Softpanorama
May the source be with you, but remember the KISS principle ;-)

Contents Bulletin Scripting in shell and Perl Network troubleshooting History Humor

Strategies of Defending Microsoft Windows against Malware

News

Recommended Links Recommended Books Spyware Malware Defense History
(ebook)
Articles Vault 7 scandal Internet as intelligence collection tool
Wanna Cry -- a combination of ransomware and network worm Cryptolocker Trojan (Win32/Crilock.A) Introduction to Sabotage Trojans         Malicious Web Sites
Windows Disk Protection Free Windows Registry Tools Windows Process Viewers Microsoft Power Toys Norton Ghost Alternatives to Norton Ghost Windows Integrity Checkers Windows Security
Compromised Web sites gallery Web Scanning Zombies Filesystems Recovery Data Recovery Free Windows Registry Tools Microsoft Registry Tools Registry Backup Registry Monitoring
Softpanorama Spyware defense strategy Malicious frame attack False positives Spyware Removal Fighting Network worms History Humor Etc

Introduction to the topic became too big and was converted into a separate article on Dec 1, 2012.  The latest news was that the CIA lost its arsenal of hacking tools Vault 7 scandal. After this news you can simply believe that the only secure PC is the PC that is not connected to the internet. 

See Architectural approaches for increasing Windows resistance against malware:


Top updates

Softpanorama Switchboard
Softpanorama Search


NEWS CONTENTS

Old News ;-)

2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010
2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999
Microsoft is closely monitoring the situation, and is committed to helping customers have a safe, enjoyable computing experience.

From the quotes of the day

“the Windows dominance produced a computer monoculture with all the same problems as other monocultures.”

"Anti-virus companies have always been seen as ambulance chasers, and sometimes, it's true," said Dan Schrader, the chief security analyst at Trend Micro. "Because this is an industry that has been built on hype and alerts and pretensions of being good citizens, the industry doesn't have a lot of credibility."

The Virus 'Ambulance Chasers

The preoccupation with computer "hacking" is a way for physically unattractive males to enter the mainstream of society.

Anonymous

[May 20, 2017] While Microsoft griped about NSA exploit stockpiles, it stockpiled patches Fridays WinXP fix was built in February by Iain Thomson

Notable quotes:
"... However, our analysis of the metadata within these patches shows these files were built and digitally signed by Microsoft on February 11, 13 and 17, the same week it had prepared updates for its supported versions of Windows. In other words, Microsoft had fixes ready to go for its legacy systems in mid-February but only released them to the public last Friday after the world was engulfed in WannaCrypt. ..."
May 16, 2017 | theregister.co.uk
And it took three months to release despite Eternalblue leak 16 May 2017 at 01:44, When the WannaCrypt ransomware exploded across the world over the weekend, infecting Windows systems using a stolen NSA exploit, Microsoft president Brad Smith quickly blamed the spy agency . If the snoops hadn't stockpiled hacking tools and details of vulnerabilities, these instruments wouldn't have leaked into the wild, sparing us Friday's cyber assault, he said.

"This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem," said Smith.

Speaking of hoarding, though, it's emerged Microsoft was itself stockpiling software – critical security patches for months.

Around January this year, Microsoft was tipped off by persons unknown that the NSA's Eternalblue cyber-weapon, which can compromise pre-Windows 10 systems via an SMBv1 networking bug, had been stolen and was about to leak into the public domain. In March, Microsoft emitted security fixes for supported versions of Windows to kill off the SMB vulnerability, striking Eternalblue dead on those editions.

In April, exactly a month later, an NSA toolkit of hacking weapons , including Eternalblue, was dumped online by the Shadow Brokers: a powerful loaded gun was now in the hands of any willing miscreant.

In May, just last week in fact, the WannaCrypt ransomware, equipped with this weapon, spread across networks and infected tens of thousands of machines worldwide, from hospital computers in the UK and Fedex terminals in the US, to railways in Germany and Russia, to cash machines in China.

On Friday night, Microsoft issued emergency patches for unsupported versions of Windows that did not receive the March update – namely WinXP, Server 2003, and Windows 8 RT. Up until this point, these systems – and all other unpatched pre-Windows 10 computers – were being menaced by WannaCrypt, and variants of the software nasty would be going after these systems in the coming weeks, too.

The Redmond tech giant was praised for issuing the fixes for its legacy Windows builds. It stopped supporting Windows XP in April 2014 , and Server 2003 in July 2015 , for instance, so the updates were welcome.

However, our analysis of the metadata within these patches shows these files were built and digitally signed by Microsoft on February 11, 13 and 17, the same week it had prepared updates for its supported versions of Windows. In other words, Microsoft had fixes ready to go for its legacy systems in mid-February but only released them to the public last Friday after the world was engulfed in WannaCrypt.

Here's the dates in the patches:

The SMBv1 bug is trivial , by the way: it is a miscalculation from a 32-bit integer to a 16-bit integer that can be exploited by an attacker to overflow a buffer, push too much information into the file networking service, and therefore inject malicious code into the system and execute it. Fixing this programming blunder in the Windows codebase would have been easy to back port from Windows 8 to XP.

If you pay Microsoft a wedge of cash, and you're important enough, you can continue to get security fixes for unsupported versions of Windows under a custom support license. It appears enterprises and other organizations with these agreements got the legacy fixes months ago, but us plebs got the free updates when the house was already on fire.

Smith actually alluded to this in his blog post over the weekend: "We are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only , including Windows XP, Windows 8, and Windows Server 2003." [Italics are ours.]

Money talks

Custom support is a big earner: Microsoft charged Britain's National Health Service $200 per desktop for year one, $400 for year two and $800 for a third year as part of its contract. UK Health Secretary Jeremy Hunt cancelled the contract after a year as a cost-saving measure. The idea was that a year would give NHS trusts time to manage their upgrades and get modern operating systems, but instead it seems some trusts preferred to spend the money not on IT upgrades but on executive remuneration, nicer offices, and occasionally patient care. Defence Secretary Michael Fallon claimed on Sunday that "less than five per cent of [NHS] trusts" still use Windows XP.

Naturally, Microsoft doesn't want to kill the goose that lays such lovely golden eggs, by handing out patches for old gear for free. And supporting a 16-year-old operating system like Windows XP must be a right pain in the ASCII for its engineers. And we appreciate that computers still running out-of-date operating systems are probably doing so for a reason – perhaps it's a critical device or an MRI scanner that can't be upgraded – and thus it doesn't matter if a patch landed in February, March or May: while every little helps, the updates are unlikely to be applied anyway.

On the other hand, we're having to live with Microsoft's programming mistakes nearly two decades on, mistakes that Microsoft is seemingly super reluctant to clean up, unless you go the whole hog and upgrade the operating system.

Most crucially, it's more than a little grating for Microsoft, its executives, and its PR machine, to be so shrill about the NSA stockpiling zero-day exploits when the software giant is itself nesting on a pile of fixes – critical fixes it's keeping secret unless you pay it top dollar. Suddenly, it's looking more like the robber baron we all know, and less like the white knight in cyber armor.

We asked Microsoft to comment on the timing of its patching, but its spokespeople uselessly referred us back to Smith's blog. Meanwhile, here's some more technical analysis of the WannaCrypt worm and how a kill switch for the nasty was found and activated over the weekend.

[May 19, 2017] Global Cyberattack Are Private Interests Using States: The global cyberattack, the NSA and Washingtons war propaganda against Russia by Bill Van Auken

Notable quotes:
"... Thus, amid the hysterical propaganda campaign over Russian hacking, Washington has been developing an array of cyber-weapons that have the capability of crippling entire countries. Through the carelessness of the NSA, some of these weapons have now been placed in the hands of criminals. US authorities did nothing to warn the public, much less prepare it to protect itself against the inevitable unleashing of the cyber weapons it itself had crafted. ..."
"... There was no question then of an investigation taking months to uncover the culprit, much less any mystery going unsolved. Putin and Russia were declared guilty based upon unsubstantiated allegations and innuendo. Ever since, the Times ..."
"... Since Trump's inauguration, the Democratic Party has only intensified the anti-Russian propaganda. It serves both as a means of pressuring the Trump administration to abandon any turn toward a less aggressive policy toward Moscow, and of smothering the popular opposition to the right-wing and anti-working class policies of the administration under a reactionary and neo-McCarthyite campaign painting Trump as an agent of the Kremlin. ..."
May 16, 2017 | www.defenddemocracy.press

The cyberattack that hit some 200,000 computers around the world last Friday, apparently using malicious software developed by the US National Security Agency, is only expected to escalate and spread with the start of the new workweek.

The cyber weapon employed in the attack, known as "WannaCrypt," has proven to be one of the most destructive and far-reaching ever. Among the targets whose computer systems were hijacked in the attack was Britain's National Health Service, which was unable to access patient records and forced to cancel appointments, treatments and surgeries.

Major corporations hit include the Spanish telecom Telefonica, the French automaker Renault, the US-based delivery service Fedex and Germany's federal railway system. Among the worst affected countries were reportedly Russia, Ukraine and Japan.

The weaponized software employed in the attacks locks up files in an infected computer by encrypting them, while demanding $300 in Bitcoin (digital currency) to decrypt them and restore access.

Clearly, this kind of attack has the potential for massive social disruption and, through its attack on institutions like Britain's NHS, exacting a toll in human life.

This event, among the worst global cyberattacks in history, also sheds considerable light on issues that have dominated the political life of the United States for the past 10 months, since WikiLeaks began its release of documents obtained from the hacked accounts of the Democratic National Committee and John Podesta, the chairman of Hillary Clinton's presidential campaign.

The content of these leaked documents exposed, on the one hand, the DNC's machinations to sabotage the presidential campaign of Bernie Sanders, and, on the other, the subservience of his rival, Hillary Clinton, to Wall Street through her own previously secret and lavishly paid speeches to financial institutions like Goldman Sachs.

Read also: Obama Warned to Defuse Tensions with Russia

This information, which served to discredit Clinton, the favored candidate of the US military and intelligence apparatus, was drowned out by a massive campaign by the US government and the corporate media to blame Russia for the hacking and for direct interference in the US election, i.e., by allegedly making information available to the American people that was supposed to be kept secret from them.

Ever since then, US intelligence agencies, Democratic Party leaders and the corporate media, led by the New York Times , have endlessly repeated the charge of Russian hacking, involving the personal direction of Vladimir Putin. To this day, none of these agencies or media outlets have provided any probative evidence of Russian responsibility for "hacking the US election."

Among the claims made to support the allegations against Moscow was that the hacking of the Democrats was so sophisticated that it could have been carried out only by a state actor. In a campaign to demonize Russia, Moscow's alleged hacking was cast as a threat to the entire planet.

Western security agencies have acknowledged that the present global cyberattack-among the worst ever of its kind-is the work not of any state agency, but rather of a criminal organization. Moreover, the roots of the attack lie not in Moscow, but in Washington. The "WannaCrypt" malware employed in the attack is based on weaponized software developed by the NSA, code-named Eternal Blue, part of a bundle of documents and computer code stolen from the NSA's server and then leaked by a hacking group known as "Shadow Brokers."

Read also: The End of Freedom? Secret Services developing like a Cancer

Thus, amid the hysterical propaganda campaign over Russian hacking, Washington has been developing an array of cyber-weapons that have the capability of crippling entire countries. Through the carelessness of the NSA, some of these weapons have now been placed in the hands of criminals. US authorities did nothing to warn the public, much less prepare it to protect itself against the inevitable unleashing of the cyber weapons it itself had crafted.

In its report on the global cyberattacks on Saturday, the New York Times stated: "It could take months to find out who was behind the attacks-a mystery that may go unsolved."

The co-author of these lines was the New York Times chief Washington correspondent David E. Sanger, who, in addition to writing for the "newspaper of record," finds time to lecture at Harvard's Kennedy School of Government, a state-connected finishing school for top political and military officials. He also holds membership in both the Council on Foreign Relations and the Aspen Strategy Group, think tanks that bring together capitalist politicians, military and intelligence officials and corporate heads to discuss US imperialist strategy.

All of this makes Sanger one of the favorite media conduits for "leaks" and propaganda that the CIA and the Pentagon want put into the public domain.

It is worth contrasting his treatment of the "WannaCrypt" ransomware attack with the way he and the Times dealt with the allegations of Russian hacking in the run-up to and aftermath of the 2016 US presidential election.

There was no question then of an investigation taking months to uncover the culprit, much less any mystery going unsolved. Putin and Russia were declared guilty based upon unsubstantiated allegations and innuendo. Ever since, the Times, serving as the propaganda outlet of the US intelligence services, has given the lead to the rest of the media by endlessly repeating the allegation of Russian state direction of the hacking of the Democratic Party, without bothering to provide any evidence to back up the charge.

Read also: Political Coverup of Iraq Atrocities

With the entire world now under attack from a weapon forged by Washington's cyberwarfare experts, the hysterical allegations of Russian hacking are placed in perspective.

From the beginning, they have been utilized as war propaganda, a means of attempting to promote popular support for US imperialism's steady escalation of military threats and aggression against Russia, the world's second-largest nuclear power.

Since Trump's inauguration, the Democratic Party has only intensified the anti-Russian propaganda. It serves both as a means of pressuring the Trump administration to abandon any turn toward a less aggressive policy toward Moscow, and of smothering the popular opposition to the right-wing and anti-working class policies of the administration under a reactionary and neo-McCarthyite campaign painting Trump as an agent of the Kremlin.

SOURCE www.wsws.org

[May 19, 2017] There are other search engines, browsers, email services besides those operated by the giants. DuckDuckGo, protonmail, and the Opera browser (with free built-in VPN!) work well for me

As soon as DuckDuckGo shows ads and you have Javascript enabled your privacy evaporate the same way it evaporated in Google, unless you use VPN. But even in this case there are ways to "bound" your PC to you via non IP based methods.
May 19, 2017 | www.nakedcapitalism.com

lyman alpha blob , May 19, 2017 at 1:58 pm

There are other search engines, browsers, email services, etc. besides those operated by the giants. DuckDuckGo, protonmail, and the Opera browser (with free built-in VPN!) work well for me.

The problem is, if these other services ever do get popular enough, the tech giants will either block them by getting their stooges appointed to Federal agencies and regulating them out of existence, or buy them.

I've been running from ISP acquisitions for years, as the little guys get bought out I have to find an even littler one.

Luckily I've found a local ISP, GWI, that I've used for years now. They actually came out against the new regulations that would allow them to gather and sell their customers' data. Such anathema will probably wind up with their CEO publicly flayed for going against all that is good and holy according to the Five Horsemen.

[May 17, 2017] How to avoid the WannaCrypt virus if you run Windows XP in VM

May 17, 2017 | www.techconnect.com
WannaCrypt may be exclusively a problem for Windows users, but the worm/virus combination could hit a Mac user with a Boot Camp partition or Windows virtual machines in VMware Fusion, Parallels, or other software. If you fit that bill and haven't booted your Windows system since mid-March or you didn't receive or install Microsoft's vital security update (MS17-010) released at that time, read on.

It's critical that you don't start up a Windows XP or later installation that's unpatched and let it connect to the Internet unless you're absolutely sure you have the SMB file-sharing service disabled or firewall or network-monitoring software installed that will block any attempt from an outside connection.

Also, if you use Windows XP or a few later releases of Windows that are past Microsoft's end of support since mid-March, you wouldn't have received the security updates that Microsoft was reserving only for corporate subscribers until last Friday . At that point, they made these updates generally available. If you booted any of those systems between mid-March and Friday, you're unprotected as well.

If your Mac is on a network that uses NAT and DHCP to provide private IP addresses, which is most home networks and most small-office ones, and your router isn't set up to connect the SMB file service from outside the local private network to your computer (whether Boot Camp or a VM), then the WannaCrypt worm can only attack your system from other computers on the same network. If they're already patched or there are no other Windows instances of any kind, you can boot up the system, disable SMBv1, and apply the patches.

If you don't want to take that chance or you have a system that can be reached from the greater Internet directly through whatever method (a routable IP or router port mapping to your Mac), you should disable networking on your computer before restarting into Boot Camp or launching a VM. This is easy with ethernet, but if you're using Wi-Fi for your Windows instance, you need to unplug your network from the Internet.

After booting, disable SMBv1. This prevents the worm from reaching your computer, no matter where it is. Microsoft offers instructions for Windows 7 and later at this support note . If you have a Windows XP system, the process requires directly editing the registry, and you will want to install firewall software to prevent incoming connections to SMB (port 445) before proceeding. The firewall approach is a good additional method for any Windows instance.

Once you've either disabled SMBv1 or have a firewall in place, you can enable network access and install all the patches required for your release, including MS17-010.

In some cases, you no longer need SMBv1, already known to be problematic, and can leave it disabled. If for legacy reasons you have to re-enable it, make sure you have both networking monitoring and firewall software (separately or a single app) that prevents unwanted and unexpected SMB access.

[May 16, 2017] Ransomware scum have already unleashed kill-switch-free WannaCry pt variant • The Register

Notable quotes:
"... Danish firm Heimdal Security warned on Sunday that the new Uiwix strain doesn't include a kill-switch domain, like the one that proved instrumental in minimising the harm caused by WannaCrypt last week, although this is subject to some dispute. ..."
"... Other researchers, including Kevin Beaumont, are also telling us they haven't yet seen a variant of WannaCrypt without a kill switch. ..."
"... Certainly the NSA should have reported it to Microsoft but they apparently didn't ... ..."
"... Implying that Windows 8, and Windows 10 are better than an unmaintained Windows XP SP3 Installation. Which can still do it's job. Probably better than those other Two numbskull OSs. Assuming Microsoft were kind enough to continue supporting it. But, alas that way only madness lay. As XP does not contain Tracker's, and (Cr)App Stores to take your Moneyz. ..."
"... It's clear the NSA intended to not inform Microsoft at all as this was part or their arsenal, a secret tool on their version of a Bat Belt. We must blame the NSA as they developed it, hoarded it and then lost control of it when it got out. This should be an example of how such organisations should not be using such methods. ..."
"... The NSA found it. Kept it secret, then lost the code due to real humans making mistakes or breaking in who discover a pot of "hacker gold" runnable and mature from the fist double click. ..."
"... In my experience with embedded systems there is nothing particularly fancy about the way the PC talks to the special hardware. There is nothing that says it can't be upgraded to say 32 bit Windows 7 or even rewritten for Linux. Much of the code is written in C or Delphi. It would take a bit of work but not impossible. ..."
"... The problem is that like Microsoft the manufacturers have moved on. They are playing with their next big thing and have forgotten about that old stuff. ..."
"... And in a few years it will all be forgotten. Nachi / Blaster anyone? ..."
"... Patching and AV inevitably often is bolting the stable door after horses gone for the first hit. Yet proper user training and proper IT configuration mitigates against almost all zero day exploits. I struggle to think of any since 1991. ..."
"... Firewalls, routers, internal email servers (block anything doubtful), all superfluous services and applications removed, no adhoc sharing. users not administrators, and PROPER training of users. ..."
"... Went to the doctor's surgery this morning. All the computers were down. I queried if they'd been hit with the malware, but apparently it was as a preventative measure as their main NHS trust has been badly hit, so couldn't bring up any records or even know what the wife's blood test was supposed to be for. Next I'm expecting the wife's hospital appt to be canceled due to the chaos it is causing. ..."
"... The answer is not to avoid Windows. It's for our so-called security agencies to get to understand that they are not supposed to be a dirty tricks department collecting weapons for use against others, but that they are supposed to work on our national security - which includes public and private services and businesses as well as the Civil Service. ..."
"... Windows 10 STILL has SMBv1 needlessly enabled by default. Should either be disabled by default or removed all together. Wonder when someone will find another exploitable weakness. Staying secure means turning off protocols you don't need. ..."
"... Instead of that, criminally stupid idots at NHS IT in the affected trusts as well as other enterprises which were hit: 1. Put these unpatchable and unmaintainable machines in the same flat broadcast domain with desktop equipment. There was no attempt at isolation and segmentation whatsoever. ..."
"... Each of these should be a sackable offense for the IT staff in question. ..."
"... Systems vendors to the NHS are borderline criminal. In pharmacy, there are only 1 of 4 mandated systems vendors you can choose. The 3 desktop based ones have so much legacy crap etc that they still only work on windows 7. They also insist on bundling in a machine to just a stupid high cost to a tech illiterate customer base - generally a cut down crappier version of something you could by uin argos for 300 quid they will charge over a grand for. Their upgrade cycles are a f**king joke and their business model makes their customers very reluctant to do so as they have fork out silly money ..."
"... Firstly, a state actor attack would be far better targeted. Stuxnet, for example, actually checked the serial numbers of the centrifuges it targeted to ensure that it only hit ones created in the right date span to impact only those bought by Iran. The vector on this attack, on the other hand, literally just spammed itself out to every available IP address that had port 445 open. ..."
"... most of the original bits of this were actually quite shittily written. Oh sure, there was a genuine bit of high-tech NSA code in there from the shadow broker leak... but there was also a fair load of primitive crap there too. It's a bit like an 16 year old came into possession of an F-16; it was destructive as hell but he didn't really know how to fly it. ..."
"... there's literally 5 different layers of my SMB's security that blocked this (patching, permissions, firewall, commercial AV, VLANs). And we're not exactly cutting-edge - just running best practice. ..."
"... In short, if this was state-backed, then the state in question would have to be somewhere like Honduras, not one of the big-league infosec powers. ..."
"... I read the Malwaretech log (excellent description of why you'd look for a nonexistent domain to determine if you're sandboxed) and thought: OK, so the virus writer should check a randomly generated domain, instead of a fixed one. That way, they can't all be registered, your virus can't be kill-switched the way this one was, and your virus can still tell if it's being run in a sandbox. ..."
"... the code is not proxy aware and the kill switch would not work in well structured environments where the only access to the net is via a configured non transparent proxy. ..."
"... In this case, knowing there are a number of nation state backed cyber defence teams looking into this... they either a) have balls big enough to need a wheelbarrow and believe that they wont get caught no matter what and cyber defence is really too hard to deliver effectively, regardless of backers. or b) that they are insanely stupid and greedy and are not following the news... ..."
"... Given that the only safe/undetected way of laundering the bitcoins will be to buy drugs or guns or other such illegal goods on the darkweb and then turn that into cash by selling it on then the perps are as you say both greedy and insanely (criminally) stupid. ..."
"... If Microsoft had an update channel for security patches only, not unwanted features and M$'s own brand of malware, people would but alot more inclined to stay up to date. ..."
"... Rumors running around that this is Deep State sponsored coming out of various cliques in intelligence agencies in retaliation for the Vault 7 leaks. ..."
May 16, 2017 | theregister.co.uk
15 May 2017 at 09:42, John Leyden Miscreants have launched a ransomware worm variant that abuses the same vulnerability as ‪the infamous WannaCry‬pt‪ malware .

Danish firm Heimdal Security warned on Sunday that the new Uiwix strain doesn't include a kill-switch domain, like the one that proved instrumental in minimising the harm caused by WannaCrypt last week, although this is subject to some dispute.

"As far as I know there's only been two variants (one this morn) and none without [a kill]switch," security researcher Dave Kennedy told El Reg . Other researchers, including Kevin Beaumont, are also telling us they haven't yet seen a variant of WannaCrypt without a kill switch.

What isn't in question is that follow-up attacks based on something similar to WannaCrypt are likely and that systems therefore really need protecting. Black hats might well create a worm that attacks the same Windows vulnerability more stealthily to install a backdoor on the many vulnerable systems still out there, for example.

The WannaCrypt ransomware spread to devastating effect last week using worm -like capabilities that relied on a recently patched vulnerability in Microsoft's SMB file-sharing services (MS17-010). WannaCrypt used a purloined EternalBlue exploit originally developed by the US National Security Agency before it was leaked by the Shadow Brokers last month.

WannaCrypt's victims included the National Health Service, Spain's Telef๓nica and numerous other organisations across the world. A techie at Telef๓nica confirmed that the initial infection vector was a phishing email . The scale of the attack prompted Microsoft to take the highly unusual step of releasing patches for unsupported operating systems , including Windows XP. ฎ

Re: Inevitable

Don't blame the NSA - anyone could have discovered this issue and weaponized it. Certainly the NSA should have reported it to Microsoft but they apparently didn't ... who knows.

The real issue here is that Microsoft stopped has patching XP and Vista systems in an attempt to force users to upgrade -- that's where the real money is in these vulnerabilities. So who's going to make out like a bandit from WannaCry et al? Expect Microsoft Win 10 share to increase over the next few months - they are the real winners here.

Mage

Re: The real issue here is that Microsoft stopped has patching XP

Actually technically they haven't stopped. (Vista yes).

BUT THE PATCHING IS NEARLY IRRELEVANT!

Like most other spam borne "attacks" this would be totally mitigated by

1) User training and common sense.

2) Better configured systems.

XP use by NHS is a red herring.

Even if EVERYONE used Linux* and it was updated daily, it will NOT stop this until the USERs are better trained and use email properly.

[*Because all the spam based attacks would be aimed at Linux]

Ken Hagan

Re: Inevitable

"Because the likes of the FSB & PLA must be too stupid to have also discovered these types of vulnerabilities."

If they knew about them, they didn't do a very good job of protecting their own gear from them.

M.
Re: Inevitable

Your Comment: "Yes, the NSA is criminal for making these immoral and unlawful cyber weapons..."

Unlawful? By what law, specifically? (NOTE: Title 10 and Title 50 authorities directly - and legally - trump certain US laws.) As an analogy - It's not "illegal" for a policeman to speed to catch up to a criminal. It's not "illegal" for the NSA to create tools to compromise computers.

You can argue all day as to whether it is illegal to DEPLOY tools, once created, against CERTAIN computers, but I don't think you have a leg to stand on calling the fact that NSA *creates* such a tool - if they even did create one themselves - in any way an illegal act.

Michael Habel
Re: Inevitable

Implying that Windows 8, and Windows 10 are better than an unmaintained Windows XP SP3 Installation. Which can still do it's job. Probably better than those other Two numbskull OSs. Assuming Microsoft were kind enough to continue supporting it. But, alas that way only madness lay. As XP does not contain Tracker's, and (Cr)App Stores to take your Moneyz.

DuncanLarge
Re: Inevitable

"Don't blame the NSA - anyone could have discovered this issue and weaponized it. Certainly the NSA should have reported it to Microsoft but they apparently didn't ... who knows."

It's clear the NSA intended to not inform Microsoft at all as this was part or their arsenal, a secret tool on their version of a Bat Belt. We must blame the NSA as they developed it, hoarded it and then lost control of it when it got out. This should be an example of how such organisations should not be using such methods.

The only way Microsoft knew about this and patched this was because the NSA lost control of the code to ShadowBrokers who then reported it to Microsoft giving them enough time to roll out a patch before a public release.

As you correctly say, anyone could have developed code that exploits the flaw. But who detected that flaw first? So who should have the social responsibility to improve the "cyber" defense of at least their own nation by disclosing such a flaw?

The NSA found it. Kept it secret, then lost the code due to real humans making mistakes or breaking in who discover a pot of "hacker gold" runnable and mature from the fist double click.

For this very reason Apple, correctly, refused to create a version of iOS that could be installed on an iphone to weaken the pin entry screen to allow the FBI entry. Apple knew they could not simply trust that this hacked version of iOS could be kept under control.

inmypjs
Re: Inevitable

"blaming a commercial company for not patching a 13 year"

I think blaming and criticising a company that sold you buggy vulnerable crap and refuses to fix bugs because someone else didn't find and advise them of them soon enough is entirely justified.

I have some compilers from a company with a policy that finding a bug in an obsolete unsupported version of the compiler entitles you to a free upgrade to a current supported version. That would be the policy of a decent company (which Microsoft clearly isn't). Of course Microsoft's current supported version being a piece of shit that no one wants would stymie such a policy.

Wayland
Re: So you're blaming a commercial company for not patching a 13 year old OS?

In my experience with embedded systems there is nothing particularly fancy about the way the PC talks to the special hardware. There is nothing that says it can't be upgraded to say 32 bit Windows 7 or even rewritten for Linux. Much of the code is written in C or Delphi. It would take a bit of work but not impossible.

The problem is that like Microsoft the manufacturers have moved on. They are playing with their next big thing and have forgotten about that old stuff.

What is needed is a commitment from the manufacturers to either support the gear for 30 years or share the code and the schematics. Obviously a consideration would be required from the buyer, I don't see why they should do that for free.

The easiest thing would be to keep XP going and Microsoft will do that if you pay them. The next thing would be to fit each XP system with a hardware firewall. Don't expect XP to protect itself, put a packet sniffing firewall in between.

Dr Who
You could look at an event such as that of the last few days as the Internet's version of a wildfire. In the short run some damage is done but in the long run the fire's job is to clear out dead wood and enable the regrowth of a stronger, healthier ecosystem. Short term pain for long term gain.
Lost all faith...
And in a few years it will all be forgotten. Nachi / Blaster anyone?
katrinab
Not really.

"We've installed the MS security patch, we've restored from back-up. Everything's OK now".

Papworth NHS Trust has had something like 16 of these ransomware attacks in the last 12 months, and hasn't done anything. It is going to take a lot more than this to change management attitudes.

Mage
Internet's version of a wildfire.

No, because very few organisations and users will learn the real lessons.

Patching and AV inevitably often is bolting the stable door after horses gone for the first hit. Yet proper user training and proper IT configuration mitigates against almost all zero day exploits. I struggle to think of any since 1991.

Firewalls, routers, internal email servers (block anything doubtful), all superfluous services and applications removed, no adhoc sharing. users not administrators, and PROPER training of users.

Anonymous Coward

I wish! The idiots who think it's fine to run XP are paid ten times more than me and they'll still be in the same role this time next year. They'll be no getting rid of dead wood, just more winging it and forcing underpaid Techies to work more weekends after more screw ups.

Stuart 22
Is it just me?

Its surely incredible that a lone pizza stuffed actor could get immediate access to the worm and spend a night before he spotted the 'call home' vector? Is that really that hard? And beat the best resourced detection agencies worldwide?

Surely every IT detective agency including GCHQ would have sandboxed it on first sight, thrown their best at it if only to beat their friends across the pond, to save Jeremy Hunt & Mother Theresa's bacon just ahead of a new funding opportunity (aka new government).

It all smells not only of pizza but planted news. And if it is genuine what on earth are we paying this organisation and every anti-virus firm for?

Andy Non
Re: Experts all giving advice how how to stay secure

Went to the doctor's surgery this morning. All the computers were down. I queried if they'd been hit with the malware, but apparently it was as a preventative measure as their main NHS trust has been badly hit, so couldn't bring up any records or even know what the wife's blood test was supposed to be for. Next I'm expecting the wife's hospital appt to be canceled due to the chaos it is causing.

I wonder if we can get a go-fund-me page set up to hire someone to track down this hacker scum and take out a hit on them? A bullet to the brain may give other scumbags something to think about.

Voyna i Mor
Re: Experts all giving advice how how to stay secure

The answer is not to avoid Windows. It's for our so-called security agencies to get to understand that they are not supposed to be a dirty tricks department collecting weapons for use against others, but that they are supposed to work on our national security - which includes public and private services and businesses as well as the Civil Service.

The fact that May and Rudd seem totally unable to get what could go wrong post-Snowden suggests that when one of them became PM, a school somewhere missed the bullet of a particularly anal retentive geography teacher.

Anonymous Coward

Re: Experts all giving advice how how to stay secure

Actually Windows 10 was affected, but because it patches more aggressively the March fix was already applied to must unless they had different WSUS settings in a business/edu environment.

Ferry Michael
Re: Experts all giving advice how how to stay secure

Windows 10 STILL has SMBv1 needlessly enabled by default. Should either be disabled by default or removed all together. Wonder when someone will find another exploitable weakness. Staying secure means turning off protocols you don't need.

I have a dual boot laptop that has not booted to Windows since before March - I need to review what services it has enabled to make it a bit more secure before I connect it to the Internet to download latest patches.

Patching and anti-virus software take time to apply after a vulnerability has been discovered. That can be too late.

roblightbody
Re: Experts all giving advice how how to stay secure

From https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

"Customers running Windows 10 were not targeted by the attack today."

Voland's right hand
Re: Experts all giving advice how how to stay secure

Some people do not have any choice. When the X-ray machines in the affected hospital trusts were bought using Windows XP (or even 2001) imaging software, that was state of the art. The issue is that the life of a piece of equipment like this vastly exceeds the lifespan of the OS that was used for the control system. On top of that, quite often these cannot be patched as the software is written so badly that it will work only with a specific patch-level of the core OS.

That CAN and SHOULD be mitigated by:

0. Considering each and every one of those a Typhoid Mary in potentia

2. Preventing any communication except essential management and authentication/authorization going out

3. Providing a single controlled channel to ship out results to a location which we CAN maintain and keep up to date.

Instead of that, criminally stupid idots at NHS IT in the affected trusts as well as other enterprises which were hit:

1. Put these unpatchable and unmaintainable machines in the same flat broadcast domain with desktop equipment. There was no attempt at isolation and segmentation whatsoever.

2. In some cases allowed use of unrelated desktop applications (at ridiculously ancient patch-levels) such as Outlook or even Outlook Express.

3. Opened file sharing on the machines in question.

Each of these should be a sackable offense for the IT staff in question.

mcpharm
Re: Experts all giving advice how how to stay secure

It's more than incompetent IT people and way worse and virtually impossible to fix.

There is a lot of niche or specialist custom software used in the nhs that can only work on XP and ie 6 period. Most of the people who wrote are dead or retired etc

Systems vendors to the NHS are borderline criminal. In pharmacy, there are only 1 of 4 mandated systems vendors you can choose. The 3 desktop based ones have so much legacy crap etc that they still only work on windows 7. They also insist on bundling in a machine to just a stupid high cost to a tech illiterate customer base - generally a cut down crappier version of something you could by uin argos for 300 quid they will charge over a grand for. Their upgrade cycles are a f**king joke and their business model makes their customers very reluctant to do so as they have fork out silly money

for a new shit machine just cos their vendors tells they have to .. our superdupa crap shit fuck software will only work on a machine we provide. Emis/proscript have alot to answer for ..

Lots of the staff and their employers are basically proud of being a digital numbskull. "I am healthcare professional, why should i have to know anything about this" and the drones are so poorly paid / bitched at incessantly about everything they just have an" i dunno i just work here, that's not my job attitude" I have to screenshare to train people how to use our websites .. this means i have to get them stick a url into their browser, that's it ... you have no idea how many can't do that .. then get all offended when i ask them what browser they are using .. "i don;t know, why should i know that, i just use google" is always the response .. when half the nhs work force doesn't know what a f**king browser is and peversely proud of the fact they can't type a url into a brower address bar, how on earth are we ever going to hav any sunnvbnf0ijgogjrnb;vzjnav;kjnnf;kqgfnjv;jnf;jjvn;w

Data Security has turned into one of these tick box things, everyone has dire warning, you will be fined loads of money for doing something wrong that you don't understand and actively don't want to understand so no one gives a f**k as long as they can say they ticked the right boxes.

Anonymous Coward

A dish best served cold

Now, I would *hate* to start an internet rumour... but didn't the USA promise a retaliation? :-)

Yupp, there was some collateral damage amongst their allies, but thats the new normal.

Anon because I might be right ;-)

Naselus
Re: A dish best served cold

"Anon because I might be right"

You aren't.

Firstly, a state actor attack would be far better targeted. Stuxnet, for example, actually checked the serial numbers of the centrifuges it targeted to ensure that it only hit ones created in the right date span to impact only those bought by Iran. The vector on this attack, on the other hand, literally just spammed itself out to every available IP address that had port 445 open.

Second, US retaliation would almost certainly involve using a few zero-days. If you want to prove that you have vastly more power than your opponent, then you want to do something that literally resembles friggin' magic from his point of view. You want to show him that he can do nothing whatsoever to defend his critical infrastructure from your attacks. This did not; nothing in this hadn't already been discovered and patched. If the best thing the US can throw at Russia could be taken out by just switching on your WSUS server in the past three months, then there's no point even doing it because it would make them look weak, not strong.

Thirdly, and most importantly, most of the original bits of this were actually quite shittily written. Oh sure, there was a genuine bit of high-tech NSA code in there from the shadow broker leak... but there was also a fair load of primitive crap there too. It's a bit like an 16 year old came into possession of an F-16; it was destructive as hell but he didn't really know how to fly it.

I've just finished in a webinar on the incident, and there's literally 5 different layers of my SMB's security that blocked this (patching, permissions, firewall, commercial AV, VLANs). And we're not exactly cutting-edge - just running best practice.

In short, if this was state-backed, then the state in question would have to be somewhere like Honduras, not one of the big-league infosec powers.

Anonymous Coward

On the topic of NSA exploits being used by WannaCry, was the DOUBLEPULSAR exploit patched with MS17-010?

Commswonk
I can't help thinking that announcing the discovery of the kill switch might not have been a good idea.

And you should see the number of downvotes I got in another thread for suggesting exactly that.

Another commentator stated (if I understood him correctly) that the "public announcement" was more or less irrelevant because security experts' chatter on blogs would have given the game away anyway.

In turn that made me think along the lines of " FFS what sort of security experts swap notes on blogs that may be / almost certainly are open to being read by the hackers "

I think I despair... if the above is true then there is simply no hope.

Norman Nescio
Possibly not an intentional kill switch

As the Malwaretech blog entry here:

https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html

points out, it was quite possibly not an intentional kill switch.

