work for a long period of time and more not even mentioning the stress shows how this is by no means something "good" Microsoft was doing for their customers, it was them forcing their will on people as they saw fit, something that is as close to digital rape as one can get in my opinion and to add to the insult they act like they know better then we do, for months they asked people if they want to upgrade to windows 10, harassing them with this like its an ad and people were fully aware of the choice to upgrade or not and so at this point the people who didn't were all saying NO!!! So how is this justified??? HOW!!! You have no way to opt out unless you turn off the updates MAYBE and/or go to some other outside application like i did to stop it from being forced on my system!! So Microsoft is "hurt" BULL, its a simple case of them not caring and forcing others but in this case its caused damage and in my opinion, they are liable, class action sounds good about now! Also, i hear a lot of good things about Apple! Mark 85 Re: My opinion on this? Awwww Microsofts feelings are hurt.... I DOUBT IT!!! Sure they are, just like the advertisers' feeling are hurt that we use adblockers, or the malware writers' feelings are hurt because we won't respond to their attempts, or Microsoft Techs' feelings are hurt because we won't allow them to get rid of all the viruses on our computers. Oh wait.. Hurt=Bottom Line... Tough.. hurt all you want, you bastards. Ralph B Re: so > Thus failing Microsofts own 'Windows Certification' then? He's right, you know. [quote] The Close button on the title bar should have the same effect as the Cancel or Close button within the dialog box. Never give it the same effect as OK. [/quote] Anonymous Coward Re: so Microsoft Marketing / Terry Myerson : Nothing like Microsoft's own documentation to bring a Company down and cause it to grovel out of a situation. (One rule for them, another rule for the rest of us) You'll be changing that Dialog Box pronto then, to avoid a Class Action Lawsuit? Thought so. Great find (The Windows Certification Documentation)...Thank you. For all the folk with limited eyesight, dexterity problems, or other disabilities that have put up with the MS shit for months now. Shame on you Microsoft, we have laws against this type of inequality. #### [Jun 03, 2016] OEM software update tools preloaded on PCs are a security mess by Lucian Constantin ###### May 31, 2016 | PCWorld Researchers found remote code execution flaws in support tools from Acer, Asus, Lenovo, Dell, and HP. Serious vulnerabilities have crept into the software tools that PC manufacturers preload on Windows computers, but the full extent of the problem is much worse than previously thought. Researchers from security firm Duo Security have tested the software updaters that come installed by default on laptops from five PC OEMs (original equipment manufacturers) -- Acer, ASUSTeK Computer, Lenovo, Dell and HP -- and all of them had at least one serious vulnerability. The flaws could have allowed attackers to remotely execute code with system privileges, leading to a full system compromise. In most cases, the problems resulted from the OEM software updaters not using encrypted HTTPS connections when checking for or downloading updates. In addition, some updaters didn't verify that the downloaded files were digitally signed by the OEM before executing them. The lack of encryption for the communication channel between an update tool and the OEM's servers allows attackers to intercept requests and to serve malicious software that would be executed by the tool. This is known as a man-in-the-middle attack and can be launched from insecure wireless networks, from compromised routers, or from higher up in the Internet infrastructure by rogue ISPs or intelligence agencies. Who designed this stuff? In some cases, even when the OEMs implemented HTTPS and digital signature validation, there were other oversights and flaws that could have allowed attackers to bypass the security measures, the Duo Security researchers found. ###### "During our research, we were often greeted by an intricate mess of system services, web services, COM servers, browser extensions, sockets, and named pipes," the researchers said in their report. "Many confusing design decisions made us wonder if projects were assembled entirely from poor StackOverflow posts." The five companies did not immediately respond to requests for comment on the Duo Security report. The security and behavior of the update tools were not even consistent on the same system, let alone the same manufacturer. In some cases, OEMs had different tools that downloaded updates from different sources with significantly different levels of security, the researchers found. For example, the Lenovo Solutions Center (LSC) was one of the best software updaters tested by the researchers, with solid man-in-the-middle protections. This might be because other flaws were found in LSC several times in the past, drawing the company's attention to it. On the other hand, the tested Lenovo systems also had a second update tool installed called UpdateAgent that had absolutely no security features and was one of the worst updaters Duo Security analyzed. The tools preloaded by Dell, namely the Dell Update software and the update plugin of the Dell Foundation Services (DFS), were some of the most well-designed updaters, but that's only if a critical issue caused by the self-signed eDellRoot certificate, found by Duo Security back in November, is excluded. Since then Dell seems to have beefed up its software update implementations. The Duo researchers found several other issues in the DFS version that came preinstalled on their system, but Dell silently patched them in an update in January before they even had a chance to report them. HP's updater, the HP Support Solutions Framework (HPSSF) with its HP Download and Install Assistant component, also had decent security in place at first glance. However, the researchers found several ways to bypass some of those protections, mainly because of inconsistent implementations. The issues with HPSSF stem from its large number of components and the different ways in which they interact with each other. Sometimes the same type of protection, like the signature verification was implemented in multiple places in different ways. HP's bloatware was the worst This tendency for complexity was also observed in HP's decision to install an unusually large number of support tools on its PCs. HP "exposed the most attack surface due to the enormous number of proprietary tools included with the machine," the researchers said. "We’re not really sure what they all do and we kind of got sick of reversing them after a while, so we stopped." The updaters that fared worse, aside from Lenovo's UpdateAgent, which the company plans to retire and remove from systems in June, were those from Acer and Asus. Not only did they lack HTTPS or file signature validation, but according to Duo Security, the issues remain unpatched. The main advice of the Duo researchers for users is to wipe the preloaded Windows version that comes with their computer and to install a clean copy of Windows. In most cases they should be able to use their existing license key, which in newer Windows versions is detected automatically during Windows installation. "The level of sophistication required to exploit most of the vulnerabilities we found is somewhere between that possessed by a coffee stain on the Duo lunch room floor and your average potted plant -- meaning, trivial," the Duo researchers said in a blog post. And that's based only on an analysis of OEM update tools, not all the third-party software that vendors commonly install on new computers. Who knows what other flaws those applications might have? #### [May 24, 2016] New DMA Locker ransomware is ramping up for widespread attacks By Lucian Constantin ##### It is unclear what is the distribution mechanism for this ransomware. A new ransomware program called DMA Locker has reached maturity and shows signs of being distributed in widespread attacks. Another big change is that the encryption routine now relies on a command-and-control server to generate unique public and private RSA keys for each infection. The malware first generates a unique AES (Advanced Encryption Standard) key for every file that it encrypts. That key is then encrypted with a public RSA key and gets appended to the beginning of the file. In order to decrypt the affected files, users need the corresponding private RSA key that is in the attacker’s possession in order to recover the AES keys for each of their files and then use those keys to decrypt their content. Previous DMA Locker versions did not use a command-and-control server so the RSA private key was either stored locally on the computer and could be recovered by reverse-engineering, or the same public-private key pair was used for an entire campaign. This meant that if someone paid for the private RSA key, that same key would work on multiple computers and could be shared with other victims. All of these issues have been fixed by adopting a server-based model, which is typical for how most other ransomware programs work. Once it infects a computer, DMA Locker will now wait for a connection with the server to be established so it can send a unique computer ID and have a unique RSA public key generated for it. The good news it that, for now, the server is not hosted on the Tor anonymity network, so it should be fairly easy to block by security products, preventing the malware from ever initiating its encryption routine. DMA Locker also stands out by how it chooses the files to encrypt. Almost all file-encryption ransomware programs have a list of file extensions that they will target. Instead, DMA Locker has a list of extensions that it will not touch, encrypting everything else and potentially causing more damage. It will also encrypt files on network shares where the computer has write access, even if those shares have not been mapped locally to a drive letter. As always, with ransomware programs prevention is key. Performing regular backups to locations that are only temporarily accessible from the computer, such as an USB hard disk drive that’s only connected during backup operations, is very important. #### [Apr 16, 2016] Out-of-Date Apps Put 3 Million Servers At Risk of Crypto Ransomware Infections #### arstechnica.com with Slashdot discussion Posted by manishs on Saturday April 16, 2016 @05:30PM from the patch-it-already dept. An anonymous reader cites an article on Ars Technica: More than 3 million Internet-accessible servers are at risk of being infected with crypto ransomware because they're running vulnerable software, including out-of-date versions of Red Hat's JBoss enterprise application, researchers from Cisco Systems said Friday. About 2,100 of those servers have already been compromised by webshells that give attackers persistent control over the machines, making it possible for them to be infected at any time, the Cisco researchers reported in a blog post. The compromised servers are connected to about 1,600 different IP addresses belonging to schools, governments, aviation companies, and other types of organizations. Some of the compromised servers belonged to school districts that were running the Destiny management system that many school libraries use to keep track of books and other assets. Cisco representatives notified officials at Destiny developer Follett Learning of the compromise, and the Follett officials said they fixed a security vulnerability in the program. Follett also told Cisco the updated Destiny software also scans computers for signs of infection and removes any identified backdoors. #### [Apr 16, 2016] Researchers Find Hybrid GozNym Malware, 24 Financial Institutions Already Affected ##### This new type of ransomware makes using VPN proxy much more desirable. Also for all site outside trusted list you need to use the highest level of security, ##### It is usually distributed through Web-based exploits launched from compromised websites. Nymaim uses detection evasion techniques such as encryption, anti-VM and anti-debugging routines, and control flow obfuscation. ###### securityintelligence.com Posted by manishs on Saturday April 16, 2016 @10:30AM from the keep-an-eye-on-your-bank dept. An anonymous reader writes: Researchers are warning about a new hybrid Trojan -- dubbed GozNym-- which is a combination of Nymaim dropper and the Gozi financial malware. IBM researchers say that the malware has been designed to target banks, ecommerce websites, and retail banking, adding that GozNym has already targeted 22 financial institutions in the United States and two in Canada. A ComputerWorld report sheds more light into it, "Nymaim is what researchers call a dropper. Its purpose is to download and run other malware programs on infected computers. It is usually distributed through Web-based exploits launched from compromised websites. Nymaim uses detection evasion techniques such as encryption, anti-VM and anti-debugging routines, and control flow obfuscation. In the past, it has primarily been used to install ransomware on computers. The integration between Nymaim and Gozi became complete in April, when a new version was discovered that combined code from both threats in a single new Trojan -- GozNym." #### [Apr 12, 2016] The ransomware that knows where you live ##### Email based ransomware hunts for dupes. and is very successful in this activity. But they are still dupes. This danger is several years old and is covered by media to death (Cryptolocker appeared around September, 2013). That's why " it might be so "hard to know how to advise people who were unfortunate enough to have their files encrypted by ransomware." ##### For some individuals without backups, paying the ransom might be the only way to retrieve their data. ##### "However, every person that does that makes the business more valuable for the criminal and the world worse for everyone," he said. ###### Apr 12, 2016 | bbc.com A widely distributed scam email that quoted people's postal addresses links to a dangerous form of ransomware, according to a security researcher. Andrew Brandt, of US firm Blue Coat, contacted the BBC after hearing an episode of BBC Radio 4's You and Yours that discussed the phishing scam. Mr Brandt discovered that the emails linked to ransomware called Maktub. The malware encrypts victims' files and demands a ransom be paid before they can be unlocked. The phishing emails told recipients they owed hundreds of pounds to UK businesses and that they could print an invoice by clicking on a link - but that leads to malware, as Mr Brandt explained. One of the emails was received by You and Yours reporter Shari Vahl. "It's incredibly fast and by the time the warning message had appeared on the screen it had already encrypted everything of value on the hard drive - it happens in seconds," Mr Brandt told the BBC. "This is the desktop version of a smash and grab - they want a quick payoff." --[This is baloney, speed of encryption is limited by the speed of writing to the hard drive, so for the hard drive with sizable user data (especially such as photo, music and video) this ten of minutes probably more then an an hour not seconds --NNB] Maktub doesn't just demand a ransom, it increases the fee - which is to be paid in bitcoins - as time elapses. A website associated with the malware explains that during the first three days, the fee stands at 1.4 bitcoins, or approximately 580. This rises to 1.9 bitcoins, or 790, after the third day. The phishing emails tell recipients that they owe money to British businesses and charities when they do not. One of the organisations named was the Koestler Trust, a charity which helps ex-offenders and prisoners produce artwork. "We rely on generous members of the public and we were very distressed when we discovered that people felt they had received emails from us asking for money, when indeed they had not been generated by us at all," chief executive Sally Taylor told You and Yours. Addresses included One remarkable feature of the scam emails was the fact that they included not just the victim's name, but also their postal address. Many, including BBC staff, have noted that the addresses are generally highly accurate. According to Dr Steven Murdoch, a cybersecurity expert at the University of London, it's still not clear how scammers were able to gather people's addresses and link them to names and emails. The data could have come from a number of leaked or stolen databases for example, making it hard to track down the source. #### [Apr 12, 2016] Petya ransomware encryption system cracked ###### Apr 11, 2016 | BBC News Petya ransomware victims can now unlock infected computers without paying. An unidentified programmer has produced a tool that exploits shortfalls in the way the malware encrypts a file that allows Windows to start up. In notes put on code-sharing site Github, he said he had produced the key generator to help his father-in-law unlock his Petya-encrypted computer. The malware, which started circulating in large numbers in March, demands a ransom of 0.9 bitcoins (£265). It hid itself in documents attached to emails purporting to come from people looking for work. Scrambling schemes Security researcher Lawrence Abrams, from the Bleeping Computer news site, said the key generator could unlock a Petya-encrypted computer in seven seconds. But the key generator requires victims to extract some information from specific memory locations on the infected drive. And Mr Abrams said: "Unfortunately, for many victims extracting this data is not an easy task." This would probably involve removing the drive and then connecting it up to another virus-free computer running Windows, he said. Another tool can then extract the data, which can be used on the website set up to help people unlock their computer. Independent security analyst Graham Cluley said there had been other occasions when ransomware makers had "bungled" their encryption system. Cryptolocker, Linux.encoder and one other ransomware variant were all rendered harmless when their scrambling schemes were reverse-engineered. "Of course," said Mr Cluley, "the best thing is to have safety secured backups rather than relying upon ransomware criminals goofing up." #### [Nov 12, 2015] The Emperor Has No Clothes and Nobody Cares ###### www.howtogeek.com ... ... ... Ever since we found out just how much government spying is going on, the security community has been systematically looking into every piece of technology that we use, from operating systems to network protocols, and we've learned just how insecure everything is. ... ... ... That's the good news. The bad news is that nothing has fundamentally changed as far as the spying is concerned, despite all of the stories and media attention online. Organizations like the ACLU have tried, and failed, to even bring cases to figure out what's actually going on. Very few politicians even talk about it, and the ones that do have no power to change anything. People not only haven't exploded in anger, they don't even know the details, as John Oliver illustrated brilliantly in his interview with Snowden. Everybody knows the government is probably spying on everything, and nobody really cares. #### [Sep 26, 2015] Intelligent System Hunts Out Malware Hidden In Shortened URLs ###### Sep 26, 2015 | tech.slashdot.org Posted by timothy An anonymous reader writes: Computer scientists at a group of UK universities are developing a system to detect malicious code in shortened URLs on Twitter. The intelligent system will be stress-tested during the European Football Championships next summer, on the basis that attackers typically disguise links to malicious servers in a tweet about an exciting part of an event to take advantage of the hype. Anonymous Coward Shouldn't browsers be changed to not simply follow the redirect, but ask the user first? Zontar The Mindless For TinyURL, you can enable preview of the full URL here [tinyurl.com]. Uses a cookie, though. Anonymous Coward on Saturday September 26, 2015 @06:37AM (#50603143) I can connect to the server and retrieve the redirect information manually. Works for all of them. But it's a) inconvenient, and b) not something everyone is able to do. Some addons seem to be available, but they don't do things nicely. 1) Patch the page directly (not just retrieve the data on mouse over), making it less original 2) Even retrieve the title of the redirection target (just that connection is enough to validate the existence of an email address) My requirements are: - shall not connect to the host of the shortened url (or any other -- no distinction between "normal" and shorted urls) unless clicked - shall not connect to the the redirect target unless confirmed by the user, or the target is on the same host Zontar The Mindless Whatever. I despise shorteners, don't use them myself, and generally refuse to follow shortened URLs. Just bored and trying to be helpful. #### [Sep 13, 2015] Microsoft pushes Windows 10 upgrade to PCs without user consent By Gregg Keizer ##### Microsoft with Windows 10 is doing a great job of destroying user trust. Look like Windows OS itself became a malware... ##### "..."For those who have chosen to receive automatic updates through Windows Update, we help customers prepare their devices for Windows 10 by downloading the files necessary for future installation," a company spokeswoman said in an email. "This results in a better upgrade experience and ensures the customer's device has the latest software. This is an industry practice that reduces time for installation and ensures device readiness." " ##### "...The upgrade, which can range in size from more than 3GB to nearly 6GB, is placed in the hidden "Windows.