Some malware probes for the existence of a selection of randomly generated domains. Some sandbox VMs respond to all DNS lookups by providing back the IP address of the sandbox VM instance. If the malware sees a positive response to the DNS lookups (which should fail), then the logic is that it is probably running in a sandbox VM, which may well be being used to analyse/investigate the malware, so the malware stops running.

The single lookup of the unusual domain name was possibly a poor implementation of this technique.

Alternatively, it is an intentional kill switch, used during development, with a local DNS server on the malware developer's LAN, the function of which was to prevent infection of other devices on the same LAN. If anyone keeps records of DNS lookups, it might be interesting to see where the first lookups came from.

Bill Gray
Re: Possibly not an intentional kill switch

@Norman Nescio : "...The single lookup of the unusual domain name was possibly a poor implementation of this [sandbox detection] technique."

I read the Malwaretech log (excellent description of why you'd look for a nonexistent domain to determine if you're sandboxed) and thought: OK, so the virus writer should check a randomly generated domain, instead of a fixed one. That way, they can't all be registered, your virus can't be kill-switched the way this one was, and your virus can still tell if it's being run in a sandbox.

Except the folks creating sandboxes might take the precaution of checking the domain. Instead of returning a valid result for any garbage domain, check to see if it's been registered first. Suddenly, the virus can no longer tell that it's running in a sandbox.

Except then, the virus author checks four or five valid domains; if they all return identical results, you know you're running in a sandbox. (Reading further, I see that this method is actually used in some cases.)

Except that _then_, the sandbox authors do some revisions so that seemingly accurate results are returned that are actually remapped by the sandbox code.

This is all outside my area of expertise. Still, I could see a nearly endless cycle of fix/counter-fix going on here.

Blotto
Ransome code is not proxy aware, kill switch won't work in most enterprises.

the code is not proxy aware and the kill switch would not work in well structured environments where the only access to the net is via a configured non transparent proxy.

Enterprises will need to think a bit harder about how they ensure the kill switch is effective this time. The miscreants wont make this same mistake next time.

Talking about the kill switch is good, wouldn't have taken the miscreants long to work out something was not right anyway.

Anonymous Coward

What is the motivation here? Is all it seems to be...

<Black Helicopter Icon>

Ransomware usually works on a relatively widespread basis but usually SMB, and domestic users. Big organisations and governments, generally are defended (although clearly some well publicised exceptions)

The beneficiaries are usually relatively safe as law enforcement cannot usually be bothered to investigate and the cash rolls in for the most desperate victims.

In this case, knowing there are a number of nation state backed cyber defence teams looking into this... they either a) have balls big enough to need a wheelbarrow and believe that they wont get caught no matter what and cyber defence is really too hard to deliver effectively, regardless of backers. or b) that they are insanely stupid and greedy and are not following the news...

Or is this already a state backed exercise from somewhere and is simply a global experiment at our expense? The fact the original flaw was used by the NSA is not really relevant, it simply got it publicity but was clearly available for a long time.

Anonymous Coward

Re: What is the motivation here? Is all it seems to be...

Given that the only safe/undetected way of laundering the bitcoins will be to buy drugs or guns or other such illegal goods on the darkweb and then turn that into cash by selling it on then the perps are as you say both greedy and insanely (criminally) stupid. No doubt they'll have their comeuppance shortly - without being "caught" by any nation state backed cyber defense team - probably up some dark alley being stiffed by gangbangers.

Probably just some kid :-(

gerritv
The warning was there in Sep 2016!!

We were told to stop using SMB v1 in Sep 2016. The only reason to keep it enabled is to use it with XP!

https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/

IanMoore33
MS should hire the NSA hackers

maybe they can teach them something about software

Anonymous Coward

In light of this threat I just got around to patching a somewhat neglected Windows 7 PC. And now it's got a message from Microsoft (falsely) saying it's not genuine. It may not be registered but it's certainly a legitimately purchased copy. So far it's just a tiny message in the corner of the screen but who knows what else it'll do. I don't have time for this. Guess I'll roll back the update and take my chances.

This bullshit is what I blame more than anything, even the NSA, for outbreaks like this. If Microsoft had an update channel for security patches only, not unwanted features and M$'s own brand of malware, people would but alot more inclined to stay up to date.

Anonymous Coward

The goal here was 2 fold.

1. Hurt Russia.

2. Hurt NSA credibility.

Everything else is gravy for the attackers. Rumors running around that this is Deep State sponsored coming out of various cliques in intelligence agencies in retaliation for the Vault 7 leaks.

Lion
Peer creds

The scum are obviously in hiding - either on a luxury yacht on the Black Sea or in a basement somewhere. I'd hazard a guess it is the latter. There must be other scum in the same racket who know who the are. I wonder if they have earned any street creds for what they did?

Their reward beyond the $30K they collected will be prison (blackmail and extortion are felonies).

John Smith 19
So the haul from this little operation is currently what $60K?

V. Poor criminal work. Extortion technique needs more work. Clean up costs have probably been in the $m.

Jim Birch
Re: So the haul from this little operation is currently what $60K?

This is a fairly typical ratio of realized proceeds of crime to cost of crime and prevention measures. The economic case for crime reduction is overwhelming. But it's easier said than done. People are creative, even (especially?) criminals.

truloxmyth
Its a sign of the times that no government is actually interested in Universal security, for the greater good of human kind. We're at a point where everything is now based online, and everyone in the world is connected.

The internet has removed the idea of 'borders' in the traditional sense!! I don't have to get on a plane to Italy, to see Italy. I can log onto remote cameras and a host of other online services, which mean I can be in the country without having to physically be in the country!

The NSA wasn't even bothered about protecting their own country... They didn't release this data, to allow the problem to be solved. If I were American I would be Pissed that my own government has been complicit in this entire debacle by keeping this quiet, and didn't release the information to the wider security community when they found the holes!!

If your doctor found you had terminal cancer, but they had a product that would guaranteed slowing of the cancer or entire removal of the disease then you would expect them to tell you wouldn't you?! But when the shady NSA finds a potentially life threatening exploit, they keep it to themselves?!... the middle letter of NSA stands for SECURITY for effs sake!!

There is no such thing as trust anymore between so called 'allies' as the NSA has just proved. It has also proved that life is worthless to them. This is clearly due to their inability to see the bigger picture of what they have A. Created, and B. Allowed to be released into the wild!!

Yes someone in their bedroom could have found the exploit, but that's a bedroom hacker/cracker. But you put pretty much unlimited resources and man power behind a department, then they are clearly going to come up with the exploit a billion times faster than a sole agent. Or even a collective of agents separated over the globe.

So all this stupidity that the NSA shouldn't be held accountable should be rethought. Because they CLEARLY are at fault here, for NOT DISCLOSING THE INFORMATION LAST YEAR!!!

[May 15, 2017] In the Wake Of Ransomware Attacks, Should Tech Companies Change Policies To Support Older OSs Indefinitely

Notable quotes:
"... At a minimum, Microsoft clearly should have provided the critical update in March to all its users, not just those paying extra. Indeed, " pay extra money to us or we will withhold critical security updates " can be seen as its own form of ransomware. ..."
"... This attack happened because the US Government didn't do it's job. It's primary task is national defense. It kept a vulnerability to itself to attack foreigners instead of protecting it's own infrastructure, businesses and individuals. The government had these tools taken and passed around for everyone to use. And crap like this is why governments can never be allowed to have backdoors. The secrets will always get out. Everyone is vulnerable. ..."
"... There are more than enough XP users in the world for Microsoft to dedicate resources and turn a profit supporting it. Arbitrary sunset dates disconnected from reality of who is still using software amount to nothing more than sales tools intended to extort upgrade revenue.... buy this or get owned. ..."
"... I personally don't believe vendors should be allowed to walk away from safety defects in products in order to make money on upgrades. Buffer overflows are entirely preventable classes of software failures. It is a tractable problem to solve. That it may not be in the case of XP isn't the end users problem. ..."
"... XP was far easier to lock down and fully secure than 8 or 10 with that bullshit telemetry, and it had far fewer hardware restrictions. It is smaller and faster and more capable at most of my tasks than most modern systems (example: I use ManyCam 3.0.80 - 2000/XP-Era multi-cam software. Runs like a champ on XP with 4 webcams, I go 7 [Ultimate] or higher, I can no longer use more than 2 webcams despite the software having the ability to access them and me having more than enough USB bandwidth for the uncompressed video streams.) ..."
"... Most real IT pros know that XP was far superior to the locked-down and (quite often) over-optimized (as in the optimizations go so far as to make the code more complex and actually runs slower due to shit like cache misses and what not) bullshit that is anything after Windows 7. ..."
"... Forever support isn't reasonable, but at the same time vendors using security update channels to push unwanted upgrades for the benefit of the vendor is equally bad. ..."
"... They already exist. They're called routers. Network routers can be configured to provide great deal of protection to machines that are older and cannot be patched. Many contain firewall software. Even simple ones can be configured to block traffic on vulnerable ports. ..."
"... Abandoning Operating Systems is a cruel trick played by vendors who want the new revenue from upgrades...no matter what the cost in lost-business, learning-curves, and incompatibilities with existing practices may be to the customers.. Spending money on maintaining the security (even excluding features) of superceded products distracts from development of improved products, and is not in the vendors' self-interest. ..."
"... do those devices NEED internet connection? serious question as i don't know. if not, no problem ..."
"... Bad car analogy. Firstly many old cars are banned from using critical infrastructure like highways (or in some cases any roads) for their obvious threat to third parties and their owners. ..."
www.theserverside.com

In the aftermath of ransomware spread over the weekend, Zeynep Tufekci, an associate professor at the School of Information and Library Science at the University of North Carolina, writes an opinion piece for The New York Times:

At a minimum, Microsoft clearly should have provided the critical update in March to all its users, not just those paying extra. Indeed, "pay extra money to us or we will withhold critical security updates" can be seen as its own form of ransomware.

In its defense, Microsoft probably could point out that its operating systems have come a long way in security since Windows XP, and it has spent a lot of money updating old software, even above industry norms.

However, industry norms are lousy to horrible, and it is reasonable to expect a company with a dominant market position, that made so much money selling software that runs critical infrastructure, to do more.

Microsoft supported Windows XP for over a decade before finally putting it to sleep.

In the wake of ransomware attacks, it stepped forward to release a patch -- a move that has been lauded by columnists. That said, do you folks think it should continue to push security updates to older operating systems as well?

acoustix ( 123925 ) on Monday May 15, 2017 @01:01PM (#54419597)

Wrong Approach (Score:2)

This attack happened because the US Government didn't do it's job. It's primary task is national defense. It kept a vulnerability to itself to attack foreigners instead of protecting it's own infrastructure, businesses and individuals. The government had these tools taken and passed around for everyone to use. And crap like this is why governments can never be allowed to have backdoors. The secrets will always get out. Everyone is vulnerable.

WaffleMonster ( 969671 ) on Monday May 15, 2017 @12:09PM (#54419177)

Artificial scarcity (Score:2)

There are more than enough XP users in the world for Microsoft to dedicate resources and turn a profit supporting it. Arbitrary sunset dates disconnected from reality of who is still using software amount to nothing more than sales tools intended to extort upgrade revenue.... buy this or get owned.

I personally don't believe vendors should be allowed to walk away from safety defects in products in order to make money on upgrades. Buffer overflows are entirely preventable classes of software failures. It is a tractable problem to solve. That it may not be in the case of XP isn't the end users problem.

jrifkin ( 100192 ) on Monday May 15, 2017 @11:55AM (#54419015)

Yes. It's like vaccinations (Score:2)

If the number of older systems is large enough, then Yes, Microsoft should release patches for them.

They should do this for two reasons:

1) Reducing the number of infected systems helps protect others from infections

2) It protects the innocent, like those whose Medical Care was interrupted in the UK, from collateral damage.

Who pays for it? Microsoft. They have benefited from the sale of all those systems, and certainly have enough cash to divert some to supported old but prevalent systems. Also, the fact that people still use MS systems, even if they're old, benefits MS in some way by helping them maintain market share (and "mindshare"). Odds are that these systems will eventually be replaced by more MS systems, representing future revenue for MS.

Khyber ( 864651 ) <techkitsune@gmail.com> on Monday May 15, 2017 @11:50AM (#54418981) Homepage Journal

Re: Silly idea (Score:2)

"I think there is clearly one party at fault, and it is IT."

Why so? XP was far easier to lock down and fully secure than 8 or 10 with that bullshit telemetry, and it had far fewer hardware restrictions. It is smaller and faster and more capable at most of my tasks than most modern systems (example: I use ManyCam 3.0.80 - 2000/XP-Era multi-cam software. Runs like a champ on XP with 4 webcams, I go 7 [Ultimate] or higher, I can no longer use more than 2 webcams despite the software having the ability to access them and me having more than enough USB bandwidth for the uncompressed video streams.)

Most real IT pros know that XP was far superior to the locked-down and (quite often) over-optimized (as in the optimizations go so far as to make the code more complex and actually runs slower due to shit like cache misses and what not) bullshit that is anything after Windows 7.

swb ( 14022 ) on Monday May 15, 2017 @12:20PM (#54419293)

It's an existential problem (Score:2)

Forever support isn't reasonable, but at the same time vendors using security update channels to push unwanted upgrades for the benefit of the vendor is equally bad.

My guess is that we're going to be getting to the end of the road of the "nasty, brutish and short" state of nature in the software industry and start seeing more regulations.

Vendors will be able to EOL their products, but will also have to supply security updates for N years after the product is officially ended. Vendors will be required to maintain a security update channel which may not be used for pushing upgrades or unrequested new products.

An interesting solution would be to let vendors "expire" a version by inserting a patch that boots the OS at a warning page requiring a firm verbal commitment ("I agree this is obsolete") before booting any further. Vendors would be REQUIRED to do this for operating systems they had obsoleted but only after their N years of post-EOL support had ended.

This way, nobody escapes the product being EOL. Customers can still use it, but must affirmatively acknowledge it is obsolete. Vendors are required to keep supporting it for a really long time after official EOL, but they can kill it more completely but only after the EOL support period.

Anonymous Coward on Monday May 15, 2017 @10:44AM (#54418429)

No (Score:5, Insightful)

No. You can't support legacy software forever. If your customers choose to stay with it past it's notified EOL then they are SOL. Any company using XP that got hit by this can only blame themselves.

jellomizer ( 103300 ) on Monday May 15, 2017 @10:48AM (#54418451)

Re:No (Score:4, Insightful)

I will need to agree with conditions. If the Tech company is selling service contracts for that product, they will need to update it. However like XP and older, where the company isn't selling support, and had let everyone know that it off service, they shouldn't need to keep it updated. Otherwise I am still waiting for my MS DOS 6 patch as it is still vulnerable to the stoner virus.

AmiMoJo ( 196126 ) <mojo AT world3 DOT net> on Monday May 15, 2017 @12:11PM (#54419217) Homepage Journal

Re:No (Score:4, Insightful)

The people providing support should be the ones making MRI scanners, ATMs and other expensive equipment that only works with XP. Even when XP was brand new, did they really expect those machines to only have a lifetime of around 10 years? Microsoft was clear about how long support was going to be provided for.

It seems that people are only just waking up to the fact that these machines have software and it needs on-going maintenance. The next decade or two will be littered with software bricked but mechanically sound hardware, everything from IoT lightbulbs to multi-million Euro medical equipment.

In fact it's already happening. You can buy DNA sequencers on eBay, less than a decade old and original price $500,000, now barely worth the shipping because the manufacturer abandoned support.

number6x ( 626555 ) on Monday May 15, 2017 @12:18PM (#54419269)

They already exist (Score:4, Insightful)

They already exist. They're called routers. Network routers can be configured to provide great deal of protection to machines that are older and cannot be patched. Many contain firewall software. Even simple ones can be configured to block traffic on vulnerable ports.

In this case, a router could be configured to keep the SMB port (445) blocked. A router, with updated software, and a firewall gateway can help protect even older devices with embedded code that may no longer be supported.

Of course, it goes to say, that you must keep the router's software updated and not use default credentials on the router.

The NHS decided to not upgrade many old systems because the threat was deemed minimal. Offices were urged to upgrade but funds were not made available and infrastructure budgets were cut again and again. Multiple bad decisions led to this result.

Many things could have prevented it. Better funding, better threat assessment, the NSA informing Microsoft of the vulnerability so it could have been patched years ago, and on and on...

In the end we are here, and hopefully threats will be re-prioritized and better protections will be put in place in the future (I could not keep a straight face while typing that and finally burst out laughing).

bugs2squash ( 1132591 ) on Monday May 15, 2017 @10:45AM (#54418433)

Don't be silly (Score:2)

this did not need to be fixed with an OS patch, it could have been prevented with better network security policies. I would be surprised if someone hadn't said something about addressing the vulnerability earlier but probably got ignored because of some budgetary issue.

It would be more reasonable to call for continued money to be made available to address these vulnerabilities after a system has gone into production and a move to use more open source solutions where users can share patches.

CAOgdin ( 984672 ) on Monday May 15, 2017 @11:07AM (#54418613)

I recommend a Subscription model... (Score:3)

Abandoning Operating Systems is a cruel trick played by vendors who want the new revenue from upgrades...no matter what the cost in lost-business, learning-curves, and incompatibilities with existing practices may be to the customers.. Spending money on maintaining the security (even excluding features) of superceded products distracts from development of improved products, and is not in the vendors' self-interest.

Given that a new Operating system (retail) is in the $100-$150 range, I'd propose "Life Extension" service subscription, solely for security updates in the $30-35/year range...with a required minimum of 10,000 customers to keep maintaining the service. That provides enough revenue ($1,000,000+ per annum) to support a small, dedicated staff.

Frankly, there's no reason that a M$ couldn't engage in a Joint Venture with a small qualified, independent security firm to provide the service, with special access to proprietary information within the O.S. vendor.

It would be an investment in the rehabilitation of the O.S. vendors' reputation, because M$ has gotten quite high-handed in recent years, dictating (or even forcing) software on unwilling customers.who have existing businesses to run.

ToTheStars ( 4807725 ) on Monday May 15, 2017 @11:29AM (#54418801)

What if we tied support to copyright? (Score:5, Interesting)

Slashdot generally doesn't like ludicrously-long copyright terms, right? What if we made maintenance a requirement for retaining copyright over software? If Microsoft (or whoever) wants to retain a copyright on their software for 70 years, then they'd better be prepared to commit to 70 years of support. If they want to EOL it after 5 years or 20 years or whatever, and wash their hands of responsibility, that's fine, but then it's public domain. Why should we let companies benefit from software they don't support anymore?

This could also work for art works, as well -- because copyright exists "To promote the Progress of Science and useful Arts," we could make it a requirement that an author (or company, or whatever) needs to be distributing (or licensing for distribution) a work to have copyright on it. When it's out of print, it enters the public domain.

Hartree ( 191324 ) on Monday May 15, 2017 @11:07AM (#54418625)

Yes, because WinXP was never killed off. (Score:2)

It also lives on in many scientific instruments. An old mass spec that runs XP (or even older. I regularly maintain X Ray diffraction machines that still run DOS) usually can still do the day to day job just fine. The software usually hasn't been supported for many years and won't run on anything newer. But replacing the instrument could cost a large amount of money (250K or up in many cases).

Research budgets aren't growing and I work for a university in a state that can't pass a budget. We just don't have the money to throw out older systems that work well just because the software is outdated. We just take them off the network and use other means to get the data transferred off of them.

ganjadude ( 952775 ) on Monday May 15, 2017 @11:37AM (#54418873) Homepage

Yes, because WinXP was never killed off. (Score:2)

do those devices NEED internet connection? serious question as i don't know. if not, no problems

DontBeAMoran ( 4843879 ) on Monday May 15, 2017 @11:22AM (#54418727)

Re:Bitcoin is the problem (Score:2)

Because ransomware did not exist before Bitcoin. :rolleyes:

jellomizer ( 103300 ) on Monday May 15, 2017 @11:12AM (#54418661)

Re:Silly idea (Score:2)

What happens if a still used software isn't owned by anyone any more. The Company is out of business, There is no source code available. There is a point where the end user has some responsibility to update their system. Like the Model-T they may still keep it, and use it for a hobby, but knowing full well if you take it on the Highway and get in an accident you are probably going to get killed.

thegarbz ( 1787294 ) on Monday May 15, 2017 @12:08PM (#54419169)

Re:Silly idea (Score:3)

Bad car analogy. Firstly many old cars are banned from using critical infrastructure like highways (or in some cases any roads) for their obvious threat to third parties and their owners.

Also this isn't hobbies we're talking about. No one gives a crap if someone's Model T toy breaks down, just like no one will cry about the Windows XP virtual machine I play with at home.

The only complaints are against critical services, internet connected machines that operate and provide livelihoods for the owners. If the software isn't owned by anyone, ... well I'm sure the owner provided an unbiased risk assessment as to whether they should migrate to something that is supported by someone right? Didn't think so.

The end user has 100% of the responsibility, and dollars don't change that.

[May 15, 2017] Further Analysis of WannaCry Ransomware McAfee Blogs

May 15, 2017 | securingtomorrow.mcafee.com

WannaCry offers free decryption for some random number of files in the folder C:\Intel\<random folder name>\f.wnry. We have seen 10 files decrypted for free.

In the first step, the malware checks the header of each encrypted file. Once successful, it calls the decryption routine, and decrypts all the files listed in C:\Intel\<random folder name>\ f.wnry.

A code snippet of the header check:

The format of the encrypted file:

To decrypt all the files on an infected machine we need the file 00000000.dky, which contains the decryption keys. The decryption routine for the key and original file follows:

Bitcoin activity

WannaCry uses three Bitcoin wallets to receive payments from its victims. Looking at the payment activity for these wallets gives us an idea of how much money the attackers have made.

The current statistics as of May 13 show that not many people have paid to recover their files:

The attackers appear to have earned a little over BTC 15.44 (US$27,724.22). That is not much considering the number of infected machines, but these numbers are increasing and might become much higher in the next few days. It's possible that the sink holing of two sites may have helped slow things down:

Multiple organizations across more than 90 countries have been impacted, according to reports.

We will update this blog as we learn more.

[May 14, 2017] Cyber-attack could escalate as working week begins, experts warn by Robert Booth

May 14, 2017 | www.theguardian.com

"Cyber criminals may believe they are anonymous but we will use all the tools at our disposal to bring them to justice," said Oliver Gower from the National Crime Agency.

A computer security expert credited with stopping the spread of the ransomware on Saturday by activating a digital "kill switch" warned on Sunday that a fresh attack was likely.

The expert, known only as MalwareTech on Twitter, said hackers could upgrade the virus. "Version 1 of WannaCrypt was stoppable but version 2.0 will likely remove the flaw," he said on Twitter . "You're only safe if you patch ASAP."

On Sunday, Microsoft issued a security bulletin marked "critical" including security updates that it said "resolves vulnerabilities in Microsoft Windows".

It emerged over the weekend that NHS Digital last month emailed 10,000 individuals in NHS organisations warning them to protect themselves against the specific threat of ransomware and included a software patch to block such hacks on the majority of systems. However, it would not work with outdated Windows XP systems that still run on about 5% of NHS devices.

NHS Digital said it did not yet know how many organisations installed the update and this would be revealed in a later analysis of the incident.

... ... ...

Amber Rudd, the home secretary, who is leading the response to the attack, said the same day: "I don't think it's to do with ... preparedness. There's always more we can all do to make sure we're secure against viruses, but I think there have already been good preparations in place by the NHS to make sure they were ready for this sort of attack."

[May 14, 2017] PC repair chap lets tech support scammer log on to his PC. His Linux PC • The Register Forums

May 14, 2017 | theregister.co.uk

Why look at that! Friday is upon us, which means it's time for another instalment of On-Call, The Register's weekly column in which readers share memories of being asked to fix odd stuff at unpleasant times of the day. This week, meet "Shane," who used to do a bit of computer repair work on the side, and kept a phone just for

The beauty of virtual machines

At one company I worked for, one of the tech support guys got a call like this. They fired up a virtual machine and let the scammer loose on that. Of course every reboot, all changes were lost ... I don't know how long the charade went on for.

I do know the techie in question seemed to have a lot more patience for remote scammers than they did colleagues in need ..... Re: The beauty of virtual machines

Probably until someone realized it was a VM and tried pulling a hypervisor attack on it, forcing the virtual plug to be pulled. Re: The beauty of virtual machines

"Of course every reboot, all changes were lost"

That's not how VMs work. Re: The beauty of virtual machines

"Of course every reboot, all changes were lost"

That's not how VMs work.

It is if you set them up to not commit changes to the VM disk file on power off Re: The beauty of virtual machines

Look more a VM with deep freeze or a similar software packet Re: The beauty of virtual machines

It is how some virtual machines work. I know of one company that supplies such a setup to the educational market. The teacher can set up a template computer with the software / files required for the lesson, and it all gets reset at the end of the lesson. Re: The beauty of virtual machines

"It is if you set them up to not commit changes to the VM disk file on power off"

That's VDI you are talking about, not just a VM... Re: The beauty of virtual machines

It's called snapshotting. You store a specific state of virtual machine and simply revert to it each time you finish your session. Even VirtualBox has such a feature. Re: The beauty of virtual machines

Pretty much every Hypervisor/VM host I've used has that option, possibly even "Microsoft Virtual PC". I believe VirtualBox used immutable disks by default when I first used it.

Edit: Virtual PC Undo Disk Re: The beauty of virtual machines

Sounds like the old Microsoft SteadyState.

User profile is set back to a set standard on every login.

[May 14, 2017] More disruptions feared from cyberattack; Microsoft slams US secrecy

May 14, 2017 | www.atimes.com

In a blog post late Sunday, Microsoft President Brad Smith appeared to tacitly acknowledge what researchers had already widely concluded: The ransomware attack leveraged a hacking tool, built by the US National Security Agency, that leaked online in April.

He also poured fuel on a long-running debate over how government intelligence services should balance their desire to keep software flaws secret – in order to conduct espionage and cyber warfare – against sharing those flaws with technology companies to better secure the internet.

"This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem," Smith wrote. He added that governments around the world should "treat this attack as a wake-up call" and "consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits."

The NSA and White House did not immediately respond to requests for comment about the Microsoft statement.

A general view of the Dharmais hospital in Jakarta, Indonesia May 14, 2017. REUTERS/Darren Whiteside
The Dharmais hospital in Jakarta was targeted by the Wannacry "ransomware" worm. Photo: Reuters/Darren Whiteside

US President Donald Trump on Friday night ordered his homeland security adviser, Tom Bossert, to convene an "emergency meeting" to assess the threat posed by the global attack, a senior administration official told Reuters.

Senior US security officials held another meeting in the White House Situation Room on Saturday, and the FBI and the National Security Agency were working to help mitigate damage and identify the perpetrators of the massive cyber attack, said the official, who spoke on condition of anonymity to discuss internal deliberations.

The investigations into the attack were in the early stages, however, and attribution for cyberattacks is notoriously difficult.

The original attack lost momentum late on Friday after a security researcher took control of a server connected to the outbreak, which crippled a feature that caused the malware to rapidly spread across infected networks.

Infected computers appear to largely be out-of-date devices that organizations deemed not worth the price of upgrading or, in some cases, machines involved in manufacturing or hospital functions that proved too difficult to patch without possibly disrupting crucial operations, security experts said.

Microsoft released patches last month and on Friday to fix a vulnerability that allowed the worm to spread across networks, a rare and powerful feature that caused infections to surge on Friday.

Code for exploiting that bug, which is known as "Eternal Blue," was released on the internet last month by a hacking group known as the Shadow Brokers.

The head of the European Union police agency said on Sunday the cyber assault hit 200,000 victims in at least 150 countries and that number would grow when people return to work on Monday.

[May 14, 2017] International manhunt to find criminals behind global cyber attack

Notable quotes:
"... French police said there were "more than 75,000 victims" around the globe, but cautioned that the number could increase "significantly". ..."
May 14, 2017 | timesofindia.indiatimes.com

International investigators hunted for those behind an unprecedented cyber-attack that affected systems in dozens of countries, including at banks, hospitals and government agencies, as security experts sought to contain the fallout.

The assault, which began on Friday and was being described as the biggest-ever cyber ransom attack, struck state agencies and major companies around the world - from Russian banks and British hospitals to FedEx and European car factories.

"The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits," said Europol, Europe's police agency. Europol said a special task force at its European Cybercrime Centre was "specially designed to assist in such investigations and will play an important role in supporting the investigation".

The attacks used ransomware that apparently exploited a security flaw in Microsoft operating systems, locking users' files unless they pay the attackers a designated sum in the virtual currency Bitcoin. Images appeared on victims' screens demanding payment of $300 in Bitcoin, saying: "Ooops, your files have been encrypted!" Payment is demanded within three days or the price is doubled, and if none is received within seven days the files will be deleted, according to the screen message.

But experts and government alike warn against ceding to the hackers' demands. "Paying the ransom does not guarantee the encrypted files will be released," the US Department of Homeland Security's computer emergency response team said.

Mikko Hypponen, chief research officer at the Helsinki- based cyber security company F-Secure, told AFP it was the biggest ransomware outbreak in history, saying that 130,000 systems in more than 100 countries had been affected.

... .... ....
French police said there were "more than 75,000 victims" around the globe, but cautioned that the number could increase "significantly".

[May 14, 2017] A global outbreak of computer extortion virus: Tianjin enterprise release letter WannaCry worm infection emergency treatment

May 14, 2017 | www.aiainews.com
on May 12, called "encryption" (Wannacry) "worm" blackmail software in large-scale spread around the world.The software using the Windows SMB services vulnerabilities, documents, pictures, etc. Of computer implementation of high-strength encryption, and ransom.Currently, including universities, energy and other important information system, more class user attack, have serious security threat to China's Internet network.

a, infected host emergency isolation methods given WannaCry worm has a great risk, all the known infected host must isolate their work from the current network.

in view of the file has been damaged by worms, as of 2017/5/14 haven't found any effective means to restore.To prevent further spread worms, it is forbidden to infected host any file copy to other host or device, it is strictly forbidden to known infected host to access any network.

2, important documents emergency handling methods in order to ensure the important document is not destroyed by WannaCry worms, minimize loss, all uninfected hosts or ban on uncertain whether infected host.

the type host need to adopt the method of physical copy for processing, i.e., the host opens by the professionals, remove all the hard disk where important files, and use the external devices mounted to determine uninfected hosts will be copied.

to prevent secondary infection, copy the file must be in the isolation zone for processing.

it is strictly forbidden to hard disk may be infected by the IDE and SATA motherboard interface mounted directly to the copy machine, in order to prevent the copying machine use the hard disk boot, leading to possible infection.

existing in the network, have access to all Windows host should adopt the method of important file backup.

after the physical copy process, in accordance with the: three, host, emergency detection strategy is used to detect the emergency treatment.

the temporary absence of these conditions or because of some must be switched on, it is important to ensure keep access to the Internet boot in out of the office network environment (such as 4 g networks, ordinary broadband, etc.), at the same time must be the entire keep clear of the Internet.(access to the Internet standard for success: can open the following web site in the browser, and see the content as shown: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com

)

for classified machine cannot access to the Internet, make sure the web server, network configuration and the domain name resolution to access the Intranet server.

the Intranet server home page must return the following contents:

sinkhole. Tech - where the bots party hard and the researchers harder. & lt;!- h4 - & gt;At the end of the temporary boot process, shutdown and physical copy process.

3, host, emergency detection strategies in view of the physical copy after the host, to make the following treatment:

test be mounted hard drive Windows directory, see if there are files: mssecsvc. Exe, if there are infected.

in view of the host other boot, check whether there is a file system disk Windows directory: mssecsvc. Exe.Check whether there is a service in the system mssecsvc2.0 (see specific operation at the end of this section).Any one is exists to prove that is infected.

for there is a firewall with other logging equipment in the network, check whether there is in the log of domain name: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com, if any, prove the existence of network within the infected host.In view of the infected host detect, be sure to at the end of the physical copy process format for all the hard disk.

similar to the host if there is a backup before 2017/4/13, full recovery operations can be performed (including system disk as well as other all), a backup after this time may have been infected, not for recovery.

in view of the network known to exist the infected host, prohibit open closed host, at the same time to physical copies of the host process.For the host has been switched on, immediately shut down, and the physical copy process.Attachment: the method of inspection service:

Windows + R key to open the "run" window:

input services. MSC enter, open the service administration page:

check all items in the" name "column, there mssecsvc2.0 suggests that infected.

4, uninfected hosts emergency defense strategy

to an infected host, there are four emergency defense strategy.

one strategy as the most effective means of defense, but takes longer.Other strategies for temporary solution for unable to implement strategies for temporary use.

application strategy two or three in the host will not be able to access the network sharing, please carefully use.

in no immediate application strategy and suggestion first application strategy four temporary defence.No matter use what kind of temporary strategy, all must be application strategy as soon as possible in order to achieve complete defense.

under 10 version for Windows host, suggest to upgrade to Windows 10 and update to the latest version of the system.Because of the situation cannot upgrade, be sure to use an emergency defense strategy for defense.

strategy one: install MS17-010 system patches

according to the system version, install patches MS17-010.With Windows 7 and above can be gained through the automatic updates to install all patches, Windows xp, Windows 2003 and Windows vista can be gained by installing temporary tools provided with the document.

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

strategy 2: closing loopholes related services

by professionals using the following command to close loopholes related services:

sc stop LmHosts

sc stop lanmanworkstation

sc stop LanmanServer

sc config LmHosts start = DISABLED

sc config lanmanworkstation start = DISABLED

sc config LanmanServer start = DISABLE

strategy 3: configure the firewall ban vulnerabilities related port

for Windows 2003 or Windows xp system, click on the start menu, and open the "control panel".

double click the" Windows firewall "option in control panel, click on the" exception "TAB, and uncheck the" file and printer sharing ", and click ok.

for Windows 7 and above system, click on the start menu, open the control panel, click on the" system and security "" Windows firewall".

in Windows firewall configuration page, click the" allow the procedure or function through Windows firewall "option, click at the top of the" change Settings ":

in the list to find" file and printer sharing "checkbox, uncheck the, click ok in the end.

strategy 4: use the vulnerability defense tool

360 company provides tools for temporary immune defense worm, this tool can be downloaded in the 360 site.

directly to perform this tool can be simple to defence, every time to restart the host must perform this tool again.

5, emergency public server and network security defense strategy

on public server (such as web sites, public system, etc.) most can connect to the Internet, for Windows server 2008 r2 and higher versions, suggested that open system "automatically update" function, and install all patches.

for Windows server 2003, you can choose four, uninfected hosts emergency strategy of defense strategy for defense, at the same time Suggestions as soon as possible to upgrade to higher version of the server (such as Windows 2008 r2).

according to the internal network, need to ensure the safety of the host of the case to prevent possible infection.

without using the sharing function, but on firewalls, routers and other equipment 445 port access is prohibited.

since this worm using domain name: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com as "switch", instantly attacks when unable to access the domain name.Therefore, the ban on the network security devices such as firewall and IPS intercept this domain name, otherwise it will trigger the infected host encryption process, cause irreparable damage.

use Intranet private DNS, be sure to configure the domain analysis, and point to survive in the Intranet web server.The Intranet server home page should be returned the following contents:

sinkhole. Tech - where the bots party hard and the researchers harder.

& lt;!- h4 - & gt;

net letter tianjin municipal party committee office, network security and information technology evaluation center

Date:2017-05-14 Tag: do   emergency   Tianjin   global   worm   infection   WannaCry   method   virus   computer  

[May 14, 2017] Along with hospitals some automanifactures were hit

May 14, 2017 | www.atimes.com
Targets both large and small have been hit.

Renault said on Saturday it had halted manufacturing at plants in Sandouville, France, and Romania to prevent the spread of ransomware in its systems.

Among the other victims is a Nissan manufacturing plant in Sunderland, northeast England, hundreds of hospitals and clinics in the British National Health Service, German rail operator Deutsche Bahn and International shipper FedEx Corp

A Jakarta hospital said on Sunday that the cyber attack had infected 400 computers, disrupting the registration of patients and finding records. The hospital said it expected big queues on Monday when about 500 people were due to register.

'Ransom' paymentsmay rise

Account addresses hard-coded into the malicious WannaCry software code appear to show the attackers had received just under US$32,500 in anonymous bitcoin currency as of 1100 GMT on Sunday, but that amount could rise as more victims rush to pay ransoms of US$300 or more to regain access to their computers, just one day before the threatened deadline expires.

[May 14, 2017] Wanna Cry variant without kill switch exists in the wild since May 13

May 14, 2017 | motherboard.vice.com

"I can confirm we've had versions without the kill switch domain connect since yesterday," Costin Raiu, director of global research and analysis team at Kaspersky Lab told Motherboard on Saturday.

[May 14, 2017] Wana Decryptor Ransomware Using NSA Exploit Leaked By Shadow Brokers To Spread Ransomware Worldwide - Slashdot

May 14, 2017 | it.slashdot.org

TiggertheMad ( 556308 ) writes: on Friday May 12, 2017 @07:19PM ( #54408293 ) Homepage Journal

National Insecurity Agency ( Score: 4 , Informative) ]

The NSA (and other ABC agencies that are undoubtedly running the same game plan) are doing what they are tasked with, finding ways to protect America and America's interests. Using hacking as a tool to this end is (relatively) new in the old game of spycraft, so there are going to be a few epic disasters like this before the black ops people start to figure out all the types of blow back they can experience.