~BT" folder, a long-used destination for Windows upgrades. It will sit there, presumably until the user expresses some kind of desire to install Windows 10. " ##### "..."I had to travel recently, so I took a laptop with [a] clean Windows 8.1 Pro install," wrote one such user, identified only as "X.25" on Slashdot. "At my destination, I purchased a SIM (they only had 1GB data packages) and put it into the 3G/W-Fi router I carry. I powered the laptop, connected to [the] Internet via said router, checked [a] few things, then went away for [a] few hours. When I got back to [the] apartment, my data package (and Internet connectivity) was killed because [the] Microsoft idiots decided to start downloading Windows 10 even though I have explicitly closed/rejected all the 'offers.'" " ###### Sep 11, 2015 | Network World Microsoft confirms it has been silently downloading massive upgrade to Windows machines via automatic updates, chewing up bandwidth and storage space Microsoft today confirmed it has been pre-loading the Windows 10 installation bits onto devices whose owners have not "reserved" a copy or expressed interest in the new OS. The move has upset some users of Windows 7 and Windows 8.1, who have complained that the unsolicited downloads have caused them to exceed their Internet providers' data caps or seized storage space without their consent. In a statement, Microsoft acknowledged the practice, which was first reported by The Inquirer on Thursday. "For those who have chosen to receive automatic updates through Windows Update, we help customers prepare their devices for Windows 10 by downloading the files necessary for future installation," a company spokeswoman said in an email. "This results in a better upgrade experience and ensures the customer's device has the latest software. This is an industry practice that reduces time for installation and ensures device readiness." If Windows 7 or Windows 8.1 device owners have Windows Update set to the default -- and Microsoft-recommended -- option that lets the operating system download and install security and other bug fixes automatically in the background, Microsoft will push the Windows 10 upgrade files to the drive. The upgrade, which can range in size from more than 3GB to nearly 6GB, is placed in the hidden "Windows.~BT" folder, a long-used destination for Windows upgrades. It will sit there, presumably until the user expresses some kind of desire to install Windows 10. Microsoft has been pre-loading the Windows 10 upgrade on systems since late July, but it was thought that the practice had been limited to PCs whose owners had accepted Microsoft's free offer and "reserved" a copy through an app the Redmond, Wash. company automatically installed this spring and early summer on virtual all consumer PCs running Windows 7 Home and 8.1 Home, and on many machines powered by Windows 7 Professional and Windows 8.1 Pro. After the Windows 10 upgrade was downloaded to the device, the user was notified through the app that it was ready to install. This new scheme, however, is vastly different in that the bits are downloaded to the device even though the user has not asked for the upgrade. Not surprisingly, among the first to notice the I-did-not-ask-for-this upgrade were people who have data caps mandated by their Internet service providers (ISPs), particularly those who relied on a cellular connection to the Internet. Several commenters in a long thread on Slashdot claimed that they had exceeded their caps because Microsoft downloaded the massive upgrade to their hardware without their approval. "I had to travel recently, so I took a laptop with [a] clean Windows 8.1 Pro install," wrote one such user, identified only as "X.25" on Slashdot. "At my destination, I purchased a SIM (they only had 1GB data packages) and put it into the 3G/W-Fi router I carry. I powered the laptop, connected to [the] Internet via said router, checked [a] few things, then went away for [a] few hours. When I got back to [the] apartment, my data package (and Internet connectivity) was killed because [the] Microsoft idiots decided to start downloading Windows 10 even though I have explicitly closed/rejected all the 'offers.'" Others didn't appreciate the unwelcome guest that dropped into their limited storage space. Anyone with a 128GB SSD (solid-state drive), for example, would be concerned if 5% of their storage capacity was occupied without their okay. Some also wondered whether Microsoft would take the next logical step by either dunning users with notifications urging them to apply the already-installed upgrade, or make the much more unlikely move of automatically triggering the upgrade. The former would, frankly, not be that different from what Microsoft has already done with those who accepted the free upgrade and reserved a copy. It's possible that many on the receiving end of such notifications would approve the upgrade, and even appreciate the fact that they did not have to wait for a long download to complete before upgrading. The latter, however, would be unprecedented, and would almost certainly fuel a firestorm of protest. Microsoft did not immediately reply to follow-up questions about its intensions. What is also interesting about the upgrade-prep is Microsoft's defense, that it's an "industry practice." Although that may be true in limited instances -- Google's Chrome browser, for example, regularly pre-loads updates, which are then automatically installed the next time the application is launched -- as far as Computerworld knows, it's never been done with either an operating system or software that demands installation files of this size. The most common practice for operating systems, by far, is to begin downloading an upgrade only after the user has been notified, and then approved the procedure. Wes Miller, an analyst with Directions on Microsoft, agreed. "I've seen some tiny apps do it for updates. But not for an OS upgrade," Miller said in an email answer to a question asking whether he recalled any similar examples. This story, "Microsoft pushes Windows 10 upgrade to PCs without user consent" was originally published by Computerworld. #### [Aug 30, 2015] Ashley Madison's Female Subscribers Barely Exist, Analysis Concludes ###### Those horny guys should probably watch The Fatal Attraction ;-) ###### Aug 27, /2015 | huffingtonpost.ca "A detailed look at leaked Ashley Madison data suggests there were practically no women active on the site. It was already known that male profiles outnumbered female ones on the site by a ratio of roughly six to one. And it had been previously alleged that Ashley Madison was creating fake profiles of female users. But a detailed look at the data leaked last week by The Impact Team hackers (or hacker), carried out by Annalee Newitz at Gizmodo, found the number of active women on the site to be so low that it’s statistically insignificant.... Of 5.5 million accounts identified as female, only 1,492 had ever checked their inbox, Newitz’ analysis found, compared to 20.2 million male accounts that had checked their inbox at least once. It also found 80,805 profiles linked to an IP address that indicates a local computer, suggesting those accounts were made inside Avid Life Media, the Toronto-based company that owns Ashley Madison. "This isn’t a debauched wonderland of men cheating on their wives," Newitz concluded. "Instead, it’s like a science fictional future where every woman on Earth is dead, and some Dilbert-like engineer has replaced them with badly-designed robots." #### [Aug 23, 2015] Ashley Madison Hackers Speak Out: 'Nobody Was Watching' ##### Q: What was their security like? A: Bad. Nobody was watching. No security. Only thing was segmented network. You could use Pass1234 from the internet to VPN to root on all servers. ##### "... 300GB of employee emails and docs from internal network. Tens of thousands of Ashley Madison user pictures. Some Ashley Madison user chats and messages. 1/3 of pictures are dick pictures and we won't dump. Not dumping most employee emails either. Maybe other executives." ..." ###### August 21, 2015 | Motherboard MOTHERBOARD: How did you hack Avid Life Media? Was it hard? The Impact Team: We worked hard to make fully undetectable attack, then got in and found nothing to bypass. What was their security like? Bad. Nobody was watching. No security. Only thing was segmented network. You could use Pass1234 from the internet to VPN to root on all servers. When did you start hacking them? Years ago? A long time ago. [Note: in a README file in the first data dump, the hackers wrote that they had been collecting information from the company "over the past few years."] What other data from Avid Life Media do you have? 300GB of employee emails and docs from internal network. Tens of thousands of Ashley Madison user pictures. Some Ashley Madison user chats and messages. 1/3 of pictures are dick pictures and we won't dump. Not dumping most employee emails either. Maybe other executives." #### [Jul 22, 2015] Registering on shady sites is a huge risk “Large caches of data stolen from online cheating site AshleyMadison.com have been posted online by an individual or group that claims to have completely compromised the company’s user databases, financial records and other proprietary information. The still-unfolding leak could be quite damaging to some 37 million users of the hookup service, whose slogan is ‘Life is short. Have an affair'” [Krebs on Security]. And just before they were going to, er, go public… #### [Jun 16, 2015]US Navy Solicits Zero Days ###### Jun 15, 2015 | Slashdot msm1267 writes: The US Navy posted a RFP, which has since removed from FedBizOpps.gov, soliciting contractors to share vulnerability intelligence and develop zero day exploits for most of the leading commercial IT software vendors. The Navy said it was looking for vulnerabilities, exploit reports and operational exploit binaries for commercial software, including but not limited to Microsoft, Adobe, [Oracle] Java, EMC, Novell, IBM, Android, Apple, Cisco IOS, Linksys WRT and Linux, among others. The RFP seemed to indicate that the Navy was not only looking for offensive capabilities, but also wanted use the exploits to test internal defenses.The request, however, does require the contractor to develop exploits for future released CVEs. "Binaries must support configurable, custom, and/or government owned/provided payloads and suppress known network signatures from proof of concept code that may be found in the wild," the RFP said. quenda (644621) on Monday June 15, 2015 @07:50PM (#49917853) Ask the NSA (Score:4, Interesting) So much for post-911 interagency cooperation. While one agency is inserting weaknesses, another is having to buy then on the open market. Though the Navy approach is probably cheaper. Taco Cowboy (5327) on Monday June 15, 2015 @09:17PM (#49918315) This has been happening since day one (Score:2) How many years it officially took the hackers to stumble across the existence of the embedded NSA backdoor inside MS Windows?? Way before the news of that 'discovery' was told to the world, a friend of mine found it, but was told to 'shut up or else' by his then boss Apparently they (and many other people) already knew about it for quite a while, but none of them bother to tell the world about it Luthair (847766) on Monday June 15, 2015 @08:01PM (#49917925) Why.... (Score:2, Interesting) does every agency and division of the military need to do this? Seems like the classic not invented here syndrome and a colossal waste of tax payer money. onproton (3434437) <emdanyi.gmail@com> on Tuesday June 16, 2015 @12:34AM (#49919171) and yet real secuirty research is all but outlawed (Score:2) I am finding it harder and harder to accept that the people in charge of these types of programs aren't aware of just how glaringly hypocritical they are [boingboing.net]. I can't help but be reminded of the quote: We grow up in a controlled society, where we are told that when one person kills another person, that is murder, but when the government kills a hundred thousand, that is patriotism. - Howard Zinn Find a zero day and report it to someone who might fix it, that is criminal. Find a zero day and report it to the navy, you've done a service for your country. There is a unfortunate disconnect when the things the government does in the name of keeping us safe, end up making us all decidedly less safe in the end [schneier.com]. #### [Feb 26, 2015] 3 Million Strong RAMNIT Botnet Taken Down ##### Windows should probably be prohibited for security-sensitive applications or use special install that can be wiped and restored daily. We have this powerful, all knowing NSA and multi-million botnets simultaneously. If this a coincidence? ###### February 25, 2015 | yro.slashdot.org An anonymous reader writes The National Crime Agency's National Cyber Crime Unit worked with law enforcement colleagues in the Netherlands, Italy and Germany, co-ordinated through Europol's European Cybercrime Centre, to shut down command and control servers used by the RAMNIT botnet. Investigators believe that RAMNIT may have infected over three million computers worldwide, with around 33,000 of those being in the UK. It has so far largely been used to attempt to take money from bank accounts. XB-70 (812342) on Wednesday February 25, 2015 @08:32PM (#49133439) Thanks (Score:5, Insightful) In many of my posts, I have been highly critical of the seeming non-efforts by government agencies to deal with SPAM, malware, phishing etc. etc. It is wonderful to hear this great news about good works being done for the greater good. Thank you to all the investigators for your many hours and hard work to shut this down. rtb61 (674572) on Wednesday February 25, 2015 @10:51PM (#49134091) Homepage Re:Thanks (Score:2) It's internet janitorial work. No fame, no money and no promotions, so basically everyone does not much at all about it. Consider the NSA hacking all over the place, noticing all of this stuff, doing basically nothing about it (basically who gives a fuck it's a defensive security issue) except of course seeking to exploit it. So how come various governments are not going to their security agencies and saying why you do bloody nothing, why you bloody ignore it, why you pretend it doesn't exist, why you so busy hacking all politicians, activists and journalists communications that you basically ignore in your face criminal activity, apart from the odd effort and only at the behest of a major corporation, all other citizens can basically fuck off with the computer security problems. #### [Nov 24, 2014] Regin, new computer spyware, discovered by Symantec ###### Nov 24, 2014 | BBC News A leading computer security company says it has discovered one of the most sophisticated pieces of malicious software ever seen. Symantec says the bug, named Regin, was probably created by a government and has been used for six years against a range of targets around the world. Once installed on a computer, it can do things like capture screenshots, steal passwords or recover deleted files. Experts say computers in Russia, Saudi Arabia and Ireland have been hit most. It has been used to spy on government organisations, businesses and private individuals, they say. Researchers say the sophistication of the software indicates that it is a cyber-espionage tool developed by a nation state. They also said it likely took months, if not years, to develop and its creators have gone to great lengths to cover its tracks. Sian John, a security strategist at Symantec, said: "It looks like it comes from a Western organisation. It's the level of skill and expertise, the length of time over which it was developed." Symantec has drawn parallels with Stuxnet, a computer worm thought to have been developed by the US and Israel to target Iran's nuclear program. That was designed to damage equipment, whereas Regin's purpose appears to be to collect information. #### [Nov 21, 2014] Court Shuts Down Alleged 120M Tech Support Scam ##### According to the FTC, the scams began with computer software that claimed to improve the security or performance of the customer's computer. Typically, consumers downloaded a free, trial version of the software that would run a computer system scan. The scan always identified numerous errors, whether they existed or not. Consumers were then told that in order to fix the problems they had to purchase the paid version of the software for between 29 and 49. In order to activate the software after the purchase, consumers were then directed to call a toll-free number and connected to telemarketers who tried to sell them unneeded computer repair services and software, according to the FTC complaint. ###### November 19, 2014 | slashdot.org ###### samzenpus wiredmikey writes A federal court has temporarily shut down and frozen the assets of two telemarketing operations accused by the FTC of scamming customers out of more than 120 million by deceptively marketing computer software and tech support services. According to complaints filed by the FTC, since at least 2012, the defendants used software designed to trick consumers into believing there were problems with their computers and then hit them with sales pitches for tech support products and services to fix their machines. According to the FTC, the scams began with computer software that claimed to improve the security or performance of the customer's computer. Typically, consumers downloaded a free, trial version of the software that would run a computer system scan. The scan always identified numerous errors, whether they existed or not. Consumers were then told that in order to fix the problems they had to purchase the paid version of the software for between 29 and 49. In order to activate the software after the purchase, consumers were then directed to call a toll-free number and connected to telemarketers who tried to sell them unneeded computer repair services and software, according to the FTC complaint. The services could cost as much as 500, the FTC stated. #### Amnesty International Releases Tool To Combat Government Spyware ###### Nov 20, 2014 | slashdot.org Posted by timothy on Thursday November 20, 2014 @04:34PM New submitter Gordon_Shure_DOT_com writes Human rights charity Amnesty International has released Detekt to tool which finds and removes known government spyware programs. Describing the free software as the first of its kind, Amnesty commissioned the tool from prominent German computer security researcher and open source advocate Claudio Guarnieri, aka 'nex'. While acknowledging that the only sure way to prevent governments surveillance of huge dragnets of individuals is legislation, Marek Marczynski of Amnesty nevertheless called the tool ( downloadable here ) a useful countermeasure versus spooks. According to the app's instructions, it operates similarly to popular malware or virus removal suites, though systems must be disconnected from the Internet prior to it scanning. mmell (832646) <mike.mell@gmail.com> on Thursday November 20, 2014 @04:42PM (#48429681) Don't bother. (Score:3) If you're interesting enough that the NSA is watching what you do on your computer, the NSA is already watching what you do on your computer. Now that you have detected this, other (possibly less subtle) methods will be used to ensure that you are appropriately monitored . . . but kudos to you for catching the NSA! X^D Oh, and First Post! Anonymous Coward on Thursday November 20, 2014 @05:23PM (#48429999) The NSA is watching whether you're interesting or not. Apparently you didn't get the memo... #### [Aug 15, 2014] "Please don't do anything evil" by Dan Goodin ##### The sorry story about booting from floppies is replicated on a new level (the fault specifically designed by Microsoft, probably with NSA in mind): Every time anybody connects a USB device to your computer, you fully trust them with your computer. ###### July 31 2014 | Ars Technica "If you put anything into your USB [slot], it extends a lot of trust," Karsten Nohl, chief scientist at Security Research Labs in Berlin, told Ars. "Whatever it is, there could always be some code running in that device that runs maliciously. Every time anybody connects a USB device to your computer, you fully trust them with your computer. It's the equivalent of [saying] 'here's my computer; I'm going to walk away for 10 minutes. Please don't do anything evil." In many respects, the BadUSB hack is more pernicious than simply loading a USB stick with the kind of self-propagating malware used in the Stuxnet attack. For one thing, although the Black Hat demos feature only USB2 and USB3 sticks, BadUSB theoretically works on any type of USB device. And for another, it's almost impossible to detect a tampered device without employing advanced forensic methods, such as physically disassembling and reverse engineering the device. Antivirus scans will turn up empty. Most analysis short of sophisticated techniques rely on the firmware itself, and that can't be trusted. "There's no way to get the firmware without the help of the firmware, and if you ask the infected firmware, it will just lie to you," Nohl explained. Most troubling of all, BadUSB-corrupted devices are much harder to disinfect. Reformatting an infected USB stick, for example, will do nothing to remove the malicious programming. Because the tampering resides in the firmware, the malware can be eliminated only by replacing the booby-trapped device software with the original firmware. Given the possibility that traditional computer malware could be programmed to use BadUSB techniques to infect any attached devices, the attack could change the entire regimen currently used to respond to computer compromises. "The next time you have a virus on your computer, you pretty much have to assume your peripherals are infected, and computers of other people who connected to those peripherals are infected," Nohl said. He said the attack is similar to boot sector infections affecting hard drives and removable storage. A key difference, however, is that most boot sector compromises can be detected by antivirus scans. BadUSB infections can not. The Black Hat presentation, titled BadUSB—on accessories that turn evil, is slated to provide four demonstrations, three of which target controller chips manufactured by Phison Electronics. They include: • Transforming a brand-name USB stick into a computer keyboard that opens a command window on an attached computer and enters commands that cause it to download and install malicious software. The technique can easily work around the standard user access control in Windows since the protection requires only that users click OK. • Transforming a brand-name USB stick into a network card. Once active, the network card causes the computer to use a domain name system server that causes computers to connect to malicious sites impersonating legitimate destinations. • Programming a brand-name USB stick to surreptitiously inject a payload into a legitimate Ubuntu installation file. The file is loaded onto the drive when attached to one computer. The tampering happens only after it is plugged into a separate computer that has no operating system present on it. The demo underscores how even using a trusted computer to verify the cryptographic hash of a file isn't adequate protection against the attack. • Transforming an Android phone into a malicious network card. Mr.StR34kSmack-Fu Master, in training Abresh wrote: So, does turning off autoplay on USB devices mitigate or prevent this attack or are we still screwed even if it is turned off and someone plugs a malicious USB thing into our computer? Yes, I read the article but by the middle I was going "Wha?" and scratching my head puzzling over this. My understanding is that if you plug it in, it will infect, auto play or not, and that this is not limited to any one operating system. This attack vector uses the actual firmware on the USB device, which tells the computer the type of device being plugged in. So you plug in an infected