The US was really big on foreign covert action in the 50's, and it took the bay of pigs to make people realize that there were ways that things could go horribly wrong. That didn't stop covert action from being used, but I think it was employed more carefully afterwards. Having all their shiny hacking toys stolen and having this happen is the hacking version of the 'Bay of Pigs'.

Also, while the NSA seems to have compiled a formidable array of exploits and tools to compromise enemy systems, that doesn't mean that everyone else isn't playing the exact same game. The only difference between the NSA and EVERY other state intelligence agency on the planet is that they seem to be able to properly secure their black ops toys. Being one of the largest agencies of this sort, there are going to be a lot of people in the know. And the more people involved, the harder it is to keep a secret.

Mind you, that doesn't make this any less tragic or regrettable. I sort of hope the CIA decides that it is in the US interest to find and vanish anyone connected with this ransomware to make an example of them. Alas, that sort of thing only happens in implausible Hollywood scripts.

ancientt ( 569920 ) writes: < ancientt@yahoo.com > on Friday May 12, 2017 @08:07PM ( #54408453 ) Homepage Journal
Re:National Insecurity Agency ( Score: 3 )

Remotely exploitable network vulnerabilities shouldn't happen, but there seems no practical hope that they'll stop anytime soon. It would be negligent of legitimate spy agencies to fail to search for them and arguably be able to take advantage of them. Imagine you're trying to find out when an ISIS group is planning a bombing and you discover they're running a messageboard on a Windows machine with an SMB exploit, do you tell Microsoft to patch the exploit?

You never know which of the vulnerabilities you'll be able to use, but if you dedicate sufficient resources to finding them and building exploits for them, then there is a good chance you'll be able to spy on whichever bad guy your agency needs to spy on when the need arises. Getting all the vendors to patch the exploits you find does limit your own agency's ability to spy but you have to assume it doesn't impair your enemies as significantly since the enemy doubtless will have exploits you don't have.

What's the best solution? I suspect the best thing to do is build force-patch worms for every exploit. If you write an exploit, you should also dedicate resources to the task of writing a version of the exploit which pressures the owner of the exploited system to fix the problem. So in this instance, as soon as the attacks started being seen in the wild, the NSA servers should have launched a MASSIVE attack against any and all systems with the vulnerability which would disable the vulnerable systems in the least painful ways along with alerting the owners of the need to update their systems. Instead of getting "your files are encrypted and give hackers bitcoin to recover" messages, the people with exploitable systems should be seeing warnings like "Your system has been temporarily patched by the NSA for your own protection, please secure or update your device to protect it from malicious actors."

The Hajime botnet [arstechnica.com] may actually already be just the thing I'm describing. I'd prefer to see the NSA take public responsibility, and I'm doubtful the NSA is actually responsible for that one, but it is an example of how it could be done.

If I have a vulnerable system, I'd much prefer to see it hacked by the NSA instead of some ransomware writer. Do I wish it wasn't hackable? Of course, but I accept that anything plugged into a network might be hackable. I do what I can to protect it from everyone, including the NSA. It's not that I'm worried about the NSA (because they have the resources to gain physical access if they really want it) but if I do my best to build secure systems, then it's less likely I'll wake up to a ransomware message some morning

mcswell ( 1102107 ) writes: on Friday May 12, 2017 @11:09PM ( #54409045 )
Re:Say "thanks" to your "security"-agency... ( Score: 2 )

And why do you think Microsoft was able to patch this *before* the exploit was leaked by Shadow Brokers?

Anonymous Coward writes: on Friday May 12, 2017 @08:56PM ( #54408607 )
Re:Say "thanks" to your "security"-agency... ( Score: 1 )

microsoft is partly guilty in this for sure because A LOT of people have the updates turned off since the windows 10 debacle, the lies, the telemetry, the diagtrack process, the broken windows update service that sits iddle consuming 25% of your cpu, etc

but even a monkey like me that hears about the smb vuln, even if i dont know what it means exactly because im just a user and not an engineer, i could tell it was BAD, so i patched the living shit out of my computer

sorry but if youve had experiences with blaster, conficker, etc, you should know about this kind of things already, again, not an engineer at all, but just hearing about it, looking the ports affected this thing looked really bad

Man On Pink Corner ( 1089867 ) writes: on Friday May 12, 2017 @08:29PM ( #54408529 )
Re:That only happened to idiots. ( Score: 3 )

Microsoft told lie after lie after lie about their intentions. There was absolutely no reason to believe that setting your update threshold to "Critical Only" would save you from an unsolicited Windows 10 installation.

The only rational course of action for those who didn't want Windows 10 was to turn off Windows Update entirely. Deny this all you want, but be prepared for justified accusations of victim-blaming.

Anonymous Coward , Friday May 12, 2017 @06:55PM ( #54408177 )
It hit the NHS hard ( Score: 5 , Interesting)

I'm a doctor in the NHS. It hit my hospital hard. The bosses triggered the MAJAX protocols meaning everyone off work was called to come in and help. Computers are used for everything, so blood tests, admissions, scan requests, referrals, all had to be done by hand. The public were asked to keep away from A+E because hundreds of people were waiting. It was terrifying how little failsafe infrastructure there was. The hospital just stopped working.

TroII ( 4484479 ) writes: on Friday May 12, 2017 @08:28PM ( #54408521 )
Re:It hit the NHS hard ( Score: 5 , Insightful)
And you use unpatched computers in a hospital WHY?

Because patches are often broken . Imagine these hospitals had applied the patch when Microsoft released it, but the patch was faulty in some way, and all of the hospital computers went down as a result. Instead of complaining the hospitals were running unpatched, you and/or many people like you would be bitching and moaning that they were negligent to install the patch too soon.

Updates from Microsoft frequently include at least one broken patch. There was one update last year that broke millions of peoples' webcams. There have been several updates that interfered with settings and reverted them back to default configurations, and several more updates that seemingly deleted group policy objects that had been configured by the domain administrator. There was a patch around the new year that inadvertently disabled the DHCP service, despite the update itself having nothing to do with DHCP. (Things that make you go hmmm.) This particular fuck-up rendered a lot of machines not only broken, but totally irreparable without manual human intervention, i.e. dispatching someone clueful to each of your premises to clean up the mess.

Patch deployment in any enterprise environment requires extensive testing. You have to coordinate with your software vendors to make sure their applications are compatible with the update. If you install Patch XYZ without first getting approval from Vendor123, you wind up invalidating your support contracts with them. All of this takes time. In 2016, there were several months in a row where Microsoft had to un-issue, repair, supersede, and re-release a broken patch they'd pushed out. Put yourself in the shoes of an admin team who got burned by Windows Update breaking your systems, especially repeatedly. Are you going to be in any hurry to patch? If you were bitten by the DHCP bug, do you trust that the "critical SMB patch" really only touches SMBv1, and isn't going to inexplicably corrupt Office or remove IPV4 connectivity on every computer it touches?

If the PC your kid plays Minecraft on gets hosed by a broken patch, it's not that big of a deal. The business world is a different story.

guruevi ( 827432 ) writes: < evi@evcir[ ]ts.com ['cui' in gap] > on Friday May 12, 2017 @07:03PM ( #54408215 ) Homepage
What boggles my mind ( Score: 4 , Informative)

Is that there are still 45k Windows machine that are directly connected to the Internet.

Any Windows machine I manage (mostly very specific medical software and medical machines) are either VM (and thus behind a firewall and any service proxied to a BSD or Linux host) or airgapped.

cpm99352 ( 939350 ) , Saturday May 13, 2017 @12:52AM ( #54409331 )
Plenty of blame to spread around ( Score: 2 )

1, Microsoft has always had a disclosure that their OS is not suitable for life-critical applications 2. NSA has a dual mission -- the second (neglected) mission is to ensure the security of domestic computer networks

[May 14, 2017] NHS workers and patients on how cyber-attack has affected them

May 14, 2017 | www.theguardian.com

Officials have claimed in the wake of the global ransomware attack that patient care has been unaffected despite 45 NHS sites being hit.

But hospitals across England and Scotland were forced to cancel routine procedures and divert emergency cases in the wake of the attack, which has shut down access to computers in almost 100 countries. Here, patients and NHS workers reveal how the crisis has affected them.

Bill, a doctor at a hospital in London
I have been unable to look after patients properly. However much they pretend patient safety is unaffected, it's not true. At my hospital we are literally unable to do any X-rays, which are an essential component of emergency medicine. I had a patient this evening who we could not do an X-ray for, who absolutely should have had one. He is OK but that is just one example.

My hospital is good in many ways but the IT system is appalling. I was shocked when I started in hospital at how bad the systems are. I know the staff will do their very best to keep looking after everyone, but there are no robust systems in place to deal with blackouts like this, information-sharing is hard enough in a clinical environment when everything works.

Without the IT systems I suspect test results will be missed, and definitely delayed. Handovers are much more difficult. It will absolutely certainly impact patient safety negatively, even if that impact can't be clearly measured. This is basically all the result of chronic underfunding and crap, short-sighted management.

Theresa, 44, a breast cancer patient from Lincolnshire
I was halfway through my chemotherapy infusion when the attack happened. The treatment finished without a hitch, but I then had to wait for a couple of hours for my medications to take home. That's because all drugs have to be checked against prescriptions, and they are all computerised. The hospital pharmacists worked quickly to produce paper copies, but it still took a while. The horrible side-effects (nausea, exhaustion, dizziness) kicked in while I was stuck in rush-hour traffic coming home. Fortunately, I wasn't driving.

There were other patients in the ward waiting to start their chemo whose drugs had been delivered but again couldn't be checked, so administration was delayed. In some cases treatment had to be postponed entirely for another day. The oncology nurses and the hospital staff were brilliant throughout, reassuring patients and doing their best in difficult circumstances. They were also deeply apologetic, frustrated that they couldn't do their job, and angry that such an act had put patients treatment – and lives – at risk.

Amber, 40, a community nurse from Essex
We have been unable to check patient information and scheduled visits for this afternoon. I am working this weekend and had to write down who we may see tomorrow from my own memory. Our own call centre for community services is in lockdown and unable to receive any information regarding authorisation for drug changes or referrals. We are also unable to look up patient addresses, complete any documentation or check test results.
Alun Phillips, 45, a community pharmacist from Merseyside
Doctors in Liverpool have been advised to isolate their computer systems from the wider NHS network. This has left many of our local surgeries unable to access patient records, which are cloud-based. Surgeries are unable to issue prescriptions from their systems, most of which are now issued electronically via the NHS spine. Even if they could, we (community pharmacy) are being advised to not connect to the spine. We have had quite a few requests from local surgeries to tell them what medication patient are on, as although they cannot access patient records we still have our copy of the patients' medication records. We have also made some emergency supplies of medication to patients unable to access GP services while they are down.
Kyle, 42, a patient from Maidestone
I am waiting for test results after a urine infection and pain in my kidneys. I called the doctors this afternoon. They said it looks like I need a further prescription but the doctor will need to call me back. Two hours later I get a call from the doctor advising me that they have had to shut down their systems due to this hack, and that they can't give me any results till Monday. I am now worried that my situation is going to get worse without any treatment.
Ben, 37, in the prescription team at a GP surgery in the north
We were unable to process any prescriptions for patients, including urgent requests. As a result patients could potentially be left without asthma, epilepsy or diabetes medication over the weekend. We also had a medical emergency on-site and waited over 40 minutes for an ambulance to attend.
Ali, a cardiologist from the north
I am a cardiology registrar. At work, on call for a tertiary cardiology centre. Treating patients with heart attacks, attending cardiac arrests, seeing sick patients in resus. We are unable to access to old notes, blood results, x-rays or order vital tests. Blood samples are being sent to other hospitals. We have one working x-ray viewer for the entire hospital and emergency results are being rung through already overloaded phone lines. All of which potentially delays vital treatment and could jeopardise patient safety. Those with life-threatening problems are still receiving appropriate care. Though this couldn't have happened at a worse time with the weekend looming, patients are still being looked after safely thanks to the dedication of all the members of staff at work tonight. It's been a stark reminder of the conditions we worked under over 20 years ago – and on how reliant on computers we are even to do things as simple as prescribe basic drugs.
Kaley, 30, a receptionist at a large surgery in the north-west
Friday afternoons are usually one of our busiest times at the surgery. With already full clinics and people ringing for emergency appointments there were five reception staff on duty. There was no warning that there was anything wrong with the computer systems but at around 3pm the screens all went black, indicating that the computers had crashed. We had no access to any patient information for the GPs or nurses. There was no way of checking the patients in. Phones were still ringing. The computers were down for about an hour but then we were able to get back on. We received notification that there was a virus affecting the whole of the NHS. The practice manager received a text from the CCG advising that we should invoke "emergency planning measures". This involves printing lists out of patients due to attend all clinics from Friday afternoon until Monday afternoon. Then we had to print out full medical information for each patient as the system was being taken down to investigate the virus. It's been a difficult afternoon.
Some names and details have been changed.

[May 14, 2017] AfterMidnight -- new NSA malware

May 14, 2017 | failedevolution.blogspot.gr
WikiLeaks

Today, May 12th 2017, WikiLeaks publishes "AfterMidnight" and "Assassin", two CIA malware frameworks for the Microsoft Windows platform.
"AfterMidnight" allows operators to dynamically load and execute malware payloads on a target machine.

The main controller disguises as a self-persisting Windows Service DLL and provides secure execution of "Gremlins" via a HTTPS based Listening Post (LP) system called "Octopus".

Once installed on a target machine AM will call back to a configured LP on a configurable schedule, checking to see if there is a new plan for it to execute.

If there is, it downloads and stores all needed components before loading all new gremlins in memory. "Gremlins" are small AM payloads that are meant to run hidden on the target and either subvert the functionality of targeted software, survey the target (including data exfiltration) or provide internal services for other gremlins.

The special payload "AlphaGremlin" even has a custom script language which allows operators to schedule custom tasks to be executed on the target machine.

"Assassin" is a similar kind of malware; it is an automated implant that provides a simple collection platform on remote computers running the Microsoft Windows operating system. Once the tool is installed on the target, the implant is run within a Windows service process. "Assassin" (just like "AfterMidnight") will then periodically beacon to its configured listening post(s) to request tasking and deliver results.

Communication occurs over one or more transport protocols as configured before or during deployment. The "Assassin" C2 (Command and Control) and LP (Listening Post) subsystems are referred to collectively as" The Gibson" and allow operators to perform specific tasks on an infected target..

Documents:
https://wikileaks.org/vault7/#AfterMidnight

[May 14, 2017] Massive cyber attack hits hospitals, universities and businesses worldwide

May 14, 2017 | failedevolution.blogspot.gr

...The Barts Health Group, which helps manage some of the largest hospitals in London, said, " We are experiencing a major IT disruption and there are delays at all of our hospitals. "

Patients had to be turned away from surgeries and appointments at medical facilities throughout England, and ambulances had to be rerouted to other hospitals as well.

Telefonica, one of the largest telecommunications companies in Spain, was one target, though their services and clients were not affected, as the malicious software only impacted certain computers on an internal network.

Full report:
https://sputniknews.com/europe/201705121053564741-cyber-attack-targets-institutions-worldwide/

[May 13, 2017] Researchers Find New Version Of WanaDecrypt0r Ransomware Without A Kill Switch

May 13, 2017 | tech.slashdot.org
(vice.com) 49 Posted by EditorDavid on Saturday May 13, 2017 @06:57PM from the wanna-cry-more? dept. Remember that "kill switch" which shut down the WannCry ransomware? An anonymous reader quotes Motherboard: Over Friday and Saturday, samples of the malware emerged without that debilitating feature, meaning that attackers may be able to resume spreading ransomware even though a security researcher cut off the original wave. "I can confirm we've had versions without the kill switch domain connect since yesterday," Costin Raiu, director of global research and analysis team at Kaspersky Lab told Motherboard on Saturday... Another researcher confirmed they have seen samples of the malware without the killswitch.

[May 13, 2017] What you need to know about the WannaCry Ransomware

Notable quotes:
"... Email is one of the main infection methods. Be wary of unexpected emails especially if they contain links and/or attachments. ..."
May 13, 2017 | www.symantec.com

After encryption the Trojan then deletes the shadow copies of the encrypted files.

The Trojan drops the following files in every folder where files are encrypted:
•!WannaDecryptor!.exe.lnk
•!Please Read Me!.txt

The contents of the !Please Read Me!.txt is a text version of the ransom note with details of how to pay the ransom.

The Trojan downloads Tor and uses it to connect to a server using the Tor network.

It then displays a ransom note explaining to the user what has happened and how to pay the ransom.

WannaCry encrypts files with the following extensions, appending .WCRY to the end of the file name:

  • .123
  • .3dm
  • .3ds
  • .3g2
  • .3gp
  • .602
  • .7z
  • .ARC
  • .PAQ
  • .accdb
  • .aes
  • .ai
  • .asc
  • .asf
  • .asm
  • .asp
  • .avi
  • .backup
  • .bak
  • .bat
  • .bmp
  • .brd
  • .bz2
  • .cgm
  • .class
  • .cmd
  • .cpp
  • .crt
  • .cs
  • .csr
  • .csv
  • .db
  • .dbf
  • .dch
  • .der
  • .dif
  • .dip
  • .djvu
  • .doc
  • .docb
  • .docm
  • .docx
  • .dot
  • .dotm
  • .dotx
  • .dwg
  • .edb
  • .eml
  • .fla
  • .flv
  • .frm
  • .gif
  • .gpg
  • .gz
  • .hwp
  • .ibd
  • .iso
  • .jar
  • .java
  • .jpeg
  • .jpg
  • .js
  • .jsp
  • .key
  • .lay
  • .lay6
  • .ldf
  • .m3u
  • .m4u
  • .max
  • .mdb
  • .mdf
  • .mid
  • .mkv
  • .mml
  • .mov
  • .mp3
  • .mp4
  • .mpeg
  • .mpg
  • .msg
  • .myd
  • .myi
  • .nef
  • .odb
  • .odg
  • .odp
  • .ods
  • .odt
  • .onetoc2
  • .ost
  • .otg
  • .otp
  • .ots
  • .ott
  • .p12
  • .pas
  • .pdf
  • .pem
  • .pfx
  • .php
  • .pl
  • .png
  • .pot
  • .potm
  • .potx
  • .ppam
  • .pps
  • .ppsm
  • .ppsx
  • .ppt
  • .pptm
  • .pptx
  • .ps1
  • .psd
  • .pst
  • .rar
  • .raw
  • .rb
  • .rtf
  • .sch
  • .sh
  • .sldm
  • .sldx
  • .slk
  • .sln
  • .snt
  • .sql
  • .sqlite3
  • .sqlitedb
  • .stc
  • .std
  • .sti
  • .stw
  • .suo
  • .svg
  • .swf
  • .sxc
  • .sxd
  • .sxi
  • .sxm
  • .sxw
  • .tar
  • .tbk
  • .tgz
  • .tif
  • .tiff
  • .txt
  • .uop
  • .uot
  • .vb
  • .vbs
  • .vcd
  • .vdi
  • .vmdk
  • .vmx
  • .vob
  • .vsd
  • .vsdx
  • .wav
  • .wb2
  • .wk1
  • .wks
  • .wma
  • .wmv
  • .xlc
  • .xlm
  • .xls
  • .xlsb
  • .xlsm
  • .xlsx
  • .xlt
  • .xltm
  • .xltx
  • .xlw
  • .zip

[May 13, 2017] WannaCry 2.0 Ransomware by Colin Hardy

Probably the best description of the worm on Youtube as of May 13, 2017...
support.microsoft.com

Andy Beez, 9 hours ago

Thanks for the forensic deconstruction - a lot more info than the experts on Sky News!
Is it interesting the popup is written in accurate English with the correct use of capitals, commas and full stops? Plus the grammar is correct. I understand the Italian version has the same grammatical exactness. So not script kiddies from Chindia? This writers are well educated.

Anton, 10 hours ago

A kill switch already has been found in the code, which prevents new infections. This has been activated by researchers and should slow the spread.

Colin Hardy, 8 hours ago

agree. Firstly, contain your network (block affected ports in/outbound), also look for compromised hosts on your network using the various IOCs from the likes of Virus Total and other analysts blogs. Remediate the machines, and rebuild the network - slowly, carefully and under good supervision!

Colin Hardy, 8 hours ago

this was an awesome find as well. see my new video https://youtu.be/d56g3wahBck on how you can see it for yourself.

[May 13, 2017] Indicators Associated With WannaCry Ransomware

Symantec provides a better description of what you need to look at.
May 13, 2017 | www.us-cert.gov

The WannaCry ransomware received and analyzed by US-CERT is a loader that contains an AES-encrypted DLL. During runtime, the loader writes a file to disk named "t.wry". The malware then uses an embedded 128-bit key to decrypt this file. This DLL, which is then loaded into the parent process, is the actual Wanna Cry Ransomware responsible for encrypting the user's files. Using this cryptographic loading method, the WannaCry DLL is never directly exposed on disk and not vulnerable to antivirus software scans.

The newly loaded DLL immediately begins encrypting files on the victim's system and encrypts the user's files with 128-bit AES. A random key is generated for the encryption of each file.

The malware also attempts to access the IPC$ shares and SMB resources the victim system has access to. This access permits the malware to spread itself laterally on a compromised network. However, the malware never attempts to attain a password from the victim's account in order to access the IPC$ share.

This malware is designed to spread laterally on a network by gaining unauthorized access to the IPC$ share on network resources on the network on which it is operating.

References

[May 13, 2017] WannaCry technical information

Notable quotes:
"... This vulnerability was patched in the Microsoft March update (MS17-010) ..."
"... Ensure that port 445 is blocked for firewall communications with all exceptions scrutinized and verified before adding. ..."
May 13, 2017 | www.criticalstart.com

WanaCryptor 2.0, WannaCry, WCry or WCryp is currently a world-wide ransom-ware outbreak. These are all versions of Crypto-locker, encrypting victim files and demanding payment via bit-coin. This vulnerability was patched in the Microsoft March update (MS17-010).

The following links contain information about the exploit that the new malware is using (based on ETERNAL BLUE) and the fix and temporary workaround for servers and local clients, as well as firewall configuration recommendations.

SMB v1 is the current exploit mechanism being used for moving within enterprise. Movement has been detected from Cloud Sync file-share as well. The link contains information on disabling SMBv1 (which is the only recommended service to disable) via Servers, Powershell, and local Client Firewall Configuration,

Ensure that port 445 is blocked for firewall communications with all exceptions scrutinized and verified before adding.

[May 13, 2017] Wanna Cry ransomware cyber attack 104 countries hit, India among worst affected, US NSA criticised

May 13, 2017 | indiatoday.intoday.in

India was among the countries worst affected by the Wanna Cry attack, data shared by Kaspersky, a Russian anti-virus company, showed. According to initial calculations performed soon after the malware struck on Friday night, around five per cent of all computers affected in the attack were in India.

Mikko Hypponen, chief research officer at a Helsinki-based cyber security company called F-Secure, told news agency AFP that the it was the biggest ransomware outbreak in history and estimated that 130,000 systems in more than 100 countries had been affected.

Hypponen added that Russia and India were hit particularly hard, largely because Microsoft's Windows XP - one of the operating systems most at risk - was still widely used there.

[May 13, 2017] The worm that spreads WanaCrypt0r

May 13, 2017 | blog.malwarebytes.com
WanaCrypt0r has been most effective-not only does the ransomware loop through every open RDP session on a system and run the ransomware as that user, but the initial component that gets dropped on systems appears to be a worm that contains and runs the ransomware, spreading itself using the ETERNALBLUE SMB vulnerability ( MS17-010 ).

The WinMain of this executable first tries to connect to the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com. It doesn't actually download anything there, just tries to connect. If the connection succeeds, the binary exits.

This was probably some kind of kill switch or anti-sandbox technique. Whichever it is, it has backfired on the authors of the worm, as the domain has been sinkholed and the host in question now resolves to an IP address that hosts a website. Therefore, nothing will happen on any new systems that runs the executable. This only applies to the binary with the hash listed above; there may well be new versions released in the future. UPDATE: The second argument to InternetOpenA is 1 (INTERNET_OPEN_TYPE_DIRECT), so the worm will still work on any system that requires a proxy to access the Internet, which is the case on the majority of corporate networks.

... ... ...

[after kill switch check pass] ...

the first thing the worm does is check the number of arguments it was launched with. If it was run with less than two arguments passed, it installs a service called mssecsvc2.0 with display name Microsoft Security Center (2.0) Service (where the binary ran is itself with two arguments), starts that service, drops the ransomware binary located in the resources of the worm, and runs it.

If it was run with two arguments or more-in other words, if it was run as a service-execution eventually falls through to the worm function.

[May 13, 2017] How to Accidentally Stop a Global Cyber Attacks

This from the author "accidental kill switch discovery" : "I was able to set up a live tracking map and push it out via twitter (you can still see it here )." Fascinating...
As of May 13 9 PM worm is still spreading with the date probably a hundred hits per hour, but kill switch prevents newly found instances from running their own instance of the worm. An interesting side effect is that if network has proxy that prevent access the kill switch domain then the work will spread at full speed. So propagation into proxied network with an isolated root server network can lead to increase in the worm infection rate as kill switch site will not work. In other words the work is the most dangerous for private networks with the private DNS root.
Notable quotes:
"... When I returned home at about 2:30, the threat sharing platform was flooded with posts about various NHS systems all across the country being hit, which was what tipped me of to the fact this was something big. ..."
"... contrary to popular belief, most NHS employees don't open phishing emails which suggested that something to be this widespread it would have to be propagated using another method) ..."
"... Using Cisco Umbrella, we can actually see query volume to the domain prior to my registration of it which shows the campaign started at around 8 AM UTC. ..."
"... more interestingly was that after encrypting the fake files I left there as a test, it started connecting out to random IP addresses on port 445 (used by SMB). ..."
"... The mass connection attempts immediately made me think exploit scanner, and the fact it was scanning on the SMB port caused me to look back to the recent ShadowBroker leak of NSA exploits containing .an SMB exploit. ..."
May 13, 2017 | www.malwaretech.com

So finally I've found enough time between emails and Skype calls to write up on the crazy events which occurred over Friday, which was supposed to be part of my week off (I made it a total of 4 days without working, so there's that). You've probably read about the WannaCrypt fiasco on several news sites, but I figured I'd tell my story.

I woke up at around 10 AM and checked onto the UK cyber threat sharing platform where i had been following the spread of the Emotet banking malware, something which seemed incredibly significant until today. There were a few of your usual posts about various organisations being hit with ransomware, but nothing significant yet. I ended up going out to lunch with a friend, meanwhile the WannaCrypt ransomware campaign had entered full swing.

When I returned home at about 2:30, the threat sharing platform was flooded with posts about various NHS systems all across the country being hit, which was what tipped me of to the fact this was something big.

Although ransomware on a public sector system isn't even newsworthy, systems being hit simultaneously across the country is (contrary to popular belief, most NHS employees don't open phishing emails which suggested that something to be this widespread it would have to be propagated using another method). I was quickly able to get a sample of the malware with the help of Kafeine, a good friend and fellow researcher.

Upon running the sample in my analysis environment I instantly noticed it queried an unregistered domain, which i promptly registered.

Using Cisco Umbrella, we can actually see query volume to the domain prior to my registration of it which shows the campaign started at around 8 AM UTC.

... ... ...

While the domain was propagating, I ran the sample again in my virtual environment to be met with WannaCrypt ransom page; but more interestingly was that after encrypting the fake files I left there as a test, it started connecting out to random IP addresses on port 445 (used by SMB).

The mass connection attempts immediately made me think exploit scanner, and the fact it was scanning on the SMB port caused me to look back to the recent ShadowBroker leak of NSA exploits containing .an SMB exploit. Obvious I had no evidence yet that it was definitely scanning SMB hosts or using the leaked NSA exploit, so I tweeted out my finding and went to tend to the now propagated domain.

... ... ...

Now one thing that's important to note is the actual registration of the domain was not on a whim. My job is to look for ways we can track and potentially stop botnets (and other kinds of malware), so I'm always on the lookout to pick up unregistered malware control server (C2) domains. In fact I registered several thousand of such domains in the past year.

Our standard model goes something like this.

  1. Look for unregistered or expired C2 domains belonging to active botnets and point it to our sinkhole (a sinkhole is a server designed to capture malicious traffic and prevent control of infected computers by the criminals who infected them).
  2. Gather data on the geographical distribution and scale of the infections, including IP addresses, which can be used to notify victims that they're infected and assist law enforcement.
  3. Reverse engineer the malware and see if there are any vulnerabilities in the code which would allow us to take-over the malware/botnet and prevent the spread or malicious use, via the domain we registered.

In the case of WannaCrypt, step 1, 2 and 3 were all one and the same, I just didn't know it yet.

A few seconds after the domain had gone live I received a DM from a Talos analyst asking for the sample I had which was scanning SMB host, which i provided. Humorously at this point we had unknowingly killed the malware so there was much confusion as to why he could not run the exact same sample I just ran and get any results at all. As curious as this was, I was pressed for time and wasn't able to investigate, because now the sinkhole servers were coming dangerously close to their maximum load.

I set about making sure our sinkhole server were stable and getting the expected data from the domain we had registered (at this point we still didn't know much about what the domain I registered was for, just that anyone infected with this malware would connect to the domain we now own, allowing us to track the spread of the infection). Sorting out the sinkholes took longer than expected due to a very large botnet we had sinkholed the previous week eating up all the bandwidth, but soon enough I was able to set up a live tracking map and push it out via twitter (you can still see it here ).

Aris Adamantiadis > greggreen29 • 12 hours ago

To be fair, he said himself he thought at some point that registering the domain name triggered the ransomware instead of disabling it. The story headline would have mentioned "Security research accidentally armed a ransomware" in that case. His experience told him it was a good thing to own domains used by C&C, his luck made it that it was a kill switch. I don't think "accidental" is undeserved in this case.

Whatever, it's good job!

Dave > greggreen29 • 13 hours ago

The media is filled with people who don't do their research. This is both true in the IT world along with the firearms world. Me being involved in both. Media however LOVES buzzwords without even knowing what that word means nor use it in context correctly.

They make conclusions about things they don't even understand or refer to a real expert in the field or multiple to get out of single sourced subjective analysis problems.

I am no total expert in either though I do know a lot, but I make my due diligience if I do write aboit a subject, I do RESEARCH vs WEBSEARCH on it to draw conclusions. I also then employ logic and personal experiences for supplimenting those conclusions if I have the experiences to draw upon.

This is why I follow people I would deem as experts in the field, to learn more about what we come across, to ask questions, and to constantly learn.

This is why I follow the Malwaretech crew and others like them in security and forensics.

Malwaretech, thank you for your service, not only for this incident, but all the research you do.

Susan O'neill > Dave • 10 hours ago

Well said Dave. Whilst I struggled to follow the report on his progress, it would seem that he is connected to people who can offer a service and using his own expertise and by a process of elimination, find the answers, but because he caught on to something very quickly(which he might easily have missed, had he not been so thorough and alert) would have allowed the worm to continue it's travels. I think a lot of people should be very thankful to MalwareTech and his expertise - even if it does generate more business for him, it's probably well deserved.

[May 13, 2017] How to enable and disable SMBv1 in Windows and Windows Server

May 13, 2017 | support.microsoft.com
How to enable or disable SMB protocols on the SMB server 0 -- Windows 8 and Windows Server 2012 Windows 8 and Windows Server 2012 introduce the new Set-SMBServerConfiguration Windows PowerShell cmdlet. The cmdlet enables you to enable or disable the SMBv1, SMBv2, and SMBv3 protocols on the server component.

Notes When you enable or disable SMBv2 in Windows 8 or in Windows Server 2012, SMBv3 is also enabled or disabled. This behavior occurs because these protocols share the same stack.

You do not have to restart the computer after you run the Set-SMBServerConfiguration cmdlet.

Windows 7, Windows Server 2008 R2, Windows Vista, and Windows Server 2008 To enable or disable SMB protocols on an SMB Server that is running Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008, use Windows PowerShell or Registry Editor. Windows PowerShell 2.0 or a later version of PowerShell

... ... ...

Note You must restart the computer after you make these changes. Registry Editor Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base: 322756 How to back up and restore the registry in Windows To enable or disable SMBv1 on the SMB server, configure the following registry key: Registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters

Registry entry: SMB1

REG_DWORD: 0 = Disabled
REG_DWORD: 1 = Enabled

Default: 1 = Enabled

[May 13, 2017] Microsoft Security Bulletin MS17-010 - Critical

For customers using Windows Defender, Microsoft released an update on May 13 which detects this threat as Ransom:Win32/WannaCrypt.
SMBv1 should be blocked. How to enable and disable SMBv1, SMBv2, and SMBv3 in Windows and Windows Server
Defensive firewall configuration is important as Windows is full of holes. Download the update here
Notable quotes:
"... This security update is rated Critical for all supported releases of Microsoft Windows. ..."
May 13, 2017 | technet.microsoft.com

This is the vulnerability that Wanna Cry malware uses

March 14, 2017 Published: March 14, 2017

Version: 1.0

This security update is rated Critical for all supported releases of Microsoft Windows. For more information, see the Affected Software and Vulnerability Severity Ratings section.

The security update addresses the vulnerabilities by correcting how SMBv1 handles specially crafted requests.

For more information about the vulnerabilities, see the Vulnerability Information section.

For more information about this update, see Microsoft Knowledge Base Article 4013389 .

[May 12, 2017] Leaked NSA malware is helping hijack computers around the world

May 12, 2017 | failedevolution.blogspot.gr
In mid-April, an arsenal of powerful software tools apparently designed by the NSA to infect and control Windows computers was leaked by an entity known only as the "Shadow Brokers." Not even a whole month later, the hypothetical threat that criminals would use the tools against the general public has become real, and tens of thousands of computers worldwide are now crippled by an unknown party demanding ransom.

The malware worm taking over the computers goes by the names "WannaCry" or "Wanna Decryptor." It spreads from machine to machine silently and remains invisible to users until it unveils itself as so-called ransomware, telling users that all their files have been encrypted with a key known only to the attacker and that they will be locked out until they pay $300 to an anonymous party using the cryptocurrency Bitcoin.

At this point, one's computer would be rendered useless for anything other than paying said ransom. The price rises to $600 after a few days; after seven days, if no ransom is paid, the hacker (or hackers) will make the data permanently inaccessible (WannaCry victims will have a handy countdown clock to see exactly how much time they have left).

Ransomware is not new; for victims, such an attack is normally a colossal headache. But today's vicious outbreak has spread ransomware on a massive scale, hitting not just home computers but reportedly health care, communications infrastructure, logistics, and government entities.

Full report:
https://theintercept.com/2017/05/12/the-nsas-lost-digital-weapon-is-helping-hijack-computers-around-the-world/

[May 12, 2017] Worst-Ever Recorded Ransomware Attack Strikes Over 57,000 Users Worldwide, Using NSA-Leaked Tools

Cyber attacks on a global scale took place on Friday, May 12, 2017. The notable hits include computers in 16 UK hospitals, Telefonica Telecom in Spain, Gas Natural, Iberdrola. Several thousand computer were infected in 99 countries. WannaCry ransomware attack - Wikipedia
WannaCry is believed to use the EternalBlue exploit, which was developed by the U.S. National Security Agency[15][16] to attack computers running Microsoft Windows operating systems. Once it invades a network, it is self-replicated and transmitted to other computers.
Initial infection vector is either via LAN, an email attachment, or drive-by download.
A kill switch has been found in the code, which since May 13 helps to prevent new infections. This swich was accidentally activated by an anti-virus researcher from GB. However, different versions of the attack may be released and all vulnerable systems still have an urgent need to be patched.
Notable quotes:
"... Hollywood Overwhelmed With Hack Attacks; FBI Advises 'Pay Ransom'... ..."
May 12, 2017 | www.zerohedge.com

The ransomware has been identifed as WannaCry

* * *

Update 4 : According to experts tracking and analyzing the worm and its spread, this could be one of the worst-ever recorded attacks of its kind .

The security researcher who tweets and blogs as MalwareTech told The Intercept "I've never seen anything like this with ransomware," and "the last worm of this degree I can remember is Conficker." Conficker was a notorious Windows worm first spotted in 2008; it went on to infect over nine million computers in nearly 200 countries. As The Intercept details,

Today's WannaCry attack appears to use an NSA exploit codenamed ETERNALBLUE, a software weapon that would have allowed the spy agency's hackers to break into any of millions of Windows computers by exploiting a flaw in how certain version of Windows implemented a network protocol commonly used to share files and to print. Even though Microsoft fixed the ETERNALBLUE vulnerability in a March software update, the safety provided there relied on computer users keeping their systems current with the most recent updates. Clearly, as has always been the case, many people (including in governments) are not installing updates. Before, there would have been some solace in knowing that only enemies of the NSA would have to fear having ETERNALBLUE used against them–but from the moment the agency lost control of its own exploit last summer, there's been no such assurance.

Today shows exactly what's at stake when government hackers can't keep their virtual weapons locked up.

As security researcher Matthew Hickey, who tracked the leaked NSA tools last month, put it, "I am actually surprised that a weaponized malware of this nature didn't spread sooner."

Update 3: Microsoft has issued a statement, confirming the status the vulnerability:

Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt.

In March, we provided a security update which provides additional protections against this potential attack.

Those who are running our free antivirus software and have Windows updates enabled, are protected. We are working with customers to provide additional assistance.