usb storage device, and it tells the computer that it's also a keyboard. Then it types commands as though you were doing it at your actual keyboard. Scarily clever..... OmoronovoWise, Aged Ars Veteran Sneaky wrote: Call me thick, but wouldn't it be rather obvious that your USB memory stick is being a keyboard, because it can't also be a memory stick. i.e. where the hell have all my files gone? You aren't being thick, but you're wrong in thinking a USB device can only be one thing. There's nothing stopping a USB Flash Drive being fully functional as a USB Flash Drive whilst also surreptitiously acting as a keyboard if it's firmware has been modified to advertise it as such. A USB device can have multiple device ID's and able to process commands as any of them. Back in the early days of 3G dongles, they would show up as both the dongle itself and as a virtual CD drive from which to install the device driver from. This attack vector is the same concept, only for malicious intent and not built into the device intrinsically. andrewd18Ars Centurion dfjdejulio wrote: andrewd18 wrote: Step 1: Build a convenient USB "charging station" for an airport. Step 2: Insert BadUSB firmware exploit Step 3: Wait for people to charge their phones. Step 4: ??? Step 5: Profit! This one, people can protect themselves from by using charging cables that do not actually have the data pins. Which are a good idea to carry while traveling, if you're not bringing your own trusted charging devices with you. I have a hard enough time convincing my parents-in-law to stay off the "Free WIFI" SSIDs at the airport; now I need to convince them to use a special charging cable because of "malicious USB ports"? Ha. Fat chance. That's not only a behavior change but also an expenditure of money, all for a threat they can't identify. Hacks where there is no visual difference in the operation of the device, like this one, are completely stealthed to the majority of end users. Trying to explain it just sounds like paranoia. "See? My phone is charging just fine and I can play my games, check my bank balance, and everything." #### [Aug 15, 2014] Watch a Cat Video, Get Hacked ###### Slashdot New submitter onproton writes: Citizen Lab released new research today on a targeted exploitation technique used by state actors involving "network injection appliances" installed at ISPs. These devices can target and intercept unencrypted YouTube traffic and replace it with malicious code that gives the operator control over the system or installs a surveillance backdoor. One of the researchers writes, "many otherwise well-informed people think they have to do something wrong, or stupid, or insecure to get hacked—like clicking on the wrong attachments, or browsing malicious websites...many of these commonly held beliefs are not necessarily true." This technique is largely designed for targeted attacks, so it's likely most of us will be safe for now — but just one more reminder to use https. bbn (172659) <baldur.norddahl@gmail.com> on Friday August 15, 2014 @04:38PM (#47681107) https is useless (Score:5, Insightful) What good is https going to be against the state? You think they can not coerce Verisign et al to hand over a copy of the root keys? heypete (60671) <pete@heypete.com> on Friday August 15, 2014 @05:00PM (#47681287) Homepage Re:https is useless (Score:5, Informative) What good is https going to be against the state? You think they can not coerce Verisign et al to hand over a copy of the root keys? Sure, they could, but I doubt they are. If VeriSign gets caught issuing bogus certs for the government, browser vendors will revoke their roots. That's basically a death sentence to companies like VeriSign (rather, their cert-issuing division). While typical users won't notice, there's still plenty of risk to getting caught, particularly when targeting anyone using major web properties: Chrome, for example, has a bunch of high-profile sites "pinned" and will report back to Google if bogus certs are being used (they identified a bunch of MITMing with compromised certs in Iran in this way). Other add-ons like Perspectives make it easier to detect if unexpected certs are showing up. Could they get away with issuing infrequently-used certs for highly-targeted, one-off uses? Possibly, but each time they do the risk to their entire business increases. I suspect the government would much prefer to do things sneakily in the shadows, rather than involving major CAs in such a risky role. PopeRatzo (965947) on Friday August 15, 2014 @05:57PM (#47681721) Homepage Journal Re:https is useless (Score:5, Insightful) If VeriSign gets caught issuing bogus certs for the government, browser vendors will revoke their roots. Hasn't history taught us that, "They wouldn't dare" is not something on which to base trust? I'm sure there was some dim bulb somewhere who believed, long ago, that AT&T "wouldn't dare" help the government spy on people because then all their customers would cancel their service. No, you've got to do better than, "I wouldn't think of doing such a thing" when it comes to 21st century governments. SQLGuru (980662) on Friday August 15, 2014 Reduced rights (Score:3) This is one of the reasons that I don't use an admin/root level account for normal activity. If I need those privs, I'll escalate my rights for a single action. While that also won't prevent all hacks, it drastically reduces my exposure. vux984 (928602) on Friday August 15, 2014 @04:48PM (#47681195) Re:Reduced rights (Score:3) This is one of the reasons that I don't use an admin/root level account for normal activity. A good practice to be sure. While that also won't prevent all hacks, it drastically reduces my exposure. Well, at least your device drivers are safe, and its a little harder for you to join a bot net. But pretty much everything you have of value can be accessed from user space, including all your documents. That's generally what identity and data thief hackers (and state actors) want. SQLGuru (980662) on Friday August 15, 2014 @04:54PM (#47681239) Journal Re:Reduced rights (Score:2) They also have a harder time installing executable code.....if my browsing user can't install code, then they've only got memory to play with. not entirely true. It just can't install it in c:\program files or your platforms equivalent. It can drop executables in folders you DO have access to though, and run them from there. And even get them to auto run if it puts the start command in a settings file you can edit as that user. MightyMartian (840721) on Friday August 15, 2014 @05:04PM (#47681319) Well, there have been a whole host of attacks associated with vulnerable versions of Flash and Java that could at least cripple a profile. I ran up against one of them around 2010. One of the staff at one of our remote locations suddenly had all their files supposedly disappear, desktop wiped out and the like, and a notification about a ransom if they wanted the files back. The user had no admin privileges, so I checked, and sure enough, the other profiles were untouched. What had happened is the auto updater for the workstation had failed. Now, while it's true that the operating system itself was not compromised, and no other systems or users on the network were compromised, certainly there was enough control to potentially view confidential data on shared drives. While this was relatively unsophisticated ransomware, it did teach me than merely obsessing about privilege escalation does not lead to a secure system. User profiles and directories can still potentially be vulnerable even if the malware can't root the system. AmiMoJo (196126) * <mojoNO@SPAMworld3.net> on Friday August 15, 2014 @05:38PM (#47681607) Run your browser in a VM, preferably using a different OS to the host. No access to the host filesystem, isolated from the real machine. Then at least only your browser data is vulnerable. Animats (122034) on Friday August 15, 2014 @04:59PM (#47681273) Flash vulnerability? (Score:4, Interesting) Presumably this attack is via a Flash vulnerability. So why is there no mention of Adobe in the article? Why isn't Adobe being held responsible? Why are there still vulnerabilities in Flash? Who audits that code? Well? Didn't look at the source of a Youtube page, did you? Look for "http://s.ytimg.com/yts/swfbin/player-vflZsDuOu/watch_as3.swf". Videos can also play with "HTML5 video", but there's Flash code there to be executed. timeOday (582209) on Friday August 15, 2014 @06:15PM (#47681803) No, I don't think it's a Flash vulnerability. It is awfully obscured in the article by general hand-waving, but I think the idea here is to trick people into installing an executable that isn't really Flash by causing an executable that presents itself as a Flash update to request installation. Since this happens while they are visiting youtube (with a man-in-the-middle doing the injection), the user may assume it is a legit update and install the malware. In other words, Flash and Java are "exploited" only in the sense that people are so used to being pushed security updates, that they may accept a fake update delivered on an insecure connection. Accepting a so-called Flash update from any untrusted site would accomplish the same thing. It really just boils down to the fact that every site is an untrusted site if you're not using https, since you don't know who all is in the middle. raymorris (2726007) on Friday August 15, 2014 @05:30PM Simpler way: virtualization + snapshot (Score:3) You COULD modify the hardware etc., or just fire up Virtualbox, KVM, or qemu full screen for your web browsing and such. Set the virtualized image read-only, except when installing new software on it. Beneath the virtual machine can either be a dedicated hypervisor or an very small Linux installation which has only a tiny attack surface. raymorris (2726007) on Friday August 15, 2014 @05:24PM (#47681489) Not wrong, or stupid, or insecure, just run Flash (Score:2) TFS says: > many otherwise well-informed people think they have to do something wrong, or stupid, or insecure to get hacked—like clicking on the wrong attachments, or browsing malicious websites...many of these commonly held beliefs are not necessarily true. ... [Adobe Flash can be exploited by an ISP]. Hmm, so you don't have to do something stupid or insecure, just run Flash and Java. :) Flash is mostly used for ads and malware, neither of which I want, so I don't run Flash in my default browsers. For many years, there has been precisely one site for which I ever had any interest in having Flash installed, that was Youtube. Not anymore. Youtube no longer requires Flash. https://www.youtube.com/html5 [youtube.com] #### [Jun 17, 2014] Zeus Trojan alternative hits the underground market By Lucian Constantin ###### June 11, 2014 | Computerworld/IDG News Service Extensibility could help a new Trojan program called Pandemiya see wider distribution despite its high price, researchers say A new Trojan program that can spy on victims, steal login credentials and interfere with browsing sessions is being sold on the underground market and might soon see wider distribution. The new threat is called Pandemiya and its features are similar to that of the infamous Zeus Trojan program that many cybercriminal gangs used for years to steal financial information from businesses and consumers. Zeus source code was leaked on underground forums in 2011, allowing other malware developers to create Trojan programs based on it, including threats like Citadel, Ice IX and Gameover Zeus, whose activity was recently disrupted by an international law enforcement effort. "Pandemiya's coding quality is quite interesting, and contrary to recent trends in malware development, it is not based on Zeus source code at all, unlike Citadel/Ice IX, etc.," researchers from RSA, the security division of EMC, said Tuesday in a blog post. "Through our research, we found out that the author of Pandemiya spent close to a year of coding the application, and that it consists of more than 25,000 lines of original code in C." The new Trojan program can inject rogue code into websites opened in a local browser, a technique known as Web injection; grab information entered into Web forms; steal files; and take screenshots. Because it has a modular architecture, its functionality can also be extended through individual DLL (dynamic link library) files that act as plug-ins. Some of Pandemiya's existing plug-ins allow cybercriminals to open reverse proxies on infected computers, to steal FTP credentials and to infect executable files. Its creators are also working on others to enable reverse Remote Desktop Protocol connections and to allow the malware to spread through hijacked Facebook accounts, the RSA researchers said. "Like many of the other Trojans we've seen of late, Pandemiya includes protective measures to encrypt the communication with the control panel, and prevent detection by automated network analyzers," the researchers said. The new threat is being advertised on underground forums for US1,500 for the core application and 2,000 with additional plug-ins, a relatively high entry price for cybercriminals. This aspect and the fact that it's new have kept Pandemiya from gaining popularity so far, but because it can easily be expanded with DLL plug-ins "could make it more pervasive in the near future," the RSA researchers said. #### [Jun 10, 2014] Massive botnet takedown stops spread of Cryptolocker ransomware by Gregg Keizer ##### See also Cryptolocker Trojan (Win32/Crilock.A) ###### Jun 10, 2014 | Computerworld ###### The takedown earlier this week of a major malware-spewing botnet has crippled the distribution of Cryptolocker, one of the world's most sophisticated examples of ransomware, a researcher said today. But replacements already stand in the wings, prepared to take Cryptolocker's place. "Since last Friday, we've seen no new activity and no new infections," said Keith Jarvis, a security researcher at Dell SecureWork's Counter Threat Unit (CTU), referring to Gameover Zeus, a two-year-old botnet that U.S. and foreign authorities took down in a broad coordinated campaign announced Monday. Gameover Zeus had been the sole distribution channel for Cryptolocker .... ... ... On Monday, the U.S. Department of Justice (DOJ) revealed that it, along with law enforcement agencies in several other countries, including Australia, Germany, France, Japan, Ukraine and the U.K., had grabbed control of the Gameover Zeus botnet. Criminal charges have also been filed against the alleged administrator of the botnet. ... ... ... Jarvis said that SecureWorks -- which has been in the forefront of analyzing Cryptolocker, and was one of the private security firms that assisted law enforcement prior to this week's take-down -- estimated the Cryptolocker haul at a minimum of 10 million since its debut. ... ... ... Some victims who refused to pay the ransom incurred significant losses recovering control of their files and restoring files from backups, if they had them. During their investigation, U.S. authorities interviewed numerous Cryptolocker victims; examples cited in court documents said businesses pegged recovery and remediation costs between 30,000 and 80,000. ... "This is a well-written piece of software," said Jarvis. "And they got the encryption right. There are no loopholes and no flaws." Earlier examples of ransomware were often sloppy, and in some cases their lock-out mechanisms could be circumvented. Not so with Cryptolocker. Once run, it left victims with only two options: Pay the ransom or restore the now-inaccessible data from backups. ... ... ... #### [Jun 02, 2014] Wham bam Global Operation Tovar whacks CryptoLocker ransomware & GameOver Zeus botnet ##### So it took more then half-a-year (8 months) to get to the bottom; and at the end it was Symantec researchers, who "poisoned" the botnet. I think all federal officials in three letter agencies responsible for that should be fired... ###### Computerworld Blogs “Evgeniy Bogachev and the members of his criminal network devised and implemented the kind of cybercrimes that you might not believe if you saw them in a science fiction movie,” reported the DOJ. By secretly implanting viruses on computers around the world, they built a network of infected machines – or “bots” – that they could infiltrate, spy on, and even control, from anywhere they wished. Sitting quietly at their own computer screens, the cyber criminals could watch as the Gameover Zeus malware intercepted the bank account numbers and passwords that unwitting victims typed into computers and networks in the United States. And then the criminals turned that information into cash by emptying the victims’ bank accounts and diverting the money to themselves. Over the weekend, more than 300,000 victim computers have been freed from the botnet – and we expect that number to increase as computers are powered on and connected to the internet this week. We have already begun providing victim information to private sector parties who are poised to assist them. I am also pleased to report that, by Saturday, Cryptolocker was no longer functioning and its infrastructure had been effectively dismantled. Through these court-authorized operations, we have started to repair the damage the cyber criminals have caused over the past few years, we are helping victims regain control of their own computers, and we are protecting future potential victims from attack. US-CERT (United States Computer Emergency Readiness Team) also issued a GameOver Zeus P2P Malware alert today. GameOver Zeus (GOZ), a peer-to-peer (P2P) variant of the Zeus family of bank credential-stealing malware identified in September 2011, uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), is releasing this Technical Alert to provide further information about the GameOver Zeus botnet. #### [Jun 02, 2014] Game Over for 'Gameover' Malware ###### tomsguide.com Two of the most insidious and widespread types of malware have been "disrupted," and at least one man allegedly behind them has been indicted, according to an announcement today (June 2) by the United States Department of Justice. In a partnership with security companies, experts and other countries' law-enforcement agencies, the Department of Justice helped orchestrate "Operation Tovar," a mission to identify the criminals behind the Gameover banking Trojan and the botnet it controls, as well as the Cryptolocker ransomware, and sabotage the associated crimeware campaigns. According to Deputy U.S. Attorney General James Cole, the Gameover operation was successful and the group's alleged leader, Russian citizen Evgeniy Mikhailovich Bogachev, has been indicted by a federal grand jury in Pittsburgh. Gameover, adapted from the infamous ZeuS banking Trojan after the ZeuS source code was released in 2011, infects Windows computers worldwide and corrals them into a botnet, intercepts users' passwords and other financial information and uses the stolen credentials to make or redirect wire transfers from the bank accounts of infected users to accounts controlled by the criminals behind the malware. According to Cole, Gameover has been implicated in the theft of more than 100 million dollars from American victims alone. The Gameover botnet has also been identified as the primary distributor of Cryptolocker, a type of ransomware which holds infected computers "ransom" by using encryption to render the files on them unreadable. The 14-count indictment against Bogachev, who is believed to be in southern Russia, accuses him of acting as the administrator of the Gameover botnet. The counts include conspiracy, computer hacking, wire fraud, bank fraud and money laundering. At the same time, an Omaha, Nebraska criminal complaint charges Bogachev with conspiracy to commit bank fraud in a separate case invovling a variant of the ZeuS malware called "Jabber ZeuS," after the instant-messaging software it used to communicate with its handlers. A third civil injunction filed by the United States in the Pittsburgh federal court alleges that Bogachev is the leader of a cybercrime gang responsible for creating and operating both Gameover and Cryptolocker. In addition, the Pittsburgh court also authorized U.S. law enforcement to intercept traffic between computers infected with Gameover and Cryptolocker and the servers controlling these malicious programs. For example, the FBI can collect the IP addresses of computers infected with these types of malware in order to help study them and devise defenses against them. "At no point during the operation did the FBI or law enforcement access the content of any of the victims' computers or electronic communications," the Department of Justice announcement states. However, judging by similar situations, it is highly unlikely that Bogachev will actually face trial in the US. #### [Jun 02, 2014] Fed Cyber Sleuths Stop 'Gameover Zeus' and 'Cryptolocker' Crime Sprees ###### ABC News The Justice Department has disrupted what it calls one of the most sophisticated cyber threats ever, and they are now trying to capture the man behind it all, federal prosecutors announced today. Over the weekend, federal cyber cops essentially paralyzed a massive computer virus known as “Gameover Zeus,” which diverted millions of dollars from companies’ bank accounts, and blocked another virus known as “Cryptolocker,” which first took control of a user’s computer files and then demanded ransom in return for the user’s own files, according to federal prosecutors. Both viruses were the work of an overseas criminal gang allegedly run by Russian hacker Evgeniy Bogachev, who is now among the FBI’s most-wanted cyber criminals. “Evgeniy Bogachev and the members of his criminal network devised and implemented the kind of cyber-crimes that you might not believe if you saw them in a science fiction movie,” the head of the Justice Department’s Criminal Division, Leslie Caldwell, told reporters in Washington. “By secretly implanting viruses on computers around the world, they built a network of infected machines – or ‘bots’ – that they could infiltrate, spy on, and even control, from anywhere they wished.” Starting in 2011, Bogachev, 30, allegedly used “spear-fishing” – or fake – emails to infect computers with the “Gameover Zeus” virus. Once infected, Bogachev would “hijack computer sessions and steal confidential and personal financial information” that could then be used to funnel money overseas, the according to U.S. Attorney for the Western District of Pennsylvania David Hickton. In October 2011, a Pennsylvania composite materials company was hit, and “within a matter of hours after banking credentials were compromised, hundreds of thousands of dollars were being siphoned from the company’s bank accounts,” Hickton said. More than two years later, in November last year, the police department in Swansea, Mass., became a victim of the “Cryptolocker” virus when an employee opened an email that looked like