Update 2: Security firm Kaspersky Lab has recorded more than 45,000 attacks in 74 countries in the past 10 hours

Seventy-four countries around the globe have been affected, with the number of victims still growing, according to Kaspersky Lab. According to Avast, over 57,000 attacks have been detected worldwide, the company said, adding that it "quickly escalated into a massive spreading."

57,000 detections of #WannaCry (aka #WanaCypt0r aka #WCry ) #ransomware by Avast today. More details in blog post: https://t.co/PWxbs8LZkk

- Jakub Kroustek (@JakubKroustek) May 12, 2017

According to Avast, the ransomware has also targeted Russia, Ukraine and Taiwan. The virus is apparently the upgraded version of the ransomware that first appeared in February. Believed to be affecting only Windows operated computers, it changes the affected file extension names to ".WNCRY." It then drops ransom notes to a user in a text file, demanding $300 worth of bitcoins to be paid to unlock the infected files within a certain period of time.

While the victim's wallpaper is being changed, affected users also see a countdown timer to remind them of the limited time they have to pay the ransom. If they fail to pay, their data will be deleted, cybercriminals warn. According to the New York Times, citing security experts, the ransomware exploits a "vulnerability that was discovered and developed by the National Security Agency (NSA)." The hacking tool was leaked by a group calling itself the Shadow Brokers, the report said, adding, that it has been distributing the stolen NSA hacking tools online since last year.

Predictably, Edward Snowden - who has been warning about just such an eventuality - chimed in on Twitter, saying " Whoa: @NSAGov decision to build attack tools targeting US software now threatens the lives of hospital patients."

* * *

Update 1 : In a shocking revelation, The FT reports that hackers responsible for the wave of cyber attacks that struck organisations across the globe used tools stolen from the US National Security Agency.

A hacking tool known as "eternal blue", developed by US spies has been weaponised by the hackers to super-charge an existing form of ransomware known as WannaCry, three senior cyber security analysts said. Their reading of events was confirmed by western security officials who are still scrambling to contain the spread of the attack. The NSA's eternal blue exploit allows the malware to spread through file-sharing protocols set up across organisations, many of which span the globe.

As Sam Coates summed up...

NHS hack: So NSA had secret backdoor into Windows. Details leaked few weeks ago. Now backdoor being exploited by random criminals. Nightmare

- Sam Coates Times (@SamCoatesTimes) May 12, 2017

* * *

We earlier reported in the disturbing fact that hospitals across the United Kingdom had gone dark due to a massive cyber-attack...

Hospitals across the UK have been hit by what appears to be a major, nationwide cyber-attack, resulting in the loss of phonelines and computers, with many hospitals going "dark" and some diverting all but emergency patients elsewhere. At some hospitals patients are being told not to come to A&E with all non-urgent operations cancelled, the BBC reports .

The UK National Health Service said: "We're aware that a number of trusts that have reported potential issues to the CareCERT team. We believe it to be ransomware ." It added that trusts and hospitals in London, Blackburn, Nottingham, Cumbria and Hertfordshire have been affected and are reporting IT failures, in some cases meaning there is no way of operating phones or computers.

At Lister Hospital in Stevenage, the telephone and computer system has been fully disabled in an attempt to fend off the attack .

NHS England says it is aware of the issue and is looking into it.

UK Prime Minister Theresa May confirms today's massive cyber hit on NHS is part of wider international attack and there is no evidence patient data has been compromised.

Hospitals say backlog will go on for some weeks after today's cyber attack #NHScyberattack pic.twitter.com/BGV5jV7KZ1

- Sky News Tonight (@SkyNewsTonight) May 12, 2017

The situation has got significantly worse as The BBC reports the ransomware attack has gone global.

Screenshots of a well known program that locks computers and demands a payment in Bitcoin have been shared online by parties claiming to be affected.

Manthong macholatte May 12, 2017 2:19 PM

"Ransomware"?

The FBI has the solution and comes to the rescue .

Hollywood Overwhelmed With Hack Attacks; FBI Advises 'Pay Ransom'...

Manthong Manthong May 12, 2017 2:22 PM

It's just a damn good thing the US spent all that time and money developing all that stuff.

Now that it's out, just pay the ransom to the Cyber-Barbary Pirates so that the government can return to its main 1984 mass surveillance and control mission.

stormsailor pods May 12, 2017 4:52 PM
My son is an IT professional and has been inundated with new clients calling to rid their complex systems of this plague.For his clients he has divised protection from it, but most of the calls he gets are from large hospitals, corporations, etc. that have their own IT staff.

He can fix it and prevent/firewall it so it doesn't happen but some of the systems are so complex with so many open ends, his bill is sometimes as much as the hackers are asking for. He told me that in some cases he is tempted to tell them to just pay it, however, he said all of the payoffs have to be made with bitcoin on the "dark-web" and since you are dealing with known criminals he has heard that more than half the time they do not fix it.

He was in New Orleans about a month ago, Thursday through Sunday clearing up a large companies servers and systems, worked 70 hours and billed them 24k plus expenses

virgule Arnold May 12, 2017 3:21 PM
First thing I suggest to do if this happens to you, is to shut down your computer, take out the HD, and boot it into a Linux system, so at least you can make a copy in a asafe environment, before things get worse.

[May 12, 2017] What is WanaCrypt0r 2.0 ransomware and why is it attacking the NHS Technology by Alex Herb

The article was published at 12:16 EDT so the work probably was unleashed at least 24 hours before that
May 12, 2017 | www.theguardian.com

The ransomware uses a vulnerability first revealed to the public as part of a leaked stash of NSA-related documents in order to infect Windows PCs and encrypt their contents, before demanding payments of hundreds of dollars for the key to decrypt files.

How does it spread?

Most ransomware is spread hidden within Word documents, PDFs and other files normally sent via email, or through a secondary infection on computers already affected by viruses that offer a back door for further attacks.

MalwareHunterTeam (@malwrhunterteam)

There is a new version of WCry/WannaCry ransomware: "WanaCrypt0r 2.0".
Extension: .WNCRY
Note: @Please_Read_Me@.txt @BleepinComputer pic.twitter.com/tdq0OBScz4

May 12, 2017
What is WanaCrypt0r 2.0?

The malware that has affected Telef๓nica in Spain and the NHS in Britain is the same software: a piece of ransomware first spotted in the wild by security researchers MalwareHunterTeam , at 9:45am on 12 May.

Less than four hours later, the ransomware had infected NHS computers, albeit originally only in Lancashire , and spread laterally throughout the NHS's internal network. It is also being called Wanna Decryptor 2.0, WCry 2, WannaCry 2 and Wanna Decryptor 2.

How much are they asking for?

WanaCrypt0r 2.0 is asking for $300 worth of the cryptocurrency Bitcoin to unlock the contents of the computers.

Myles Longfield (@myleslongfield)

Shocking that our @NHS is under attack and being held to ransom. #nhscyberattack pic.twitter.com/1bcrqD9vEz

May 12, 2017
Who are they?

The creators of this piece of ransomware are still unknown, but WanaCrypt0r 2.0 is their second attempt at cyber-extortion. An earlier version, named WeCry, was discovered back in February this year : it asked users for 0.1 bitcoin (currently worth $177, but with a fluctuating value) to unlock files and programs.

How is the NSA tied in to this attack?

Once one user has unwittingly installed this particular flavour of ransomware on their own PC, it tries to spread to other computers in the same network. In order to do so, WanaCrypt0r uses a known vulnerability in the Windows operating system, jumping between PC and PC. This weakness was first revealed to the world as part of a huge leak of NSA hacking tools and known weaknesses by an anonymous group calling itself "Shadow Brokers" in April.

Was there any defence?

Yes. Shortly before the Shadow Brokers released their files, Microsoft issued a patch for affected versions of Windows, ensuring that the vulnerability couldn't be used to spread malware between fully updated versions of its operating system. But for many reasons, from lack of resources to a desire to fully test new updates before pushing them out more widely, organisations are often slow to install such security updates on a wide scale.

Who are the Shadow Brokers? Were they behind this attack?

In keeping with almost everything else in the world of cyberwarfare, attribution is tricky. But it seems unlikely that the Shadow Brokers were directly involved in the ransomware strike: instead, some opportunist developer seems to have spotted the utility of the information in the leaked files, and updated their own software accordingly. As for the Shadow Brokers themselves, no-one really knows, but fingers point towards Russian actors as likely culprits.

Will paying the ransom really unlock the files?

Sometimes paying the ransom will work, but sometimes it won't. For the Cryptolocker ransomware that hit a few years ago, some users reported that they really did get their data back after paying the ransom, which was typically around ฃ300. But there's no guarantee paying will work, because cybercriminals aren't exactly the most trustworthy group of people.

There are also a collection of viruses that go out of their way to look like ransomware such as Cryptolocker, but which won't hand back the data if victims pay. Plus, there's the ethical issue: paying the ransom funds more crime.

What else can I do?

Once ransomware has encrypted your files there's not a lot you can do. If you have a backup of the files you should be able to restore them after cleaning the computer, but if not your files could be gone for good.

Some badly designed ransomware, however, has been itself hacked by security researchers, allowing recovery of data. But such situations are rare, and tend not to apply in the case of widescale professional hits like the WanaCrypt0r attack.

How long will this attack last?

Ransomware often has a short shelf life. As anti-virus vendors cotton on to new versions of the malware, they are able to prevent infections originating and spreading, leading to developers attempting "Big Bang" introductions like the one currently underway.

Will they get away with it?

Bitcoin, the payment medium through which the hackers are demanding payment, is difficult to trace, but not impossible, and the sheer scale of the attack means that law enforcement in multiple countries will be looking to see if they can follow the money back to the culprits.

Why is the NHS being targeted?

The NHS does not seem to have been specifically targeted, but the service is not helped by its reliance on old, unsupported software. Many NHS trusts still use Windows XP, a version of Microsoft's operating system that has not received publicly available security updates for half a decade, and even those which are running on newer operating systems are often sporadically maintained. For an attack which relies on using a hole fixed less than three months ago, just a slight oversight can be catastrophic.

Attacks on healthcare providers across the world are at an all-time high as they contain valuable private information, including healthcare records.

Ransomware threat on the rise as 'almost 40% of businesses attacked'

[May 10, 2017] Link shorteners are really awefull and easily allow drive-by installation of malware.

Notable quotes:
"... When you paste the actual link shortner into a query with a search engine such as duckduckgo, it will usually return the actual link location as well as a warning should it be dubious. Not bullet proof, but then what is. ..."
"... All in all: never click a shortned URL and if a title is present and you deem it actually useful, copy paste the title in a search engine and it will probably land you on the proclamed web page. ..."
May 10, 2017 | www.moonofalabama.org
Link shorteners are really awefull and easily allow drive-by installation of malware.

Sorry, should have been more presise. When you paste the actual link shortner into a query with a search engine such as duckduckgo, it will usually return the actual link location as well as a warning should it be dubious. Not bullet proof, but then what is.

xor | May 8, 2017 10:23:47 AM | 30
(on the link shortners)

Link shorteners are really awful and easily allow drive-by installation of malware. You could easily create a shortened link that directs the browser to your mallicious webserver, this server checks your browser/OS to see if it can install something or not and when it's done do a redirect to the intended website. All this is done within seconds so you'd never have noticed unless you scanned the in and outgoing traffic but it would already be to late then. There is no rocket science involved so any script kiddy could do this.

All in all: never click a shortned URL and if a title is present and you deem it actually useful, copy paste the title in a search engine and it will probably land you on the proclamed web page.

runaway robot | May 8, 2017 10:57:45 AM | 31
Thanks for the good advice, exclusive or!

[May 10, 2017] How ISIS Evades the CIA by Philip Giraldi

By pushing the envelope CIA essentially armed terrorists is effective techniques of avoiding electronic eavedropping....
Notable quotes:
"... Terrorists now know that using cell phones is dangerous, that transferring money using commercial accounts can be detected, that moving around when a drone is overhead can be fatal, and that communicating by computer is likely to be intercepted and exposed even when encrypted. ..."
"... So they rely on couriers to communicate and move money while also avoiding the use of the vulnerable technologies whenever they can, sometimes using public phones and computers only when they are many miles away from their operational locations, and changing addresses, SIM cards, and telephone numbers frequently to confuse the monitoring. ..."
Jul 23, 2014 | www.theamericanconservative.com
America's high-tech spies aren't equipped to penetrate low-tech terrorist organizations

Terrorists now know that using cell phones is dangerous, that transferring money using commercial accounts can be detected, that moving around when a drone is overhead can be fatal, and that communicating by computer is likely to be intercepted and exposed even when encrypted.

So they rely on couriers to communicate and move money while also avoiding the use of the vulnerable technologies whenever they can, sometimes using public phones and computers only when they are many miles away from their operational locations, and changing addresses, SIM cards, and telephone numbers frequently to confuse the monitoring.

Technical intelligence has another limitation: while it is excellent on picking up bits and pieces and using sophisticated computers to work through the bulk collection of chatter, it is largely unable to learn the intentions of terrorist groups and leaders. To do that you need spies, ideally someone who is placed in the inner circle of an organization and who is therefore privy to decision making.

Since 9/11 U.S. intelligence has had a poor record in recruiting agents to run inside terrorist organizations-or even less toxic groups that are similarly structured-in places like Afghanistan, Iraq, and Syria. Information collected relating to the internal workings of al-Qaeda, the Taliban, dissident Sunni groups in Iraq, and now ISIS has been, to say the least, disappointing. To be fair this is often because security concerns limit the ability of American case officers to operate in areas that are considered too dangerous, which is generally speaking where the terrorist targets are actually located. Also, hostile groups frequently run their operations through franchise arrangements where much of the decision making is both local and funded without large cash transfers from a central organization, making the activity hard to detect.

Philip Giraldi, a former CIA officer, is executive director of the Council for the National Interest.

[May 07, 2017] More Spying and More Lying by Andrew Napolitano

As one commenter explained below, the encryption of communications change very little if all your communications are watched. Envelope (metadata) in enough to watch you pretty closely.
May 04, 2017 | www.unz.com

What the NSA does not tell the FISA court is that its requests for approvals are a sham. That's because the NSA relies on vague language in a 35-year-old executive order, known as EO 12333, as authority to conduct mass surveillance. That's surveillance of everyone - and it does capture the content of every telephone conversation, as well as every keystroke on every computer and all fiber-optic data generated everywhere within, coming to and going from the United States.

This is not only profoundly unlawful but also profoundly deceptive. It is unlawful because it violates the Fourth Amendment. It is deceptive because Congress and the courts and the American people, perhaps even the president, think that the FISA court has been serving as a buffer for the voracious appetite of the NSA. In reality, the NSA, while dispatching lawyers to make sophisticated arguments to the FISA court, has gone behind the court's back by spying on everyone all the time.

In a memo from a now-former NSA director to his agents and vendors, leaked to the public, he advised capturing all data from everyone all the time. This produces information overload, as there is more data than can be analyzed; each year, it produces the equivalent of 27 times the contents of the Library of Congress. Therefore, safety - as well as liberty - is compromised.

The recent mass killings in Boston, San Bernardino and Orlando were all preceded by text messages and cellphone conversations between the killers and their confederates. The NSA had the digital versions of those texts and conversations, but it had not analyzed them until after the killings - because it has and has had too much data to analyze in a critical and timely manner.

So, why did the NSA announce that it is pulling back from its customary uses of Section 702? To give the false impression to members of Congress that it follows the law. Section 702, the great subterfuge, expires at the end of this year, and the NSA, which has spied on Donald Trump since before he was president, fears the debate that will accompany the efforts to renew it - hence its softening public tone.

Eagle Eye , May 6, 2017 at 7:14 pm GMT

Does anyone seriously think that senior NSA officials do NOT personally ENRICH themselves through stock market manipulation in anticipation of earnings reports, mergers etc. based on illegal NSA intercepts?

Does anyone think that at least NO NSA officer EVER uses illegally intercepted information to blackmail others or otherwise to secure a secret advantage in dealing with others?

Does anyone think that Hillary's and the FBI's access to grossly illegal NSA intercepts was NOT a key factor in the 2016 presidential and Congressional elections?

Svigor , May 6, 2017 at 7:47 pm GMT

Here is the back story.

The backstory is that Trump has the power to fire them all, easily and without much in the way of red tape. And that he can't be relied upon not to do so.

So, why did the NSA announce that it is pulling back from its customary uses of Section 702? To give the false impression to members of Congress that it follows the law. Section 702, the great subterfuge, expires at the end of this year, and the NSA, which has spied on Donald Trump since before he was president, fears the debate that will accompany the efforts to renew it - hence its softening public tone.

Oh, and Trump can veto any renewal bill. Too bad he won't.

Svigor , May 6, 2017 at 7:49 pm GMT

What will happen with this privacy thingy is that people with stuff to hide (legitimate or not) will get their hands on strong encryption and the hoi polloi just doesn't care enough.

There needs to be a public movement toward encryption, so that everyone uses it. Then using it won't be prone to the abuse of "probable cause."

Eagle Eye May 6, 2017 at 10:25 pm GMT
@Svigor
What will happen with this privacy thingy is that people with stuff to hide (legitimate or not) will get their hands on strong encryption and the hoi polloi just doesn't care enough.
There needs to be a public movement toward encryption, so that everyone uses it. Then using it won't be prone to the abuse of "probable cause."

movement toward encryption

Think of a colleague, a personal enemy, a business partner, a spouse etc. Imagine you have access to their communications logs – a long list of times and other details of each email, text, USPS letter, phone call, wire transfer etc. to or from the subject, including the name of every person with whom she communicated, but NOT including the content of the message.

What conclusions could you draw from the following (with HT to Electronic Frontiers Foundation):

(1) Your business partner called a bankruptcy lawyer last Thursday and spoke for 27 minutes. You do not know what was discussed because the communication was encrypted.

(2) Your spouse made several hours-long phone calls, wired money to a sibling in Brazil on five occasions in 2 days, and contacted an airline. You do not know any details because the communications were encrypted.

(3) The senior dean of admissions at Princeton exchanged 17 encrypted emails with an individual in Saudi Arabia, and two days later received two bank transfers from another individual in Saudi Arabia to her numbered bank account in Moldova. You do not know the content of the emails, nor the amount of the wire transfers, because the communications were encrypted.

[May 05, 2017] William Binney - The Government is Profiling You (The NSA is Spying on You)

Very interesting discussion of how the project of mass surveillance of internet traffic started and what were the major challenges. that's probably where the idea of collecting "envelopes" and correlating them to create social network. Similar to what was done in civil War.
The idea to prevent corruption of medical establishment to prevent Medicare fraud is very interesting.
Notable quotes:
"... I suspect that it's hopelessly unlikely for honest people to complete the Police Academy; somewhere early on the good cops are weeded out and cannot complete training unless they compromise their integrity. ..."
"... 500 Years of History Shows that Mass Spying Is Always Aimed at Crushing Dissent It's Never to Protect Us From Bad Guys No matter which government conducts mass surveillance, they also do it to crush dissent, and then give a false rationale for why they're doing it. ..."
"... People are so worried about NSA don't be fooled that private companies are doing the same thing. ..."
"... In communism the people learned quick they were being watched. The reaction was not to go to protest. ..."
"... Just not be productive and work the system and not listen to their crap. this is all that was required to bring them down. watching people, arresting does not do shit for their cause ..."
Apr 20, 2017 | www.youtube.com
Chad 2 years ago

"People who believe in these rights very much are forced into compromising their integrity"

I suspect that it's hopelessly unlikely for honest people to complete the Police Academy; somewhere early on the good cops are weeded out and cannot complete training unless they compromise their integrity.

Agent76 1 year ago (edited)
January 9, 2014

500 Years of History Shows that Mass Spying Is Always Aimed at Crushing Dissent It's Never to Protect Us From Bad Guys No matter which government conducts mass surveillance, they also do it to crush dissent, and then give a false rationale for why they're doing it.

http://www.washingtonsblog.com/2014/01/government-spying-citizens-always-focuses-crushing-dissent-keeping-us-safe.html

Homa Monfared 7 months ago

I am wondering how much damage your spying did to the Foreign Countries, I am wondering how you changed regimes around the world, how many refugees you helped to create around the world.

Don Kantner, 2 weeks ago

People are so worried about NSA don't be fooled that private companies are doing the same thing. Plus, the truth is if the NSA wasn't watching any fool with a computer could potentially cause an worldwide economic crisis.

Bettor in Vegas 1 year ago

In communism the people learned quick they were being watched. The reaction was not to go to protest.

Just not be productive and work the system and not listen to their crap. this is all that was required to bring them down. watching people, arresting does not do shit for their cause......

[May 01, 2017] Several steps that are implementable to make your Web browser less of a gateway for malware

Notable quotes:
"... such as additional extension scripting in ..."
"... You click and if you have anything then IE high security mode for Internet sites (which prevents running any third party ActiveX or Java) you are hosed. ..."
www.softpanorama.org
  1. Use primitive browser like Links. In many cases it is adequate. Experimental/Enhanced Links (ELinks) is a fork of Links led by Petr Baudis. the latest stable version is 0.11.7, released on 2009-08-22. It has a more open development and incorporates patches from other Links versions (such as additional extension scripting in Lua) and from Internet users. You can also use Browser Link is a new feature in Visual Studio 2013 that creates a communication channel between the development environment and one or more web browsers in Visual Studio 2013

  2. Use special application that sandbox you browser such as Sandboxie (run on you desktop/laptop) or AirGap (runs in the clowd).

  3. Use external "browser hosting" site like Browser Sandbox , Cross Browser Testing Tool or Spoon.net Spoon.net is an excellent subscription service that allows users with a basic free subscription to run any of the latest browsers in a virtual machine; Sandboxing on your own desktop has problems: see Does sandbox security really protect your desktop InfoWorld The problem, then and now, is the sandbox wall remained permeable, so Trojans and other forms of malware can slip through the virtual sandbox into your desktop.

  4. Use DNS provider that protect you from malicious sites that Google propagates to the top of some "exotic" searches (for small amount of money ;-). For example OpenDNS can be used as you DNS provider (this actually helpful for any browser). This might help to prevent you from visiting sites that are systematically spreading malware as well as sites that were just created to do so (less then 30 days old sites). As period of existence of malware sites is pretty short befor they got into blacklist and are abamdoned. So by limiting your ability to browse sites that are less then say 30 or 90 days old you can improve the security of your browsing. Google sucks badly in this area (serving as a powerful advertizing channel for spyware), as they are way too greedy.

  5. For IE set high security mode for Internet Zone. The key idea is simple: use IE with high security mode for Internet Zone and medium in trusted zone where you should put all your regular visited sites. Typical way malware authors get into your computer is that they buy Google adwords and position their site high in some Web searches. You click and if you have anything then IE high security mode for Internet sites (which prevents running any third party ActiveX or Java) you are hosed. At the same time the most important sites (Amazon, your webmail, etc) that are crippled if Internet is assigned to high security mode can be still accessed if you put them in the trusted zone. This probably can be done automatically (Microsoft sucks big way by not providing more granular security modes and relevant automation), but even manually this maintenance step is not a big burden. The rule is simple: each time you add a favorite you also need to add it to Trusted zone. This probably should be done automatically.

    • You can use different browser for trusted site -- I personally use Firefox for such sites. but this requires strict discipline and this is not for every user (most user will follow this routine after spending six or more hours recovering from malware infection (and losing some money in he process), but after a couple of months this experience became forgotten and users return to their old, bad ways.

    • You can check when the domain was creates using simple Perl script running from CygWin session which lauches the broswer only if the site is checked for this criteria. That can probably be automated further and represent the most simple and effective security measure -- again malware distribution sites usually do not last that long. Most last less then a year. 30 days is probably a half-life for the majority of them. So avoid visiting sites that were created less then 90 days before you can somewhat diminish the level of your risk.

  6. Use private VPM provider which also provides some defense from malware.

  7. Run Your Web browser in VM which is possible with Windows 7 Professional and above by using Windows XP compatibility box.

  8. Use linux bootable from DVD on a separately ("disposable") computer (old Dell laptop or Windows smartphone are OK) connect to it using XRDP. That guarantee that the computer will be reimaged on each reboot. Also this is not standard configuration, which somewhat complicates hacking as the amount of free space is very limited, you can also kill automatically all processes outside your standard set.

[May 01, 2017] A free, almost foolproof way to check for malware

Notable quotes:
"... Neither the Sysinternals Process Explorer software nor the VirusTotal service cost anything at all. The whole setup process will take you about five minutes and the scan, which you can execute any time you like, takes less than a minute. Only malware in memory will be detected, but if you're infected, very likely that malicious process will be running -- and this easy method will sniff it out. Watch and learn. ..."
May 01, 2017 | www.infoworld.com
In this video, you'll learn how to download and run Windows Sysinternals Process Explorer to test all currently running executables on your Windows system against VirusTotal' s 57 antivirus engines, which together offer the best accuracy you can ever get (with a small percentage of false positives that are pretty easy to spot).

Neither the Sysinternals Process Explorer software nor the VirusTotal service cost anything at all. The whole setup process will take you about five minutes and the scan, which you can execute any time you like, takes less than a minute. Only malware in memory will be detected, but if you're infected, very likely that malicious process will be running -- and this easy method will sniff it out. Watch and learn.

[Apr 25, 2017] New leak exposes shady world of 'Stalkerware' surveillance software - RT Viral

Apr 25, 2017 | www.rt.com
New leak exposes shady world of 'Stalkerware' surveillance software Published time: 22 Apr, 2017 16:53 Get short URL New leak exposes shady world of 'Stalkerware' surveillance software The software even allows for monitoring of Tinder use. ฉ Edgar Su / Reuters

[Apr 20, 2017] Bill Binney explodes the Russia witchhunt

Mar 04, 2017 | www.youtube.com

He also exposes the NSA penchant for "swindles", such as preventing the plugging of holes in software around the world, to preserve their spying access.

Frank Oak 3 weeks ago Big Mike's boat 200 tons coke bust n Hussien on the run as cosmic Camelots​ crimes going viral

Marija Djuric 3 weeks ago Bill Binney should be head of the NSA

Nancy M 3 weeks ago The Clinton campaign to divert attention to Russia instead of her myriad of crimes that were revealed during the election must be stopped and the alt media needs to start talking about her and Obama's crimes again and demand justice...control the dialogue

John 3 weeks ago It's almost comical to hear that they lie to each other. No wonder why these retards in the mid-east and every other third world country gets the better of us.

[Apr 20, 2017] Bill Maher Interviews Bill Binney NSA Whistleblower Obama Worst Than Bush! Impeach Them ALL!

Apr 20, 2017 | www.youtube.com

Alex B 8 months ago

This man is definitely a patriot in the strictest sense

[Apr 20, 2017] NSA Whistleblower Everyone in US under virtual surveillance, all info stored, no matter the post

Notable quotes:
"... Who knew that the NSA mandate *is to exceed their mandate" ..."
Apr 20, 2017 | www.youtube.com

Ethercruiser 11 year ago

Great interview, thanks RT. I knew most of the material in this interview for years now, but it's good for it to get out whatever way possible. Hope you continue doing more such great interviews.

jake gittes 1 year ago

RT? Imagine the Russian equivalent? Golly, NSA out of control? Who knew? Who knew that the NSA mandate *is to exceed their mandate" .

If you were in prison for the last 15 yrs you would know that NSA security in triplicate is just doing what they've always been doing except that PRISM, restarted in 2007, is just updated software.

Jim Jimmy 2 years ago

there is one main reason they collect all information and target everyone, even members of congress and people like Angela merkel. If they have personal information on these powerful people there comes the chance to blackmail them. "vote this way on this" "consent to this policy". It's political leverage

Fighting Words 3 weeks ago

It's called POLICE STATE.

[Apr 17, 2017] Microsoft says users are protected from alleged NSA malware

Notable quotes:
"... In a blog post , Microsoft Corp. security manager Phillip Misner said that the software giant had already built defenses against nine of the 12 tools disclosed by TheShadowBrokers, a mysterious group that has repeatedly published NSA code . The three others affected old, unsupported products. ..."
"... "Most of the exploits are already patched," Misner said. ..."
"... The post knocked back warnings from some researchers that the digital espionage toolkit made public by TheShadowBrokers took advantage of undisclosed vulnerabilities in Microsoft's code. That would have been a potentially damaging development because such tools could swiftly be repurposed to strike across the company's massive customer base. ..."
Apr 17, 2017 | economistsview.typepad.com
im1dc, April 16, 2017 at 09:52 AM
Good to Know & Need to Know Data Security Information

"Microsoft says users are protected from alleged NSA malware"

http://abcnews.go.com/Technology/wireStory/microsoft-users-protected-alleged-nsa-malware-46815251

"Microsoft says users are protected from alleged NSA malware"

By Raphael Satter, AP Cybersecurity writer...PARIS...Apr 15, 2017

"Up-to-date Microsoft customers are safe from the purported National Security Agency spying tools dumped online, the software company said Saturday, tamping down fears that the digital arsenal was poised to wreak havoc across the internet.

In a blog post , Microsoft Corp. security manager Phillip Misner said that the software giant had already built defenses against nine of the 12 tools disclosed by TheShadowBrokers, a mysterious group that has repeatedly published NSA code . The three others affected old, unsupported products.

"Most of the exploits are already patched," Misner said.

The post knocked back warnings from some researchers that the digital espionage toolkit made public by TheShadowBrokers took advantage of undisclosed vulnerabilities in Microsoft's code. That would have been a potentially damaging development because such tools could swiftly be repurposed to strike across the company's massive customer base.

Those fears appear to have been prompted by experts using even slightly out-of-date versions of Windows in their labs. One of Microsoft's fixes, also called a patch, was only released last month .

"I missed the patch," said British security architect Kevin Beaumont, jokingly adding, "I'm thinking about going to live in the woods now."

Beaumont wasn't alone. Matthew Hickey, of cybersecurity firm Hacker House, also ran the code against earlier versions of Windows on Friday. But he noted that many organizations put patches off, meaning "many servers will still be affected by these flaws."

Everyone involved recommended keeping up with software updates.

"We encourage customers to ensure their computers are up-to-date," Misner said."

---

"Online:

Raphael Satter is reachable on: http://raphaelsatter.com"

[Apr 15, 2017] Leaks NSA Penetrated Mideast Banking Networks -- News from Antiwar.com

Apr 15, 2017 | news.antiwar.com

New leaked documents released by the Shadow Brokers includes information showing that the NSA penetrated Middle Eastern financial networks , initially with an eye toward being able to track all financial transactions in the region as an "anti-money laundering" effort.

This involved hacking into the region's SWIFT banking system, and unsurprisingly,, given the NSA's penchant for mission creep fairly quickly grew this into an effort not only to have access to the information on financial transactions, but to try to gain access to a long list of banks "of interest."

The leaks provided information showing that SWIFT bureau in the Middle East, EastNet, made some very poor security choices, which would've allowed the NSA to easily attack essentially all of the banks on the network, as soon as they had compromised the first one.

Documents showed at least five of the banks "of interest" had been compromised. It is unclear from the documents whether the NSA continues to have these banks' systems compromised and is continued to collect data from them, though at the very least they now have a heads up that it's going on.

[Apr 14, 2017] Top secret CIA virus control system WikiLeaks releases Hive from Vault7 series

This is a blue-print for the new generation of hacking tools
Notable quotes:
"... Described as a multi-platform malware suite, Hive provides "customisable implants" for Windows, Solaris, MikroTik (used in Internet routers), Linux platforms, and AVTech Network Video Recorders, used for CCTV recording. Such implants allow the CIA to communicate specific commands. ..."
"... A 2015 User Guide reveals the initial release of Hive came in 2010, and describes the software implant as having two primary functions – a beacon and interactive shell. Both are designed to provide an initial foothold to deploy other "full featured tools." ..."
"... The implants communicate via HTTPS with the webserver of a cover domain. Each cover domain is connected to an IP address at a commercial Virtual Private Server (VPS) provider. This forwards all incoming traffic to what's called a 'Blot' server. ..."
"... The redirected traffic is examined to see if it contains a valid beacon. If it does, it's sent to a tool handler, known as Honeycomb, where the CIA can initiate other actions on the target computer. ..."
"... The user guide details the commands that are available, including uploading and deleting files and executing applications on the computer. ..."
"... To hide the presence of such malware, WikiLeaks notes that the public HTTPS interface (a protocol for secure communication over a computer network within an encrypted connection) "utilizes unsuspicious-looking cover domains," ..."
"... the implant destroys itself if it's not signalled for a predetermined amount of time. Binary information regarding Hive is deleted from the host, leaving a log and configuration file containing only a timestamp. ..."
"... WikiLeaks says anti-virus companies and forensic experts have noticed "possible state-actor" ..."
"... The CIA's Hive project was created by its Embedded Development Branch (EDB). This branch was also responsible for projects detailed in WikiLeaks' 'Dark Matter' leak, revealing the CIA's attacks on Apple firmware. ..."
Apr 14, 2017 | www.rt.com
Hive, the latest batch of WikiLeaks documents exposing alleged CIA hacking techniques from 'Vault 7', details how the agency can monitor its targets through the use of malware and carry out specific tasks on targeted machines. Trends WikiLeaks CIA files

Described as a multi-platform malware suite, Hive provides "customisable implants" for Windows, Solaris, MikroTik (used in Internet routers), Linux platforms, and AVTech Network Video Recorders, used for CCTV recording. Such implants allow the CIA to communicate specific commands.

RELEASE: Inside the top secret CIA virus control system HIVE https://t.co/Bs6LmsVALz pic.twitter.com/y79IVSukK0

- WikiLeaks (@wikileaks) April 14, 2017

A 2015 User Guide reveals the initial release of Hive came in 2010, and describes the software implant as having two primary functions – a beacon and interactive shell. Both are designed to provide an initial foothold to deploy other "full featured tools."

The implants communicate via HTTPS with the webserver of a cover domain. Each cover domain is connected to an IP address at a commercial Virtual Private Server (VPS) provider. This forwards all incoming traffic to what's called a 'Blot' server.

The redirected traffic is examined to see if it contains a valid beacon. If it does, it's sent to a tool handler, known as Honeycomb, where the CIA can initiate other actions on the target computer.

The user guide details the commands that are available, including uploading and deleting files and executing applications on the computer.

'Brought to you by agency which produced Al-Qaeda & ISIS' - #Assange trolls CIA chief https://t.co/xgbZF7U68H

- RT (@RT_com) April 14, 2017

To hide the presence of such malware, WikiLeaks notes that the public HTTPS interface (a protocol for secure communication over a computer network within an encrypted connection) "utilizes unsuspicious-looking cover domains," meaning those targeted would be unaware of the CIA's interference.

A 'self-delete' function is described in documentation accompanying Hive, revealing that the implant destroys itself if it's not signalled for a predetermined amount of time. Binary information regarding Hive is deleted from the host, leaving a log and configuration file containing only a timestamp.

The self-delete was known to cause issues for the developers after running into complications caused by disparities in system clocks.

40 targets in 16 countries: Scale of CIA-linked #Vault7 hacking tools revealed by Symantec https://t.co/2IuixxyIhR pic.twitter.com/528zlN0eae

- RT (@RT_com) April 10, 2017

WikiLeaks says anti-virus companies and forensic experts have noticed "possible state-actor" malware using similar back-end infrastructure, but were unable to connect the back-end to CIA operations.

The Hive documents released Friday may allow experts to examine this kind of communication between malware implants and backend servers, WikiLeaks says.

The CIA's Hive project was created by its Embedded Development Branch (EDB). This branch was also responsible for projects detailed in WikiLeaks' 'Dark Matter' leak, revealing the CIA's attacks on Apple firmware.

READ MORE: #Vault7: WikiLeaks releases 'Dark Matter' batch of CIA hacking tactics for Apple products

[Apr 14, 2017] 'Brought to you by agency which produced Al-Qaeda ISIS' – Assange trolls CIA chief

Notable quotes:
"... "Called a 'non-state intelligence service' today by the 'state non-intelligence agency' which produced Al-Qaeda, ISIS, Iraq, Iran & Pinochet." ..."
"... "non-state hostile intelligence service," ..."
"... "he and his ilk make common cause with dictators." ..."
"... "firm and continuing policy " ..."
"... "We publish truths regarding overreaches and abuses conducted in secret by the powerful," ..."
Apr 14, 2017 | www.rt.com
Julian Assange has responded to CIA Director Mike Pompeo's accusation that WikiLeaks is a "non-state intelligence agency" by trolling the CIA over its own roles in producing "Al-Qaeda, ISIS, Iraq, Iran and Pinochet."

Called a "non-state intelligence service" today by the "state non-intelligence agency" which produced al-Qaeda, ISIS, Iraq, Iran & Pinochet.

- Julian Assange (@JulianAssange) April 14, 2017

Assange tweeted, "Called a 'non-state intelligence service' today by the 'state non-intelligence agency' which produced Al-Qaeda, ISIS, Iraq, Iran & Pinochet."

Pompeo accused WikiLeaks of siding with dictators and being a "non-state hostile intelligence service," at a Center for Strategic and International Studies event on Thursday. He called Assange and his associates "demons" and said "he and his ilk make common cause with dictators."

BREAKING: #WikiLeaks is 'hostile intel' and #Assange & his followers are 'demons' - CIA chief Mike #Pompeo https://t.co/DA5MmJIYWF pic.twitter.com/MjQ87lKJgR

- RT America (@RT_America) April 13, 2017

Assange in turn accused the CIA of producing terrorist groups and dictators. He said the CIA produced Al-Qaeda, referring to the agency's role in arming and training mujahideen fighters in Afghanistan to fight the Soviets during the 1970s, some of whom – including Osama Bin Laden – later evolved into Al-Qaeda and the Taliban.