it was from a “trusted source,” Hickton said. When “Cryptolocker” strikes, a timer often appears on victims’ computer screens, giving them 72 hours to pay hundreds of dollars if they want their files back – from family photos to business records, law enforcement officials said. In the case of the Swansea police department, the department paid the ransom and contacted the FBI, according to law enforcement officials. As of April 2014, “Cryptolocker” had attacked more than 200,000 computers, and more than half of those attacks occurred in the United States, Deputy Attorney General Jim Cole said. In addition, in its first two months of operation alone, the criminals behind “Cryptolocker” collected an estimated 27 million in ransom payments from victims, he said. As for the “Gameover Zeus” virus, security researched estimate that between 500,000 and 1 million computers around the world have been infected with it, and a quarter of the victims are inside the United States, according to Cole. In total, federal authorities believe U.S. victims, often small and mid-size businesses, have lost more than 100 million to “Gameover Zeus.” Federal authorities believe the man running the Eastern European criminal gang responsible for the two viruses is now in Russia, and they are hoping the Russian government will help bring him to justice. The Justice Department unsealed criminal charges in Pittsburgh, Pa., and in Omaha, Neb., charging Bogachev with computer hacking, wire fraud, bank fraud, money laundering and other violations of U.S. law. To keep “Gameover Zeus” from being reconstituted, federal authorities have obtained court approval to redirect communications from “malicious servers” to substitute servers, and both U.S. and foreign law enforcement officials seized computer servers integral to “Cryptolocker,” authorities said today. #### [Jun 02, 2014] Global police operation disrupts aggressive Cryptolocker virus by Tom Brewster & Dominic Rushe ###### [Jun 02, 2014] The Guardian US authorities named Russian national Evgeniy Bogachev as the face of a malicious software scheme responsible for stealing millions from people around the world, after a successful campaign to disrupt two major computer networks. Digital police from across the globe announced they had seized control over the weekend of two computer networks that had been used to steal banking information and ransom information locked in files on infected computers. But they warned people with infected computers to take action now to prevent further attacks. US and European officials announced they had managed to crack the malicious software (malware) known as Gameover Zeus that had been used to divert millions of dollars to bank accounts of criminals. The authorities have also cracked Cryptolocker – a malware that shutout hundreds of thousands of users from their own computers and ransomed the data. ... ... ... The US authorities identified Bogachev, of Anapa in the Russian Federation, as Gameover Zeus’s main administrator. At a press conference, deputy attorney general James Cole called him “a true 21st-century criminal who commits cybercrimes across the globe with the stroke of a key and the click of a mouse …These crimes have earned Bogachev a place on its list of the world’s most-wanted cyber criminals.” According to the FBI’s “cyber most wanted” list Bogachev has been using variants of the Zeus malware since 2009 and communicates using the online monikers “lucky12345” and “slavik”. Gameover Zeus (GOZ) started appearing in 2011 and is believed to be “responsible for more than one million computer infections, resulting in financial losses in the hundreds of millions of dollars”. "He is known to enjoy boating and may travel to locations along the Black Sea in his boat," according to the FBI. The Cryptolocker software locked PC users out of their machines, encrypting all their files and demanding payment of one Bitcoin (currently worth around £300, or 650) for decryption. It’s believed Cryptolocker, which the FBI estimated acquired 27m in ransom payments in just the first two months of its life, has infected more than 234,000 machines. A chief suspect from Russia has been identified, but is still at large, Troels Oerting, head of Europol's European Cyber Crime Centre (EC3) told the Guardian. He said other arrests related to the operation were “in progress”. The global effort to stop the spread of the Cryptolocker ransomware has focused on its delivery method, GOZ. The malware connected infected machines by peer-to-peer connections – in theory making it harder for the authorities to track and stop. GOZ was designed to steal people's online banking login details, who were usually infected by clicking on attachments or links in emails that looked innocuous. However, it also dropped Cryptolocker on their computers. "Nobody wants their personal financial details, business information or photographs of loved ones to be stolen or held to ransom by criminals," said Andy Archibald, deputy director of the NCA's National Cyber Crime Unit. ... ... ... Not-for-profit body Get Safe Online has worked with the NCA to launch a dedicated section of its website to provide guidance and tools, although at the time of publication the website appeared to be offline. Behind the scenes, the law enforcement groups have been taking over points of control in GOZ's peer-to-peer network: an action known as "sinkholing" in the security world. By doing this, they have been able to cut off criminal control over the infected computers. Dismantling peer-to-peer operated malware is difficult, but it has been done before: for example one case of a data-stealing virus called ZeroAccess, which infected as many as 1.9m PCs in 2013. In that case, security researchers from Symantec managed to send lists of fake peers to infected machines, which meant they could no longer receive commands from the controllers of the malicious network, known as a botnet. Symantec researchers said today that key nodes in GOZ's network had been disabled, along with a number of the domains used by the attackers. ... ... ... wombatman -> Worried9876 I read it was hackers from both Russia and Ukraine started it off, it is just that now the USA have a filed a case just against one individual who is Russian (Evgeniy Mikhailovich Bogachev). Clearly however this was not a one-person operation, but cynical people may say the USA would not like to name any Ukrainian defendents in this case. The complaint even names him as the alleged leader of the criminal enterprise. Ninetto <quote> "Nobody wants their personal financial details, business information or photographs of loved ones to be stolen or held to ransom by criminals,"</quote> ...with the exception of the criminals von NSA/NCHQ? Katagami -> Ninetto ...with the exception of the criminals von NSA/NCHQ? Oh ffs change the record. This is about criminal organisations screwing over people like me and you. It's got nothing to do with intelligence agencies collecting data and if anything they should be given some credit here. Wake up and stop attributing blame to something you (probably) know very little about. tr1ck5t3r -> Jack Jazz This only affects Windows PC's. If people want to install a safe operating system on their computer, Ubuntu has achieved the highest rating out of all the operating systems when reviewed by an arm of GCHQ. http://www.omgubuntu.co.uk/2014/01/ubuntu-12-04-secure-os-uk-government-gchq And whilst the report focuses on Ubuntu 12.04 LTS, the new Ubuntu 14.04 LTS is available to download with even more privacy and security enhancements. It wont cost you a penny Sheepless Very poor publicity by the NCA. It's not merely this article which is confusing: the NCA's own announcement fails to explain the significance of this "two-week opportunity". wombatman -> Sheepless The authorities disrupted the command and control (C&C) servers that were managing the major network distributing the GameoverZeuS Trojan and the Cryptolocker ransomware. It’s only a matter of time before those behind the botnet set up new C&C servers and regain control. Though that may even happen in days and not the 2 weeks. Ortho -> wombatman Yeah, the 'two weeks' thing is just a random estimate. Not at all helpful. What they should be saying is 'get your computer protected NOW- and keep it up to date in future'. jungle_economist On AVG there is a blog post from October 2013 detailing how this came to light Sep'13. Someone above wrote "Symantec may be able to act that fast..." Almost a year after the fact?? Seriously - who is this targeted at? tr1ck5t3rjungle_economist Some viruses have been undiscovered for several years. Antivirus is next to useless for zero day exploits. RobDeManc It's my belief that these viruses come from the security software houses. It is their way of keeping us buying their software. LOL I don't see what difference 2 weeks will make. Paul Tunstead -> RobDeManc Wow, your onto how big pharma works, well done you. consciouslyinformed -> RobDeManc And who says a little suspicion does anyone harm? I agree with your concerns, and have stated comments like yours. Worked in marketing companies for a few years prior to university, and this is indeed the type of gnarly stuff companies do, in order to continue making$$$$from established customers!! Doosh79 Meh, worst case it needs a fresh install, anyone with half a brain should have back-ups of important stuff. OrthoDoosh79 The sort of person who doesn't have adequate protection is often the same sort of person who, when you ask about what they use for backing up, says, 'backing up?'. NoToNeoDoosh79 Installing is time consuming. You need everything you are used to as well as the OS. It takes me about 2 weeks to get a formatted drive back to how I like it by re-installing everything. No hassle with Clonezilla though (about 1 hr to get my machine back). Don't even need to install anything. Just image regularly. EazyGoinKingCheese Unfortunately - if you are already infected, as soon as you connect your memory stick or external drive, the trojan will start encrypting its content. #### [Feb 07, 2014] Security Researcher Punches Holes In NBC's 'Everyone Going To Sochi Will Be Hacked Story; NBC Doubles Down In Response Techd Earlier this week, NBC "reported" that journalists and visitors to Sochi are being immediately hacked virtually as soon as they acquire a connection. [AUTOPLAY WARNING.] NBC presented this as something completely inescapable in its report, which purportedly showed NBC journalist Richard Engel's cellphone and laptop being compromised "before he even finished his coffee." All very scary but all completely false. Errata Security points out that the entire situation was fabricated. The story shows Richard Engel "getting hacked" while in a cafe in Russia. It is wrong in every salient detail. They aren't in Sochi, but in Moscow, 1007 miles away. The "hack" happens because of the websites they visit (Olympic themed websites), not their physical location. The results would've been the same in America. The phone didn't "get" hacked; Richard Engel initiated the download of a hostile Android app onto his phone. ...and in order to download the Android app, Engel had to disable a lock that prevents such downloads -- something few users do [update]. While your average person might be lured to sketchy sites supposedly related to the Olympics, most of these people wouldn't have disabled the default locks on their phone, as Robert Graham at Errata Security points out. silverscarcat (profile), Stupid people do stupid things! News at 11! Anonymous Coward You trusts mainstream media these days? #### [Jan 14, 2014] Chrome 32 launches with better malware blocking Google today released Chrome version 32 for Windows, Mac, and Linux. The new version includes tab indicators, a new look for Windows 8 Metro mode, and automatic blocking of malware downloads. You can update to the latest release now using the browser’s built-in silent updater, or download it directly from google.com/chrome. ...The third point refers to a change in the company’s Safe Browsing service, which warns users about malicious websites and malicious files. Added to the Chrome dev build back in October, Google’s browser will now automatically block malware files, letting you know in a message at the bottom of your screen. You can “Dismiss” the message, and Google says you can circumvent the block but it will take more steps than before. #### [Jan 14, 2014] N.S.A. Devises Radio Pathway Into Computers ##### This is not very efficient as it requires close proximity of an expensive relay station to the target (within a couple of miles) and easily defeated by Faraday cage. It's also self-limiting as relay needs to be installed in the vicinity and will disconnect if, say, laptop trevels outside the area. So it probably is used only against high value targets. But the idea is devious. Will those technologies now migrate downsteam ? See a good summary of NYT article at Modern spying 101 How NSA bugs Chinese PCs with tiny USB radios ###### NYT “What’s new here is the scale and the sophistication of the intelligence agency’s ability to get into computers and networks to which no one has ever had access before,” said James Andrew Lewis, the cybersecurity expert at the Center for Strategic and International Studies in Washington. “Some of these capabilities have been around for a while, but the combination of learning how to penetrate systems to insert software and learning how to do that using radio frequencies has given the U.S. a window it’s never had before.” ... ... ... One, called Cottonmouth I, looks like a normal USB plug but has a tiny transceiver buried in it. According to the catalog, it transmits information swept from the computer “through a covert channel” that allows “data infiltration and exfiltration.” Another variant of the technology involves tiny circuit boards that can be inserted in a laptop computer — either in the field or when they are shipped from manufacturers — so that the computer is broadcasting to the N.S.A. even while the computer’s user enjoys the false confidence that being walled off from the Internet constitutes real protection. ... ... ... “Continuous and selective publication of specific techniques and tools used by N.S.A. to pursue legitimate foreign intelligence targets is detrimental to the security of the United States and our allies,” Ms. Vines, the N.S.A. spokeswoman, said. But the Iranians and others discovered some of those techniques years ago. The hardware in the N.S.A.’s catalog was crucial in the cyberattacks on Iran’s nuclear facilities, code-named Olympic Games, that began around 2008 and proceeded through the summer of 2010, when a technical error revealed the attack software, later called Stuxnet. That was the first major test of the technology. One feature of the Stuxnet attack was that the technology the United States slipped into the Natanz plant was able to map how it operated, then “phone home” the details. Later, that equipment was used to insert malware that blew up nearly 1,000 centrifuges, and temporarily set back Iran’s program. #### [Jan 02, 2014] Unencrypted Windows Crash Reports a Blueprint For Attackers ###### January 02, 2014 | Slashdot An anonymous reader writes "According to Forbes online- up to 1 Billion PCs are at risk of leaking information that could be used as a blueprint for attackers to compromise a network from Microsoft Windows Error Reporting (WER) crash reports that are sent in the clear. Researchers at Websense Labs released a detailed overview of the data contained in the crash reports, shortly after Der Spiegel released documents alleging that nation-state hackers may have used this information to execute highly targeted attacks with a low risk of detection, by crafting attacks specifically for vulnerable applications that are running on the network. Also interesting to think that Microsoft knows exactly what model of phones that you have plugged into your PC..." Anonymous Coward Oh, b.s. troll & here's how + why You CAN security-harden Windows (just as well as anything else) via this guide I wrote up in 1997-2008 -> http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&qs=n&form=QBLH&pq=%22how+to+secure+windows+2000%2Fxp%22&sc=1-30&sp=-1&sk=&cvid=60c59dc375834640bef6cf0ed9d8147a [bing.com] I truly don't *think* that you "p.r. fanboys" for other alternate *NIX based OS understand something - when you post b.s. online, SOMEONE will spot it, and shred you for it... I mean, for YEARS here all you heard was (more or less) "*NIX = invulnerable & Windows = vulnerable"... well, new news: Look @ ANDROID (yes, it's a Linux) - it's being infested FAR FASTER than any Windows EVER WAS in the SAME timeframe. That tell you anything boys? Well, then these results ought to (as a SINGLE example of many I've seen as a result, especially after CIS Tool usage which makes it cake to do & FUN in a nerdy kind of way): --- "Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, need system local)" from -> http://www.xtremepccentral.com/forums/showthread.php?s=19624f28d25cc6eec220229b503b7a4c&t=28430&page=3 [xtremepccentral.com] --- It works, & is PROOF of my statements here. APK P.S.=> Additionally - IF you trust SeLinux? Better think again - look who created it (NSA)... apk recoiledsnake Re:Not everything is about software security. (5, Informative) If you're really concerned about security on your individual systems, DONT USE WINDOWS. There, fixed it for ya. Ubuntu does the same, if not worse. https://launchpad.net/apport [launchpad.net] pport intercepts Program crashes, collects debugging information about the crash and the operating system environment, and sends it to bug trackers in a standardized form. It also offers the user to report a bug about a package, with again collecting as much information about it as possible. It currently supports - Crashes from standard signals (SIGSEGV, SIGILL, etc.) through the kernel coredump handler (in piping mode) - Unhandled Python exceptions - GTK, KDE, and command line user interfaces - Packages can ship hooks for collecting speficic data (such as /var/log/Xorg.0.log for X.org, or modified gconf settings for GNOME programs) - apt/dpkg and rpm backend (in production use in Ubuntu and OpenSUSE) - Reprocessing a core dump and debug symbols for post-mortem (and preferably server-side) generation of fully symbolic stack traces (apport-retrace) - Reporting bugs to Launchpad (more backends can be easily added) Anonymous Coward This was so obvious 10 years ago (0) I should consider making a list of obvious things that will prove to be security risks in the future for everyone to be aware of it. This was so expected. breaking news: - the NSA tampers with scripts hosted on googleapis.com. 90% of the internet impacted. At least with the gifted nose i have for smelling crap i must say none of the Snowden's revelations made me bat an eye or change any passwords. mythosaz Duh (5, Funny) Also interesting to think that Microsoft knows exactly what model of phones that you have plugged into your PC..." Wait, you mean my crash reports include a list of devices?!? The horror. recoiledsnake Reading the article, it says that each time you plug in a new USB device, it automatically sends that information to Microsoft. Even if you don't send the Windows crash reports to Microsoft, your computer is still phoning home each time you install a new USB device. Duh, how does it search for drivers on Windows Update then? Turn off that functionality and then check, if it still does, then it's news. Next you will tell me that my browser is broadcasting an IP Address. heypete Sorry; perhaps I'm being incredibly ignorant here (I'm the AC that posted above), but my understanding was that Windows came with a bunch of generic drivers for devices, and only checked Windows Update for a device if you told it to when installing the device. Am I wrong? Windows typically checks Windows Update for drivers for all newly-connected devices, then look for locally-installed drivers if the Windows Update check didn't find anything. Certain devices (like USB mass storage devices, for example)) are installed using local drivers first, as most people want their USB flash drives to work as soon as possible but are willing to wait a few tens of seconds for other devices. Ignoring privacy concerns, this is a fairly sensible thing: more devices can be "plug and play" and this benefits users. Similarly, while a driver might be included on a CD that comes with a device, it might be outdated -- an online check with Windows Update can retrieve the latest driver. Anonymous Coward | 7 hours ago There are two cases where it will do this, both are optional: 1. to install a driver for the device 2. for a shiny graphic in Explorer/Device Stage You can control both trivially: http://support.microsoft.com/kb/2500967 #### [Dec 29, 2013] The NSA's 50-Page Catalog Of Back Door Penetration Techniques Revealed ###### Dec 29, 2013 | Zero Hedge While the world may have become habituated to (and perhaps revels in, thank you social media exhibitionist culture) the fact that the NSA is watching anyone and everyone, intercepting, recording, and hacking every electronic exchange regardless if it involves foreign "terrorists" or US housewives, the discoveries from the Snowden whistleblowing campaign continue. The latest revelation from the biggest wholesale spying scandal since Nixon, exposed by Germany's Spiegel which continues the strategy of revealing Snowden leaks on a staggered, delayed basis, involves a back door access-focused NSA division called ANT, (which supposedly stands for Access Network Technology), described by Spiegel as "master carpenters" for the NSA's TAO (Tailored Access Operations, read more about TAO here). The ANT people have "burrowed into nearly all the security architecture made by the major players in the industry -- including American global market leader Cisco and its Chinese competitor Huawei, but also producers of mass-market goods, such as US computer-maker Dell." More importantly, thanks to Spiegel (and Snowden of course), the NSA's 50-page catalog of "backdoor penetration" techniques has been revealed. The details of how the NSA can surmount any "erected" walls, via Spiegel: These NSA agents, who specialize in secret back doors, are able to keep an eye on all levels of our digital lives -- from computing centers to individual computers, from laptops to mobile phones. For nearly every lock, ANT seems to have a key in its toolbox. And no matter what walls companies erect, the NSA's specialists seem already to have gotten past them. This, at least, is the impression gained from flipping through the 50-page document. The list reads like a mail-order catalog, one from which other NSA employees can order technologies from the ANT division for tapping their targets' data. The catalog even lists the prices for these electronic break-in tools, with costs ranging from free to$250,000.