Assange has previously stated that the CIA's role in arming the mujahideen led to Al-Qaeda, which led to 9/11, the Iraq invasion and, later, the formation of ISIS.

The CIA admitted it was behind the 1953 coup in Iran which overthrew Prime Minister Mohammad Mosaddeq and reinstalled the Shah, Mohammad Reza Pahlavi, whose 26 year rule led to the 1979 Islamic revolution.

#WikiLeaks releases more than 500k US diplomatic cables from 1979 https://t.co/9Ophyvp2zD

- RT America (@RT_America) November 28, 2016

Assange's Pinochet reference alludes to the CIA's "firm and continuing policy " to assist in the overthrowing of Chilean President Salvador Allende in 1973, and its support for dictator Augusto Pinochet.

Pompeo's attack on WikiLeaks appears to be in response to an op-ed Assange wrote in the Washington Post on Tuesday which referenced President Dwight D. Eisenhower's 1961 farewell speech, in which he warned of the dangers of the influence of the military industrial complex. Assange said the speech is similar to WikiLeaks' own mission statement.

READ MORE: 40 targets in 16 countries: Scale of CIA-linked #Vault7 hacking tools revealed by Symantec

"We publish truths regarding overreaches and abuses conducted in secret by the powerful," he said, going on to say that WikiLeaks' motives are the same as those of the New York Times and the Washington Post.

Pompeo himself has previously appeared to support WikiLeaks' revelations, while President Donald Trump praised the whistleblowing site on more than one occasion during the presidential election, even professing his love for WikiLeaks in October.

[Apr 12, 2017] Spy Merchants reveals for the first time how highly-invasive spyware, which can capture the electronic communications of a town, can be purchased in a 'grey market'

Apr 12, 2017 | marknesop.wordpress.com
Warren , April 10, 2017 at 4:17 am

Published on 10 Apr 2017
Al Jazeera's Investigative Unit enters the secretive world of the surveillance industry. Spy Merchants reveals for the first time how highly-invasive spyware, which can capture the electronic communications of a town, can be purchased in a 'grey market' where regulations are ignored or bypassed. Mass surveillance equipment can then be sold onto authoritarian governments, criminals or even terrorists.

During a four-month undercover operation, an industry insider working for Al Jazeera filmed the negotiation of several illegal, multi-million dollar deals that breach international sanctions. The proposed deals include the supply of highly restricted surveillance equipment to Iran. The undercover operative also secured an extraordinary agreement to purchase powerful spyware with a company who said they didn't care who was the end-user.

[Apr 12, 2017] Symantec Links CIA Leaks to Cyberattacks in 16 Countries

Apr 12, 2017 | marknesop.wordpress.com

et Al , April 11, 2017 at 8:19 am

Antiwar.com: Symantec Links CIA Leaks to Cyberattacks in 16 Countries
http://news.antiwar.com/2017/04/10/symantec-links-cia-leaks-to-cyberattacks-in-16-countries/

Says Methods Described in Leaks Linked to 'Longhorn' Operations

Internet and computer security company Symantec has issued a statement today related to the Vault 7 WikiLeaks documents leaked from the CIA, saying that the methods and protocols described in the documents are consistent with cyberattacks they'd been tracking for years.

Symantec says they now believe that the CIA hacking tool Fluxwire is a malware that had been known as Corentry, which Symantec had previously attributed to an unknown cyberespionage group called Longhorn, which apparently was the CIA.

They described Longhorn as having been active since at least 2011, and responsible fro attacks in at least 16 countries across the world, targeting governments and NGOs, as well as financial, energy, and natural resource companies, things that would generally be of interest to a nation-state

marknesop , April 11, 2017 at 5:13 pm
Sure sounds like state-sponsored hacking to me.

[Apr 10, 2017] WikiLeaks New files show how CIA hides malware on Windows computers

Apr 10, 2017 | www.politico.com
Eric Geller

It is unclear how other then using boot virus technology you can secure preservation of malware after reinstallation from of a clean source. For small drivers there might be possibility to find them and then patch directly on disk bypassing filesystem layer. But UEFI boot protects the computer from boot viruses So those guys probably need help from Microsoft by installing "poisoned" updates. Booting from infected USB is another obvious path.

04/07/17

... The new batch of 27 documents includes alleged manuals for the spy agency's Grasshopper program, which WikiLeaks says the CIA uses to build Windows malware.

... Most of the documents describe how the CIA builds "persistence modules," software that lets malware survive on a target machine despite reboots, reinstallations and other attempts to wipe the system clean.

One alleged persistence module, "Stolen Goods," uses code from the Carberp malware tool, which is believed to come from Russia's criminal hacker underground.

Some of the other modules - with code names like "Wheat," "Crab" and "Buffalo" - smuggle malware onto a system and preserve it using Windows components like drivers and executable files. Another module, "Netman," piggybacks on Windows' network connection system.

WikiLeaks said its release of the files offered "directions for those seeking to defend their systems to identify any existing compromise."

[Apr 09, 2017] WikiLeaks New files show how CIA hides malware on Windows computers

Apr 09, 2017 | www.politico.com
Eric Geller

04/07/17 11:40 AM EDT Share on Facebook Share on Twitter

WikiLeaks on Friday released more files that it says reveal the CIA's efforts to hack consumer electronics - this time focusing on flaws in Microsoft's Windows operating system.

The new batch of 27 documents includes alleged manuals for the spy agency's Grasshopper program, which WikiLeaks says the CIA uses to build Windows malware. The online activist group had previously released files March 23 on the CIA's hacking of Apple Macs and iPhones, and March 31 on the agency's tools for thwarting investigators and antivirus programs.

Most of the documents describe how the CIA builds "persistence modules," software that lets malware survive on a target machine despite reboots, reinstallations and other attempts to wipe the system clean.

One alleged persistence module, "Stolen Goods," uses code from the Carberp malware tool, which is believed to come from Russia's criminal hacker underground.

Some of the other modules - with code names like "Wheat," "Crab" and "Buffalo" - smuggle malware onto a system and preserve it using Windows components like drivers and executable files. Another module, "Netman," piggybacks on Windows' network connection system.

WikiLeaks said its release of the files offered "directions for those seeking to defend their systems to identify any existing compromise."

[Apr 03, 2017] Mike Morell CIA leak an inside job

Apr 03, 2017 | www.youtube.com
Mar 11, 2017

Employees of the Central Intelligence Agency find themselves in challenging times. The agency is dealing with the release by WikiLeaks of top-secret documents, apparently detailing highly-classified surveillance methods, and a fraught relationship with President Trump, who has criticized the intelligence community ever since he campaigned for president. CBS News senior security contributor Michael Morell, former deputy director of the CIA, discusses the state of the agency, and what it means for America's security.

Get the latest news and best in original reporting from CBS News delivered to your inbox. Subscribe to newsletters HERE: http://cbsn.ws/1RqHw7T

Get your news on the go! Download CBS News mobile apps HERE: http://cbsn.ws/1Xb1WC8

Get new episodes of shows you love across devices the next day, stream local news live, and watch full seasons of CBS fan favorites anytime, anywhere with CBS All Access. Try it free! http://bit.ly/1OQA29B

---
Delivered by Charlie Rose, Norah O'Donnell and Gayle King, "CBS This Morning" offers a thoughtful, substantive and insightful source of news and information to a daily audience of 3 million viewers. The Emmy Award-winning broadcast presents a mix of daily news, coverage of developing stories of national and global significance, and interviews with leading figures in politics, business and entertainment. Check local listings for "CBS This Morning" broadcast times. Geral Hammonds 3 weeks ago

Jfk wanted to disband the CIA (Military industrial complex ) and i guess the CIA didn't like that very much and let Kennedy know how kuch they didn't like that in the most violent way possible, :(. And its really strange that the democrats are pro deep state, pro war, just advocates for the CIA. But then again anything an anyone that is anti Trump is goo for them, Since the guy from the apprentice has completely devistated them as individuals and as a political party.
Diane Watson 3 weeks ago
Sure, the CIA always follows the law, I'm sure American citizens have never been targeted by them....uh-huh.

econogate 3 weeks ago
And monkeys fly out my butt.
busymountain 2 weeks ago
The US government and president is not your customer - you are our employee.
Yvette Campos 2 weeks ago
At 2:25 , Hillary supporter Mike Morell even admits that someone in the Obama CIA leaked info. Reports are that in December, 2016, a small group of IT contractors gave the info to WikiLeaks. Obama has other people do the dirty work for him.
Peter Lemmon 3 weeks ago
CIA killed journalist Mike Hastings with remote crashing his car. CIA has surpassed the authority of the NSA. CIA has no oversight, not even by President Trump. They are colluding with media to destroy Trump's presidency via revealing lies manufactured to bring criminal charges on him.

CIA is out of control, need the entire senior officers fired, investigated, charged and imprisoned or executed for treason & espionage & Title 8. If CIA does this to a president, they will do it to Americans who interfere with their criminal activities world-wide.

Rezarf 3 weeks ago
another MSM whitewash .... a ex CIA talking head minimising the illegalities of CIA actions and promoting a big $$$$ spend on an upgrade of CIA systems.... no doubt the US zombie public will swallow it hook line and sinker. There is no future for the US , it will either cause a WW3 scenario or disintegrate in to an internal civil conflict....
I. Sokolov 3 weeks ago
Mike Morell interview reveal it ia an inside job and many in the CIA is disillusioned, demoralized, and become Whistle Blowers! There have been to many scandals and leaks. The entire US Intelligence INDUSTRY must be dismantled and then rebuild. \

It is deeply troubling that sensitive data that can create huge problems is released. There is too many with security clearance to look at the data. Security clearance should only be given for the data relevant to do their job. The NSA collects all our data, all the time, and can query/search the database for something as simple as a phone number, IP address, bank account or name.

If the NSA, FBI, or CIA wants email or phone calls, on Trump or Flynn all they must do is query their name or phone number or email and date range. Bingo, they got it! This is going on 24/7. They capture all data flowing through the major fiber optic lines in the US. Over 5,000 people in the intel community are assigned to do nothing but mine this data.The NSA, CIA, and FBI have access to the information realtime, anytime! All of this is done without a warrant. Hell, who needs a FISA request? They have everything, and thousands of intel personnel have access to the information! You wonder why Jim Comey and others are freaking out! This is totally illegal. It was part of an Executive Order issued with the intent of pursuing drug dealers and know criminals NOT spying on the American people, but of course they wouldn't do that, or Would They? Businesses world-wide has now to spend large sums of money protecting themselves against CIA criminally invented malware and viruses. More than 1,5 BILLION phones and computers using Apple or Android operating system is affected. So far only 1% of Vault 7 released. What if the remaining 99% contain top-secret information on US neuro science programs (Mind and Mass Control). No problem, if this top-secret programs falls into the hands of Russia or China, since their neuro science programs is even better, but it would be a catastrophe if Mr. Kim in North Korea got hold of it and continued developing it.

[Mar 25, 2017] Putin is not the only one who knows how to play a Dead Hand

Mar 25, 2017 | www.zerohedge.com
warsev Mar 25, 2017 6:40 PM

Thing is, if Binney was actually a problem for the NSA et. al, the problem would be quickly eliminated. That he's still around to say what he says means that the NSA at least doesn't care, or more likely that he's a controlled disinformation mouthpiece.

Let the downvotes commence...

Not Too Important -> warsev Mar 25, 2017 6:49 PM

Or his 'insurance policy' is as big as Snowden's and Montgomery's. Putin isn't the only one that knows how to play a 'Dead Hand'.

Winston Churchill -> warsev Mar 25, 2017 6:54 PM

He probably has something much more dangerous to them to be released on a dead mans switch.

9/11 the full story perhaps.

CnStiggs Winston -> Churchillmm Mar 25, 2017 7:10 PM Indeed.

Like Kevin Shipp. I just got his book, "From The Company of Shadows" about his career in the CIA.

Paper Mache -> Winston Churchill Mar 25, 2017 7:34 PM

II was thinking about that today. How is this man still alive, given the information he was talking about to Carlson?

I hope that the climate continues to warm towards whistleblowers, and more and more honest whistle blowers come forward to speak up. It''s the way to drain the sulphurous swamp. 9/11 might could surface and blow that way .

Perhaps Trump should start looking at Snowdon and Assange in completely different light too.

crossroaddemon -> warsev Mar 25, 2017 8:12 PM

That's what I was thinking, too. To consider this genuine, or at least important, one has to assume that there's an uncompromised press outlet.

I don't believe that. I think wikileaks is a psyop as well. Maybe even Snowden.

[Mar 24, 2017] C.I.A. Developed Tools to Spy on Mac Computers, WikiLeaks Disclosure Shows

The documents posted by WikiLeaks suggest that the C.I.A. had obtained information on 14 security flaws in Apple's iOS operating system for phones and tablets. The leaked documents also identified at least two dozen flaws in Android, the most popular operating system for smartphones, which was developed by Alphabet's Google division.
Notable quotes:
"... The spy software described in the latest documents was designed to be injected into a Mac's firmware, a type of software preloaded in the computer's chips. It would then act as a "listening post," broadcasting the user's activities to the C.I.A. whenever the machine was connected to the internet. ..."
"... A similar tool called NightSkies was developed in 2009 to spy on iPhones, the documents said, with the agency figuring out how to install it undetected before a new phone was turned on for the first time. (Apple said that flaw affected only the iPhone 3G and was fixed in all later models.) ..."
"... By rewriting the firmware of a computer or a phone, tools that operate at the chip level can hide their existence and avoid being wiped out by routine software updates. ..."
Mar 24, 2017 | www.nytimes.com

The C.I.A. developed tools to spy on Mac computers by injecting software into the chips that control the computers' fundamental operations, according to the latest cache of classified government documents published on Thursday by WikiLeaks .

Apple said in a statement Thursday evening that its preliminary assessment of the leaked information indicated that the Mac vulnerabilities described in the disclosure were previously fixed in all Macs launched after 2013.

However, the documents also indicated that the Central Intelligence Agency was developing a new version of one tool last year to work with current software.

The leaked documents were the second batch recently released by WikiLeaks, which said it obtained a hoard of information on the agency's cyberweapons programs from a former government worker or contractor. The first group of documents , published March 7, suggested that the C.I.A. had found ways to hack Apple iPhones and Android smartphones, Microsoft Windows computers, Cisco routers and Samsung smart televisions.

Since the initial release of the C.I.A. documents, which the agency has not confirmed are authentic, major technology companies have been scrambling to assess whether the security holes exploited by the C.I.A. still exist and to patch them if they do.

All of the surveillance tools that have been disclosed were designed to be installed on individual phones or computers. But the effects could be much wider. Cisco Systems, for example, warned customers this week that many of its popular routers, the backbone of computer networks, could be hacked using the C.I.A.'s techniques.

... ... ...

The spy software described in the latest documents was designed to be injected into a Mac's firmware, a type of software preloaded in the computer's chips. It would then act as a "listening post," broadcasting the user's activities to the C.I.A. whenever the machine was connected to the internet.

A similar tool called NightSkies was developed in 2009 to spy on iPhones, the documents said, with the agency figuring out how to install it undetected before a new phone was turned on for the first time. (Apple said that flaw affected only the iPhone 3G and was fixed in all later models.)

Although most of the tools targeted outdated versions of the Apple devices' software, the C.I.A.'s general approach raises new security concerns for the industry, said Eric Ahlm, who studies cybersecurity at Gartner, a research firm. By rewriting the firmware of a computer or a phone, tools that operate at the chip level can hide their existence and avoid being wiped out by routine software updates.

Under an agreement struck during the Obama administration, intelligence agencies were supposed to share their knowledge of most security vulnerabilities with tech companies so they could be fixed. The C.I.A. documents suggest that some key vulnerabilities were kept secret for the government's use.

The C.I.A. declined to comment Thursday, pointing reporters to its earlier statement about the leaks, in which it defended its use of "innovative, cutting-edge" techniques to protect the country from foreign threats and criticized WikiLeaks for sharing information that could help the country's enemies.

[Mar 23, 2017] Houston, we have a problem

Notable quotes:
"... Now we have "synthetic" surveillance. You don't even need a court order. Now all incidental communication intercepts can be unmasked. One can search their huge databases for all the incidental communications of someone of interest, then collect all of the unmasked incidental communications that involve that person and put them together in one handy dandy report. Viola! You can keep tabs on them every time they end up being incidentally collected. ..."
"... You ever went to an embassy party? Talked to a drug dealer or mafia guy without being aware of it? Correspond overseas? Your communications have been "incidentally" collected too. There is so much surveillance out there we have probably all bounced off various targets over the last several years. ..."
"... This is what police states do. In the past it was considered scandalous for senior U.S. officials to even request the identities of U.S. officials incidentally monitored by the government (normally they are redacted from intelligence reports). John Bolton's nomination to be U.S. ambassador to the United Nations was derailed in 2006 after the NSA confirmed he had made 10 such requests when he was Undersecretary of State for Arms Control in George W. Bush's first term. The fact that the intercepts of Flynn's conversations with Kislyak appear to have been widely distributed inside the government is a red flag. ..."
"... Representative Devin Nunes, the Republican chairman of the House Permanent Select Committee on Intelligence, told me Monday that he saw the leaks about Flynn's conversations with Kislyak as part of a pattern. ..."
"... The real story here is why are there so many illegal leaks coming out of Washington? Will these leaks be happening as I deal on N.Korea etc? ..."
"... But no matter what Flynn did, it is simply not the role of the deep state to target a man working in one of the political branches of the government by dishing to reporters about information it has gathered clandestinely. ..."
"... It is the role of elected members of Congress to conduct public investigations of alleged wrongdoing by public officials.. ..."
Mar 23, 2017 | www.zerohedge.com

TeethVillage88s , Mar 23, 2017 6:54 PM

Yes, they have your Apples too:

Crash Overide -> aloha_snakbar , Mar 23, 2017 7:39 PM

Maxine Waters: 'Obama Has Put In Place' Secret Database With 'Everything On Everyone'

Vilfredo Pareto , Mar 23, 2017 7:01 PM

The rank and file of the IC are not involved in this. So let's not tar everyone with the same brush, but Obama revised executive order 12333 so that communication intercepts incidentally collected dont have to be masked and may be shared freely in the IC.

Now we have "synthetic" surveillance. You don't even need a court order. Now all incidental communication intercepts can be unmasked. One can search their huge databases for all the incidental communications of someone of interest, then collect all of the unmasked incidental communications that involve that person and put them together in one handy dandy report. Viola! You can keep tabs on them every time they end up being incidentally collected.

You ever went to an embassy party? Talked to a drug dealer or mafia guy without being aware of it? Correspond overseas? Your communications have been "incidentally" collected too. There is so much surveillance out there we have probably all bounced off various targets over the last several years.

What might your "synthetic" surveillance report look like?

Chupacabra-322 , Mar 23, 2017 7:04 PM

It's worth repeating.

There's way more going on here then first alleged. From Bloomberg, not my choice for news, but There is another component to this story as well -- as Trump himself just tweeted.

It's very rare that reporters are ever told about government-monitored communications of U.S. citizens, let alone senior U.S. officials. The last story like this to hit Washington was in 2009 when Jeff Stein, then of CQ, reported on intercepted phone calls between a senior Aipac lobbyist and Jane Harman, who at the time was a Democratic member of Congress.

Normally intercepts of U.S. officials and citizens are some of the most tightly held government secrets. This is for good reason. Selectively disclosing details of private conversations monitored by the FBI or NSA gives the permanent state the power to destroy reputations from the cloak of anonymity.

This is what police states do. In the past it was considered scandalous for senior U.S. officials to even request the identities of U.S. officials incidentally monitored by the government (normally they are redacted from intelligence reports). John Bolton's nomination to be U.S. ambassador to the United Nations was derailed in 2006 after the NSA confirmed he had made 10 such requests when he was Undersecretary of State for Arms Control in George W. Bush's first term. The fact that the intercepts of Flynn's conversations with Kislyak appear to have been widely distributed inside the government is a red flag.

Representative Devin Nunes, the Republican chairman of the House Permanent Select Committee on Intelligence, told me Monday that he saw the leaks about Flynn's conversations with Kislyak as part of a pattern. "There does appear to be a well orchestrated effort to attack Flynn and others in the administration," he said. "From the leaking of phone calls between the president and foreign leaders to what appears to be high-level FISA Court information, to the leaking of American citizens being denied security clearances, it looks like a pattern."

@?realDonaldTrump?

The real story here is why are there so many illegal leaks coming out of Washington? Will these leaks be happening as I deal on N.Korea etc?

President Trump was roundly mocked among liberals for that tweet. But he is, in many ways, correct. These leaks are an enormous problem. And in a less polarized context, they would be recognized immediately for what they clearly are: an effort to manipulate public opinion for the sake of achieving a desired political outcome. It's weaponized spin.............

But no matter what Flynn did, it is simply not the role of the deep state to target a man working in one of the political branches of the government by dishing to reporters about information it has gathered clandestinely.

It is the role of elected members of Congress to conduct public investigations of alleged wrongdoing by public officials.. ..... But the answer isn't to counter it with equally irregular acts of sabotage - or with a disinformation campaign waged by nameless civil servants toiling away in the surveillance state.....

[Mar 17, 2017] Orwells 1984 was not a complete work of fiction, but a successful blueprint for full statist control

Notable quotes:
"... His book Animal Farm was a satire on Stalin and Trotsky and 1984 * gave readers a glimpse into what would happen if the government controlled every detail of a person's life, down to their own private thoughts. (*online bio). The battles in Europe were life and death with the goal of survival. ..."
"... We are now programed (propagandized) from pre school to the home for the elderly. We are initially taught as children, continue through college, and are forever conditioned by media such as TV, Movies, Radio, Newspapers and Advertising our entire lives. The younger generations are not taught to think independently or critically but instead indoctrinated with pre packaged knowledge 'propaganda' while older generations assess outcomes from a different perspective. There is as a result, a clash within the society which we are experiencing today. ..."
"... 1984 was about controlling the news and airwaves. Farenheit 451 was about burning history. The two go hand in hand. ..."
"... The similarity of the major networks evening "news" programs has given rise to a report that, each day, a list of ten or twelve "acceptable" news stories is prepared by British Intelligence in London for the networks, teletyped to Washington, where the CIA routinely approves it, and then delivered to the networks. ..."
"... The "selectivity" of the broadcasters has never been in doubt. Edith Efron, in "The News Twisters," (Manor Books, N.Y., 1972) cites TV Guide's interview with David Brinkley, April 11, 1964, with Brinkley's declaration that "News is what I say it is. It's something worth knowing by my standards." This was merely vainglorious boasting on Brinkley's part, as he merely reads the news stories previously selected for him. ..."
"... "REMEMBER THE MAINE!" That false flag headline is over a century old. ..."
"... Next time you are in a Best Buy.. go up to the Geek Squad guy and say... "So how does it feel to work for the CIA " ..."
"... Fuck the Washington Post. As Katherine Austin Fitts has suggested, it is essentially the CIA's Facebook wall. The same could be said of the NYT as well. ..."
"... James Rosen from Fox, he was at a state dept briefing with that little weasel Kirby, and Kirby stated that the negotiations over the Iran "deal" were all overt and "above the table." He remembered, tho, a briefing years earlier from the witch Psaki, who stated that sometimes, in interests of expedience, aspects of the negotiations are not made public. ..."
"... Rosen goes back to state dept video archives, finds out that his whole exchange with Psaki has been erased. Weasel Kirby, when asked how this happened, who did it, who ordered it, blames it on a "technical glitch." ..."
Mar 11, 2017 | www.zerohedge.com

FreedomWriter -> TheWrench , Mar 11, 2017 10:12 AM

Snowflakes should also learn the depressing fact that Orwell's 1984 was not a complete work of fiction, but a successful blueprint for full statist control.

Orwell was dying of tuberculosis when he wrote "1984" and passed away after its publication in 1949. Once you have their attention and they have read the book, it is time to show snowflakes the MANY obvious parallels between Orwellian concepts and modern society.

NEWSPEAK AND THOUGHT CRIME

You can start with soft targets like Newspeak (today's examples include gems like cis-gender labels and other politically correct BS).

Now move to the "thought police" and thought crime in general.

Explain how thought and speech crime keep the globalist model alive and ticking by discouraging independent thought and discussion.

Explain how state-financed institutions seek to implant these concepts at an early age and onwards into university education.

Provide real-life newspeak and double-think examples, such as "police-action" "regime-change", "coalition of the willing" and "collateral damage". Show how these are really just PC euphemisms for "wars of aggression" and "murder". If you have a picture of a droned wedding party handy, now is the time to use it.

Also mention people who have been silenced, prosecuted or even killed for committing "hate crimes" or other political blasphemies. Explain how this often occurs while they are standing up for or using their constitutionally protected human rights.

Name some of these people: Randy and Vicki Weaver, David Koresh, Marine Le Pen, Geert Wilders, Julian Assange, William Binney, Edward Snowden and Chelsea Manning

Show them how this trend is ongoing both in the USA and abroad, and is primarily being deployed against populist politicians who promote more individual rights and reduced state control over citizens. Ask them whether or not they can see a pattern developing here.

Above all, d on't waste time with cheap shots at identity politics and its absurd labelling. This will just polarize the more brainwashed members of your audience. Stick to the nitty gritty and irrefutable facts.

And be very careful here, because if they have insufficient vocabulary to understand or critique what you are saying, you will lose them. Which was the whole point of Newspeak. Of course you can use this failed learning opportunity to demonstrate just how successful the Newspeak program has been.

TELESCREENS

Tell them about the real life "Telescreens" that can now listen to you, even when turned off. Name one of their known manufacturers: Samsung and users: Central Intelligence Agency

Show them how these same telescreens are used to pump out constant lies from the MSM whenever they are turned on. Name some of these organizations: CNN, BBC, MSNBC, FOX, etc.

MASS SURVEILLANCE and the "PANOPTICON"

Talk to them about the modern surveillance state and how it will always be abused by corporate globalists and corrupt elites.

Describe how mass-surveillance service providers (MSSPs) and MSM stooges have become obscenely rich and powerful as the real-life proles (who were 85% of the population in "1984") struggle to put food on the table, pay their debts, find a decent job or buy a home. Tell them to find out how much wealth is owned by 8 very wealthy people relative to the poorest half of the world, and how this trend is accelerating. Name a few of them: Bill Gates, Mark Zuckerberg, Carlos Slim, etc.

Show how the previously enacted, totalitarian US policies, programs and laws have been extensively deployed, lobbied for, used and abused by the very Big-Brothers (Clinton and Obama) they so adored. Even George W is swooning progressives again.

Name some of these policies, programs and laws: Patriot Act, SOPA, US Telecommunications Act, FISA, Echelon, PRISM, and Umbrage

Explain why this whole surveillance system, its operators and proponents must be completely dismantled and reined in or imprisoned, unless we wish all whistle blowers, dissidents and normal citizens to end up like Winston Smith.

ETERNAL WAR AND THE BROTHERHOOD

Explain how eternal war keeps the proles from getting too restless and questioning their leaders. How it leads to modern strategic idiocies like "Osama Bin Laden and the Mujahedeen are steadfast allies against Russian totalitarianism, which is why the CIA needs to give them Stingers" (aka Operation Cyclone). Or the illegal provision of arms and funds to countries with questionable human rights records (KSA, Iran, Nicaragua, Guatemala, Israel.....)

Explain how this leads to, nay requires, state-propagated lies like WMD to justify illegal military actions against sovereign nation states like Iraq, Libya and Syria.

Show how 9/11 was used to target a former-ally Osama and his Taliban brotherhood and prepare the terrain for eternal war, even though the real criminals were actually in DC, Riyadh and other world capitals. Explain how letting Osama escape from Tora Bora was all part of this intricate plan for the PNAC, until he finally outlived his usefulness as a bogeyman. If they disagree, ask for their counter-argument and proofs.

Explain how these same criminals then made a financial killing when our real life Oceania went to war bigly with Eastasia. How this resulted in over a million civilian deaths (half of them children), around 80,000 terrorists and perhaps 10,000 uniformed soldiers/contractors. Show them videos where US officials justify this slaughter as "worth it", unimportant or irrelevant. Ask what kind of individuals could even say these things or let them happen. If they can't answer, name a few: Madeleine Albright, Hillary Clinton, Barack Obama, George W. Bush and Dick Cheney.

At this point, you may need to take a break as listeners will soon have trouble distinguishing between real-life events and those in Orwell's book.

WAR IS PEACE, FREEDOM IS SLAVERY, IGNORANCE IS STRENGTH

Next, explain how real, imagined or simulated terrorist outrages can be manipulated to influence electorates. This is done by creating or allowing atrocities that frighten citizens into seeking "safety". These citizens will then vote in corrupt, globalist leaders who promise to keep them safe. These same leaders can then curtail freedoms in their previously democratic, freedom-loving nation states. New terrorist threats can always be used to justify more restrictions on free movement and state-mandated invasions of personal privacy.

If your snowflakes don't agree with this, name some leaders responsible for bad laws, policies and the ensuing restrictions on civil liberties:

Tony Blair, George W Bush, Angela Merkel, Theresa May and Francois Hollande.

Name some events as well: Oklahoma City, 911, 7/7 Sandy Hook, 11-M

Also mention that the USA has not waged a single legal, constitutional, Congress-declared war since 1945. But that the USA has been involved in hot or cold wars for all but 5 of the past 71 years.

HISTORY AND BACKGROUND

Tell them that Orwell's original book title was actually "1944" (already past), but that his publisher vetoed this choice saying it could hurt sales.

Then explain how 1944-45 was actually the perfect crucible for the divisive, right-left political paradigm we live in today and many of the concepts presciently described in Orwell's chilling masterpiece.

EPILOGUE

Tell them everything, until their brains hurt, their eyes water and their ears bleed.

Eventually even the iciest snowflakes will get it.

Of course, some will cry, and some will have temper tantrums and meltdowns.

But a few might just wake up, start reading real books and get a proper education.

This is when the healing can begin.

Those thinking a career in gender-diversity-issue management is still the way forward may figure it out later, God help them. Until then, we should just pity them.

dearth vader , Mar 11, 2017 5:03 AM

Ira Levin's "This Perfect Day" (1970) is from the same dystopian mold. In the late Eighties, my then teenage daughter kept reading it, till it literally fell apart.

How technology has "advanced"! People in this phantasy had to wear bracelets with which they checked in and out of buildings and areas. Reality always seems to surpass the imaginative powers of SF-writers.

Maestro Maestro , Mar 11, 2017 5:16 AM

The problem is not your government.

YOU are the problem.

Your government is not populated by reptilians from outer space. The politicians and the bankers, lawyers are YOUR sons and daughters. You gave birth to them, you educated them, you taught them their values.

YOU pull the trigger when the government says KILL! YOU vote Democrat or Republican EVERY TIME. Yet you have the temerity to blame them when you don't get what you wanted.

Scum,

Hitler didn't kill anyone as fas as we know, in WWII. People [YOU] killed people. You blame the Jews because the wars they incite you to fight result in blowback to you. Why do you blame them because YOU jumped when they said JUMP! YOU are the ones flying the fighter jets and firing the tank shells against foreign populations living 10,000 miles away from your land, and who have not attacked you. NO ONE does anything unless they wanted to, in the first place. In any case, YOU are responsible for YOUR actions. This we all know.

Even your own money the US dollar is illegal according to your own US Constitution (Article 1, Section 10) yet you commit mass murder and mass torture throughout the world in order to impose it on everyone?

Fuck you, American.

BrownCoat , Mar 11, 2017 6:59 AM

The liberals are promoting the book (Nineteen Eighty-Four). IMO, that's great! Orwell's book is a classic and accurately describes features in our current society.

The downside is that the liberals won't understand it . They are promoting the idea that Trump is a fascist. They don't see that they themselves are fascists (albeit a different brand of fascism). Ironic that the book could help them see past the indoctrinated haze of their perspective, but it won't. The future, from my perspective, is a boot stamping on a human face forever.

Robert of Ottawa -> BrownCoat , Mar 11, 2017 8:09 AM

Fascism as a style of government rather than philosophy .

RevIdahoSpud3 , Mar 11, 2017 9:07 AM

I read 1984 in 1960 as a freshman in HS. Spent the next 24 years waiting. I don't remember details but I do remember it was upsetting at the time to picture my future as depicted by Orwell. It might be more interesting to me now to go back to the publishing date and study the paradigm that Orwell lived under to get a perspective of his mindset. He wasn't a US citizen. He was born in India, moved to England with his mother, had little contact with his father, was sickly and lonely as a child and suffered from tuberculosis as an adult, served in Burma for five years as a policeman, fought Soviet backed Communsts in the Spanish Civil War, fought Facism, believed in Democratic socialism or Classless socialism.

His book Animal Farm was a satire on Stalin and Trotsky and 1984 * gave readers a glimpse into what would happen if the government controlled every detail of a person's life, down to their own private thoughts. (*online bio). The battles in Europe were life and death with the goal of survival.

The European cauldron produced or nurtured, IMO, the seeds of most social evils that exist today. In Orwell's era society was changing and reacting to the Machine age which was followed by the Atomic age, the Space age and to the current Information age. He died in 1950 but in his environment, the Machine age is where he related. The forces (of evil) at work in his era still exist today with the additions of the changes brought by the later ages. We don't contend with the physical (at least not initially) conquerors such as the Genghis Khan, Mohamed, Alexander, Roman conquest etc. of the past but the compulsion of others to control our lives still exists just in different forms. We as a society react or comply and have the same forces to deal with as did Orwell but also those that resulted in the later eras. 1984 was actually the preview of the information age that Orwell didn't experience.

We are now programed (propagandized) from pre school to the home for the elderly. We are initially taught as children, continue through college, and are forever conditioned by media such as TV, Movies, Radio, Newspapers and Advertising our entire lives. The younger generations are not taught to think independently or critically but instead indoctrinated with pre packaged knowledge 'propaganda' while older generations assess outcomes from a different perspective. There is as a result, a clash within the society which we are experiencing today.

Through the modern (at least recorded) ages the underlying force no matter what era humans lived through was the conflict of...religion. In the name or names of God and whose god is the true god and which god will rule. Even in the most 'godless' societies it is the underlying force. There are many who do not believe in god or a god and by extension should or do not believe in satin. Good vs Evil? It's always there, although we are encouraged not to mention it?

Can't say I need another go at 1984 from Costco but I do need another indoor/outdoor vacuum and right now they have one with a manufacturers discount of $5. See you there!

Collectivism Killz , Mar 11, 2017 9:24 AM

1984 is really just a knock off of Evgeny Zemyatin's "We," which is frankly a better account of dystopian authoritarianism from someone who wrote shortly after the Russian Revolution.

FrankDrakman -> Collectivism Killz , Mar 11, 2017 9:39 AM

This is not true. Orwell's book touched on major points, such as the destruction of people's ability to communicate real ideas by perversion and simplification of language, that are not discussed elsewhere. It is a unique and disturbing view of totalitarian regimes.

Atomizer , Mar 11, 2017 10:22 AM

Tyler, your missing the point. 1984 was about controlling the news and airwaves. Farenheit 451 was about burning history. The two go hand in hand.

Fahrenheit 451 (1966) Full Movie | Julie Christie ...

Nobodys Home , Mar 11, 2017 10:23 AM

Manipulation of the news is not new folks:

The similarity of the major networks evening "news" programs has given rise to a report that, each day, a list of ten or twelve "acceptable" news stories is prepared by British Intelligence in London for the networks, teletyped to Washington, where the CIA routinely approves it, and then delivered to the networks.

The "selectivity" of the broadcasters has never been in doubt. Edith Efron, in "The News Twisters," (Manor Books, N.Y., 1972) cites TV Guide's interview with David Brinkley, April 11, 1964, with Brinkley's declaration that "News is what I say it is. It's something worth knowing by my standards." This was merely vainglorious boasting on Brinkley's part, as he merely reads the news stories previously selected for him.

Sinophile -> Nobodys Home , Mar 11, 2017 11:33 AM

"REMEMBER THE MAINE!" That false flag headline is over a century old.

Dragon HAwk , Mar 11, 2017 10:53 AM

Next time you are in a Best Buy.. go up to the Geek Squad guy and say... "So how does it feel to work for the CIA "

Al Bondiga , Mar 11, 2017 11:13 AM

Fuck the Washington Post. As Katherine Austin Fitts has suggested, it is essentially the CIA's Facebook wall. The same could be said of the NYT as well.

SurfinUSA , Mar 11, 2017 1:37 PM

Bezos has no problem selling "1984" on Amazon. https://tinyurl.com/hdmhu75 He's collecting the sales price and sticking it in his pocket. He's not making a joke out of it. Bezos is a lunatic. The Washington Post is full of shit. End of story.

Amy G. Dala -> SurfinUSA , Mar 11, 2017 2:23 PM

James Rosen from Fox, he was at a state dept briefing with that little weasel Kirby, and Kirby stated that the negotiations over the Iran "deal" were all overt and "above the table." He remembered, tho, a briefing years earlier from the witch Psaki, who stated that sometimes, in interests of expedience, aspects of the negotiations are not made public.

Rosen goes back to state dept video archives, finds out that his whole exchange with Psaki has been erased. Weasel Kirby, when asked how this happened, who did it, who ordered it, blames it on a "technical glitch."

It's a slippery fuckin slope. Only now the progressives are finding relevance in 1984?

[Mar 16, 2017] Is Trump administration under survellance from its own intelligence agencies?

Mar 16, 2017 | economistsview.typepad.com
rjs -> pgl... March 14, 2017 at 02:16 PM , 2017 at 02:16 PM
it's obvious that Conway was reading about the wikileaks release of the CIA's Vault 7, which shows they have the capability of remotely turning over the counter smart phones and TVs into spying devices...the release was widely covered in the foreign press, not so much here..

http://www.independent.co.uk/life-style/gadgets-and-tech/news/wikileaks-cia-what-are-they-explained-vault-7-year-zero-julian-assange-secrets-a7616826.html

1) The CIA has the ability to break into Android and iPhone handsets, and all kinds of computers. The US intelligence agency has been involved in a concerted effort to write various kinds of malware to spy on just about every piece of electronic equipment that people use. That includes iPhones, Androids and computers running Windows, macOS and Linux.
2) Doing so would make apps like Signal, Telegram and WhatsApp entirely insecure Encrypted messaging apps are only as secure as the device they are used on – if an operating system is compromised, then the messages can be read before they encrypted and sent to the other user. WikiLeaks claims that has happened, potentially meaning that messages have been compromised even if all of the usual precautions had been taken.

3) The CIA could use smart TVs to listen in on conversations that happened around them. One of the most eye-catching programmes detailed in the documents is "Weeping Angel". That allows intelligence agencies to install special software that allows TVs to be turned into listening devices – so that even when they appear to be switched off, they're actually on.

4) The agency explored hacking into cars and crashing them, allowing 'nearly undetectable assassinations'

5) The CIA hid vulnerabilities that could be used by hackers from other countries or governments Such bugs were found in the biggest consumer electronics in the world, including phones and computers made Apple, Google and Microsoft. But those companies didn't get the chance to fix those exploits because the agency kept them secret in order to keep using them, the documents suggest.

6) More information is coming. The documents have still not been looked through entirely. There are 8,378 pages of files, some of which have already been analyzed but many of which hasn't. When taken together, those "Vault 7" leaks will make up the biggest intelligence publication in history, WikiLeaks claimed.

[Mar 13, 2017] Boris and Natasha version of hacking might well be a false flag operation. How about developing Russian-looking hacking tools in CIA? To plant fingerprints and get the warrant for monitoring Trump communications

Notable quotes:
"... If you did not noticed Vault 7 scandal completely overtook everything else now. This is a real game changer. ..."
"... Tell me who stole the whole arsenal of CIA hacking tools with all the manuals? Were those people Russians? ..."
Mar 13, 2017 | economistsview.typepad.com

im1dc: March 12, 2017 at 10:14 PM

Am I alone in thinking that Preet Bharara, the just fired US Attorney for Southern District of New York, would be the ideal Special Prosecutor of the Trump - Russia investigation

Tom aka Rusty -> im1dc... Sunday, March 12, 2017 at 11:41 AM
Bharara did not push back against "too big to prosecute" and sat out the biggest white collar crime wave in the history of the world, so why is he such a saint?

Lots of easy insider trading cases.

im1dc -> Tom aka Rusty... Sunday, March 12, 2017 at 05:01 PM
I don't think you considered the bigger picture here which includes in Bharara's case his bosses to whom he would have to had run any cases up the flag pole for approval and Obama and Company were not at the time into frying Wall Street for their crimes b/c they were into restarting the Bush/Cheney damaged, almost ruined, US and global Economy.
libezkova -> im1dc... Sunday, March 12, 2017 at 09:11 PM
If you did not noticed Vault 7 scandal completely overtook everything else now. This is a real game changer.

Just think, how many million if not billion dollars this exercise in removing the last traces of democracy from the USA and converting us into a new Democratic Republic of Germany, where everybody was controlled by STASI, cost. And those money were spend for what ?

BTW the Stasi was one of the most hated and feared institutions of the East German government.

If this is not the demonstration of huge and out of civil control raw power of "deep state" I do not know what is.

If you are not completely detached from really you should talk about Vault 7. This is huge, Snowden size scandal that is by the order of magnitude more important for the country then all those mostly fake hints on connections of Trump and, especially "Russian hacking".

Tell me who stole the whole arsenal of CIA hacking tools with all the manuals? Were those people Russians?

If not, you should print your last post, shred is and eat it with borsch ;-).

libezkova -> libezkova... Sunday, March 12, 2017 at 10:01 PM

From this video it looks like CIA adapted some Russian hacking tools for their own purposes.

https://www.youtube.com/watch?v=8Z6XGl_hLnw

In the world of intelligence false flag operations is a standard tactics. Now what ? Difficult situation for a Midwesterner...

libezkova -> libezkova...
Another difficult to stomach hypothesis:

"Boris and Natasha" version of hacking might well be a false flag operation. How about developing Russian-looking hacking tools in CIA? To plant fingerprints and get the warrant for monitoring Trump communications.

VAULT 7: CIA Staged Fake Russian Hacking to Set Up Trump - Russian Cyber-Attack M.O. As False Flag

https://www.youtube.com/watch?v=B4CHcdCbyYs

== quote ==

Published on Mar 7, 2017

"The United States must not adopt the tactics of the enemy. Means are important, as ends. Crisis makes it tempting to ignore the wise restraints that make men free. But each time we do so, each time the means we use are wrong, our inner strength, the strength which makes us free, is lessened." - Sen. Frank Church

WikiLeaks Press Release

Today, Tuesday 7 March 2017, WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency. Code-named "Vault 7" by WikiLeaks, it is the largest ever publication of confidential documents on the agency.

The first full part of the series, "Year Zero", comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA's Center for Cyber Intelligence in Langley, Virgina. It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election.

Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.

"Year Zero" introduces the scope and direction of the CIA's global covert hacking program, its malware arsenal and dozens of "zero day" weaponized exploits against a wide range of U.S. and European company products, include Apple's iPhone, Google's Android and Microsoft's Windows and even Samsung TVs, which are turned into covert microphones.

Since 2001 the CIA has gained political and budgetary preeminence over the U.S. National Security Agency (NSA). The CIA found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force - its own substantial fleet of hackers. The agency's hacking division freed it from having to disclose its often controversial operations to the NSA (its primary bureaucratic rival) in order to draw on the NSA's hacking capacities.

[Mar 13, 2017] Here is the edited version of Dr Steve Pieczenik interview

Video
www.youtube.com

[Mar 11, 2017] US spies still wont tell Congress the number of Americans caught in dragnet

Notable quotes:
"... Trump at least seems to have a problem with him or his associates being spied on lately. ..."
"... Nothing can be done because the intelligence services are in the privileged position of being able to sabotage anybody's political career. So everyone keeps going through the motions of simulating free will while actually only doing as they're told. And it will only get worse so brace for it. ..."
"... So essentially, the 3 letter agencies are not accountable to the US government. They can lie, cheat and hide information at will without any kind of consequence. They are running the show. ..."
"... The US people has completely lost control over their governance. The constitution is a totally empty shell. ..."
"... You would need more then just IP's to make that determination - anyone with a VPN can have an American IP address, same with TOR exit nodes. ..."
"... The heads of these agencies knows if they ever say any number, that will be the end due to outrage. There is little to be gained, unless they are sent to prison. If I were a senator, I'd give immunity to some of the whistle blowers to find the truth. Give them a chance to testify about their bosses. ..."
"... If they're scanning the backbone, AND checking the main sites people go to, that's pretty danged close to everybody. ..."
"... The evasiveness is deceptive in and of itself. When the NSA says it "would require the Intelligence Community to conduct exhaustive analysis of every unknown identifier in order to determine whether they are being used inside or outside the U.S." that's because they don't even count the data as "collected" unless an analyst looked at it. Recorded? Doesn't count. Searched by computer programs for keywords or pattern matching? Doesn't count. A human looked at it? Ok, that counts. ..."
"... By our definition, which says if you put the data in your database and use it when running searches, that data has been collected, there's no doubt the number is nearly the same as the US population, discounting only people with no online presence (e.g. infants). ..."
Mar 11, 2017 | arstechnica.com
In 2013, a National Security Agency contractor named Edward Snowden revealed US surveillance programs that involved the massive and warrantless gathering of Americans' electronic communications. Two of the programs, called Upstream and Prism , are allowed under Section 702 of the Foreign Intelligence Surveillance Act. That section expires at year's end, and President Donald Trump's administration, like his predecessor's administration, wants the law renewed so those snooping programs can continue.

That said, even as the administration seeks renewal of the programs , Congress and the public have been left in the dark regarding questions surrounding how many Americans' electronic communications have been ensnared under the programs. Congress won't be told in a classified setting either, despite repeated requests.

mod50ack , Smack-Fu Master, in training Mar 10, 2017 6:38 AM Popular
Yeah, you're not going to see anybody in the Federal Government really stopping this, no matter their party. 99 posts | registered 2/23/2014
gmerrick , Ars Praefectus Mar 10, 2017 6:40 AM Popular
If a government employee is not answering questions to the comittees regarding these issues, what measures can the comitties take to force an answer? Can they impeach, or compel testimony? Can they throw somebodies ass in jail until the question gets answered? 3033 posts | registered 9/20/2006
Ziontrain , Ars Praefectus Mar 10, 2017 6:40 AM Popular
Thing is, we all know two things:
1) the number is 300 million +
2) the "esteemed" members of congress are singled out for special surveillance

As a result, the only possible outcome is the same procedure as all the previous times: congress rolls over. As should everyone's eyes who is watching this elaborate kabuki performance... 3189 posts | registered 7/7/2006

d4Njv , Ars Scholae Palatinae Mar 10, 2017 7:23 AM Popular
mod50ack wrote:
Yeah, you're not going to see anybody in the Federal Government really stopping this, no matter their party.
Trump at least seems to have a problem with him or his associates being spied on lately. Not sure how he feels about ordinary Americans /s. 1635 posts | registered 10/1/2013
close , Wise, Aged Ars Veteran Mar 10, 2017 7:25 AM
gmerrick wrote:
If a government employee is not answering questions to the comittees regarding these issues, what measures can the comitties take to force an answer? Can they impeach, or compel testimony? Can they throw somebodies ass in jail until the question gets answered?
Nothing can be done because the intelligence services are in the privileged position of being able to sabotage anybody's political career. So everyone keeps going through the motions of simulating free will while actually only doing as they're told. And it will only get worse so brace for it.
arcite , Ars Legatus Legionis Mar 10, 2017 7:35 AM
mod50ack wrote:
Yeah, you're not going to see anybody in the Federal Government really stopping this, no matter their party.
Ostensibly, they have the power to bring down the Trump admin...odds are he will increase their funding. ;)
AHuxley , Wise, Aged Ars Veteran Mar 10, 2017 7:45 AM
gmerrick wrote:
If a government employee is not answering questions to the comittees regarding these issues, what measures can the comitties take to force an answer? Can they impeach, or compel testimony? Can they throw somebodies ass in jail until the question gets answered?
The lack of overnight issue was attempted in the 1970's with the Church Committee.

https://en.wikipedia.org/wiki/Church_Committee


All that domestic US spying should have been stopped.

Operation CHAOS https://en.wikipedia.org/wiki/Operation_CHAOS showed domestic legal protections did not work.

boondox , Ars Centurion Mar 10, 2017 8:04 AM
Reisner wrote:
The American people don't know and don't care to know. John Conyers really need to focus on the things that matter, like stopping Detroit from sinking into the abyss; getting jobs for his constituents; lowering the amount of kids being born out of wedlock and preventing them from killing each other over trivial things like clothes and being disrespected.
I agree with you on the underlined. America seems more interested in amusing itself to death more than anything.

The representatives of the people have their work cut out for them.

Personne , Ars Scholae Palatinae Mar 10, 2017 8:28 AM
So essentially, the 3 letter agencies are not accountable to the US government. They can lie, cheat and hide information at will without any kind of consequence. They are running the show.

The US people has completely lost control over their governance. The constitution is a totally empty shell.

AHuxley , Wise, Aged Ars Veteran Mar 10, 2017 8:37 AM
Personne wrote:
So essentially, the 3 letter agencies are not accountable to the US government.

The US people has completely lost control over their governance. The constitution is a totally empty shell.

Its more that staff feel Congress has no oversight as who they work for did not get established by Congress. The question of oversight authority was used to avoid questions until the 1970's.
AutisticGramma , Ars Scholae Palatinae Mar 10, 2017 8:45 AM
AHvivere wrote:
Small nitpick to the author. You do know that having that particular picture on there constitutes a spillage for every single DoD and Federal employee that clicks on the article to read it right?
And this is exactly why it should stay up. These agencies behavior is creating this for themselves. No over sight no funding, who ever signs the check is on the hook. The fed budget needs to reflect this. Someone signed off on authority to operate.
SewerRanger , Ars Centurion et Subscriptor Mar 10, 2017 8:50 AM
Hookgrip wrote:
I would assume that they're collecting IP addresses along with this traffic. Couldn't that be used to generate at least a rough estimate of the number of US citizens targeted? Is there another way to generate a good estimate?
You would need more then just IP's to make that determination - anyone with a VPN can have an American IP address, same with TOR exit nodes.

This number would be completely useless. You'd have to cross reference the IP with a bunch of other data and that leads to a catch-22: you'd have to maintain a database of American data to be able to detect when you have American data so you can not keep it except what you have in your database of American data that you use to detect American data so you can not keep it.

arcite , Ars Legatus Legionis Mar 10, 2017 8:54 AM
Personne wrote:
So essentially, the 3 letter agencies are not accountable to the US government. They can lie, cheat and hide information at will without any kind of consequence. They are running the show.

The US people has completely lost control over their governance. The constitution is a totally empty shell.

Vast bureaucracies have a life of their own, detached from the earthly proclivities of democractic transitions.
Buchliebhaber , Wise, Aged Ars Veteran et Subscriptor Mar 10, 2017 9:18 AM
Quote:
Still, US spies say they don't track the number of Americans caught in this dragnet, in part to protect Americans' privacy. Performing this task would require spies to de-anonymize phone numbers and IP addresses to determine whether they're American, according to April Doss, a former NSA lawyer who testified (PDF) before the House Judiciary Committee on March 1.
This seems to imply that they're reading the request to "get the count of Americans monitored" extremely literally, interpreting it as "get the exact number of Americans".

The NSA has some very good mathematicians - they should easily be able to give a pretty highly accurate estimate using the sample data they already have from when they've de-anonymized targeted persons.

Bodacious , Smack-Fu Master, in training Mar 10, 2017 9:21 AM
AHvivere wrote:
You are literally saying that 5 million people are bad. You sound retarded.
I think he literally said the agencies' behavior is bad, which is literally not the same thing as saying everyone who works for them is. Are you a DoD or Federal employee?
AutisticGramma , Ars Scholae Palatinae Mar 10, 2017 9:29 AM
Buchliebhaber wrote:

Still, US spies say they don't track the number of Americans caught in this dragnet, in part to protect Americans' privacy. Performing this task would require spies to de-anonymize phone numbers and IP addresses to determine whether they're American, according to April Doss, a former NSA lawyer who testified (PDF) before the House Judiciary Committee on March 1.

This seems to imply that they're reading the request to "get the count of Americans monitored" extremely literally, interpreting it as "get the exact number of Americans".

The NSA has some very good mathematicians - they should easily be able to give a pretty highly accurate estimate using the sample data they already have from when they've de-anonymized targeted persons, +/-10%.

This estimate I'm sure was rolling around in the head of someone at the table.

The whole point of the system is to provide information that they're requesting, literally how computers work.

Stonewalling Congress needs to be a good way to find an agency with out funding or mandate.

Instead it's more like Kanye stealing the mic at the grammys, but with more chest medals.

AHuxley , Wise, Aged Ars Veteran Mar 10, 2017 9:31 AM
AutisticGramma wrote:
Do you have some context for 5 million people, this comment is an island not found on any map.
The 5.1 million people number? Its amount of people who held some US government security clearance as of around 2013. Confidential, Secret, Top Secret, Gov staff, Contractors as a total.
TheFu , Ars Scholae Palatinae Mar 10, 2017 9:32 AM
We should send them to Guantanamo Bay until they talk and cut their funding 50%. The US Govt is supposed to work FOR US citizens. Something has gone wrong. People need to be held accountable. Spying on everyone is NOT ok without an individual, specific, tied-to-location, warrant signed by a judge outside some secret court.

PERIOD.

The heads of these agencies knows if they ever say any number, that will be the end due to outrage. There is little to be gained, unless they are sent to prison. If I were a senator, I'd give immunity to some of the whistle blowers to find the truth. Give them a chance to testify about their bosses.

AnchorClanker , Wise, Aged Ars Veteran et Subscriptor Mar 10, 2017 9:40 AM
Seems like it would be a minor exercise to analyze a valid sample of their intercepts and to project with enough accuracy to answer the question.

A cynic might suspect that the answer to, "How many Americans' electronic communications have been ensnared under the programs?" may well be, "All of them."

waasoo , Wise, Aged Ars Veteran Mar 10, 2017 9:41 AM
Reisner wrote:
The American people don't know and don't care to know. John Conyers really need to focus on the things that matter, like stopping Detroit from sinking into the abyss; getting jobs for his constituents; lowering the amount of kids being born out of wedlock and preventing them from killing each other over trivial things like clothes and being disrespected.
I agree with a part of your sentiment but feel, maybe wrongly, that you are also hiding racism behind those words.

The part that I agree with - most people don't care enough about spying programs or which 3 letter agency is scanning their ass. You can probably get 100 million Americans to sign a petition on facebook or twitter or your neighborhood supermarket and only because those are low investment options. There is nothing wrong with such an existential position; I am guilty of that for most part of the day. If the scanning keeps me "safe" and I have nothing to hide, why bother?

Now, you will get a lot more people involved if such scanning led to prosecution for the little technical crimes we do every day of our life; until then this will continue if only with another name. 139 posts | registered 5/9/2012

yankinwaoz , Ars Centurion Mar 10, 2017 9:50 AM
I'm sure Feinstein has her rubber stamp out. There is no request from NSA/CIA that she doesn't love.

Grrrrrr... 321 posts | registered 2/20/2013

Jacee , Smack-Fu Master, in training Mar 10, 2017 9:56 AM
Hookgrip wrote:
I would assume that they're collecting IP addresses along with this traffic. Couldn't that be used to generate at least a rough estimate of the number of US citizens targeted? Is there another way to generate a good estimate?
"Another way to generate a good estimate?" Certainly. Go to the US Census Bureau. They can get you real close. Or just google it. As of 2014, it was 318.4million

If they're scanning the backbone, AND checking the main sites people go to, that's pretty danged close to everybody.

bothered , Ars Scholae Palatinae Mar 10, 2017 10:13 AM
yankinwaoz wrote:
I'm sure Feinstein has her rubber stamp out. There is no request from NSA/CIA that she doesn't love.

Grrrrrr...

Don't vote for her again, I know I won't. Just got an email from Feinstein's office today with a laundry list of ways she is opposing Trump and his picks, no mention of national security issues. Im sure that Feinstein and the current Administration will come together on National Security - in their view its about "protecting American's" which I read as "covering my ass on my watch".
ars diavoli , Ars Centurion Mar 10, 2017 10:46 AM
gmerrick wrote:
If a government employee is not answering questions to the comittees regarding these issues, what measures can the comitties take to force an answer? Can they impeach, or compel testimony? Can they throw somebodies ass in jail until the question gets answered?

They could start cutting budgets, but that won't happen.

carcharoth , Ars Scholae Palatinae Mar 10, 2017 10:56 AM
"Congress and the public have been left in the dark regarding questions surrounding how many Americans' electronic communications have been ensnared under the programs."

how is this acceptable? how are these programs still running period? where is the outcry?

why wont they tell? because its not about "dragnet casualties," they're not accidentally spying on Americans, they've got a system they use to spy on who they want when they want to

Its insane that these organizations can lie to the people, to their own gov't, and not get torn down

AutisticGramma , Ars Scholae Palatinae Mar 10, 2017 11:03 AM

The 5.1 million people number?

Its amount of people who held some US government security clearance as of around 2013. Confidential, Secret, Top Secret, Gov staff, Contractors as a total. And how many of them are responsible for signing off on carte blanche spying on Americans with 0 oversight. Since clearance is on a need to know basis, did that many people need to know? I see you looking to divide and conquer here, you just end up sounding guilty. 5.1 million people wanted a paycheck while serving their country and deserve one. Around 500 elected officials are letting a select few ruin all of this for rest of us because rules are 'unamerican.'

This is what happens 20 years after 'rules kill jobs' the same business leaders who didn't need rules 'cause jobs' now don't need rules as government appointees.

NotJustAnotherRandmGuy , Wise, Aged Ars Veteran Mar 10, 2017 11:08 AM
Hookgrip wrote:
I would assume that they're collecting IP addresses along with this traffic. Couldn't that be used to generate at least a rough estimate of the number of US citizens targeted? Is there another way to generate a good estimate?
All of it... the answer is all of it. Everything. Everybody. All. https://en.wikipedia.org/wiki/Mark_Klein
BobsYourUncleBob , Ars Tribunus Militum Mar 10, 2017 11:22 AM
We cannot provide an answer to your request, Senator, simply because we don't know the answer. Should we ever embark upon data analysis that would provide the answer you're seeking, such action would constitute an unnecessary and unwarranted intrusion on the privacy of U.S. persons; without specific statutory authorization, it would likely also be unlawful, since it would be both intrusive and unrelated to any need for foreign intelligence gathering.

And we don't want to act in any manner that may be regarded as unlawful ... unless Congress were to provide authorization for us to do so ...

Then there is the matter of resource allocation: current budgets constrain us from embarking upon such a program of data analysis, in terms of both the hardware and human resources that such a program would require.

Estimates on the additional funding that such a program would require have been developed, however these budgetary requirements cannot be released to Congress, as they are classified. Should Congress decide to provide both authorization and funding for such a program, we can advise on the number of zeros ( "0" ) that the funding authorization should include.

In summary, Senator, it would appear that "the ball is entirely in your court" so to speak ...

jdale , Ars Tribunus Militum Mar 10, 2017 11:26 AM
The evasiveness is deceptive in and of itself. When the NSA says it "would require the Intelligence Community to conduct exhaustive analysis of every unknown identifier in order to determine whether they are being used inside or outside the U.S." that's because they don't even count the data as "collected" unless an analyst looked at it. Recorded? Doesn't count. Searched by computer programs for keywords or pattern matching? Doesn't count. A human looked at it? Ok, that counts.

By this definition, they should be able to produce a deceptively low number, perhaps thousands to tens of thousands per year.

By our definition, which says if you put the data in your database and use it when running searches, that data has been collected, there's no doubt the number is nearly the same as the US population, discounting only people with no online presence (e.g. infants).

In any case, the fact that they have prevaricated about this for the past 6 years makes pretty clear that the answer will not look good. It's time to end these programs. If they want them renewed, the replacements will need real oversight.

[Mar 11, 2017] Snowden What The Wikileaks Revelations Show Is Reckless Beyond Words

Notable quotes:
"... The CIA reports show the USG developing vulnerabilities in US products, then intentionally keeping the holes open. Reckless beyond words. ..."
"... Evidence mounts showing CIA & FBI knew about catastrophic weaknesses in the most-used smartphones in America, but kept them open -- to spy. ..."
"... So the CIA was doing the NSA's job, dropped the ball and let the weapons out to the world. I wonder if they were using these "tools" domestically outside of their mandate? As an agency you couldn't be more incompetent. Does anyone understand how much security they (CIA) have just compromised? This is so serous it's insane. ..."
"... The issue is now all that software is running on nearly every computer out there. Every computer in the current paradigm is considered a security risk. ..."
"... Android is Linux based as well as the routers that have been reportedly compromised use Linux as a Operating system. Nothing has been spared. ..."
"... Now if IBM Mainframes are compromised it means, Banks, Insurance, and other behemoths (they mostly use IBM Main Frames for their back-end functions) maybe ticking time bombs. Scary shit. ..."
Mar 07, 2017 | www.zerohedge.com
While it has been superficially covered by much of the press - and one can make the argument that what Julian Assange has revealed is more relevant to the US population, than constant and so far unconfirmed speculation that Trump is a puppet of Putin - the fallout from the Wikileaks' "Vault 7" release this morning of thousands of documents demonstrating the extent to which the CIA uses backdoors to hack smartphones, computer operating systems, messenger applications and internet-connected televisions, will be profound.

As evidence of this, the WSJ cites an intelligence source who said that " the revelations were far more significant than the leaks of Edward Snowden ."

Mr. Snowden's leaks revealed names of programs, companies that assist the NSA in surveillance and in some cases the targets of American spying. But the recent leak purports to contain highly technical details about how surveillance is carried out. That would make them far more revealing and useful to an adversary, this person said. In one sense, Mr. Snowden provided a briefing book on U.S. surveillance, but the CIA leaks could provide the blueprints.

Speaking of Snowden, the former NSA contractor-turned-whistleblower, who now appears to have a "parallel whisteblower" deep inside the "Deep State", i.e., the source of the Wikileaks data - also had some thoughts on today's CIA dump.

In a series of tweets, Snowden notes that "what @Wikileaks has here is genuinely a big deal", and makes the following key observations "If you're writing about the CIA/@Wikileaks story, here's the big deal: first public evidence USG secretly paying to keep US software unsafe " and adds that "the CIA reports show the USG developing vulnerabilities in US products, then intentionally keeping the holes open. Reckless beyond words ."

He then asks rhetorically "Why is this dangerous?" and explains " Because until closed, any hacker can use the security hole the CIA left open to break into any iPhone in the world. "

His conclusion, one which many of the so-called conspiratorial bent would say was well-known long ago: " Evidence mounts showing CIA & FBI knew about catastrophic weaknesses in the most-used smartphones in America, but kept them open -- to spy. "

To which the increasingly prevalent response has become: "obviously."

Still working through the publication, but what @Wikileaks has here is genuinely a big deal. Looks authentic.

- Edward Snowden (@Snowden) March 7, 2017

If you're writing about the CIA/ @Wikileaks story, here's the big deal: first public evidence USG secretly paying to keep US software unsafe. pic.twitter.com/kYi0NC2mOp

- Edward Snowden (@Snowden) March 7, 2017

The CIA reports show the USG developing vulnerabilities in US products, then intentionally keeping the holes open. Reckless beyond words.

- Edward Snowden (@Snowden) March 7, 2017

Why is this dangerous? Because until closed, any hacker can use the security hole the CIA left open to break into any iPhone in the world. https://t.co/xK0aILAdFI

- Edward Snowden (@Snowden) March 7, 2017

Evidence mounts showing CIA & FBI knew about catastrophic weaknesses in the most-used smartphones in America, but kept them open -- to spy. https://t.co/mDyVred3H8

- Edward Snowden (@Snowden) March 7, 2017

Looney -> PoasterToaster , Mar 7, 2017 2:33 PM

The "Pandora's Box" clich้ doesn't quite fit the use of Cyber Weapons, but another metaphor does – "Pinocchio's Screw".

When Pinocchio discovered a screw inside of his belly button, he grabbed a screwdriver and two seconds later, his ass fell off . ;-)

Looney

froze25 -> nuubee , Mar 7, 2017 2:44 PM

So the CIA was doing the NSA's job, dropped the ball and let the weapons out to the world. I wonder if they were using these "tools" domestically outside of their mandate? As an agency you couldn't be more incompetent. Does anyone understand how much security they (CIA) have just compromised? This is so serous it's insane.

WordSmith2013 -> froze25 , Mar 7, 2017 2:56 PM

"It doesn't get any bigger than Vault 7!"

http://themillenniumreport.com/2017/03/vault-7-opened-up-the-biggest-meg...

Vault 7 Opened Up: The Biggest Megillah of Them All
CPL -> froze25 , Mar 7, 2017 3:06 PM

Why do you think the geek community decided to go develop their own tools in parallel (Linux, BitCoin, DevOps platforms, etc)? We knew, we complained, we got shut down. The issue is now all that software is running on nearly every computer out there. Every computer in the current paradigm is considered a security risk.

It also means the insurance industry now has to pull out of all insurance guarantees on engineered systems with an ISO certification for every industry. It's a fucked up mess that's going to cost tens of trillions of dollars to migrate and patch every existing system on the planet.

froze25 -> CPL , Mar 7, 2017 3:22 PM

Android is Linux based as well as the routers that have been reportedly compromised use Linux as a Operating system. Nothing has been spared. I believe IOS is UNix based (or IOS is just IOS) so that one is compromised as well. Now if UNIX is compromised that means (potentially) that IBM mainframes are compromised.

Now if IBM Mainframes are compromised it means, Banks, Insurance, and other behemoths (they mostly use IBM Main Frames for their back-end functions) maybe ticking time bombs. Scary shit.

[Mar 11, 2017] CIA faces huge problem over malware claims

Mar 11, 2017 | www.bbc.com
BBC
  • WikiLeaks, the CIA and your devices: what the documents reveal FT
  • CIA contractors likely source of latest WikiLeaks release: U.S. officials Reuters. Neoliberalism's "market state" puts government functions up for sale. So it's not surprising that people sell them.
  • CIA Leak: "Russian Election Hackers" May Work In Langley Moon of Alabama. Watch for the "atttribution problem" when CrowdStrike testifies at the upcoming Russki hearings. As I've said, "Internet evidence is not evidence."
  • WikiLeaks strikes again. Here are 4 big questions about Vault 7. WaPo. "In cyberspace, we mainly have a reasonability problem, not an attribution problem." Oh. OK.
  • CIA Did Not Have Multi-Factor Authentication Controls for All Users as Recently as August 2016 emptywheel
  • Oh, that traitorous WikiTrump Pepe Escobar, Asia Times (Re Silc).
  • Spicer says 'massive difference' between CIA WikiLeaks leak and Podesta email leak ABC
  • [Mar 10, 2017] CIA Leak Shows Sliding Down the Slippery Slope Toward Totalitarianism, Where Private Lives Do Not Exist

    Notable quotes:
    "... The elephant in the room is not privacy problems. It is blackmail for various purposes. ..."
    "... This makes he US Government totally dysfunctional. the spread of such spy technique has created chaos. Latest news is that Democrats paid some hackers for not revealing their server information. ..."
    "... I don't think this can be stopped. But we need more open discussion about blackmailing and thus protection from such methods. An elected President or Official should not have their private life discussed by the Media. It should be banned ..."
    "... And Clinton never feared anything, probably because the CIA was in her pocket and could get the goods on anybody even Loretta Lynch. ..."
    Mar 10, 2017 | www.zerohedge.com

    That the CIA has reached into the lives of all Americans through its wholesale gathering of the nation's "haystack" of information has already been reported.

    It is bad enough that the government spies on its own people. It is equally bad that the CIA, through its incompetence, has opened the cyberdoor to anyone with the technological skills and connections to spy on anyone else.

    The constant erosion of privacy at the hands of the government and corporations has annihilated the concept of a "right to privacy," which is embedded in the rationale of the First, Third, Fourth, Ninth and Fourteenth Amendments to the U.S. Constitution.

    It is becoming increasingly clear that we are sliding down the slippery slope toward totalitarianism, where private lives do not exist.

    We have entered a condition of constitutional crisis that requires a full-throated response from the American people.

    Before you label Kucinich as being overly-dramatic, you may want to note that Bill Binney – the high-level NSA executive who created the agency's mass surveillance program for digital information, the 36-year NSA veteran widely who was the senior technical director within the agency and managed thousands of NSA employees – told Washington's Blog that America has already become a police state.

    And Thomas Drake – one of the top NSA executives, and Senior Change Leader within the NSA – told us the same thing.

    And Kirk Wiebe – a 32-year NSA veteran who received the Director CIA's Meritorious Unit Award and the NSA's Meritorious Civilian Service Award – agrees (tweet via Jesselyn Radack, attorney for many national security whistleblowers, herself a Department of Justice whistleblower):

    It's not just NSA officials Two former U.S. Supreme Court Justices have warned that America is sliding into tyranny.

    A former U.S. President , and many other high-level American officials agree.

    BuckWild , Mar 9, 2017 9:01 PM

    #1 problem all other unconstitutional problems stem from FRB

    Wild E Coyote , Mar 9, 2017 8:58 PM

    The elephant in the room is not privacy problems. It is blackmail for various purposes.

    We have many indications that politicians, judges, officials and even other intel organizations are being blackmailed, and destroyed using lucid information from their private life.

    This makes he US Government totally dysfunctional. the spread of such spy technique has created chaos. Latest news is that Democrats paid some hackers for not revealing their server information.

    I don't think this can be stopped. But we need more open discussion about blackmailing and thus protection from such methods. An elected President or Official should not have their private life discussed by the Media. It should be banned.

    GRDguy , Mar 9, 2017 8:56 PM

    All we're really seeing is the wet dreams of banksters efforts of over 400+ years "to own the earth in fee-simple."

    Our real problem is that their efforts makes them richer while making everyone else poorer.

    The only way to stop the Money Kings is not to do business with them; an extremely difficult task.

    Sometimes The Dragon Wins

    JailBanksters , Mar 9, 2017 8:51 PM

    The old adage about, if you've got nothing to hide, you've got nothing to fear ....

    I don't think a lot of people realize the scope of this, because it's not about you.

    If Trump was hacked, that information could be used against him, like blackmail in order to change his action or direction on certain things.

    Clinton: You should be in Jail, they're GOOD People, so I won't be appointing a special prosecutor.

    And Clinton never feared anything, probably because the CIA was in her pocket and could get the goods on anybody even Loretta Lynch.

    That's what this is about. And that's why Trump can't win.

    [Mar 10, 2017] Democratic Party as the defenders of the surveillance state

    Mar 10, 2017 | economistsview.typepad.com
    Peter K. : March 09, 2017 at 01:37 AM

    Democrats like PGL are big defenders of the surveillance state and hate on Wikileaks. Why is that? B/c they're anti-democratic and authoritarian. The NSA tapped Angela Merkel's phone. Way to alienate our allies.

    https://www.nytimes.com/2017/03/08/us/wikileaks-cia.html

    C.I.A. Scrambles to Contain Damage From WikiLeaks Documents

    By MATTHEW ROSENBERG, SCOTT SHANE and ADAM GOLDMAN

    MARCH 8, 2017

    WASHINGTON - The C.I.A. scrambled on Wednesday to assess and contain the damage from the release by WikiLeaks of thousands of documents that cataloged the agency's cyberspying capabilities, temporarily halting work on some projects while the F.B.I. turned to finding who was responsible for the leak.

    Investigators say that the leak was the work not of a hostile foreign power like Russia but of a disaffected insider, as WikiLeaks suggested when it released the documents Tuesday. The F.B.I. was preparing to interview anyone who had access to the information, a group likely to include at least a few hundred people, and possibly more than a thousand.

    An intelligence official said the information, much of which appeared to be technical documents, may have come from a server outside the C.I.A. managed by a contractor. But neither he nor a former senior intelligence official ruled out the possibility that the leaker was a C.I.A. employee.

    The officials spoke on the condition of anonymity to discuss an ongoing investigation into classified information. The C.I.A. has refused to explicitly confirm the authenticity of the documents, but it all but said they were genuine Wednesday when it took the unusual step of putting out a statement to defend its work and chastise WikiLeaks.

    The disclosures "equip our adversaries with tools and information to do us harm," said Ryan Trapani, a spokesman for the C.I.A. He added that the C.I.A. is legally prohibited from spying on individuals in the United States and "does not do so."

    The leak was perhaps most awkward for the White House, which found itself criticizing WikiLeaks less than six months after the group published embarrassing emails from John D. Podesta, the campaign chairman for Hillary Clinton, prompting President Trump to declare at the time, "I love WikiLeaks."

    Sean Spicer, the White House spokesman, said the release of documents "should be something that everybody is outraged about in this country."

    There was, he added, a "massive, massive difference" between the leak of classified C.I.A. cyberspying tools and personal emails of political figures.

    The documents, taken at face value, suggest that American spies had designed hacking tools that could breach almost anything connected to the internet - smartphones, computers, televisions - and had even found a way to compromise Apple and Android devices. But whether the C.I.A. had successfully built and employed them to conduct espionage remained unclear on Wednesday.

    A number of cybersecurity experts and hackers expressed skepticism at the level of technical wizardry that WikiLeaks claimed to uncover, and pointed out that much of what was described in the documents was aimed at older devices that have known security flaws. One document, for instance, discussed ways to quickly copy 3.5-inch floppy disks, a storage device so out of date that few people younger than 35 have probably used one.

    One indication that the documents did not contain information on the most highly sensitive C.I.A. cyberespionage programs was that none of them appeared to be classified above the level of "secret/noforn," which is a relatively low-level of classification.

    The disclosures "equip our adversaries with tools and information to do us harm," said Ryan Trapani, a spokesman for the C.I.A. He added that the C.I.A. is legally prohibited from spying on individuals in the United States and "does not do so."

    The leak was perhaps most awkward for the White House, which found itself criticizing WikiLeaks less than six months after the group published embarrassing emails from John D. Podesta, the campaign chairman for Hillary Clinton, prompting President Trump to declare at the time, "I love WikiLeaks."

    Sean Spicer, the White House spokesman, said the release of documents "should be something that everybody is outraged about in this country."

    There was, he added, a "massive, massive difference" between the leak of classified C.I.A. cyberspying tools and personal emails of political figures.