Nothing quite like an extensive, taxpayer funded catalog listing back-door entry strategy imaginable. Say you wanted to have some backdoor fun with Juniper Networks, the world's second largest network equipment manufacturer (which claims the performance of the company's special computers is "unmatched" and their firewalls are the "best-in-class.")

In the case of Juniper, the name of this particular digital lock pick is "FEEDTROUGH." This malware burrows into Juniper firewalls and makes it possible to smuggle other NSA programs... Thanks to FEEDTROUGH, these implants can, by design, even survive "across reboots and software upgrades." In this way, US government spies can secure themselves a permanent presence in computer networks. The catalog states that FEEDTROUGH "has been deployed on many target platforms."

It gets better, because when simple penetration is not enough, the NSA adds "implants."

In cases where TAO's usual hacking and data-skimming methods don't suffice, ANT workers step in with their special tools, penetrating networking equipment, monitoring mobile phones and computers and diverting or even modifying data. Such "implants," as they are referred to in NSA parlance, have played a considerable role in the intelligence agency's ability to establish a global covert network that operates alongside the Internet.

So what exactly is to be found in the 50-page catalog?

Some of the equipment available is quite inexpensive. A rigged monitor cable that allows "TAO personnel to see what is displayed on the targeted monitor," for example, is available for just $30. But an "active GSM base station" -- a tool that makes it possible to mimic a mobile phone tower and thus monitor cell phones -- costs a full$40,000. Computer bugging devices disguised as normal USB plugs, capable of sending and receiving data via radio undetected, are available in packs of 50 for over $1 million. The ANT division doesn't just manufacture surveillance hardware. It also develops software for special tasks. The ANT developers have a clear preference for planting their malicious code in so-called BIOS, software located on a computer's motherboard that is the first thing to load when a computer is turned on. This has a number of valuable advantages: an infected PC or server appears to be functioning normally, so the infection remains invisible to virus protection and other security programs. And even if the hard drive of an infected computer has been completely erased and a new operating system is installed, the ANT malware can continue to function and ensures that new spyware can once again be loaded onto what is presumed to be a clean computer. The ANT developers call this "Persistence" and believe this approach has provided them with the possibility of permanent access. Another program attacks the firmware in hard drives manufactured by Western Digital, Seagate, Maxtor and Samsung, all of which, with the exception of latter, are American companies. Here, too, it appears the US intelligence agency is compromising the technology and products of American companies. Other ANT programs target Internet routers meant for professional use or hardware firewalls intended to protect company networks from online attacks. Many digital attack weapons are "remotely installable" -- in other words, over the Internet. Others require a direct attack on an end-user device -- an "interdiction," as it is known in NSA jargon -- in order to install malware or bugging equipment. The conclusion here is an easy one, and one we have repeated ever since before the Snowden revelations: Big Brother is bigger and badder than ever, he knows exactly what you've been doing, and the second the NSA wants to nuke your computer out of orbit and/or destroy your digital life, it can do so in a millisecond. What is more amusing is that with each passing disclosure, it is increasingly clear that the NSA has gotten its inspiration for its dealings with the US public from a Danielle Steel book at best, or a Vivid Video bootlegged tape at worst. NSA known as Tailored Access Operations, or TAO, which is painted as an elite team of hackers specializing in stealing data from the toughest of targets. One of the most striking reported revelations concerned the NSA's alleged ability to spy on Microsoft Corp.'s crash reports, familiar to many users of the Windows operating system as the dialogue box which pops up when a game freezes or a Word document dies. #### [Dec 10, 2013] Meet Paunch: the Accused Author of the BlackHole Exploit Kit ###### December 08, 2013 | Slashdot samzenpus tsu doh nimh writes "In early October, news leaked out of Russia that authorities there had arrested and charged the malware kingpin known as 'Paunch,' the alleged creator and distributor of the Blackhole exploit kit. Today, Russian police and computer security experts released additional details about this individual, revealing a much more vivid picture of the cybercrime underworld today. According to pictures of the guy published by Brian Krebs, if the Russian authorities are correct then his nickname is quite appropriate. Paunch allegedly made$50,000 a month selling his exploit kit, and worked with another guy to buy zero-day browser exploits.

As of October 2013, the pair had budgeted $450,000 to purchase zero-days. From the story: 'The MVD estimates that Paunch and his gang earned more than 70 million rubles, or roughly USD$2.3 million. But this estimate is misleading because Blackhole was used as a means to perpetrate a vast array of cybercrimes. I would argue that Blackhole was perhaps the most important driving force behind an explosion of cyber fraud over the past three years.

A majority of Paunchâ(TM)s customers were using the kit to grow botnets powered by Zeus and Citadel, banking Trojans that are typically used in cyberheists targeting consumers and small businesses.'"

platypussrex (594064)

Re:I am confused. (Score:5, Informative)

it gets even better. In the linked article it explains that Paunch sells ads that appear in the control panels for all the renters, so not only does he get income from renting the system, he he also gets the income from that ads that are popping up in your system after you rent it from him!

#### [Dec 06, 2013] Europol, Microsoft Target 2-Million Strong ZeroAccess Click Fraud Botnet -

###### December 06, 2013 | Slashdot
Soulskill

tsu doh nimh writes

"Authorities in Europe joined Microsoft Corp. this week in disrupting 'ZeroAccess,' a vast botnet that has enslaved more than two million PCs with malicious software in an elaborate and lucrative scheme to defraud online advertisers.

KrebsOnSecurity.com writes that it remains unclear how much this coordinated action will impact the operations of ZeroAccess over the long term, but for now the PCs infected with the malware remain infected and awaiting new instructions. ZeroAccess employs a peer-to-peer architecture in which new instructions and payloads are distributed from one infected host to another.

The actions this week appear to have targeted the servers that deliver a specific component of ZeroAccess that gives infected systems new instructions on how to defraud various online advertisers, including Microsoft.

While this effort will not disable the ZeroAccess botnet (the infected systems will likely remain infected), it should allow Microsoft to determine which online affiliates and publishers are associated with the miscreants behind ZeroAccess, since those publishers will have stopped sending traffic directly after the takedown occurred.

Europol has a released a statement on this action, and Microsoft has published a large number of documents related to its John Doe lawsuits intended to unmask the botnet the ZeroAccess operators and shut down the botnet."

Soulskill

#### 'Neverquest' trojan threatens online banking users

###### IDG News Service

A new Trojan program that targets users of online financial services has the potential to spread very quickly over the next few months, security researchers warn.

The malware was first advertised on a private cybercrime forum in July, according to malware researchers from Kaspersky Lab who dubbed it Trojan-Banker.Win32/64.Neverquest.

"By mid-November Kaspersky Lab had recorded several thousand attempted Neverquest infections all around the world," said Sergey Golovanov, malware researcher at Kaspersky Lab, Tuesday in a blog post. "This threat is relatively new, and cybercriminals still aren't using it to its full capacity. In light of Neverquest's self-replication capabilities, the number of users attacked could increase considerably over a short period of time."

Neverquest has most of the features found in other financial malware. It can modify the content of websites opened inside Internet Explorer or Firefox and inject rogue forms into them, it can steal the username and passwords entered by victims on those websites and allow attackers to control infected computers remotely using VNC (Virtual Network Computing).

However, this Trojan program also has some features that make it stand out.

Its default configuration defines 28 targeted websites that belong to large international banks as well as popular online payment services. However, in addition to these predefined sites, the malware identifies Web pages visited by victims that contain certain keywords such as balance, checking account and account summary, and sends their content back to the attackers.

This helps attackers identify new financial websites to target and build scripts for the malware to interact with them.

Once attackers have the information they need to access a user's account on a website, they use a proxy server to connect to the user's computer via VNC and access the account directly. This can bypass certain account protection mechanisms enforced by websites because unauthorized actions like transferring money are done through the victim's browser.

"Of all of the sites targeted by this particular program, fidelity.com -- owned by Fidelity Investments -- appears to be the top target," Golovanov said. "This company is one of the largest mutual investment fund firms in the world. Its website offers clients a long list of ways to manage their finances online. This gives malicious users the chance to not only transfer cash funds to their own accounts, but also to play the stock market, using the accounts and the money of Neverquest victims."

The methods used to distribute Neverquest are similar to those used to distribute the Bredolab botnet client, which became one of the most widespread malware on the Internet in 2010.

Neverquest steals log-in credentials from FTP (File Transfer Protocol) client applications installed on infected computers. Attackers then use these FTP credentials to infect websites with the Neutrino exploit pack, which then exploits vulnerabilities in browser plug-ins to install the Neverquest malware on the computers of users visiting those sites.

The Trojan program also steals SMTP (Simple Mail Transfer Protocol) and POP (Post Office Protocol) credentials from email clients and sends them back to attackers so they can be used to send spam emails with malicious attachments. "These emails are typically designed to look like official notifications from a variety of services," Golovanov said.

In addition, Neverquest steals account log-in information for a large number of social networking websites and chat services accessed from infected computers. Those accounts could be used to spread links to infected websites with the intention to further spread Neverquest, even though Kaspersky Lab hasn't seen this method being used yet.

"As early as November, Kaspersky Lab noted instances where posts were made in hacker forums about buying and selling databases to access bank accounts and other documents used to open and manage the accounts to which stolen funds are sent," Golovanov said. "We can expect to see mass Neverquest attacks towards the end of the year, which could ultimately lead to more users becoming the victims of online cash theft."

#### [Nov 23, 2013] NSA hacked over 50,000 computer networks worldwide

##### Public sources show that TAO employs more than a thousand hackers. The task force has been active since at least 1998, according to Washington Post. That's the end of any trust in Windows as we know it. Sorry Microsoft...
###### RT News

The US National Security Agency hacked more than 50,000 computer networks worldwide installing malware designated for surveillance operations, Dutch newspaper NRC reports citing documents leaked by Edward Snowden.

The latest round of revelations comes from a document dating from 2012 that shows the extent of the NSA’s worldwide surveillance network.

Published by Dutch newspaper NRC Handelsblad, it points out more than 50,000 locations, where the NSA used ‘Computer Network Exploitation’ (CNE) and implanted malicious software into the networks.

According to the NSA website CNE “includes enabling actions and intelligence collection via computer networks that exploit data gathered from target or enemy information systems or networks.”

Once the computer has been infected, the ‘implants’ act as digital 'sleeper cells' that can be remotely turned on or off with a single push of a button, the Dutch paper reported. The malware can remain active for years without being detected, the newspaper added. The malicious operations reportedly were carried out in many countries including China, Russia, Venezuela and Brazil.

The hacking is conducted by the Tailored Access Operations (TAO), a special unit within the NSA tasked with gaining access to foreign computer systems.

According to the Dutch media, one of the examples of the CNE operation is the reported attack against Belgian telecom company Belgacom that was discovered in September 2013. The attack was previously reported to have been carried out by British intelligence agency GCHQ that worked in cooperation with its American counterpart.

GCHQ injected malware in the Belgacom network to tap their customers’ telephone and data traffic. The agency implemented a technique known as Quantum Insert, placing Belgacom’s servers in strategic spots where they could intercept and redirect target traffic to a fake LinkedIn professional social network's website.

Public sources show that TAO employs more than a thousand hackers. The task force has been active since at least 1998, according to Washington Post.

Documents acquired by the NRC newspaper also reveal that NSA spied on the Netherlands from 1946 to 1968. However the report does not indicate the specific intentions.

Dutch interior affairs minister Ronald Plasterk has recently confirmed that the NSA monitors mail and phone traffic in the Netherlands and exchanges data with Dutch security organization AIVD.

#### [Nov 12, 2013] Interview with Vyacheslav Medvedev, Dr. Web

This interview took place during celebration of Doctor Web, Ltd's twenty years of product development (and simultaneously 10 years since creation of the company -- Doctor Web, Ltd). For additional information about the anniversary see Doctor Web Anniversary Match and Facebook Community Page about Doctor Web.

The leading analyst of Doctor Web, Ltd Mr. Vyacheslav Medvedev kindly agreed to talk about current security problems with the editor of Softpanorama. Mr. Medvedev is a frequent speaker on various security conferences, where he often represents the company.

#### [Nov 12, 2013] IE Zero-Day Exploit Disappears On Reboot

###### November 11, 2013 | Slashdot

samzenpus nk497 writes:

"Criminals are taking advantage of unpatched holes in Internet Explorer to launch 'diskless' attacks on PCs visiting malicious sites. Security company FireEye uncovered the zero-day flaw on at least one breached U.S. site, describing the exploit as a 'classic drive-by download attack'. But FireEye also noted the malware doesn't write to disk and disappears on reboot — provided it hasn't already taken over your PC — making it trickier to detect, though easier to purge. '[This is] a technique not typically used by advanced persistent threat (APT) actors,' the company said. '

This technique will further complicate network defenders' ability to triage compromised systems, using traditional forensics methods.'"

#### [Nov 11, 2013] GCHQ spoofed LinkedIn site to target global mobile traffic exchange and OPEC

##### Injection of malware is possible due to privileged position of servers on Internet backbone...
###### November 11, 2013 | RT
The UK’s electronic spying agency has been using spoof version of LinkedIn professional social network's website to target global roaming data exchange companies as well as top management employees in the OPEC oil cartel, according to Der Spiegel report.

The Government Communications Headquarters has implemented a technique known as Quantum Insert, placing its servers in strategic spots where they could intercept and redirect target traffic to a fake website faster than the legitimate service could respond.

A similar technique was used earlier this year to inject malware into the systems of BICS, a subsidiary of Belgian state-owned telecommunications company Belgacom, which is another major GRX provider.

In the Belgacom scandal first it was unclear where the attacks were coming from. Then documents from Snowden’s collection revealed that the surveillance attack probably emanated from the British GCHQ – and that British intelligence had palmed off spyware on several Belgacom employees.

The Global Roaming Exchange (GRX) is a service which allows mobile data providers to exchange roaming traffic of their user with other providers. There are only a few dozen companies providing such services globally.

Now it turns out the GCHQ was also targeting networking, maintenance and security personnel of another two companies, Comfone and Mach, according to new leaks published in the German magazine by Laura Poitras, one of few journalists believed to have access to all documents stolen by Snowden from the NSA.

Through Quantum Insert method, GCHQ has managed to infiltrate the systems of targeted Mach employees and successfully procured detailed knowledge of the company’s communications infrastructure, business, and personal information of several important figures.

A spokesman for ‘Starhome Mach’, a Mach-successor company, said it would launch “a comprehensive safety inspection with immediate effect.”

The Organisation of Petroleum Exporting Countries was yet another target of the Quantum Insert attack, according to the report. According to a leaked document, it was in 2010 that GCHQ managed to infiltrate the computers of nine OPEC employees. The spying agency reportedly succeeded in penetrating the operating space of the OPEC Secretary-General and also managed to spy the on Saudi Arabian OPEC governor, the report suggests.

LinkedIn is currently the largest network for creating and maintaining business contacts. According to its own data the company has nearly 260 million registered users in more than 200 countries. When contacted by The Independent, a LinkedIn spokesman said that the company was “never told about this alleged activity” and it would “never approve of it, irrespective of what purpose it was used for.”

According to a cryptographer and security expert Bruce Schneier, Quantum Insert attacks are hard for anyone except the NSA to execute, because for that one would need to “to have a privileged position on the Internet backbone.”

The latest details of GCHQ’s partnership with the NSA were revealed just last week, after the reports emerged that GCHQ was feeding the NSA with the internal information intercepted from Google and Yahoo’s private networks.

The UK intelligence leaders have recently been questioned by British lawmakers about their agencies’ close ties and cooperation with the NSA.

The head of GCHQ, Sir Ian Lobban, lashed out at the global media for the coverage of Edward Snowden’s leaks, claiming it has made it “far harder” for years to come to search for “needles and fragments of needles” in “an enormous hay field” of the Internet.

However, the intelligence chiefs failed to address public fears that Britain’s intelligence agencies are unaccountable and are operating outside the law.

#### [Oct 26, 2013] Cryptolocker (Win32/Crilock.A)

##### In a way it is a game changer. This is the only Trojan that went to Malware Defense History in 2013...

This is a game changing Trojan, which belong to the class of malware known as Ransomware . It seriously changes views on malware, antivirus programs and on backup routines. One of few Trojan/viruses which managed to get into front pages of major newspapers like Guardian.

Unlike most Trojans this one does not need Admin access to inflict the most damage. It also targets backups of your data on USB and mapped network drives. If you offload your backups to cloud storage without versioning and this backup has an extension present in the list of extensions used by this Trojan, it will destroy (aka encrypt) your "cloud" backups too.

It really encrypts the data in a way that excludes possibility of decryption without paying ransom. So it is very effective in extorting money for decryption key. Which you may or may not get as servers that can transmit it from the Command and Control center might be already blocked; still chances are reasonably high -- server names to which Trojan connect to get public key changes (daily ?), so far at least one server the Trojan "pings" is usually operational. So even on Oct 28 decryption was possible). At the same time the three days timer is real and if it is expire possibility of decrypting files is gone. Essentially you have only two options:

• To pay the ransom hoping that cyber crooks will start the decryption
• Restore your files from a backup (if you are lucky to have a recent backup on disconnected or non-mapped drive or with the extension not targeted by the Trojan).

Beware snake oil salesmen, who try to sell you the "disinfection" solution. First of all disinfecting from Trojan is trivial, as it is launched by standard CurrentVersion\Run registry entry. The problem is that such a solution does not and can't include restoration of your files.

It was discovered in early September 2013 (around September 3 when domains to reach C&C center were registered, with the first description on September 10, see Trojan:Win32/Crilock.A.). Major AV programs did not detect it until September 17, which resulted in significant damage inflicted by Trojan.

Here is the screen displayed when the Trojan finished encrypting the files (it operates silently before that, load on computer is considerable -- encryption is a heavy computational task):

Continued

#### [Oct 23, 2013] Fiendish CryptoLocker ransomware

###### The Register

CryptoLocker is similar is some ways to other forms of ransomware, such as the Reveton police Trojan, but it's far more sophisticated in its construction and aggressive in its demands.

The necessary decryption key is never left lying around on host machines. CryptoLocker phones home to a command-and-control server to obtain a public RSA key before it begins the task of silently encrypting files on compromised machines. The same command server also hosts the private key.

Malware that encrypts your data and tries to sell it back to you is not new. As net security firm Sophos points out, CryptLocker chiefly differs because it uses industry-standard cryptography for malign purposes.

"SophosLabs has received a large number of scrambled documents via the Sophos sample submission system," Sophos explains in a blog post.

"These have come from people who are keenly hoping that there's a flaw in the CryptoLocker encryption, and that we can help them get their files back,” adds the firm. “But as far as we can see, there's no backdoor or shortcut: what the public key has scrambled, only the private key can unscramble."

A video from SophosLab showing the malware in action can be found on the next page. Victims receive little or no indication of problems on an infected machine while the malware is encrypting files in the background.

"You can't kill this virus in normal ways."

So, it manages to run despite having a software restriction policy in place preventing any vaguely executable code from running outside of program files or authorised network shares?

I've been receiving the companies house emails regularly. I've had a few users run them with nothing more harmful than the standard SRP prohibited text since outlook opens attachments in a temp directory, which is not in program files, so it doesn't run and i'm safe despite the users.

Anti virus software is not enough. Stick yourself in a basic SRP and your virus issues will vanish overnight because the users can't run the bloody things if they try.

Secondly, get yourself a copy of sysinternals from the microsoft website and use process explorer instead of task manager and PSKILL to kill things instead of the "end task" button in task manager. If you want malware dead, don't allow it to gracefully close through a task manager request to close. That's just letting it run more instructions. Figure out where the file and all it's dependencies are from process explorer and then either suspend or terminate it. Take a hash of the file to stick in a network wide SRP GPO that denies it the ability to run. Zip a copy of the file and email it to your AV vendor. Now your done and you can delete it.