    The documents, taken at face value, suggest that American spies had designed hacking tools that could breach almost anything connected to the internet - smartphones, computers, televisions - and had even found a way to compromise Apple and Android devices. But whether the C.I.A. had successfully built and employed them to conduct espionage remained unclear on Wednesday.

    A number of cybersecurity experts and hackers expressed skepticism at the level of technical wizardry that WikiLeaks claimed to uncover, and pointed out that much of what was described in the documents was aimed at older devices that have known security flaws. One document, for instance, discussed ways to quickly copy 3.5-inch floppy disks, a storage device so out of date that few people younger than 35 have probably used one.

    One indication that the documents did not contain information on the most highly sensitive C.I.A. cyberespionage programs was that none of them appeared to be classified above the level of "secret/noforn," which is a relatively low-level of classification.

    On Feb. 16, WikiLeaks released what appeared to be a C.I.A. document laying out intelligence questions about the coming French elections that agency analysts wanted answers to, either from human spies or eavesdropping. When WikiLeaks released the cyberspying documents on Tuesday, it described the earlier document as "an introductory disclosure."

    Peter K. -> Peter K.... March 09, 2017 at 01:52 AM

    "He added that the C.I.A. is legally prohibited from spying on individuals in the United States and "does not do so.""

    Well that's good to know give the CIA's history.

    Anachronism -> Peter K.... , March 09, 2017 at 05:12 AM
    Maybe, but the FBI is not prohibited and I'm sure they have access to the same tools the CIA has.

    Peter K. - Are you comfortable with Wikileaks telling the world (and therefore the "bad guys") exactly what we've been using to gather information and showing them how they can use the same tools? Do you think that hurts America's security?

    I'll grant you that there have been times I've been for some of the Wikileaks disclosures, but on the whole (and expecially this), it harms our security.

    RC AKA Darryl, Ron -> Anachronism ... , March 09, 2017 at 06:31 AM
    I used to be disgusted but now I am just amused.

    The surveillance state is a deep subject. Without the military hegemony for which it is emblematic would we then even have a threat of terrorism? The domestic surveillance state does little else save maybe some counter-espionage against the other nuclear powers.

    OTOH, it gave us the recently ended TV series "Person of Interest," which almost makes up for the violations of our Bill of Rights (illegal search and potentially seizure). I kind of like people knowing how automobile technology can be hacked to remotely control the family car. If not for the competition to develop self-driving cars then I doubt most of the Wi-Fi enabled interfaces would facilitate remote control, but rather just monitoring. It sounds like the game of grand theft auto is about to be profoundly revised.

    Anachronism -> RC AKA Darryl, Ron... , March 09, 2017 at 07:01 AM
    "The surveillance state is a deep subject. Without the military hegemony for which it is emblematic would we then even have a threat of terrorism? The domestic surveillance state does little else save maybe some counter-espionage against the other nuclear powers."

    Agreed. We've interfered with impudence in the affairs of Central/South America and the Middle East. We've assassinated leaders of other countries and propped up our little puppets in their places. We staged a revolution to create the country of Panama, simply because we wanted to dig a canal.

    However, You're arguing the past. The question is, now that we're where we are, how do we proceed? All of these people who now hate us, because of the evils we've done aren't simply going to stop if we say "we're not going to spy on you anymore".

    Paraphrasing Shakespere - "The evil countries do lives after them. The good is oft interr'd within their bones. Thus let it be with the U.S.A" won't make terrorists think about our foreign aid programs, or disaster relief for places like Haiti".

    The primary function of the federal government should be to protect the welfare of it's people, and obstensibly tools like the ones the CIA developed (and subsequently leaked) were there to find out what the bad guys were doing. We are now less safe as a direct result of the leak.

    RC AKA Darryl, Ron -> Anachronism ... , March 09, 2017 at 07:37 AM
    "...The question is, now that we're where we are, how do we proceed?..."

    [Your point there is well taken. However, it is still a question with no implicit answer that cannot be alternatively argued. So, the other way to say this is that we have as a nation done very bad things. There will be a price to pay for it. How do we want to pay for it? How long do we want to keep paying for it? Stated another way then there is still no implicit answer that cannot be alternatively argued. It is why I usually avoid such matters. Without a crystal ball then we answer correctly. I just was inquiring to see how far that you were considering. I have no argument against you since you seem to understand the quagmire well enough. I will stick with easier topics such as constitutional reform of the political system, a piece of cake in comparison.]

    RC AKA Darryl, Ron -> RC AKA Darryl, Ron... , March 09, 2017 at 07:38 AM
    "...Without a crystal ball then we CANNOT answer correctly..."

    [First EDIT, then POST.]

    Anachronism -> RC AKA Darryl, Ron... , March 09, 2017 at 07:46 AM
    So, to paraphrase you; we're screwed. It's simply a question of how badly we're screwed and when.

    I agree. Which is why I'm no fun at parties anymore. I would argue that people who don't understand how screwed we are, are much happier than those who do understand.

    Such is our lot in life.

    RC AKA Darryl, Ron -> Anachronism ... , March 09, 2017 at 08:09 AM
    Totally agreed. Yet I cling to hope. Donald Trump has achieved more in organizing progressives in just four months than I have seen done over the collective period since 1968.
    RC AKA Darryl, Ron -> RC AKA Darryl, Ron... , March 09, 2017 at 08:12 AM
    Nothing unites people better than a common enemy which they unequivocally despise.
    ilsm -> RC AKA Darryl, Ron... , March 09, 2017 at 02:30 PM
    the oceans mean no one without a huge navy* or ICBM's (why sputnik was a problem) can affect the US. Military spending outside of nuclear warning and MAD is low payback.

    The terrorists know we won't nuke Mecca, hell we are paying Mecca's defenders to keep terrorists in Syria.

    * occupying the US would be dealing with 120M guns in hands of angered civilians....... the Japanese general staff thought they would find 80M behind blades of grass...........

    Peter K. -> Anachronism ... , March 09, 2017 at 08:54 AM
    The NSA chief told Congress that they don't spy on private US citizens, but Edward Snowden showed that to be a lie.

    Are you comfortable with that? Are you comfortable with handing the surveillance state over to a lunatic like Trump?

    Anachronism -> Peter K.... , March 09, 2017 at 09:45 AM
    As I said above, maybe the CIA doesn't spy on US citizens, but the FBI can and does.

    I don't think Trump would care about me nearly as much as he would Bill Maher or Hillary Clinton, public people who mock him.

    Peter K. -> Anachronism ... , March 09, 2017 at 10:08 AM
    It would effect you personally for Trump to neutralize all of his political opponents?
    Anachronism -> Peter K.... , March 09, 2017 at 11:09 AM
    I don't think republicans would like the idea of a liberal spying on them any more than we would with a conservative spying on us. Trump is at a whole new level because of his Nixonian paranoia plus his need for revenge plus his penchant for "punching down".

    Having said that, there are safeguards in place to ensure that the FBI can't spy on just anyone. You need a FISA warrant which needs to be approved by a FISA judge. President Cheeto can't just order it to be done. Well, he could, but the FBI should refuse.

    Anachronism -> Anachronism ... , March 09, 2017 at 11:11 AM
    This is the same reason Obama could not order Cheeto's "wires tapped".
    ilsm -> Peter K.... , March 09, 2017 at 02:32 PM
    Trump is more concerned with the Bill of rights than the con artist with the peace prize.

    [Mar 10, 2017] Latest WikiLeaks dump reveals CIA can hack computers, smartphones, even TVs

    Notable quotes:
    "... the code tracking system of the CIA's Center for Cyber Intelligence has more than 5,000 registered users. ..."
    "... Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more code than that used to run Facebook ..."
    "... The documents, which appear to have been acquired at least several months ago, detail exploits (or techniques to expose vulnerabilities) for a wide variety of desktop and mobile operating systems, including Android, iOS, Windows, Linux and the server operating system Solaris. ..."
    "... The documents appear to have been extracted from an internal CIA wiki website that was established to provide authorized users download access to the malware programs and also to instruct users on how to deploy them. ..."
    "... an archive of the software and its documentation had been circulating among former U.S. government hackers and contractors in an unauthorized manner for some time. ..."
    "... The site's editor, Julian Assange, said there was an "extreme proliferation risk" in the development of malicious software by governments, which he compared to the global arms trade. ..."
    "... The Vault 7 documents also disclose that the CIA purchases software exploits from other intelligence agencies, including Britain's MI5. The documents also indicate that the CIA has purchased exploits from shadowy private companies going by such names as Fangtooth, Anglerfish and SurfsUp. Instead of reporting security holes to software companies like Microsoft or Google, these companies peddle the vulnerability to the highest bidder. ..."
    "... If this information is accurate, the agency may be in violation of a policy put into place by former President Barack Obama in 2013 that was intended to prohibit the government from exploiting vulnerabilities that were unknown to software makers. ..."
    "... Besides speeding up the development time for malware for the CIA's use, the agency's use of outside-sourced malware also enables the CIA to make digital forensic investigators believe that an unknown outside party may have been behind an infiltration, rather than a government agency. ..."
    "... A veteran writer, tv producer, and web developer, Matthew Sheffield writes about politics, media, and technology for Salon. You can email him via m.sheffield@salon.com or follow him on Twitter . ..."
    "... Okay, so "who cares" that we have a CIA with unchecked powers and no publicly discernible agenda, but RUSSIA!! ..."
    "... How many agencies do we need to do the same things and replicate each others work? 16 intelligence agencies? ..."
    "... And if you think you only need to worry about your computers, phones, and TVs being full of Mama Gubmint's lackeys consider your car. It has it's own ID and the roads are bristling with detectors too. License plate scanners, facial recognition, chem/radiation detectors, etc. 1984 has long been with us. ..."
    Mar 10, 2017 | www.salon.com
    ...The disclosure revealed that the CIA has its own division dedicated solely to computer hacking that rivals the National Security Agency's online espionage operation. According to WikiLeaks, the code tracking system of the CIA's Center for Cyber Intelligence has more than 5,000 registered users.

    "Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more code than that used to run Facebook," WikiLeaks said in an introductory statement accompanying the documents. "The CIA had created, in effect, its 'own NSA' with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified."

    Tuesday's disclosure is only the first part of what WikiLeaks is calling its "Vault 7" series of documents obtained from what it said was an "isolated, high-security network" located within the CIA's headquarters in Langley, Virginia. The documents, which appear to have been acquired at least several months ago, detail exploits (or techniques to expose vulnerabilities) for a wide variety of desktop and mobile operating systems, including Android, iOS, Windows, Linux and the server operating system Solaris.

    The CIA also appears to have developed methods to hijack internet-enabled televisions from Samsung to use them to record audio such as conversations, through the use of a "Fake Off" mode so that the TV appears to be powered down but actually is not.

    The stolen information indicates that the intelligence agency also appears to have the ability to gain access to messaging programs like Telegram, WhatsApp, Signal and iMessage that have been billed as secure because they encrypt all messages between participants. Instead of intercepting a messages en route, however, the exploits work at more basic level to intercept and capture audio and text before they are encrypted and transmitted.

    The documents appear to have been extracted from an internal CIA wiki website that was established to provide authorized users download access to the malware programs and also to instruct users on how to deploy them.

    WikiLeaks did not release any of the code behind the so-called cyber-weapons, but said that an archive of the software and its documentation had been circulating among former U.S. government hackers and contractors in an unauthorized manner for some time.

    The site's editor, Julian Assange, said there was an "extreme proliferation risk" in the development of malicious software by governments, which he compared to the global arms trade.

    The Vault 7 documents also disclose that the CIA purchases software exploits from other intelligence agencies, including Britain's MI5. The documents also indicate that the CIA has purchased exploits from shadowy private companies going by such names as Fangtooth, Anglerfish and SurfsUp. Instead of reporting security holes to software companies like Microsoft or Google, these companies peddle the vulnerability to the highest bidder.

    If this information is accurate, the agency may be in violation of a policy put into place by former President Barack Obama in 2013 that was intended to prohibit the government from exploiting vulnerabilities that were unknown to software makers.

    Besides speeding up the development time for malware for the CIA's use, the agency's use of outside-sourced malware also enables the CIA to make digital forensic investigators believe that an unknown outside party may have been behind an infiltration, rather than a government agency.

    ... ... ...

    A veteran writer, tv producer, and web developer, Matthew Sheffield writes about politics, media, and technology for Salon. You can email him via m.sheffield@salon.com or follow him on Twitter .

    zackeryzackery , 2017-03-10T03:32:31

    Anyone interested in the Russian Bank / Trump Server connection:

    https://theintercept.com/2016/11/01/heres-the-problem-with-the-story-connecting-russia-to-donald-trumps-email-server/

    Looks like the libtards will twist any facts to fit their narrative.

    DirtyDan23 , 2017-03-09T19:30:29
    But ... but .... RUSSIA!!!!!. Look guys, RUSSIA! The Obama administration repeatedly broke federal laws, lied about breaking those laws, got caught lying about breaking those laws (thank you "whistle blowers") then said it stopped breaking said laws. Then it got caught lying about saying it stopped breaking laws.
    A Real American , 2017-03-09T16:55:26
    Who cares. But what we also know is that The "President" is Putin's puppet. When is Assange going to leak that? And Don the Con has already paid Putin back by destroying the State Department. Sad.
    Captain America , 2017-03-09T17:05:13

    @ A Real American

    Okay, so "who cares" that we have a CIA with unchecked powers and no publicly discernible agenda, but RUSSIA!!

    You sound like McCarthy. Is that the New Democratic Party?

    Fester N Boyle , 2017-03-09T11:16:11

    How many agencies do we need to do the same things and replicate each others work? 16 intelligence agencies? There's 500+ govt. agencies, the system needs a reorg. Make new agencies to combine the old one's critical functions, fire all the worthless govt. employees and move the good ones into the new agency.

    And if you think you only need to worry about your computers, phones, and TVs being full of Mama Gubmint's lackeys consider your car. It has it's own ID and the roads are bristling with detectors too. License plate scanners, facial recognition, chem/radiation detectors, etc. 1984 has long been with us.

    [Mar 10, 2017] When Whistleblowers Tell The Truth Theyre Traitors. When Government Lies Its Politics

    Notable quotes:
    "... Immediately after Wikileaks released thousands of documents revealing the extent of CIA surveillance and hacking practices, the government was calling for an investigation - not into why the CIA has amassed so much power, but rather, into who exposed their invasive policies . ..."
    Mar 09, 2017 | www.zerohedge.com
    Mar 9, 2017 6:05 PM Via Carey Wedler via TheAntiMedia.org,

    Immediately after Wikileaks released thousands of documents revealing the extent of CIA surveillance and hacking practices, the government was calling for an investigation - not into why the CIA has amassed so much power, but rather, into who exposed their invasive policies .

    " A federal criminal investigation is being opened into WikiLeaks' publication of documents detailing alleged CIA hacking operations, several US officials, " reportedly told CNN .

    According to USA Today :

    " The inquiry, the official said, will seek to determine whether the disclosure represented a breach from the outside or a leak from inside the organization. A separate review will attempt to assess the damage caused by such a disclosure, the official said ."

    Even Democratic representative Ted Lieu, who has been urging whistleblowers to come forward to expose wrongdoing within the Trump administration, has turned his focus away from what the documents exposed and toward determining how it could have possibly happened.

    " I am deeply disturbed by the allegation that the CIA lost its arsenal of hacking tools, " he said while calling for an investigation. " The ramifications could be devastating. I am calling for an immediate congressional investigation. We need to know if the CIA lost control of its hacking tools, who may have those tools, and how do we now protect the privacy of Americans ."

    According to Lieu's statements, the problem isn't necessarily that the CIA is spying on Americans and invading innocent people's technology without consent. It's that the CIA mishandled their spying tools, and in doing so, endangered Americans' privacy by exposing the tools to presumably 'bad actors.' The problem isn't the corrupt agency violating basic privacy rights, but that they weren't skillful enough to keep their corruption under wraps.

    So goes the familiar whistleblower narrative in the United States. Whistleblowers step forward to expose wrongdoing on the part of government - something the government claims to support - and immediately, establishment institutions and the media bend the conversation away from the wrongdoing in order to focus on the unlawful release of secrets.

    Putting aside the fact that, according to popular American mythology breaking the law is a patriotic duty, the government and politicians' reactions are both hypocritical and habitual.

    When Chelsea Manning revealed damning evidence of U.S. war crimes in Iraq, including soldiers directly targeting Reuters news staff, the response was not to investigate who allowed those crimes (in fact, a later Pentagon manual went on to describe instances in which it's permissible to kill journalists; that version was later retracted after outcry from reporters). Rather, Manning was subject to a military tribunal and issued multiple life sentences, a cruel and unusual punishment reversed only in President Obama's last days in office amid his attempts to salvage his abysmal human rights, transparency, and whistleblower record.

    When Edward Snowden revealed the extent of the NSA's warrantless mass surveillance of American citizens and millions of others around the world, the government's response was not to investigate why those programs existed in the first place . Rather, they thrashed and flailed around the world, ordering the plane of Bolivian President Evo Morales to be grounded in the hopes of catching the whistleblower. Congress later passed the deceptive "USA Freedom Act," which codified continued surveillance.

    Edward Snowden remains in exile, and establishment politicians repeatedly call him a traitor for exposing the crimes of his government. Some, including Trump's CIA Director Mike Pompeo, have called for his execution. Mass surveillance continues, and the president himself is seeking to retain those powers as he condemns former President Obama for allegedly spying on him.

    And so on and so forth. The same was true for John Kiriakou , Thomas Drake , William Binney , and Jeffrey Sterling . The government is exposed for wrongdoing, and rather than prove themselves to be representatives of the people by remedying those transgressions, they point fingers and divert, all the while refusing to relinquish the unjust power any given agency is exposed for having.

    Many people are already aware that the government does little to actually serve them (Americans' trust in political leaders and government , in general, is abysmally low). Rather, government agents and agencies operate to advance and concentrate their own interests and power. This is why penalties against killing government employees are more stringent than killing civilians. It is why stealing from the government is perceived as more outrageous to the State than stealing from a civilian. The government considers "crimes" committed against itself to carry the utmost offense, yet often fails to deliver justice to the people who provide their financial foundation.

    As a result, the State does not even try to show remorse for its volatile policies, even when they are exposed and splattered across social media for the world to see. Instead, with the help of corporate media, the debate is shifted to whether or not WikiLeaks is a criminal organization, or whether or not Edward Snowden is a traitor.

    As White House Press Secretary Sean Spicer said of the leaks:

    "This is the kind of disclosure that undermines our country, our security. This alleged leak should concern every American for its impact on national security. Anybody who leaks classified information will be held accountable to the maximum extent of the law ."

    Meanwhile, we're supposed to accept the government's investigation of itself, which (surprise!) usually finds little or no wrongdoing on their own behalf and often consolidates and extends the very same power whistleblowers exposed in the first place.

    LawsofPhysics , Mar 9, 2017 6:09 PM

    Yes. The truth is always treason in an empire of lies.

    All by design motherfuckers.

    indygo55 , Mar 9, 2017 6:23 PM

    Binney said the NSA has everything. Every phone call, text, website visited, everything. The FISA court is theater. Window dressing. The FISA court allows prosecutors to recreate fake parallel sources to make it look like they got permission to create the illusion they didn't break the 4th amendment. THEY ALREADY BROKE THE 4TH AMENDMENT!!!

    Its all theater. Thats what Binney said. It was written here on ZH. These talking heads keep refering to warrants. They don't need a fucking warrant. They alreay have it. EVERYTHING.

    Brazen Heist -> indygo55 , Mar 9, 2017 6:31 PM

    In theory they could have ALOT of data with their backdoors and dragnets.

    But in reality, they have finite manpower to sift through all that data, and make sense of it. The more of us that rebel, encrypt and become defiant, the more taxing it is on their resources.

    Like I enjoy saying. They can have my data. But I'm going to make the fuckers work for it, and waste their finite resources in getting it.

    Ms No -> Brazen Heist , Mar 9, 2017 6:43 PM

    They might not need people to sift through some of the data. They could probably have a computer program sift through terms: guns, the Constitution, the Federal Reserve, Jews, drugs, gold... etc. Then you could be catagorized a whether not you were a proper sheep or a target.

    Brazen Heist -> Ms No , Mar 9, 2017 7:18 PM

    You're probably right. The algos will be hard at work.

    Thing is. I don't give a shit. I can already see the limits to their powers.

    quax -> indygo55 , Mar 9, 2017 6:37 PM

    And if you'd bother to add the amount of storage that'll require you'd know this is BS.

    They may have the metadata on pretty much everything but not the actual transcripts.

    DuneCreature -> quax , Mar 9, 2017 6:58 PM

    Nonsense. ..... They have all the content that is meaningful to them and save EVERYTHING to parse through it. ....... Your mom's phone calls to the hairdresser timeout and get discarded after they sniff it good.

    My guess is, anyone posting here at ZH gets their stuff tagged for archiving. ..... As do a bunch of other categories of 'interesting people'.

    Live Hard, You Do The Math On What A Terabyte Will Store, Die Free

    ~ DC v5.0

    IndyPat -> quax , Mar 9, 2017 7:02 PM

    If you'd bother to read up on Binney, you'd know to not talk shit about that which you have no idea of.

    Storage is dirt cheap.

    Not that money is an issue. At all.

    TeethVillage88s -> indygo55 , Mar 9, 2017 7:01 PM

    ***- Right to freedom from quartering of govt in our house without our consent (Americans don't want NSA, CIA, DHS, TSA, or border control inside out devices, smart phones, PDAs, PCs, TVs, Refrigerators) (And Trump E.O Today: Our Kids are Precious they have Cell Phones and Devices, this is Tyranny, Protect our kids from Pedos!!!)

    E.O. Today, President Donald J. Trump, Please! - Call it the CIA, NSA, Govt in our Homes, Anti-Pedo Act

    Chupacabra-322 -> indygo55 , Mar 9, 2017 7:06 PM

    The "Spoofing" or Digital Finger Print & Parallel Construction tools that can be used against Governments, Individuals, enemies & adversaries are Chilling.

    Effective immediately defund, Eliminate & Supeona it's Agents, Officials & Dept. Heads in regard to the Mass Surveillance, Global Espionage Spying network & monitoring of a President Elect by aforementioned Agencies & former President Obama, AG Lynch & DIA James Clapper.

    The CIA can not only hack into anything -- they can download any "evidence" they want onto your phone or computer. Child pornography, national secrets, you name it. Then they can blackmail you, threatening prosecution for whatever crap they have planted, then "found" on your computer. They can also "spoof" the source of such downloads -- for instance, if they want to "prove" that something on your computer (or Donald Trump's computer) came from a "Russian source" -- they can spoof the IP address of a Russian source.

    The take-away: no digital evidence the CIA or NSA produces on any subject whatsoever can be trusted. No digital evidence should be acceptable in any case where the government has an interest, because they have the complete ability to fabricate and implant any evidence on any iphone or computer. And worse: they have intentionally created these digital vulnerabilities and pushed them onto the whole world via Microsoft and Google. Government has long been at war with liberty, claiming that we need to give up liberty to be secure. Now we learn that they have been deliberately sabotaging our security, in order to augment their own power. Time to shut down the CIA and all the other spy agencies. They're not keeping us free OR secure, and they're doing it deliberately. Their main function nowadays seems to be lying us into wars against countries that never attacked us, and had no plans to do so.

    TePikoElPozo , Mar 9, 2017 6:50 PM

    "There are a few rules that I live by. Number 1: I don't believe anything that the government says"

    -GEORGE CARLIN

    [Mar 09, 2017] Gaius Publius: Explosive WikiLeaks Release Exposes Massive, Aggressive CIA Cyber Spying, Hacking Capability

    Notable quotes:
    "... Donald Trump is deep in the world of spooks now, the world of spies, agents and operatives. He and his inner circle have a nest of friends, but an even larger, more varied nest of enemies. As John Sevigny writes below, his enemies include not only the intel and counter-intel people, but also "Republican lawmakers, journalists, the Clintons, the Bush family, Barack Obama, the ACLU, every living Democrat and even Rand Paul." ..."
    "... A total of 8,761 documents have been published as part of 'Year Zero', the first in a series of leaks the whistleblower organization has dubbed 'Vault 7.' WikiLeaks said that 'Year Zero' revealed details of the CIA's "global covert hacking program," including "weaponized exploits" used against company products including " Apple's iPhone , Google's Android and Microsoft's Windows and even Samsung TVs , which are turned into covert microphones." ..."
    "... According to the statement from WikiLeaks, government hackers can penetrate Android phones and collect "audio and message traffic before encryption is applied." ..."
    "... "CIA turned every Microsoft Windows PC in the world into spyware. Can activate backdoors on demand, including via Windows update "[.] ..."
    "... Do you still trust Windows Update? ..."
    "... As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. ..."
    "... "Richard Clarke, the counterterrorism chief under both Bill Clinton and George W. Bush, told the Huffington Post that Hastings's crash looked consistent with a car cyber attack.'" Full and fascinating article here . ..."
    "... Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive. ..."
    "... Since 2001 the CIA has gained political and budgetary preeminence over the U.S. National Security Agency (NSA). The CIA found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force - its own substantial fleet of hackers. The agency's hacking division freed it from having to disclose its often controversial operations to the NSA (its primary bureaucratic rival) in order to draw on the NSA's hacking capacities. ..."
    "... By the end of 2016, the CIA's hacking division, which formally falls under the agency's Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other "weaponized" malware. Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its "own NSA" with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified. ..."
    "... I learned this when I was in my 20s. The Catholic Church was funding my early critique of American foreign aid as being imperialist. I asked whether they thought I should go into politics. They said, "No, you'd never make it". And I said, "Why?" and they said, "Well, nobody has a police record or any other dirt on you." I asked what they meant. They said, "Unless they have something over you to blackmail you with, you're not going to be able to get campaign funding. Because they believe that you might do something surprising," in other words, something they haven't asked you to do. So basically throughout politics, on both sides of the spectrum, voters have candidates who are funded by backers who have enough over them that they can always blackmail. ..."
    "... The campaign to frame up and discredit Trump and his associates is characteristic of how a police state routinely operates. A national security apparatus that vacuums up all our communications and stores them for later retrieval has been utilized by political operatives to go after their enemies – and not even the President of the United States is immune. This is something that one might expect to occur in, say, Turkey, or China: that it is happening here, to the cheers of much of the media and the Democratic party, is beyond frightening. ..."
    "... 4th impressions – I went looking for the "juicy bits" of interest to me – SOHO routers, small routers – sadly its just a table documenting routers sold around the world, and whether these guys have put the firmware in their Stash Repository. Original firmware, not hacked one. But the repository isn't in the vault dump, AFAIK. ..."
    "... The WikiLeaks docs show that CIA has developed means to use all personal digital device microphones and cameras even when they are "off," and to send all of your files and personal data to themselves, and to send your private messages to themselves before they are encrypted. They have installed these spyware in the released version of Windows 10, and can easily install them on all common systems and devices. ..."
    "... So we have a zillion ways to spy and hack and deceive and assassinate, but no control. I think this is what the military refers to as "being overtaken by events." ..."
    "... My godfather was in the CIA in the late sixties and early seventies, and he said that outside of the President's pet projects there was no way to sift through and bring important information to decision makers before it made the Washington Post (he is aware of the irony) and hit the President's breakfast table. ..."
    "... To what extent do these hacks represent the CIA operating within the US? To what extent is that illegal? With the democrats worshipping the IC, will anyone in an official position dare to speak out? ..."
    "... Schumer said that as he understands, intelligence officials are "very upset with how [Trump] has treated them and talked about them ..."
    "... The CIA's internal security is crap, too. Really a lot of people should be fired over that, as well as over Snowden's release. We didn't hear of it happening in the NSA, though I'm not sure we would have. Given Gaius's description of Trump's situation, it seems unlikely it will happen this time, either. One of my hopes for a Trump administration, as long as we're stuck with it, was a thorough cleanout of the upper echelons in the IC. It's obviously long overdue, and Obama wasn't up to it. But I used the past tense because I don't think it's going to happen. Trump seems more interested in sucking up to them, presumably so they won't kill him or his family. That being one of their options. ..."
    "... "The CIA had created, in effect, its "own NSA" with even less accountability ." [My emphasis]. It seems to characterize an organization that operates outside of any control and oversight – and one that is intentionally structuring itself that way. That worries me. ..."
    "... It's a dangerous world out there and only our brave IC can protect us from it. Come on. Stop blaming the victim and place the blame where it belongs–our IC and MIC. I say stop feeding the beast with your loyalty to a government that has ceased to be yours. ..."
    "... "These CIA revelations in conjunction with those of the NSA paints a pretty dark future for privacy and freedom. Edward Snowden made us aware of the NSA's program XKEYSCORE and PRISM which are utilized to monitor and bulk collect information from virtually any electronic device on the planet and put it into a searchable database. Now Wikileaks has published what appears to be additional Big Brother techniques used by a competing agency. Say what you want about the method of discovery, but Pandora's box has been opened." ..."
    Mar 09, 2017 | www.nakedcapitalism.com
    March 9, 2017 by Yves Smith Yves here. The first release of the Wikileaks Vault 7 trove has curiously gone from being a MSM lead story yesterday to a handwave today. On the one hand, anyone who was half awake during the Edward Snowden revelations knows that the NSA is in full spectrum surveillance and data storage mode, and members of the Five Eyes back-scratch each other to evade pesky domestic curbs on snooping. So the idea that the CIA (and presumably the NSA) found a way to circumvent encryption tools on smartphones, or are trying to figure out how to control cars remotely, should hardly come as a surprise.

    However, at a minimum, reminding the generally complacent public that they are being spied on any time they use the Web, and increasingly the times in between, makes the officialdom Not Happy.

    And if this Wikileaks claim is even halfway true, its Vault 7 publication is a big deal:

    Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.

    This is an indictment of the model of having the intelligence services rely heavily on outside contractors. It is far more difficult to control information when you have multiple organizations involved. In addition, neolibearlism posits that workers are free agents who have no loyalties save to their own bottom lines (or for oddballs, their own sense of ethics). Let us not forget that Snowden planned his career job moves , which included a stint at NSA contractor Dell, before executing his information haul at a Booz Allen site that he had targeted.

    Admittedly, there are no doubt many individuals who are very dedicated to the agencies for which they work and aspire to spend most it not all of their woking lives there. But I would assume that they are a minority.

    The reason outsiders can attempt to pooh-pooh the Wikileaks release is that the organization redacted sensitive information like the names of targets and attack machines. The CIA staffers who have access to the full versions of these documents as well as other major components in the hacking toolkit will be the ones who can judge how large and serious the breach really is. 1 And their incentives are to minimize it no matter what.

    By Gaius Publius , a professional writer living on the West Coast of the United States and frequent contributor to DownWithTyranny, digby, Truthout, and Naked Capitalism. Follow him on Twitter @Gaius_Publius , Tumblr and Facebook . GP article archive here . Originally published at DownWithTyranny

    CIA org chart from the WikiLeaks cache (click to enlarge). "The organizational chart corresponds to the material published by WikiLeaks so far. Since the organizational structure of the CIA below the level of Directorates is not public, the placement of the EDG [Engineering Development Group]and its branches is reconstructed from information contained in the documents released so far. It is intended to be used as a rough outline of the internal organization; please be aware that the reconstructed org chart is incomplete and that internal reorganizations occur frequently."

    * * *

    "O brave new world, that has such people in it."

    Bottom line first. As you read what's below, consider:

    Now the story.

    WikiLeaks just dropped a huge cache of documents (the first of several promised releases), leaked from a person or people associated with the CIA in one or more capacities (examples, employee, contractor), which shows an agency out-of-control in its spying and hacking overreach. Read through to the end. If you're like me, you'll be stunned, not just about what they can do, but that they would want to do it, in some cases in direct violation of President Obama's orders. This story is bigger than anything you can imagine.

    Consider this piece just an introduction, to make sure the story stays on your radar as it unfolds - and to help you identify those media figures who will try to minimize or bury it. (Unless I missed it, on MSNBC last night, for example, the first mention of this story was not Chris Hayes, not Maddow, but the Lawrence O'Donnell show, and then only to support his guest's "Russia gave us Trump" narrative. If anything, this leak suggests a much muddier picture, which I'll explore in a later piece.)

    So I'll start with just a taste, a few of its many revelations, to give you, without too much time spent, the scope of the problem. Then I'll add some longer bullet-point detail, to indicate just how much of American life this revelation touches.

    While the cache of documents has been vetted and redacted , it hasn't been fully explored for implications. I'll follow this story as bits and piece are added from the crowd sourced research done on the cache of information. If you wish to play along at home, the WikiLeaks torrent file is here . The torrent's passphrase is here . WikiLeaks press release is here (also reproduced below). Their FAQ is here .

    Note that this release covers the years 2013–2016. As WikiLeaks says in its FAQ, "The series is the largest intelligence publication in history."

    Preface - Trump and Our "Brave New World"

    But first, this preface, consisting of one idea only. Donald Trump is deep in the world of spooks now, the world of spies, agents and operatives. He and his inner circle have a nest of friends, but an even larger, more varied nest of enemies. As John Sevigny writes below, his enemies include not only the intel and counter-intel people, but also "Republican lawmakers, journalists, the Clintons, the Bush family, Barack Obama, the ACLU, every living Democrat and even Rand Paul." Plus Vladimir Putin, whose relationship with Trump is just "business," an alliance of convenience, if you will.

    I have zero sympathy for Donald Trump. But his world is now our world, and with both of his feet firmly planted in spook world, ours are too. He's in it to his neck, in fact, and what happens in that world will affect every one of us. He's so impossibly erratic, so impossibly unfit for his office, that everyone on the list above wants to remove him. Many of them are allied, but if they are, it's also only for convenience.

    How do spooks remove the inconvenient and unfit? I leave that to your imagination;they have their ways. Whatever method they choose, however, it must be one without fingerprints - or more accurately, without their fingerprints - on it.

    Which suggests two more questions. One, who will help them do it, take him down? Clearly, anyone and everyone on the list. Second, how do you bring down the president, using extra-electoral, extra-constitutional means, without bringing down the Republic? I have no answer for that.

    Here's a brief look at "spook world" (my phrase, not the author's) from " The Fox Hunt " by John Sevigny:

    Several times in my life – as a journalist and rambling, independent photographer - I've ended up rubbing shoulders with spooks. Long before that was a racist term, it was a catch-all to describe intelligence community people, counter intel types, and everyone working for or against them. I don't have any special insight into the current situation with Donald Trump and his battle with the IC as the intelligence community calls itself, but I can offer a few first hand observations about the labyrinth of shadows, light, reflections, paranoia, perceptions and misperceptions through which he finds himself wandering, blindly. More baffling and scary is the thought he may have no idea his ankles are already bound together in a cluster of quadruple gordian knots, the likes of which very few people ever escape.

    Criminal underworlds, of which the Trump administration is just one, are terrifying and confusing places. They become far more complicated once they've been penetrated by authorities and faux-authorities who often represent competing interests, but are nearly always in it for themselves.

    One big complication - and I've written about this before - is that you never know who's working for whom . Another problem is that the hierarchy of handlers, informants, assets and sources is never defined. People who believe, for example, they are CIA assets are really just being used by people who are perhaps not in the CIA at all but depend on controlling the dupe in question. It is very simple - and I have seen this happen - for the subject of an international investigation to claim that he is part of that operation. [emphasis added]

    Which leads Sevigny to this observation about Trump, which I partially quoted above: "Donald Trump may be crazy, stupid, evil or all three but he knows the knives are being sharpened and there are now too many blades for him to count. The intel people are against him, as are the counter intel people. His phone conversations were almost certainly recorded by one organization or another, legal or quasi legal. His enemies include Republican lawmakers, journalists, the Clintons, the Bush family, Barack Obama, the ACLU, every living Democrat and even Rand Paul. Putin is not on his side - that's a business matter and not an alliance."

    Again, this is not to defend Trump, or even to generate sympathy for him - I personally have none. It's to characterize where he is, and we are, at in this pivotal moment. Pivotal not for what they're doing, the broad intelligence community. But pivotal for what we're finding out, the extent and blatancy of the violations.

    All of this creates an incredibly complex story, with only a tenth or less being covered by anything like the mainstream press. For example, the Trump-Putin tale is much more likely to be part of a much broader "international mobster" story, whose participants include not only Trump and Putin, but Wall Street (think HSBC) and major international banks, sovereign wealth funds, major hedge funds, venture capital (vulture capital) firms, international drug and other trafficking cartels, corrupt dictators and presidents around the world and much of the highest reaches of the "Davos crowd."

    Much of the highest reaches of the .01 percent, in other words, all served, supported and "curated" by the various, often competing elements of the first-world military and intelligence communities. What a stew of competing and aligned interests, of marriages and divorces of convenience, all for the common currencies of money and power, all of them dealing in death .

    What this new WikiLeaks revelation shows us is what just one arm of that community, the CIA, has been up to. Again, the breadth of the spying and hacking capability is beyond imagination. This is where we've come to as a nation.

    What the CIA Is Up To - A Brief Sample

    Now about those CIA spooks and their surprising capabilities. A number of other outlets have written up the story, but this from Zero Hedge has managed to capture the essence as well as the breadth in not too many words (emphasis mine throughout):

    WikiLeaks has published what it claims is the largest ever release of confidential documents on the CIA. It includes more than 8,000 documents as part of 'Vault 7', a series of leaks on the agency, which have allegedly emerged from the CIA's Center For Cyber Intelligence in Langley , and which can be seen on the org chart below, which Wikileaks also released : [org chart reproduced above]

    A total of 8,761 documents have been published as part of 'Year Zero', the first in a series of leaks the whistleblower organization has dubbed 'Vault 7.' WikiLeaks said that 'Year Zero' revealed details of the CIA's "global covert hacking program," including "weaponized exploits" used against company products including " Apple's iPhone , Google's Android and Microsoft's Windows and even Samsung TVs , which are turned into covert microphones."