It encrypts .doc, .dwg etc

So what? In the corporate world those files should be held in some kind of version control and backed up. So at worst you lose a day's work. Network shares? Same thing. They should not be the master, they should be the published version of a document under proper control (also, users don't need write access to *everything*). As for local files that are being worked on; well, those are backed up as well aren't they?

And why the HELL do people open an attachment without first scanning it? When coming in from outside, open it on a machine which has actual work files on it. Are they totally mentally deficient? Run Outlook in a separate VM. Problem solved.

If you are following good procedures, CryptoLocker is minimal risk and the main annoyance will be downtime as the PC is re-imaged. If you are affected by CryptoLocker and want someone to blame, look in the mirror.

Then call MS and ask them why their software is so shit.

I can see this being a serious worry for home users. Top-tip: stop opening random files.

Re: It encrypts .doc, .dwg etc

How naeve can you get? ! Obviously never worked for a large corporation then. The idea that they do things properly always is just naivety. Release documents will (should) be in a document management system, but there are always many documents which are not.

Reality check

And what about the SMEs, who have lots to lose and are unlikely to have the budget for enterprise level procedures?

Re: It encrypts .doc, .dwg etc

I really hope your not an IT support guy, Users are .... users... they are not IT experts, the same way that IT Experts are not brain surgeons. Yes good practice is always good, but...

Cloud backup

If you have a sync directory, wouldn't it be rather annoying if the files in it were encrypted, uploaded to e.g. DropBox, then synced with your other machines?

It'd be recoverable if you had a cloud locker with version control, but still annoying.

Re: Cloud backup

DropBox has versioning. In fact it's how we got back our Salesperson's files from her laptop when she got this nasty last week.

TkH11

It never ceases to amaze me how many people open and click on links in emails without knowing who they're from. Even my employer (who shall remain nameless) has become infected despite there being a fairly recent and high profile campaign targetting computer security and phishing emails. Some people are just dumb.

Mike Bell

To be fair, a bit of social engineering is involved here by making the file look like something that it isn't (a PDF). Not every user is a geek, but they might know enough to know that PDFs are normally harmless viewable documents. If they possess a little geekiness, they might know that you'd better be dead sure you're running a *very* up-to-date PDF viewer. A little more and they'd know that executables can be camouflaged like this.

I imagine that such a "dumb" user might be tempted to call you and me nerdy geeks who need a life.

DrXym

I was talking to someone a week ago who got a popup in their browser warning they were downloading pirated software and to click to acknowledge this. The sad thing is that while they didn't click, they actually believed the warning to be genuine although it clearly wasn't. I imagine anyone who clicked would be encouraged to pay a "fine" and possibly install "monitoring software" which would just be malware of some kind.

I assume the criminals wouldn't bother with these scams if people didn't fall for them.

Wild Bill

From the detailed breakdown from Bleeping Computer, it appears that the encryption doesn't take place until the virus is able to phone home to one of its many servers, which have their domains automatically created using a Domain Generation Algorithm.

Is there not any software that can block all domains which are obviously gobbledygook and are therefore likely to have been automatically generated by a nasty? It appears DGAs are used by a lot of viruses to phone home, so such a blocklist could be a reasonably good last line of defence for a multitude of arseholery (obviously not getting a virus in the first place is the ideal approach).

#### Cryptolocker Hijack program - Page 5 - General Security

##### Its a game changing virus. Seriously changes views on malware and on backup routines.

Education is really the only way to prevent this unfortunately. Without education people will continue to open email attachments they shouldn't, use weak passwords, and provide little or no network security.

These types of encrypting malware are the new breed of moneymakers for malware developers, especially as they be created by individuals, or small groups, rather than larger organizations. In the past it was rogue anti-spyware programs, but then the credit card/merchant companies caught on and that method was pretty much eliminated. Ransomware, such as this Cryptolock, ACCDFISA, and DirtyDecrypt, are the future as the ransom payments are typically anonymous, are essentially cash, and very difficult to trace. These payment methods are typically MoneyPak, Ukash, and now BitCoins.

As always, I suggest noone pay them if they can avoid it as it just encourages them to continue. On the other hand, I know that not everyone has a backup of their data for whatever reason and that it is necessary to get this data back by any means.

====

Hi,

We have been able to remove this by creating a Kaspersky Rescue Disk: http://support.kaspersky.com/viruses/rescuedisk#downloads

Once booted into this you can use the File Manager and register editor to remove the start up entry for this, first browse the registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run locate the random file (this will also show you where on the system this is loading from. Remove this reg entry. You should also check: HKLM\Software\Microsoft\Windows\CurrentVersion\Run.

Once the reg entry is deleted the use the File Manager function to browse to where this file is located and delete this file.

Shut down the rescue disk and boot as normal, this should then be able to boot without the CrytoLocker screen appears, you should then run a scan with your current AV software or download Malwarebytes: http://www.malwarebytes.org/ and run a scan with this. It maybe best to run this scan with the computer in safe mode.

#### [Oct 23, 2013] CryptoLocker Recap A new guide to the bleepingest virus of 2013

tl;dr: CryptoLocker encrypts a set of file masks on a local PC and any mapped network drives with 2048-bit RSA encryption, which is uncrackable for quite a while yet.

WinXP through Win8 are vulnerable, and infection isn't dependent on being a local admin or having UAC on or off.

MalwareBytes Pro and Avast stop the virus from running.

Sysadmins in a domain should create this Software Restriction Policy which has very little downside (you need both rules).

The timer it presents is real and you cannot pay them once it expires. You can pay them with a GreenDot MoneyPak or 2 Bitcoins, attempt to restore a previous version using ShadowExplorer, go to a backup (including versioning-based cloud backups), or be SOL.

... ... ...

Vectors: In order of likelihood, the vectors of infection have been:
• Email attachments: A commonly reported subject is Payroll Report. The attachment, most of the time, is a zip with a PDF inside, which is actually an executable.
• Email attachment- I have seen one from a zerox internal spoofed email saying their scan was ready.
• PCs that are unwitting members of the Zeus botnet have had the virus pushed to them directly.
• There is currently one report of an infection through Java, using the .jnlp file as a dropper to load the executable.
• Payload: The virus stores a public RSA 2048-bit key in the local registry, and goes to a C&C server for a private key which is never stored. The technical nuts and bolts have been covered by Fabian from Emsisoft here. It will use a mix of RSA 2048-bit and AES 256-bit encryption on files matching these masks:

*.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg, *.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.eps, *.ai, *.indd, *.cdr, ????????.jpg, ????????.jpe, img_*.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c, *.pdf, *.tif

Many antiviruses have been reported as not catching the virus until it's too late, including MSE, Trend Micro WFBS, Eset, GFI Vipre, and Kaspersky. They can further complicate matters by reverting registry changes and removing the executables, leaving the files behind without a public or private key. Releasing the files from quarantine does work, as does releasing the registry keys added and downloading another sample of the virus.

#### [Oct 23, 2013] Proper Care & Feeding of your CryptoLocker Infection A rundown on what we know. sysadmin

Prevention: As this post has attracted many home users, I'll put at the top that MalwareBytes Pro, Avast! Free and Avast! Pro (defs 131016-0 16.10.2013 or later) will prevent the virus from running.

For sysadmins in a domain environment, one way to prevent this and many other viruses is to set up software restriction policies (SRPs) to disallow the executing of .exe files from AppData/Roaming. Grinler explains how to set up the policy here.

Visual example. The rule covering %AppData%\*\*.exe is necessary for the current variant. The SRP will apply to domain admins after either the GP timer hits or a reboot, gpupdate /force does not enforce it immediately. There is almost no collateral damage to the SRP. Dropbox and Chrome are not effected. Spotify may be affected, not sure. I don't use it.

Making shares read-only will mitigate the risk of having sensitive data on the server encrypted.

Forecast: The reports of infections have risen from ~1,300 google results for cryptolocker to over 150,000 in a month. This virus is really ugly, really efficient, and really hard to stop until it's too late. It's also very successful in getting people to pay, which funds the creation of a new variant that plugs what few holes have been found. I don't like where this is headed.

#### [Oct 23, 2013] Vulnerabilities in some Netgear routers open door to remote attacks by Lucian Constantin

##### “Do not turn on remote administration ever, for any device,” Cutlip said. “That’s the number one attack surface, and it’s the one we usually find bugs in.”
###### Oct 23, 2013 | IDG News Service

Vulnerabilities in the management interfaces of some wireless router and network-attached storage products from Netgear expose the devices to remote attacks that could result in their complete compromise, researchers warn.

The latest hardware revision of Netgear’s N600 Wireless Dual-Band Gigabit Router, known as WNDR3700v4 and shown above, has several vulnerabilities that allow attackers to bypass authentication on the router’s Web-based interface, according to Zachary Cutlip, a researcher with security consultancy firm Tactical Network Solutions.

“If you browse to http:///BRS_02_genieHelp.html, you are allowed to bypass authentication for all pages in the entire administrative interface,” Cutlip said Tuesday in a blog post. “But not only that, authentication remains disabled across reboots. And, of course, if remote administration is turned on, this works from the frickin’ Internet.”

That opens the door to many attack possibilities. For example, an attacker could configure the router to use a malicious DNS (Domain Name System) server, which would allow the attacker to redirect users to malicious websites or set up port forwarding rules to expose internal network services to the Internet.

“Additionally, any command injection or buffer overflow vulnerabilities in the router’s web interface become fair game once authentication is disabled,” Cutlip said.

In fact, the researcher already found a vulnerability which, when exploited together with the authentication bypass one, allows an attacker to obtain a root prompt on the router.

“Once the attacker has root on the router, they can easily sniff and manipulate all the users’ Internet-bound traffic,” Cutlip said Thursday.

The BRS_02_genieHelp.html vulnerability is actually a combination of two separate issues. One is that any interface pages whose names start with “BRS_” can be accessed without authentication.

This is a vulnerability in itself and can lead to sensitive information disclosure. For example, a page called “BRS_success.html” lists the access passwords for the 2.4GHz and 5GHz Wi-Fi networks configured on the router.

The second issue is that when accessed, the BRS_02_genieHelp.html page switches a router configuration setting called “hijack_process” to 1. This disables authentication for the entire web interface. The value for the “hijack_process” setting when the router is configured properly is 3.

The same vulnerability was found by researchers from Independent Security Evaluators (ISE) in April in the firmware of the Netgear CENTRIA (WNDR4700) router model. However, the vulnerable URL ISE identified at the time was http://[router_ip]/BRS_03B_haveBackupFile_fileRestore.html.

Other routers may be affected

Netgear patched the vulnerability in the WNDR4700 1.0.0.52 firmware version that was released in July. However, it seems the company failed to check if other router models are also vulnerable.

The latest firmware version for WNDR3700v4 is 1.0.1.42; Cutlip performed his tests on the older 1.0.1.32 version. However, static code analysis of the 1.0.1.42 firmware indicates that it is also vulnerable, the researcher said Thursday.

The older WNDR3700v3 hardware revision does not appear to be affected, Cutlip said, adding that he hasn’t analyzed the firmware for the much older v1 and v2 revisions yet.

The researcher also discovered a separate authentication bypass vulnerability in the WNDR3700v4 firmware that’s not related to the BRS_* issue. “Appending the string ‘unauth.cgi’ to HTTP requests will bypass authentication for many, if not most, pages,” he said.

Cutlip didn’t test if WNDR4700 is also vulnerable to this second flaw.

Netgear did not immediately respond to a request for comment.

A search for WNDR3700v4 routers that have their web interface exposed to the Internet returned over 600 devices on the SHODAN search engine.

“Do not turn on remote administration ever, for any device,” Cutlip said. “That’s the number one attack surface, and it’s the one we usually find bugs in.”

To avoid local attacks, administrators should secure their wireless networks with strong WPA2 passphrases and make sure strangers are not allowed on their local networks, the researcher said.

#### [Oct 17, 2013] Dr. Web Anniversary Match

Dr Web, one of the key players on the Russian and European AV software markets celebrated 20 years of the product development (Igor Danilov started distribution of his malware scanner via Dialog Nauka in 1992) and 10 years since creating a company.

The match was the central point of celebration which took place in Yalta Inturist hotel. Dr.Web St. Petersburg team played against Dr. Web Moscow team. Moskovites won...

There were also huge fireworks in the evening which Yalta residents can probably took for a for the celebration of some new Ukrainian holiday ;-)

Disclaimer: I was invited as a guest...

#### [Aug 13, 2013] Malware taps mobile ad network to siphon money By Antone Gonsalves

##### Congratulations, in addition to all our troubles, advertisement networks can now be used as hidden channel for installing spyware. In other words, adware provides a channel for installing malware.
###### August 13, 2013 | Network World
Asian cybercriminals have figured out an unusual way to use the architecture of a mobile ad network to siphon money from their victims.

The new method represents another step in the evolution of mobile malware, which is booming with more smartphones shipping than PCs. Mobile ad networks open up the perfect backdoor for downloading code.

"It's a very, very clean infection vector," said Wade Williamson, a senior security analyst at Palo Alto Networks who discovered the new trickery.

In legitimate partnerships between ad distributors and developers, the latter embeds the former's software development kit (SDK) into the app, so it can download and track ads in order to split revenue.

Unfortunately, how well developers vet the ad networks they side with varies from one app maker to another. If the developer does not care or simply goes with the highest bidder, then the chances of siding with a malicious ad network is high.

Wiliamson found one such network's SDK embedded in legitimate apps provided through online Android stores across Asian countries, such as Malaysia, Taiwan and China. Once installed, the SDK pulls down an Android application package file (APK) and runs it in memory where the user cannot easily discover it.

The APK typically waits until another app is being installed before triggering a popup window that seeks permission to access Android's SMS service.

"It doesn't have to go through the whole process of doing a full install," Williamson said. "It just sits there and waits on the smartphone to install something else and then piggybacks in."

Once installed, the APK takes control of the phone's messaging service to send text to premium rate numbers and to download instructions from a command and control server. The majority of Android malware today, 77 percent, wring money from victims through paid messaging services, said Juniper Networks' latest mobile threat report.

Williamson has seen more than a half dozen samples of the latest malware, which he believes is coming from one criminal group, while acknowledging multiple groups is possible.

Android users in Asia and Russia are more susceptible to Android malware, because many apps are downloaded from independent online stores. In the U.S., most Android users take apps from the Google Play store, which scans for malware and malicious ad networks.

Because of the effectiveness of the latest malware, Williamson expects criminals in the future to use the same scheme to download more insidious malware capable of stealing credentials to online banking and retail sites where credit card numbers are stored.

The same pathway could also be used to steal credentials for entering corporate networks.

"As soon as you have a vector like this, the difference between creating malware that sends spoof SMS messages versus looks for the network and tries to break in is just malware functionality," Williamson said.

#### [Jul 27, 2013] Man gets ransomware porn pop-up, goes to cops, gets arrested on child porn charges by Cyrus Farivar

###### July 26 2013 | Ars Technica

21-year-old walked into police station with computer in hand, cops searched it.

A man from just outside of Washington, DC turned himself in to local police—with his computer in tow—after receiving a pop-up message from what he believed was an “FBI Warning” telling him to click to pay a fine online, or face an investigation.

While specific details on the case are scant as of yet, it appears that the suspect here fell victim to a type of ransomware that has been proliferating for years now—raking in millions for the scammers behind it.

Police said Jay Matthew Riley, 21, of Woodbridge, Virginia, walked into Prince William’s Garfield District Station on July 1, 2013 to “inquire if he had any warrants on file for child pornography.”

According to the local police department’s press release, posted on its own Facebook page on Thursday, July 25, 2013:

The accused voluntarily brought his computer to the station and, following a search, several inappropriate messages and photos of underage girls were recovered. Detectives were able to identify one of the girls as a 13 year old from Minnesota. A search warrant was obtained and executed at the home of the accused. As a result, computers and other electronic devices were seized.

Following the investigation, the accused was subsequently arrested on July 23rd. The FBI message that the accused had originally received was determined to be a virus and not a legitimate message. The investigation continues.

The Prince William County police also noted that Riley is now being held without bond. He was charged with “3 counts of possession of child pornography, 1 count of using a communication device to solicit certain offenses involving children, and 1 count of indecent liberties with a minor.”

#### [Jul 26, 2013] There’s No Hiding

##### The danger of rogue software updates in Windows is very real. Typical Windows installation contains at least a dozen of updaters. Microsoft update, Adobe update, Mozilla updaters, almost all applications implement updates independently, and each update channel is essentially a covert channel that can deliver malware to your PC.
###### Zero Hedge

... Are we sure that what we download from Apple or any other such phone producer is a bone fide update, these days? Are phone companies providing access today via downloads to our cell phones and mobile devices?

... ... ...

Anyhow, I have probably unknowingly typed one of the 70, 000 keywords that launches Prism onto my back and gets me monitored today in this article. Wonder who can get the list of them?

#### [Jun 14, 2013] U.S. Agencies Said to Swap Data With Thousands of Firms

##### Corporatism is on the march...
###### Bloomberg

Microsoft Bugs

Microsoft Corp. (MSFT), the world’s largest software company, provides intelligence agencies with information about bugs in its popular software before it publicly releases a fix, according to two people familiar with the process. That information can be used to protect government computers and to access the computers of terrorists or military foes.

Redmond, Washington-based Microsoft (MSFT) and other software or Internet security companies have been aware that this type of early alert allowed the U.S. to exploit vulnerabilities in software sold to foreign governments, according to two U.S. officials. Microsoft doesn’t ask and can’t be told how the government uses such tip-offs, said the officials, who asked not to be identified because the matter is confidential.

Frank Shaw, a spokesman for Microsoft, said those releases occur in cooperation with multiple agencies and are designed to give government “an early start” on risk assessment and mitigation.

In an e-mailed statement, Shaw said there are “several programs” through which such information is passed to the government, and named two which are public, run by Microsoft and for defensive purposes.

Willing Cooperation

Some U.S. telecommunications companies willingly provide intelligence agencies with access to facilities and data offshore that would require a judge’s order if it were done in the U.S., one of the four people said.

In these cases, no oversight is necessary under the Foreign Intelligence Surveillance Act, and companies are providing the information voluntarily.

The extensive cooperation between commercial companies and intelligence agencies is legal and reaches deeply into many aspects of everyday life, though little of it is scrutinized by more than a small number of lawyers, company leaders and spies. Company executives are motivated by a desire to help the national defense as well as to help their own companies, said the people, who are familiar with the agreements.

Most of the arrangements are so sensitive that only a handful of people in a company know of them, and they are sometimes brokered directly between chief executive officers and the heads of the U.S.’s major spy agencies, the people familiar with those programs said.

... ... ...

Committing Officer

If necessary, a company executive, known as a “committing officer,” is given documents that guarantee immunity from civil actions resulting from the transfer of data. The companies are provided with regular updates, which may include the broad parameters of how that information is used.

Intel Corp. (INTC)’s McAfee unit, which makes Internet security software, regularly cooperates with the NSA, FBI and the CIA, for example, and is a valuable partner because of its broad view of malicious Internet traffic, including espionage operations by foreign powers, according to one of the four people, who is familiar with the arrangement.

Such a relationship would start with an approach to McAfee’s chief executive, who would then clear specific individuals to work with investigators or provide the requested data, the person said. The public would be surprised at how much help the government seeks, the person said.

McAfee firewalls collect information on hackers who use legitimate servers to do their work, and the company data can be used to pinpoint where attacks begin. The company also has knowledge of the architecture of information networks worldwide, which may be useful to spy agencies who tap into them, the person said.

McAfee’s Data

McAfee (MFE)’s data and analysis doesn’t include information on individuals, said Michael Fey, the company’s worldwide chief technology officer.

“We do not share any type of personal information with our government agency partners,” Fey said in an e-mailed statement. “McAfee’s function is to provide security technology, education, and threat intelligence to governments. This threat intelligence includes trending data on emerging new threats, cyber-attack patterns and vector activity, as well as analysis on the integrity of software, system vulnerabilities, and hacker group activity.”

In exchange, leaders of companies are showered with attention and information by the agencies to help maintain the relationship, the person said.

In other cases, companies are given quick warnings about threats that could affect their bottom line, including serious Internet attacks and who is behind them.

... ... ...

The information provided by Snowden also exposed a secret NSA program known as Blarney. As the program was described in the Washington Post (WPO), the agency gathers metadata on computers and devices that are used to send e-mails or browse the Internet through principal data routes, known as a backbone.

... ... ...

That metadata includes which version of the operating system, browser and Java software are being used on millions of devices around the world, information that U.S. spy agencies could use to infiltrate those computers or phones and spy on their users.

“It’s highly offensive information,” said Glenn Chisholm, the former chief information officer for Telstra Corp (TLS)., one of Australia’s largest telecommunications companies, contrasting it to defensive information used to protect computers rather than infiltrate them.

According to Snowden’s information, Blarney’s purpose is “to gain access and exploit foreign intelligence,” the Post said.

It’s unclear whether U.S. Internet service providers gave information to the NSA as part of Blarney, and if so, whether the transfer of that data required a judge’s order.

... ... ...

Einstein 3

U.S telecommunications, Internet, power companies and others provide U.S. intelligence agencies with details of their systems’ architecture or equipment schematics so the agencies can analyze potential vulnerabilities.

“It’s natural behavior for governments to want to know about the country’s critical infrastructure,” said Chisholm, chief security officer at Irvine, California-based Cylance Inc.

Even strictly defensive systems can have unintended consequences for privacy. Einstein 3, a costly program originally developed by the NSA, is meant to protect government systems from hackers. The program, which has been made public and is being installed, will closely analyze the billions of e-mails sent to government computers every year to see if they contain spy tools or malicious software.

Einstein 3 could also expose the private content of the e-mails under certain circumstances, according to a person familiar with the system, who asked not to be named because he wasn’t authorized to discuss the matter.

AT&T, Verizon

Before they agreed to install the system on their networks, some of the five major Internet companies -- AT&T Inc. (T), Verizon Communications Inc (VZ)., Sprint Nextel Corp. (S), Level 3 Communications Inc (LVLT). and CenturyLink Inc (CTL). -- asked for guarantees that they wouldn’t be held liable under U.S. wiretap laws. Those companies that asked received a letter signed by the U.S. attorney general indicating such exposure didn’t meet the legal definition of a wiretap and granting them immunity from civil lawsuits, the person said.

#### [Jun 06, 2013] Banking Malware, Under the Hood

###### Slashdot

"What is your computer actually DOING when you click on a link in a phishing email? Sherri Davidoff of LMG Security released these charts of an infected computer's behavior after clicking on a link in a Blackhole Exploit Kit phishing email. You can see the malware 'phone home' to the attacker every 20 minutes on the dot, and download updates to evade antivirus. She then went on to capture screenshots and videos of the hacker executing a man-in-the-browser attack against Bank of America's web site. Quoting: 'My favorite part is when the attacker tried to steal my debit card number, expiration date, security code, Social Security Number, date of birth, driver's license number, and mother's maiden name– all at the same time. Nice try, dude!!'"

3.5 stripes

Well, you were dumb enough (Score:1, Insightful)

to click on the attachment in the first place, you've already set the bar for your intelligence

minstrelmike

Re:Well, you were dumb enough (Score:5, Insightful)

Actually, there are two different populations of phish messages going around now. One of them surprisingly enough is full of misspellings and odd grammar in a tale about a Nigerian prince. If folks click on that, the senders know they have a live one.

But the other phishing schemes are subtle. I think reasonably intelligent folks who skim emails (instead of read them), especially on a tiny smart-phone/blackberry screen, are just liable to click to someplace nasty. After all, ain't no one 100% right 100% of the time.

Synerg1y

Re: Well, you were dumb enough (Score:4, Insightful)

There's a very basic question that needs to be asked by people: why am I getting this email? If you can't figure it out, a siren should go off in your mind as to what this could be.

I do feel bad for anybody that's been caught by this, technical ineptitude is not a valid reason to get your money stolen, especially considering the average age of the victims (it's up there).

Kenja

Re:Nice try? (Score:4, Informative)

BofA actually has VERY good online security.

If setup right, you should be shown a picture you choose to confirm that you are on the legit site. Then in addition to your password, you can setup a system where a six digit numeric token is sent to your cell phone which is also needed to authenticate.

Anonymous Coward

It's Quite A Bit More Than That (Score:1)

So a link in a malicious email can compromise my Windows box and cause my web browser to navigate to addresses in a local hosts file. Welcome back to 1997.

It's quite a bit more than that. Perhaps you should RTFA.

• The infection vector does not have to come via email. It can just as easily infect via drive-by on a web page.
• No hosts file involvement is necessary.
• It injects malware into the system and browser.
• The malware is self updating, to stay current and evade detection.
• The malware in the browser inserts itself into your normal online banking activity.
• It looks 100% legitimate, except for the nature of the "security verification" questions which are too far reaching to be real.

stewsters

Re:Most of the exploits.. (Score:5, Informative)

Don't use IE6. Don't use IE7. Don't Use IE8. Its 2013. Use Chrome, Firefox, or IE 10+

Install chrome, chrome://plugins/ , block automatic execution of java and flash. Make it so you need to click. Install an adblocker to reduce driveby downloads. Install noscript + ghostery if you are wearing aluminum foil on your head.

Auto install security updates. If something disables it most likely you have a virus. Keep everything up to date. Don't install toolbars or weather apps from unknown sources.

CAOgdin

I Fixed One Of These Recently (Score:5, Interesting)

This malware (which puts up the appearance of a credit/debit card and asks for all you information) calls a server in the Ukraine. It was delivered by eMail (to a naive user) and intercepts attempts to reach your financial institution via their website. It presents, after login (did they capture the login info?), a panel looking like the credit/debit card, asking for the user to fill in all information, including account number, CVC, address, and other personal information (why anyone would fill in that data is beyond me!)

After much gnashing of teeth, I discovered it was undetectable by any known virus checker I use (AVG, Malwarebytes, Spybot), so I had to dig deeper. It turned out that the malware was using any references to 127.0.0.1 (local machine) for it's hook. All I had to do was edit the HOSTS file and add the domain names of the miscreant with a reference to a different IP address that is known to be a deadend (you could, for example, use 127.7.7.7).

When the malware couldn't execute, it couldn't disable the various malware detectors, and several files were then identified and removed.

#### [May 25, 2013] Scanner Identifies Malware Strains, Could Be Future of AV

###### May 25, 2013

An anonymous reader writes "When it comes to spotting malware, signature-based detection, heuristics and cloud-based recognition and information sharing used by many antivirus solutions today work well up a certain point, but the polymorphic malware still gives them a run for their money. At the annual AusCert conference held this week in Australia a doctorate candidate from Deakin University in Melbourne has presented the result of his research and work that just might be the solution to this problem. Security researcher Silvio Cesare had noticed that malware code consists of small "structures" that remain the same even after moderate changes to its code. He created Simseer, a free online service that performs automated analysis on submitted malware samples and tells and shows you just how similar they are to other submitted specimens. It scores the similarity between malware (any kind of software, really), and it charts the results and visualizes program relationships as an evolutionary tree."

#### [Apr 19, 2013] Gozi banking Trojan

Researchers from security firm Trusteer have found a new variant of the Gozi banking Trojan program that infects a computer's Master Boot Record (MBR) in order to achieve persistence.

... ... ...

Sophisticated malware that uses MBR rootkit components, like TDL4, also known as Alureon or TDSS, are part of the reason why Microsoft built the Secure Boot feature into Windows 8. This malware is hard to detect and remove and can even survive operating system reinstallation procedures.

... ... ...

The new Gozi MBR rootkit component waits for Internet Explorer to be launched and then injects malicious code into the process. This allows the malware to intercept traffic and perform Web injections inside the browser like most financial Trojans programs do, Maor said.

#### [Mar 22, 2013] Decade-old espionage malware found targeting government computers

###### Mar 20 2013 | Ars Technica

"TeamSpy" used digitally signed TeamViewer remote access tool to spy on victims.

Researchers have unearthed a decade-long espionage operation that used the popular TeamViewer remote-access program and proprietary malware to target high-level political and industrial figures in Eastern Europe.

TeamSpy, as the shadow group has been dubbed, collected encryption keys and documents marked as "secret" from a variety of high-level targets, according to a report published Wednesday by Hungary-based CrySyS Lab.

Targets included a Russia-based Embassy for an undisclosed country belonging to both NATO and the European Union, an industrial manufacturer also located in Russia, multiple research and educational organizations in France and Belgium, and an electronics company located in Iran. CrySyS learned of the attacks after Hungary's National Security Authority disclosed intelligence that TeamSpy had hit an unnamed "Hungarian high-profile governmental victim."

Malware used in the attacks indicates that those responsible may have operated for years and may have also targeted figures in a variety of countries throughout the world. Adding intrigue to the discovery, techniques used in the attacks bear a striking resemblance to an online banking fraud ring known as Sheldon, and a separate analysis from researchers at Kaspersky Lab found similarities to the Red October espionage campaign that the Russia-based security firm discovered earlier this year.

"Most likely the same attackers are behind the attacks that span for the last 10 years, as there are clear connections between samples used in different years and campaigns," CrySyS researchers wrote in their report. "Interestingly, the attacks began to gain new momentum in the second half of 2012."

They added: "The attackers surely aim for important targets. This conclusion comes from a number of different facts, including victim IPs, known activities on some targets, traceroute for probably high-profile targets, file names used in information stealing activities, strange paramilitary language of some structures, etc."

The attackers relied on a variety of methods, including the use of a digitally signed version of TeamViewer that has been modified through a technique known as "DLL hijacking" to spy on targets in real-time. Installation of the compromised program also provides attackers with a backdoor to install updates and additional malware. Both the TeamViewer technique and command servers used in the attack harken back to Sheldon. The TeamSpy operation also relies on more traditional malware tools that were custom-built for the purpose of espionage or bank fraud.

According to Kaspersky, the operators infected their victims through a series of "watering hole" attacks that plant malware on websites frequented by the intended victims. When the targets visit the booby-trapped sites, they also become infected. The attackers also injected malware into advertising networks to blanket entire regions. In many cases, much of that attack code used to infect victims was spawned from the Eleonore exploit kit. Domains used to host command and control servers that communicated with infected machines included politnews.org, bannetwork.org, planetanews.org, bulbanews.org, and r2bnetwork.org.

The discovery of TeamSpy is only the latest to reveal an international operation that uses malware to siphon sensitive data from high-profile targets. The most well-known campaign was dubbed Flame. Other surveillance campaigns include Gauss and Duqu, all three of which are believed to have been supported by a well-resourced nation-state. Last year, researchers also uncovered an espionage campaign dubbed Mahdi.

#### Decade-Old Espionage Malware Found Targeting Government Computers

###### Slashdot

Researchers have unearthed a decade-long espionage operation that used the popular TeamViewer remote-access program and proprietary malware to target high-level political and industrial figures in Eastern Europe. TeamSpy, as the shadow group has been dubbed, collected encryption keys and documents marked as 'secret' from a variety of high-level targets, according to a report published Wednesday by Hungary-based CrySyS Lab. Targets included a Russia-based Embassy for an undisclosed country belonging to both NATO and the European Union, an industrial manufacturer also located in Russia, multiple research and educational organizations in France and Belgium, and an electronics company located in Iran. CrySyS learned of the attacks after Hungary's National Security Authority disclosed intelligence that TeamSpy had hit an unnamed 'Hungarian high-profile governmental victim.'

erroneus

Suspiscious based on what criteria?

1. We aren't allowed to use open source and so we have to "trust" every 'signed binary' which executives and leaders want to use. If we could use open source, we could at least read the source and even compile it to ensure the source we read was the binary which was compiled.

2. When the malware doesn't do "harm" to anything, the sympoms of malware are non-existant. No pop-up ads, no unusual crashing (see note about being unable to use open source... the 'other' operaitng system crashes often enough for inexplicable reasons that no one suspects malware as the cause any longer) and when a commonly used utility program which performs remote access is used, how can it be detected as malware?

Arguably, that it was proprietary and commercial software which was exploited is pretty disturbing. But at the same time, that software makers (and other device and product makers, and service providers too) frequently enter into deals with government to spy on people is unfortunately very common. That the "white-hat" (heh, I accidentally typed "white-hate"... apropos?) nation called the USA has compromised global communications with Echelon and more recently with the much celebrated NSA wiretapping, does not help matters.

I think no one appreciates the value of trust. Once it's lost, it's lost. What amount of trust in government... any government... may have existed, it is gone for most of us.

The unenlightened? Well... they still watch MSM (mainstream media, I have come to know these initials). What hope have they against that?

Anonymous Coward

Re:A strong push for open source in government (Score:1)

I suspect that as more malware and backdoors are discovered in systems used by government, the penny will begin to drop more frequently. Closed source is incompatible with security, by definition, since you cannot validly trust what you cannot see

Bullshit. Open or closed source has no direct bearing on the ability of an attacker to infect a binary. Open source provides more eyes on a given bug or problem, but once compiled and running its the exact same problem.

The article mentions use of a modified signed binary. So tell me how open source is going to remedy that? Unless you're recompiling from scratch (your entire tool chain, plus dependencies) on each launch, you're just as fucked as the next guy. Are you going to checksum the binary in memory each time a method is called? Are you going to encrypt/decrypt on each call? What's to stop an attacker from modifying your checksum code in the same manner as CD checks on games are trivially broken?

The only thing open source is really going to do for you is ensure that if you compile from source, the attack didn't originate from that source. So what?

Anonymous Coward

The fact it's open source IS (or can be) the pathway. If it's a small piece of software that does a specific function that's not of use to many people, your million eyeballs shrink rapidly. And what you're left with (IMO) is a handful of eyeballs thinking "I don't have the time/skills for this, it's open source, I'm sure someone will have looked over it" while no one actually does.

Or someone auditing the code but not the stuff around it, or maybe the code as distributed is clean and will compile into a clean and functioning binary, but the scripts around it actually add some malicious steps if certain criteria are met.

Open source isn't a magic bullet.

#### [Feb 28, 2013] Computer Virus Computer virus that activates webcam spreads, finds East Tennessee victims by Jennifer Meckles

###### Authorities are tracking a new computer virus that uses a fake “FBI” message in an attempt to extort money from its victims.

Called “Reveton Ransomware,” officials say the virus is installed on a computer when a user visits a compromised website. The computer then locks, while displaying a warning that the FBI or Department of Justice has identified the computer as being involved in criminal activity. The fake message instructs users to pay a fine using a prepaid money card service, which will unlock the computer.

The computer’s webcam is also activated, showing the user a live picture of themselves.

“We started seeing versions of this virus last year, but of course, like all scams, it morphs over time,” said FBI Supervisory Special Agent Marshal Stone, of the Knoxville Division.

Stone says FBI officials do not conduct business in that fashion, and would never demand payment to unlock a computer.

The virus has already found victims in East Tennessee. Sean Woods of “Computer Solutions” in Seymour says he has worked three cases within the past week.

“In this case, a person will lose everything that they’ve ever had. If it’s not backed up, it’s gone,” he said.

Officials have not confirmed which websites lead to the virus, but Woods says he is connecting some trends. He believes users are picking up the virus through shared files, illegal downloads, or websites commonly linked to bugs.

“You don’t know who’s going on your computer and what they’re doing,” he said, cautioning users to be careful who they share a computer with.”They download content such as music… they’re out there for you to go view, this is where you’re getting hit.”

Woods says users should also keep their virus protection software up to date.

The FBI encourages any victims of the virus to file a complaint with the Internet Crime Complain Center at www.ic3.gov.

#### Google under fire for sending users' information to developers by Thom Holwerda

###### 02/15/13
"Sebastian Holst makes yoga mobile apps with his wife, a yoga instructor. The Mobile Yogi is sold in all the major mobile app stores. But when someone buys his app in the Google Play store, Holst automatically gets something he says he didn't ask for: the buyer's full name, location and email address.

He says consumers are not aware that Google Inc. is sharing their personal information with third parties. No other app store transmits users' personal information to third-party developers when they buy apps, he said." Oh Google.

UltraZelda64

Hopefully this applies only when "buying" an app.

If so, then I should be safe. This kind of privacy violation is just... wrong. Google seems to think that their customers automatically trust third parties or something... if anything, this demonstrates that Google themselves should not be trusted.

darknexus

RE[2]: Obviously a bug by darknexus

"If it had been a certain fruit company everyone would be rioting.

Man, it's so hard to be persecuted, eh? "

Much as I hate to be defending Apple this time, the OP is absolutely correct. There's definitely a double standard in place for Apple in the tech media, particularly though not exclusively when compared to Google.

If Apple had been the one doing this, everyone would have been up in arms, torches lit, ready to burn down Apple HQ and any other buildings around them just to make sure the deed was done.

When Google does it, not only do we get some people giving them the benefit of the doubt but we even have some that claim Google are in the right to do this. If that's not a double standard, I don't know what is. For myself, I say no app store should give

#### [Feb 16, 2013] The Antivirus Industry's Dirty Little Secret

##### obe Flash to view it...
###### Feb. 14, 2013 | Businessweek

-- Bloomberg Businessweek's Jordan Robertson discusses why the antivirus industry has so many customers in the face of its ineffectiveness. He speaks on Bloomberg Television's "Market Makers." (Source: Bloomberg)

#### [Feb 13, 2013] Welcome to the Malware-Industrial Complex By Tom Simonite

###### February 13, 2013 | MIT Technology Review

The U.S. government is developing new computer weapons and driving a black market in “zero-day” bugs. The result could be a more dangerous Web for everyone.

Every summer, computer security experts get together in Las Vegas for Black Hat and DEFCON, conferences that have earned notoriety for presentations demonstrating critical security holes discovered in widely used software. But while the conferences continue to draw big crowds, regular attendees say the bugs unveiled haven’t been quite so dramatic in recent years.

One reason is that a freshly discovered weakness in a popular piece of software, known in the trade as a “zero-day” vulnerability, can be cashed in for much more than a reputation boost and some free drinks at the bar. Information about such flaws can command prices in the hundreds of thousands of dollars from defense contractors, security agencies and governments.

This trade in zero-day exploits is poorly documented, but it is perhaps the most visible part of a new industry that in the years to come is likely to swallow growing portions of the U.S. national defense budget, reshape international relations, and perhaps make the Web less safe for everyone.

Zero-day exploits are valuable because they can be used to sneak software onto a computer system without detection by conventional computer security measures, such as antivirus packages or firewalls. Criminals might do that to intercept credit card numbers. An intelligence agency or military force might steal diplomatic communications or even shut down a power plant.

It became clear that this type of assault would define a new era in warfare in 2010, when security researchers discovered a piece of malicious software, or malware, known as Stuxnet. Now widely believed to have been a project of U.S. and Israeli intelligence (U.S. officials have yet to publicly acknowledge a role but have done so anonymously to the New York Times and NPR), Stuxnet was carefully designed to infect multiple systems needed to access and control industrial equipment used in Iran’s nuclear program. The payload was clearly the work of a group with access to government-scale resources and intelligence, but it was made possible by four zero-day exploits for Windows that allowed it to silently infect target computers. That so many precious zero-days were used at once was just one of Stuxnet’s many striking features.

Since then, more Stuxnet-like malware has been uncovered, and it’s involved even more complex techniques (see “The Antivirus Era Is Over”). It is likely that even more have been deployed but escaped public notice. Meanwhile, governments and companies in the United States and around the world have begun paying more and more for the exploits needed to make such weapons work, says Christopher Soghoian, a principal technologist at the American Civil Liberties Union.

“On the one hand the government is freaking out about cyber-security, and on the other the U.S. is participating in a global market in vulnerabilities and pushing up the prices,” says Soghoian, who says he has spoken with people involved in the trade and that prices range from the thousands to the hundreds of thousands. Even civilian law-enforcement agencies pay for zero-days, Soghoian says, in order to sneak spy software onto suspects’ computers or mobile phones.

Exploits for mobile operating systems are particularly valued, says Soghoian, because unlike desktop computers, mobile systems are rarely updated. Apple sends updates to iPhone software a few times a year, meaning that a given flaw could be exploited for a long time. Sometimes the discoverer of a zero day vulnerability receives a monthly payment as long as a flaw remains undiscovered. “As long as Apple or Microsoft has not fixed it you get paid,” says Soghioan.

No law directly regulates the sale of zero-days in the United States or elsewhere, so some traders pursue it quite openly. A Bangkok-based security researcher who goes by the name The Grugq tweets about acting as a middleman and has spoken to the press about negotiating deals worth hundreds of thousands of dollars with government buyers from the United States and western Europe. In an argument on Twitter last month, he denied that his business is equivalent to arms dealing, as critics within and outside the computer security community have charged. “An exploit is a component of a toolchain,” he tweeted. “The team that produces & maintains the toolchain is the weapon.”

Some small companies are similarly up-front about their involvement in the trade. The French security company VUPEN states on its website that it

“provides government-grade exploits specifically designed for the Intelligence community and national security agencies to help them achieve their offensive cyber security and lawful intercept missions.”

Last year, employees of the company publicly demonstrated a zero-day flaw that compromised Google’s Chrome browser, but they turned down Google’s offer of a $60,000 reward if they would share how it worked. What happened to the exploit is unknown. No U.S. government agency has gone on the record as saying that it buys zero-days. But U.S. defense agencies and companies have begun to publicly acknowledge that they intend to launch as well as defend against cyberattacks, a stance that will require new ways to penetrate enemy computers. General Keith Alexander, director of the National Security Agency and commander of the U.S. Cyber Command, told a symposium in Washington last October that the United States is prepared to do more than just block computer attacks. “Part of our defense has to consider offensive measures,” he said, making him one of the most senior officials to admit that the government will make use of malware. Earlier in 2012 the U.S. Air Force invited proposals for developing “Cyberspace Warfare Attack capabilities” that could “destroy, deny, degrade, disrupt, deceive, corrupt, or usurp the adversaries [sic] ability to use the cyberspace domain for his advantage.” And in November, Regina Dugan, the head of the Defense Advanced Research Projects Agency, delivered another clear signal about the direction U.S. defense technology is heading. “In the coming years we will focus an increasing portion of our cyber research on the investigation of offensive capabilities to address military-specific needs,” she said, announcing that the agency expected to expand cyber-security research from 8 percent of its budget to 12 percent. Defense analysts say one reason for the shift is that talking about offense introduces an element of deterrence, an established strategy for nuclear and conventional conflicts. Up to now, U.S. politicians and defense chiefs have talked mostly about the country’s vulnerability to digital attacks. Last fall, for example, Defense Secretary Leon Panetta warned frankly that U.S. infrastructure was being targeted by overseas attackers and that a “digital Pearl Harbor” could result (see “U.S. Power Grids, Water Plants a Hacking Target”). Major defense contractors are less forthcoming about their role in making software to attack enemies of the U.S. government, but they are evidently rushing to embrace the opportunity. “It’s a growing area of the defense business at the same time that the rest of the defense business is shrinking,” says Peter Singer, director of the 21st Century Defense Initiative at the Brookings Institution, a Washington think tank. “They’ve identified two growth areas: drones and cyber.” Large contractors are hiring many people with computer security skills, and some job openings make it clear there are opportunities to play more than just defense. Last year, Northrop Grumman posted ads seeking people to “plan, execute and assess an Offensive Cyberspace Operation (OCO) mission,” and many current positions at Northrop ask for “hands-on experience of offensive cyber operations.” Raytheon prefaces its ads for security-related jobs with language designed to appeal to stereotypical computer hackers: “Surfboards, pirate flags, and DEFCON black badges decorate our offices, and our Nerf collection dwarfs that of most toy stores. Our research and development projects cover the spectrum of offensive and defensive security technologies.” The new focus of America’s military and defense contractors may concern some taxpayers. As more public dollars are spent researching new ways to attack computer systems, some of that money will go to people like The Grugq to discover fresh zero-day vulnerabilities. And an escalating cycle of competition between U.S and overseas government agencies and contractors could make the world more dangerous for computer users everywhere. “Every country makes weapons: unfortunately, cyberspace is like that too,” says Sujeet Shenoi, who leads the U.S.-government-sponsored Cyber Corps Program at the University of Tulsa. His program trains students for government jobs defending against attacks, but he fears that defense contractors, also eager to recruit these students, are pushing the idea of offense too hard. Developing powerful malware introduces the dangerous temptation to use it, says Shenoi, who fears the consequences of active strikes against infrastructure. “I think maybe the civilian courts ought to get together and bar these kinds of attacks,” he says. The ease with which perpetrators of a computer attack can hide their tracks also raises the risk that such weapons will be used, Shenoi points out. Worse, even if an attack using malware is unsuccessful, there’s a strong chance that a copy will remain somewhere on the victim’s system—by accident or design—or accidentally find its way onto computer systems not targeted at all, as Stuxnet did. Some security firms have already identified criminal malware that uses methods first seen in Stuxnet (see “Stuxnet Tricks Copied by Criminals”). “The parallel is dropping the atomic bomb but also leaflets with the design of it,” says Singer. He estimates that around 100 countries already have cyber-war units of some kind, and around 20 have formidable capabilities: “There’s a lot of people playing this game.” #### [Jan 11, 2013 ] Adobe Flash Virus - McAfee Security Scan Plus Scam Adobe Engaging in a Detestable Practice Adobe has began a new campaign of evil. They are installing unrequested software without the user's permission. Although the software may seem fairly benign and even helpful, it isn't. It is actually fairly harmful to the computing experience. ... .... ... Please close Firefox to continue installation... flash player installed...McAfee Security Scan Plus installed....WHAT? I never gave permission to install McAfee. I watched very carefully to make sure I unchecked any boxes that asked me for permission to install additional software. Well, maybe I missed it. Besides, it sounded fairly benign. I decided to let it go. Problems with McAfee - May Adobe Die I began noticing some new problems with my computer. This was very strange as I hadn't tried any new programs yet. The only security that I use for my computer is WinPatrol and the only new program it showed running in the background was McAfee. Programs and sound files would freeze for about a tenth of second and I worried about a hardware problem caused by working on my computer. Even YouTube videos would stutter. I even opened up my computer again and made sure everything was seated tight and no cables bumping against the wrong thing. I couldn't find any physical problems though. Luckily, I got around to uninstalling McAfee. It is easy to remove, just click on start, all programs tab, then McAfee tab. There will be an option to uninstall McAfee and it runs without any problems. After removing McAfee, the next time I booted up my computer it ran perfect again. This got me curious. I went online and discovered that I am not the first to have problems with Adobe and their unwanted software. Other IT users noticed that McAfee was installed without any check boxes or warnings. It might be in the EULA, but who reads that. The EULA may protect them legally, but in my book it doesn't mean that what they are doing is moral. It only means that Adobe knows how to legally scam people while protecting itself. I heard that McAfee has caused some serious problems on other people's computers too. Recently, it would cause computers to constantly reboot after installation. How many people would know how to fix that problem? Why would Adobe do such a thing? Well, it turns out that the McAfee installation isn't a full working version. It may detect viruses, but you will have to pay money to upgrade to a full version that removes them. Basically, Adobe and McAfee are trying to bleed people for money. I suspect in the long run, this will work against Adobe ... ... ... ... #### [Jan 11, 2013 ] McAfee VirusScan - Wikipedia, the free encyclopedia Customer support criticisms Reviewers have described customer support for McAfee products as lacking, with support staff slow to respond and unable to answer many questions.[9] 2010 reboot problem On April 21, 2010, beginning approximately at 2 PM GMT, an erroneous virus definition file update from McAfee affected millions of computers worldwide running Windows XP Service Pack 3. The update resulted in the removal of a Windows system file (svchost.exe) on those machines, causing machines to lose network access and, in some cases, to enter a reboot loop. McAfee rectified this by removing and replacing the faulty DAT file, version 5958, with an emergency DAT file (version 5959) and has posted a fix for the affected machines in its consumer "KnowledgeBase".[11] 2012 update issues An August 2012 update to McAfee Antivirus caused the protection to turned off and users to lose internet connections. McAfee was criticised for not notifying users promptly of the issues when they learned about it.[13] #### [Jan 05, 2013] Foreign Policy Group Gets Hacker Happy New Year Discovery News ##### See also Sirefef and Win32/Tracur.AV. Using IE 8 became really dangerous those days. Hackers said a big Happy New Year to the Council on Foreign Relations, using the organization's own website to attack unsuspecting visitors. The CFR is a non-partisan policy group, known mostly for publishing Foreign Affairs, an influential journal on the subject. The group's website was infected with malware that uses a "watering hole" attack -– waiting for users to visit the site before downloading the malware to their machines. The malware involved allows a hacker to execute code remotely on the target computer. ... ... ... The malware only works on Internet Explorer 8 or earlier versions. The hackers altered the HTML code on the CFR's website itself and were able to remotely execute a program on any computer that accessesed the site. The malware was hidden in several pieces and stored in areas that the web page needed to go to in order to retrieve stored content such as text and pictures. "The javascript is hidden in a file on the system that is usually used for a completely different purpose," he said. Microsoft is reportedly working on a permanent fix, and issued a security advisory on Dec. 29. In the meantime there is an automatic work-around here. The simplest way to protect oneself is to disable Javascript and Flash, according to Microsoft, but sometimes turning those two features on an off for different sites can be inconvenient. Users of Internet Explorer 9 and later aren't vulnerable. While the particular attack on the CFR website used a previously unknown vulnerability in Internet Explorer, the "watering hole" attack is nothing new: a local government site in Maryland and a bank in Boston were hit by one called VOHO in July, which infected targeted computers with code that sent information such as keystrokes back to a server. #### [Jan 03, 2013] Antivirus Makers Work on Software to Catch Malware More Effectively ##### “The traditional signature-based method of detecting malware is not keeping up.” : it was known for 20 years or so. Nothing changed. ###### NYTimes.com ###### Consumers and businesses spend billions of dollars every year on antivirus software. But these programs rarely, if ever, block freshly minted computer viruses, experts say, because the virus creators move too quickly. That is prompting start-ups and other companies to get creative about new approaches to computer security. “The bad guys are always trying to be a step ahead,” said Matthew D. Howard, a venture capitalist at Norwest Venture Partners who previously set up the security strategy at Cisco Systems. “And it doesn’t take a lot to be a step ahead.” Computer viruses used to be the domain of digital mischief makers. But in the mid-2000s, when criminals discovered that malicious software could be profitable, the number of new viruses began to grow exponentially. In 2000, there were fewer than a million new strains of malware, most of them the work of amateurs. By 2010, there were 49 million new strains, according to AV-Test, a German research institute that tests antivirus products. The antivirus industry has grown as well, but experts say it is falling behind. By the time its products are able to block new viruses, it is often too late. The bad guys have already had their fun, siphoning out a company’s trade secrets, erasing data or emptying a consumer’s bank account. A new study by Imperva, a data security firm in Redwood City, Calif., and students from the Technion-Israel Institute of Technology is the latest confirmation of this. Amichai Shulman, Imperva’s chief technology officer, and a group of researchers collected and analyzed 82 new computer viruses and put them up against more than 40 antivirus products, made by top companies like Microsoft, Symantec, McAfee and Kaspersky Lab. They found that the initial detection rate was less than 5 percent. On average, it took almost a month for antivirus products to update their detection mechanisms and spot the new viruses. And two of the products with the best detection rates — Avast and Emsisoft — are available free; users are encouraged to pay for additional features. This despite the fact that consumers and businesses spent a combined$7.4 billion on antivirus software last year — nearly half of the \$17.7 billion spent on security software in 2011, according to Gartner.

“Existing methodologies we’ve been protecting ourselves with have lost their efficacy,” said Ted Schlein, a security-focused investment partner at Kleiner Perkins Caufield & Byers. “This study is just another indicator of that. But the whole concept of detecting what is bad is a broken concept.”

Part of the problem is that antivirus products are inherently reactive. Just as medical researchers have to study a virus before they can create a vaccine, antivirus makers must capture a computer virus, take it apart and identify its “signature” — unique signs in its code — before they can write a program that removes it.

That process can take as little as a few hours or as long as several years. In May, researchers at Kaspersky Lab discovered Flame, a complex piece of malware that had been stealing data from computers for an estimated five years.

Mikko H. Hypponen, chief researcher at F-Secure, called Flame “a spectacular failure” for the antivirus industry. “We really should have been able to do better,” he wrote in an essay for Wired.com after Flame’s discovery. “But we didn’t. We were out of our league in our own game.”

Symantec and McAfee, which built their businesses on antivirus products, have begun to acknowledge their limitations and to try new approaches. The word “antivirus” does not appear once on their home pages. Symantec rebranded its popular antivirus packages: its consumer product is now called Norton Internet Security, and its corporate offering is now Symantec Endpoint Protection.

“Nobody is saying antivirus is enough,” said Kevin Haley, Symantec’s director of security response. Mr. Haley said Symantec’s antivirus products included a handful of new technologies, like behavior-based blocking, which looks at some 30 characteristics of a file, including when it was created and where else it has been installed, before allowing it to run. “In over two-thirds of cases, malware is detected by one of these other technologies,” he said.

Continued

### Softpanorama Recommended

Interviews and reviews

FAT32 New Problems for Viruses or Anti-Virus -- a sober look on problems with interaction between scanners and file systems. You will never read this in ZD publications ;-)

The Virus Creation Labs - An excerpt from Dr. George C. Smith's book -- an interesting book about interaction between virus writers and AV industry (see also Crypt Newsletter) . Here is except from Rob Rosenberger (the author of False Authority Syndrome) review. In his Recommended books & publications he wrote:

The media portrays virus writers as teenage prodigies whose temper tantrums threaten the world. The media portrays antivirus companies as serious business professionals who work closely with competitors and international agencies to keep virus writers at bay. If you listen to the media, it's a World War with clear lines drawn between good & evil. The media doesn't have a clue. "Drunken brawl" most accurately describes the virus/antivirus conflict. You can't always tell the good guys from the bad guys (they occasionally switch sides) and it's every man for himself. Virus writers rarely advance the state of the art -- but antivirus firms profit by declaring them deadly computer terrorists. Few books about viruses delve into this bizarre soap opera, and most of those only cover it briefly. Crypt Newsletter editor George C. Smith's entire book exposes an insane world where everybody claws at each others' throats -- and where even the virus writers have marketing departments. 172 pages written with an utterly cynical sense of humor & irony. I read The Virus Creation Labs for the first time while sitting in an airport terminal and I repeatedly embarrassed myself with bursts of laughter.

Microsoft Office 97 Visual Basic Programmer's Guide -- one cannot understand macro virus problem without understanding VBA

Crypt Newsletter supplied this short paper to a consumer group in Washington, D.C., that's trying to prevent the software industry from running over consumers in the area of product liability law. The industry's position is, obviously, "It's your neck if you buy, use or download our products and then wind up hosed in any way."

Most people with even half a brain grasp the point that this is a profoundly anti-consumer stance.

In America, only the computer software industry has this carte blanche ticket to screw with people unapologetically. If any other type of company in your hometown were caught ignorantly putting saltpeter into the water supply for years, you could go after them. Maybe you could even get the media outraged, too!

If this analogy isn't clear enough, consider the recent case of Williamson Sales of San Diego and the distribution of hepatitis A contaminated strawberries. Now, you should know hepatitis A -- if you're going to get hepatitis -- is the hepatitis to get. The virus that causes it is, relatively speaking, mild. Some people who contract the disease often don't know they have it; symptoms vary widely and may never appear noticeably. Children, who were the consumers of Williamson's strawberries, generally don't get as sick as adults. Victims may become extremely jaundiced or not at all.

In no cases during the media firestorm over the virus-contaminated strawberries were company officials caught saying things like "It's not our fault, there's no liability, you broke the shrinkwrap and ate the strawberries," or It's just a minor hepatitis virus (not B or non-A/non-B which are extremely bad), a relative prankster, no one will get ve