    WikiLeaks tweeted the leak, which it claims came from a network inside the CIA's Center for Cyber Intelligence in Langley, Virginia.

    Among the more notable disclosures which, if confirmed, " would rock the technology world ", the CIA had managed to bypass encryption on popular phone and messaging services such as Signal, WhatsApp and Telegram. According to the statement from WikiLeaks, government hackers can penetrate Android phones and collect "audio and message traffic before encryption is applied."

    With respect to hacked devices like you smart phone, smart TV and computer, consider the concept of putting these devices in "fake-off" mode:

    Among the various techniques profiled by WikiLeaks is "Weeping Angel", developed by the CIA's Embedded Devices Branch (EDB), which infests smart TVs , transforming them into covert microphones. After infestation, Weeping Angel places the target TV in a 'Fake-Off' mode , so that the owner falsely believes the TV is off when it is on. In 'Fake-Off' mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.

    As Kim Dotcom chimed in on Twitter, "CIA turns Smart TVs, iPhones, gaming consoles and many other consumer gadgets into open microphones" and added "CIA turned every Microsoft Windows PC in the world into spyware. Can activate backdoors on demand, including via Windows update "[.]

    Do you still trust Windows Update?

    About "Russia did it"

    Adding to the "Russia did it" story, note this:

    Another profound revelation is that the CIA can engage in "false flag" cyberattacks which portray Russia as the assailant . Discussing the CIA's Remote Devices Branch's UMBRAGE group, Wikileaks' source notes that it "collects and maintains a substantial library of attack techniques 'stolen' from malware produced in other states including the Russian Federation.["]

    As Kim Dotcom summarizes this finding, " CIA uses techniques to make cyber attacks look like they originated from enemy state ."

    This doesn't prove that Russia didn't do it ("it" meaning actually hacking the presidency for Trump, as opposed to providing much influence in that direction), but again, we're in spook world, with all the phrase implies. The CIA can clearly put anyone's fingerprints on any weapon they wish, and I can't imagine they're alone in that capability.

    Hacking Presidential Devices?

    If I were a president, I'd be concerned about this, from the WikiLeaks " Analysis " portion of the Press Release (emphasis added):

    "Year Zero" documents show that the CIA breached the Obama administration's commitments [that the intelligence community would reveal to device manufacturers whatever vulnerabilities it discovered]. Many of the vulnerabilities used in the CIA's cyber arsenal are pervasive [across devices and device types] and some may already have been found by rival intelligence agencies or cyber criminals.

    As an example, specific CIA malware revealed in "Year Zero" [that it] is able to penetrate, infest and control both the Android phone and iPhone software that runs or has run presidential Twitter accounts . The CIA attacks this software by using undisclosed security vulnerabilities ("zero days") possessed by the CIA[,] but if the CIA can hack these phones then so can everyone else who has obtained or discovered the vulnerability. As long as the CIA keeps these vulnerabilities concealed from Apple and Google (who make the phones) they will not be fixed, and the phones will remain hackable.

    Does or did the CIA do this (hack presidential devices), or is it just capable of it? The second paragraph implies the latter. That's a discussion for another day, but I can say now that both Lawrence Wilkerson, aide to Colin Powell and a non-partisan (though an admitted Republican) expert in these matters, and William Binney, one of the triumvirate of major pre-Snowden leakers, think emphatically yes. (See Wilkerson's comments here . See Binney's comments here .)

    Whether or not you believe Wilkerson and Binney, do you doubt that if our intelligence people can do something, they would balk at the deed itself, in this world of "collect it all "? If nothing else, imagine the power this kind of bugging would confer on those who do it.

    The Breadth of the CIA Cyber-Hacking Scheme

    But there is so much more in this Wikileaks release than suggested by the brief summary above. Here's a bullet-point overview of what we've learned so far, again via Zero Hedge:

    Key Highlights from the Vault 7 release so far:

    Also this scary possibility:

    Journalist Michael Hastings, who in 2010 destroyed the career of General Stanley McChrystal and was hated by the military for it, was killed in 2013 in an inexplicably out-of-control car. This isn't to suggest the CIA, specifically, caused his death. It's to ask that, if these capabilities existed in 2013, what would prevent their use by elements of the military, which is, after all a death-delivery organization?

    And lest you consider this last speculation just crazy talk, Richard Clarke (that Richard Clarke ) agrees: "Richard Clarke, the counterterrorism chief under both Bill Clinton and George W. Bush, told the Huffington Post that Hastings's crash looked consistent with a car cyber attack.'" Full and fascinating article here .

    WiliLeaks Press Release

    Here's what WikiLeaks itself says about this first document cache (again, emphasis mine):

    Press Release

    Today, Tuesday 7 March 2017, WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency. Code-named "Vault 7" by WikiLeaks, it is the largest ever publication of confidential documents on the agency.

    The first full part of the series, "Year Zero", comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA's Center for Cyber Intelligence in Langley, Virgina. It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election .

    Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.

    "Year Zero" introduces the scope and direction of the CIA's global covert hacking program, its malware arsenal and dozens of "zero day" weaponized exploits against a wide range of U.S. and European company products, include Apple's iPhone, Google's Android and Microsoft's Windows and even Samsung TVs, which are turned into covert microphones.

    Since 2001 the CIA has gained political and budgetary preeminence over the U.S. National Security Agency (NSA). The CIA found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force - its own substantial fleet of hackers. The agency's hacking division freed it from having to disclose its often controversial operations to the NSA (its primary bureaucratic rival) in order to draw on the NSA's hacking capacities.

    By the end of 2016, the CIA's hacking division, which formally falls under the agency's Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other "weaponized" malware. Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its "own NSA" with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.

    In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public , including whether the CIA's hacking capabilities exceed its mandated powers and the problem of public oversight of the agency. The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.

    Once a single cyber 'weapon' is 'loose' it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike.

    Julian Assange, WikiLeaks editor stated that "There is an extreme proliferation risk in the development of cyber 'weapons'. Comparisons can be drawn between the uncontrolled proliferation of such 'weapons', which results from the inability to contain them combined with their high market value, and the global arms trade. But the significance of "Year Zero" goes well beyond the choice between cyberwar and cyberpeace. The disclosure is also exceptional from a political, legal and forensic perspective."

    Wikileaks has carefully reviewed the "Year Zero" disclosure and published substantive CIA documentation while avoiding the distribution of 'armed' cyberweapons until a consensus emerges on the technical and political nature of the CIA's program and how such 'weapons' should analyzed, disarmed and published.

    Wikileaks has also decided to redact and anonymise some identifying information in "Year Zero" for in depth analysis. These redactions include ten of thousands of CIA targets and attack machines throughout Latin America, Europe and the United States. While we are aware of the imperfect results of any approach chosen, we remain committed to our publishing model and note that the quantity of published pages in "Vault 7" part one ("Year Zero") already eclipses the total number of pages published over the first three years of the Edward Snowden NSA leaks.

    Be sure to click through for the Analysis, Examples and FAQ sections as well.

    "O brave new world," someone once wrote . Indeed. Brave new world, that only the brave can live in.

    ____

    1 Mind you, the leakers may have had a comprehensive enough view to be making an accurate call. But the real point is there are no actors who will be allowed to make an independent assessment.

    34 0 42 1 0 This entry was posted in Banana republic , Guest Post , Legal , Politics , Surveillance state , Technology and innovation on March 9, 2017 by Yves Smith .
    Trade now with TradeStation – Highest rated for frequent traders
    Subscribe to Post Comments 64 comments Code Name D , March 9, 2017 at 2:38 am

    That's all I needed.
    https://www.theguardian.com/us-news/2017/jan/10/fbi-chief-given-dossier-by-john-mccain-alleging-secret-trump-russia-contacts

    Senator John McCain passed documents to the FBI director, James Comey, last month alleging secret contacts between the Trump campaign and Moscow and that Russian intelligence had personally compromising material on the president-elect himself.

    The material, which has been seen by the Guardian, is a series of reports on Trump's relationship with Moscow. They were drawn up by a former western counter-intelligence official, now working as a private consultant. BuzzFeed on Tuesday published the documents, which it said were "unverified and potentially unverifiable".

    The Guardian has not been able to confirm the veracity of the documents' contents,

    Emphases mine. I had been sitting on this link trying to make sense of this part. Clearly, the Trump Whitehouse has some major leaks, which the MSM is exploiting. But the start of this article suggests that para-intelligence (is that a word? Eh, it is now) was the source of the allegedly damaging info.

    This is no longer about the deep-state, but a rouge state, possibly guns for higher, each having fealty to specific political interests. The CIA arsenal wasn't leaked. It was delivered.

    salvo , March 9, 2017 at 3:13 am

    hmm.. as far as I can see, noone seems to care here in Germany anymore about being spied on by our US friends, apart from a few alternative sources which are being accused of spreading fake news, of being anti-american, russian trolls, the matter is widely ignored

    visitor , March 9, 2017 at 3:40 am

    I have read a few articles about the Vault 7 leak that typically raise a few alarms I would like to comment on.

    1) The fact that the

    CIA had managed to bypass encryption on popular phone and messaging services

    does not mean that it has broken encryption, just that it has a way to install a program at a lower level, close to the operating system, that will read messages before they are encrypted and sent by the messaging app, or just after they have been decrypted by it.

    As a side note: banks have now largely introduced two-factor authentication when accessing online services. One enters username (or account number) and password; the bank site returns a code; the user must then enter this code into a smartphone app or a tiny specialized device, which computes and returns a value out of it; the user enters this last value into the entry form as a throw-away additional password, and gains access to the bank website.

    I have always refused to use such methods on a smartphone and insist on getting the specialized "single-use password computer", precisely because the smartphone platform can be subverted.

    2) The fact that

    "Weeping Angel", developed by the CIA's Embedded Devices Branch (EDB), [ ] infests smart TVs, transforming them into covert microphones.

    is possible largely because smart TVs are designed by their manufacturers to serve as spying devices. "Weeping Angel" is not some kind of virus that turns normal devices into zombies, but a tool to take control of existing zombie devices.

    The fact that smart TVs from Vizio , Samsung or LG constitute an outrageous intrusion into the privacy of their owners has been a known topic for years already.

    3) The

    CIA [ ] also looking at infecting the vehicle control systems used by modern cars and trucks

    is not a "scary possibility" either; various demonstrations of such feats on Tesla , Nissan , or Chrysler vehicles have been demonstrated in the past few years.

    And the consequences have already been suggested (killing people by disabling their car controls on the highway for instance).

    My take on this is that we should seriously look askance not just at the shenanigans of the CIA, but at the entire "innovative technology" that is imposed upon (computerized cars) or joyfully adopted by (smartphones) consumers. Of course, most NC readers are aware of the pitfalls already, but alas not the majority of the population.

    4) Finally this:

    He's so impossibly erratic, so impossibly unfit for his office,

    Trump is arguably unfit for office, does not have a clue about many things (such as foreign relations), but by taxing him of being "erratic" Gaius Publius shows that he still does not "get" the Donald.

    Trump has a completely different modus operandi than career politicians, formed by his experience as a real-estate mogul and media star. His world has been one where one makes outrageous offers to try anchoring the negotiation before reducing one's claims - even significantly, or abruptly exiting just before an agreement to strike a deal with another party that has been lured to concessions through negotiations with the first one. NC once included a video of Trump doing an interactive A/B testing of his slogans during a campaign meeting; while changing one's slogans on the spot might seem "erratic", it is actually a very systematic market probing technique.

    So stop asserting that Trump is "unpredictable" or "irrational"; this is underestimating him (a dangerous fault), as he is very consistent, though in an uncommon fashion amongst political pundits.

    Yves Smith Post author , March 9, 2017 at 5:53 am

    While I agree that it's worth pointing out that the CIA has not broken any of the major encryption tools, even Snowden regards being able to circumvent them as worse, since people using encryption are presumably those who feel particularly at risk and will get a false sense of security and say things or keep data on their devices that they never never would if they thought they were insecure.

    Re Gaius on Trump, I agree the lady doth protest too much. But I said repeatedly that Trump would not want to be President if he understood the job. It is not like being the CEO of a private company. Trump has vastly more control over his smaller terrain in his past life than he does as President.

    And Trump is no longer campaigning. No more a/b testing.

    The fact is that he still does not have effective control of the Executive branch. He has lots of open positions in the political appointee slots (largely due to not having even submitted candidates!) plus has rebellion in some organizations (like folks in the EPA storing data outside the agency to prevent its destruction).

    You cannot pretend that Trump's former MO is working at all well for him. And he isn't showing an ability to adapt or learn (not surprising at his age). For instance, he should have figured out by now that DC is run by lawyers, yet his team has hardly any on it. This is continuing to be a source of major self inflicted wounds.

    His erraticness may be keeping his opponents off base, but it is also keeping him from advancing any of his goals.

    visitor , March 9, 2017 at 6:59 am

    I believe we are in agreement.

    Yes, not breaking encryption is devious, as it gives a false sense of security - this is precisely why I refuse to use those supposedly secure e-banking login apps on smartphones whose system software can be subverted, and prefer those non-connected, non-reprogrammable, special-purpose password generating devices.

    As for Trump being incompetent for his job, and his skills in wheeling-dealing do not carrying over usefully to conducting high political offices, that much is clear. But he is not "erratic", rather he is out of place and out of his depth.

    RBHoughton , March 9, 2017 at 9:00 pm

    I am writing this in the shower with a paper bag over my head and my iPhone in the microwave.

    I have for years had a password-protected document on computer with all my important numbers and passwords. I have today deleted that document and reverted to a paper record.

    Ivy , March 9, 2017 at 10:09 am

    Please tell readers more about the following for our benefit:

    "single-use password computer"

    visitor , March 9, 2017 at 11:34 am

    That is an example of the sort of thing I am talking about.

    PhilM , March 9, 2017 at 11:35 am

    I think he means a machine dedicated to high-security operations like anything financial or bill-pay. Something that is not exposed to email or web-browsing operations that happen on a casual-use computer that can easily compromise. That's not a bad way to go; it's cheaper in terms of time than the labor-intensive approaches I use, but those are a hobby more than anything else. It depends on how much you have at stake if they get your bank account or brokerage service password.

    I take a few basic security measures, which would not impress the IT crowd I hang out with elsewhere, but at least would not make me a laughingstock. I run Linux and use only open-source software; run ad-blockers and script blockers; confine risky operations, which means any non-corporate or non-mainstream website to a virtual machine that is reset after each use; use separate browsers with different cookie storage policies and different accounts for different purposes. I keep a well-maintained pfSense router with a proxy server and an intrusion detection system, allowing me to segregate my secure network, home servers, guest networks, audiovisual streaming and entertainment devices, and IoT devices each on their own VLANs with appropriate ACLs between them. No device on the more-secured network is allowed out to any port without permission, and similar rules are there for the IoT devices, and the VoIP tools.

    The hardware to do all of that costs at least $700, but the real expense is in the time to learn the systems properly. Of course if you use Linux, you could save that on software in a year if you are too cheap to send a contribution to the developers.

    It's not perfect, because I still have computers turned on :) , but I feel a bit safer this way.

    That said, absolutely nothing that I have here would last 30 milliseconds against anything the "hats" could use, if they wanted in. It would be over before it began. If I had anything to hide, really, I would have something to fear; so guess I'm OK.

    jrs , March 9, 2017 at 2:36 pm

    open source software often has a lot of bugs to be exploioted. Wouldn't it be easier to just do banking in person?

    visitor , March 9, 2017 at 2:45 pm

    Banks discourage that by

    a) charging extortionate fees for "in-person" operations at the counter;

    b) closing subsidiaries, thus making it tedious and time-consuming to visit a branch to perform banking operations in person;

    c) eliminating the possibility to perform some or even all usual operations in any other form than online (see the advent of "Internet only" banks).

    In theoretical terms, all this is called "nudging".

    cfraenkel , March 9, 2017 at 12:07 pm

    They're key fobs handed to you by your IT dept. The code displayed changes every couple of minutes. The plus is there's nothing sent over the air. The minus is the fobs are subject to theft, and are only good for connecting to 'home'. And since they have a cost, and need to be physically handed to you, they're not good fit for most two factor login applications (ie logging into your bank account).

    see https://en.wikipedia.org/wiki/RSA_SecurID

    meme , March 9, 2017 at 3:53 am

    I watched (fast forwarded through, really) Morning Joe yesterday to see what they would have to say about Wikileaks. The show mostly revolved around the health care bill and Trump's lying and tweeting about Obama wiretapping him. They gave Tim Kaine plenty of time to discuss his recent trip to London talking to "some of our allies there" saying that they are concerned that "all the intelligence agencies" say the Rooskies "cyber hacked" our election, and since it looks like we aren't doing anything when we are attacked, they KNOW we won't do anything when they are attacked. (more red baiting)

    The only two mentions I saw was about Wikileaks were, first, a question asked of David Cohen, ex Deputy Director of the CIA, who refused to confirm the Wikileaks were authentic, saying whatever tools and techniques the CIA had were used against foreign persons overseas, so there is no reason to worry that your TV is looking at you. And second, Senator Tom Cotton, who didn't want to comment on the contents of Wikileaks, only saying that the CIA is a foreign intelligence service, collecting evidence on foreign targets to keep our country safe, and it does not do intelligence work domestically.

    So that appears to be their story, the CIA doesn't spy on us, and they are sticking with it, probably hoping the whole Wikileaks thing just cycles out of the news.

    Direction , March 9, 2017 at 4:23 am

    Thanks for mentioning Hastings. His death has always been more than suspicious.

    skippy , March 9, 2017 at 5:46 am

    Elite risk management reduction tool goes walkabout inverting its potential ..

    disheveled . love it when a plan comes together ..

    james wordsworth , March 9, 2017 at 5:50 am

    The unwillingness of the main stream media (so far) to really cover the Wikileaks reveal is perhaps the bigger story. This should be ongoing front page stuff .. but it is not.

    As for using ZeroHedge as a source for anything, can we give that a rest. That site has become a cesspool of insanity. It used to have some good stuff. Now it is just unreadable. SAD

    And yes I know the hypocrisy of slamming ZH and the MSM at the same time we live in interesting times.

    Yves Smith Post author , March 9, 2017 at 7:52 am

    Your remarks on ZH are an ad hominem attack and therefore a violation of site policies. The onus is on you to say what ZH got wrong and not engage in an ungrounded smear. The mainstream media often cites ZH.

    NC more than just about any other finance site is loath to link to ZH precisely because it is off base or hyperventilating a not acceptably high percent of the time, and is generally wrong about the Fed (as in governance and how money works). We don't want to encourage readers to see it as reliable. However, it is good on trader gossip and mining Bloomberg data.

    And I read through its summary of the Wikileaks material as used by Gaius and there was nothing wrong with it. It was careful about attributing certain claims to Wikileaks as opposed to depicting them as true.

    3urypteris , March 9, 2017 at 12:14 pm

    My rules for reading ZH:
    1- Skip every article with no picture
    2- Skip every article where the picture is a graph
    3- Skip every article where the picture is of a single person's face
    4- Skip every afticle where the picture is a cartoon
    5- Skip every article about gold, BitCoin, or high-frequency trading
    6- Skip all the "Guest Posts"
    7- ALWAYS click through to the source
    8- NEVER read the comments

    It is in my opinion a very high noise-to-signal source, but there is some there there.

    sunny129 , March 9, 2017 at 7:20 pm

    Finding the TRUTH is NOT that easy.

    Discerning a 'news from noise' is NEVER that easy b/c it is an art, developed by years of shifting through ever increasing 'DATA information' load. This again has to be filtered and tested against one's own 'critical' thinking or reasoning! You have to give ZH, deserved credit, when they are right!

    There is no longer a Black or white there, even at ZH! But it is one of the few, willing to challenge the main stream narrative 'kool aid'

    TheCatSaid , March 9, 2017 at 6:14 am

    In addition to the "para-intelligence" community (hat tip Code named D) there are multiple enterprises with unique areas of expertise that interface closely with the CIA. The long-exposed operations, which include entrapment and blackmailing of key actors to guarantee complicity, "loyalty" and/or sealed lips, infect businesses, NGOs, law enforcement agencies, judges, politicians, and other government agencies. Equal opportunity employment for those with strong stomachs and a weak moral compass.

    Romancing The Loan , March 9, 2017 at 8:43 am

    Yes I can't remember where I read it but it was a tale passed around supposedly by an FBI guy that had, along with his colleagues, the job of vetting candidates for political office. They'd do their background research and pass on either a thick or thin folder full of all the compromising dirt on each potential appointee. Over time he said he was perturbed to notice a persistent pattern where the thickest folders were always the ones who got in.

    nobody , March 9, 2017 at 10:10 am

    Michael Hudson :

    I learned this when I was in my 20s. The Catholic Church was funding my early critique of American foreign aid as being imperialist. I asked whether they thought I should go into politics. They said, "No, you'd never make it". And I said, "Why?" and they said, "Well, nobody has a police record or any other dirt on you." I asked what they meant. They said, "Unless they have something over you to blackmail you with, you're not going to be able to get campaign funding. Because they believe that you might do something surprising," in other words, something they haven't asked you to do. So basically throughout politics, on both sides of the spectrum, voters have candidates who are funded by backers who have enough over them that they can always blackmail.

    craazyboy , March 9, 2017 at 8:20 am

    I find the notion that my consumer electronics may be CIA microphones somewhat irritating, but my imagination quickly runs off to far worse scenarios. (although the popular phase, "You're tax dollars at work." keeps running thru my head like a earworm. And whenever I hear "conservatives" speak of their desire for "small government", usually when topics of health care, Medicare and social security come up, I can only manage a snort of incredulousness anymore)

    One being malware penetrating our nuke power plants and shutting down the cooling system. Then the reactor slowly overheats over the next 3 days, goes critical, and blows the surrounding area to high heaven. We have plants all around the coast of the country and also around the Great Lakes Region – our largest fresh water store in a drought threatened future.

    Then the same happening in our offensive nuke missile systems.

    Some other inconvenient truths – the stuxnet virus has been redesigned. Kaspersky – premier anti malware software maker – had a variant on their corporate network for months before finally discovering it. What chance have we?

    In China, hacking is becoming a consumer service industry. There are companies building high power data centers with a host of hacking tools. Anyone, including high school script kiddies, can rent time to use the sophisticated hacking tools, web search bots, and whatever, all hosted on powerful servers with high speed internet bandwidth.

    Being a bit "spooked" by all this, I began to worry about my humble home computer and decided to research whatever products I could get to at least ward off annoying vandalism. Among other things, I did sign up for a VPN service. I'm looking at the control app for my VPN connection here and I see that with a simple checkbox mouse click I can make my IP address appear to be located in my choice of 40 some countries around the world. Romania is on the list!

    flora , March 9, 2017 at 11:11 am

    "my consumer electronics may be CIA microphones "

    I haven't tested this, so can't confirm it works, but it sounds reasonable.
    http://www.komando.com/tips/390304/secure-your-webcam-and-microphone-from-hackers

    craazyboy , March 9, 2017 at 12:40 pm

    Actually, I very much doubt that does work. The mic "pickup" would feed its analog output to a DAC (digital to analog converter) which would convert the signal to digital. This then goes to something similar to a virtual com port in the operating system. Here is where a malware program would pick it up and either create a audio file to be sent to an internet address, or stream it directly there.

    The article is just plugging in a microphone at the output jack. The malware got the data long before it goes thru another DAC and analog amp to get to the speakers or output jack.

    craazyboy , March 9, 2017 at 12:46 pm

    s/b "plugging in a earbud at the output jack". They're confusing me too.

    flora , March 9, 2017 at 2:43 pm

    ah. thanks for vetting.

    Stephen Gardner , March 9, 2017 at 2:53 pm

    It's actually a input/output jack or, if you will, a mic/headphone jack.

    Stephen Gardner , March 9, 2017 at 2:52 pm

    It depends on how it is hooked up internally. Old fashioned amateur radio headphones would disable the speakers when plugged in because the physical insertion of the plug pushed open the connection to the speakers. The jack that you plug the ear buds into might do the same, disconnecting the path between the built-in microphone and the ADC (actually it is an ADC not a DAC). The only way to know is to take it apart and see how it is connected.

    Pat , March 9, 2017 at 8:27 am

    The CIA is not allowed to operate in the US is also the panacea for the public. And some are buying it. Along with everyone knows they can do this is fueling the NOTHING to see here keep walking weak practically non existent coverage.

    Eureka Springs , March 9, 2017 at 8:31 am

    At what point do people quit negotiating in terrorism and errorism? For this is what the police, the very State itself has long been. Far beyond being illegitimate, illegal, immoral, this is a clear and ever present danger to not just it's own people, but the rule of law itself. Blanket statements like we all know this just makes the dangerously absurd normal I'll never understand that part of human nature. But hey, the TSA literally just keeps probing further each and every year. Bend over!

    Trump may not be the one for the task but we the people desperately need people 'unfit', for it is the many fit who brought us to this point. His unfit nature is as refreshing on these matters in its chaotic honest disbelief as Snowden and Wiki revelations. Refreshing because it's all we've got. One doesn't have to like Trump to still see missed opportunity so many should be telling him he could be the greatest pres ever if (for two examples) he fought tirelessly for single payer and to bring down this police state rather than the EPA or public education.

    This cannot stand on so many levels. Not only is the fourth amendment rendered utterly void, but even if it weren't it falls far short of the protections we deserve.

    No enemy could possibly be as bad as who we are and what we allow/do among ourselves. If an election can be hacked (not saying it was by Russia).. as these and other files prove anything can and will be hacked then our system is to blame, not someone else.

    What amazes me is that the spooks haven't manufactured proof needed to take Trump out of office Bonfire of The Vanities style. I'd like to think the people have moved beyond the point they would believe manufactured evidence but the Russia thing proves otherwise.

    These people foment world war while probing our every move and we do nothing!

    If we wait for someone fit nothing will ever change because we wait for the police/media/oligarch state to tell us who is fit.

    Anon , March 9, 2017 at 2:40 pm

    being "unfit" does not automatically make someone a savior.

    Stephen Gardner , March 9, 2017 at 3:05 pm

    But being fit by the standards of our ruling class, the "real owners" as Carlin called them is, in my book, an automatic proof that they are up to no good. Trump is not my cup of tea as a president but no one we have had in a while wasn't clearly compromised by those who fund them. Did you ever wonder why we have never had a president or even a powerful member of congress that was not totally in the tank for that little country on the Eastern Mediterranean? Or the Gulf Monarchies? Do you think that is by accident? Do you think money isn't involved? Talk about hacked elections! We should be so lucky as to have ONLY Russians attempting to affect our elections. Money is what hacks US elections and never forget that. To me it is laughable to discuss hacking the elections without discussing the real way our "democracy" is subverted–money not document leaks or voting machine hacks. It's money.

    Why isn't Saudi Arabia on Trump's list? Iran that has never been involved in a terrorist act on US soil is but not Saudi Arabia? How many 911 hijackers came from Iran? If anything saves Trump from destruction by the real owners of our democracy it is his devotion to the aforementioned countries.

    Allegorio , March 9, 2017 at 4:00 pm

    The point again is not to remove him from office but to control him. With Trump's past you better believe the surveillance state has more than enough to remove him from office. Notice the change in his rhetoric since inauguration? More and more he is towing the establishment Republican line. Of course this depends on whether you believe Trump is a break with the past or just the best liar out there. A very unpopular establishment would be clever in promoting their agent by pretending to be against him.

    Anyone who still believes that the US is a democratic republic and not a mafia state needs to stick their heads deeper into the sands. When will the low information voters and police forces on whom a real revolution depends realize this is anyone's guess. The day is getting closer especially for the younger generation. The meme among the masses is that government has always been corrupt and that this is nothing new. I do believe the level of immorality among the credentialed classes is indeed very new and has become the new normal. Generations of every man for himself capitalist philosophy undermining any sense of morality or community has finally done its work.

    HBE , March 9, 2017 at 8:47 am

    Go take a jaunt over to huffpo, at the time of this post there was not a single mention of vault 7 on the front page. Just a long series of anti trump administration articles.

    Glad to know for sure who the true warmongers were all along.

    Arizona Slim , March 9, 2017 at 8:50 am

    We need another Church Commission.

    Eureka Springs , March 9, 2017 at 8:59 am

    No.. The Church commission was a sweep it under the rug operation. It got us FISA courts. More carte blanche secrecy, not less. The commission nor the rest of the system didn't even hold violators of the time accountable.

    We have files like Vault 7. Commissions rarely get in secret what we have right here before our eyes.

    Arizona Slim , March 9, 2017 at 1:31 pm

    Well, how about a Truth and Reconciliation Commission?

    Foppe , March 9, 2017 at 1:55 pm

    Cute but the ANC lost the war by acceding to WTO entry (which "forbade" distributive politics, land/resource redistribution, nationalizations, etc.).

    River , March 9, 2017 at 10:59 am

    Need Langley surrounded and fired upon by tanks at this point.

    Err on the side of caution.

    DJG , March 9, 2017 at 12:49 pm

    River: Interesting historic parallel? I believe that the Ottomans got rid of the Janissaries that way, after the Janissaries had become a state within a state, by using cannons on their HQ

    From Wiki entry, Janissaries:

    The corps was abolished by Sultan Mahmud II in 1826 in the Auspicious Incident in which 6,000 or more were executed.[8]

    polecat , March 9, 2017 at 12:53 pm

    "Nuke it from orbit it's the only way to be sure . "

    knowbuddhau , March 9, 2017 at 9:01 am

    Took less than a minute to download the 513.33MB file. The passphrase is what JFK said he'd like to do to CIA: SplinterItIntoAThousandPiecesAndScatterItIntoTheWinds.

    "The illegal we do immediately; the unconstitutional takes a little longer." Henry Kissinger, 1975.

    Stormcrow , March 9, 2017 at 9:35 am

    Here is Raimondo's take:
    Spygate
    http://original.antiwar.com/justin/2017/03/07/spygate-americas-political-police-vs-donald-j-trump/

    The campaign to frame up and discredit Trump and his associates is characteristic of how a police state routinely operates. A national security apparatus that vacuums up all our communications and stores them for later retrieval has been utilized by political operatives to go after their enemies – and not even the President of the United States is immune. This is something that one might expect to occur in, say, Turkey, or China: that it is happening here, to the cheers of much of the media and the Democratic party, is beyond frightening.

    The irony is that the existence of this dangerous apparatus – which civil libertarians have warned could and probably would be used for political purposes – has been hailed by Trump and his team as a necessary and proper function of government. Indeed, Trump has called for the execution of the person who revealed the existence of this sinister engine of oppression – Edward Snowden. Absent Snowden's revelations, we would still be in the dark as to the existence and vast scope of the NSA's surveillance.

    And now the monster Trump embraced in the name of "national security" has come back to bite him.

    We hear all the time that what's needed is an open and impartial "investigation" of Trump's alleged "ties" to Russia. This is dangerous nonsense: does every wild-eyed accusation from embittered losers deserve a congressional committee armed with subpoena power bent on conducting an inquisition? Certainly not.

    What must be investigated is the incubation of a clandestine political police force inside the national security apparatus, one that has been unleashed against Trump – and could be deployed against anyone.

    This isn't about Donald Trump. It's about preserving what's left of our old republic.

    Perhapps overstated but well worth pondering.

    SplinterItIntoAThousandPiecesAndScatterItIntoTheWinds. , March 9, 2017 at 10:06 am

    Yeah I downloaded it the day it came out and spent an hour or so looking at it last night. First impressions – "heyyy this is like a Hackers Guide – the sort I used in the 80s, or DerEngel's Cable Modem Hacking" of the 00s.

    2nd impressions – wow it really gives foundational stuff – like "Enable Debug on PolarSSL".

    3rd impressions – "I could spend hours going thru this happily ".

    4th impressions – I went looking for the "juicy bits" of interest to me – SOHO routers, small routers – sadly its just a table documenting routers sold around the world, and whether these guys have put the firmware in their Stash Repository. Original firmware, not hacked one. But the repository isn't in the vault dump, AFAIK.

    Its quite fascinating. But trying to find the "juicy stuff" is going to be tedious. One can spend hours and hours going thru it. To speed up going thru it, I'm going to need some tech sites to say "where to go".

    flora , March 9, 2017 at 11:21 am

    It seems clear that Wikileaks has not and will not release actual ongoing method "how-to" info or hacking scripts. They are releasing the "whats", not the tech level detailed "hows". This seems like a sane approach to releasing the data. The release appears to be for political discussion, not for spreading the hacking tools. So I wouldn't look for "juicy bits" about detailed methodology. Just my guess.

    That said, love what you're doing digging into this stuff. I look forward to a more detailed report in future. Thanks.

    Sam F , March 9, 2017 at 10:10 am

    Yves, I think that you much underestimate the extremity of these exposed violations of the security of freedom of expression, and of the security of private records. The WikiLeaks docs show that CIA has developed means to use all personal digital device microphones and cameras even when they are "off," and to send all of your files and personal data to themselves, and to send your private messages to themselves before they are encrypted. They have installed these spyware in the released version of Windows 10, and can easily install them on all common systems and devices.

    This goes far beyond the kind of snooping that required specialized devices installed near the target, which could be controlled by warrant process. There is no control over this extreme spying. It is totalitarianism now.

    This is probably the most extreme violation of the rights of citizens by a government in all of history. It is far worse than the "turnkey tyranny" against which Snowden warned, on the interception of private messages. It is tyranny itself, the death of democracy.

    Outis Philalithopoulos , March 9, 2017 at 10:58 am

    Your first sentence is a bit difficult to understand. If you read Yves' remarks introducing the post, she says that the revelations are "a big deal" "if the Wikileaks claim is even halfway true," while coming down hard on the MSM and others for "pooh-pooh[ing]" the story. Did you want her to add more exclamation points?

    susan the other , March 9, 2017 at 10:59 am

    So we have a zillion ways to spy and hack and deceive and assassinate, but no control. I think this is what the military refers to as "being overtaken by events."

    It's easy to gather information; not so easy to analyze it, and somehow impossible to act on it in good faith. With all this ability to know stuff and surveil people the big question is, Why does everything seem so beyond our ability to control it?

    We should know well in advance that banks will fail catastrophically; that we will indeed have sea level rise; that resources will run out; that water will be undrinkable; that people will be impossible to manipulate when panic hits – but what do we do? We play dirty tricks, spy on each other like voyeurs, and ignore the inevitable. Like the Stasi, we clearly know what happened, what is happening and what is going to happen. But we have no control.

    NotTimothyGeithner , March 9, 2017 at 11:34 am

    My godfather was in the CIA in the late sixties and early seventies, and he said that outside of the President's pet projects there was no way to sift through and bring important information to decision makers before it made the Washington Post (he is aware of the irony) and hit the President's breakfast table.

    Arizona Slim , March 9, 2017 at 1:33 pm

    Do you mean to say that the CIA leaked like a sieve? That's my understanding of your post.

    Old Jake , March 9, 2017 at 6:05 pm

    AS, I would interpret it as saying that there was so much coming in it was like trying to classify snowflakes in a snowstorm. They could pick a few subject areas to look at closely but the rest just went into the files.

    Leaking like a sieve is also likely, but perhaps not the main point.

    Andrew , March 9, 2017 at 11:14 am

    The archive appears to have been circulated among government hackers and contractors in a authorized manner

    There, that looks the more likely framing considering CIA & DNI on behalf of the whole US IC seemingly fostered wide dissimilation of these tools, information. Demonstration of media control an added plus.

    Cheers Yves

    Stormcrow , March 9, 2017 at 11:20 am

    The Empire Strikes Back

    WikiLeaks Has Joined the Trump Administration
    Max Boot
    Foreign Policy magazine

    https://foreignpolicy.com/2017/03/08/wikileaks-has-joined-the-trump-administration/?utm_source=Sailthru&utm_medium=email&utm_campaign=New+Campaign&utm_term=%2AEditors+Picks

    I guess we can only expect more of this.

    Todd Pierce , on the other hand, nails it. (From his Facebook page.)
    The East German Stasi could only dream of the sort of surveillance the NSA and CIA do now, with just as nefarious of purposes.

    lyman alpha blob , March 9, 2017 at 11:42 am

    Perhaps the scare quotes around "international mobster" aren't really necessary.

    In all this talk about the various factions aligned with and against Trump, that's one I haven't heard brought up by anybody. With all the cement poured in Trump's name over the years, it would be naive to think his businesses had not brushed up against organized crime at some point. Question is, whose side are they on?

    JTMcPhee , March 9, 2017 at 3:02 pm

    Like all the other players, the "side" they are on is them-effing-selves. And isn't that the whole problem with our misbegotten species, writ large?

    Then there's this: https://www.youtube.com/watch?v=s1Hzds9aGdA Maybe these people will be around and still eating after us urban insects and rodents are long gone? Or will our rulers decide no one should survive if they don't?

    Skip Intro , March 9, 2017 at 12:55 pm

    To what extent do these hacks represent the CIA operating within the US? To what extent is that illegal? With the democrats worshipping the IC, will anyone in an official position dare to speak out?

    tegnost , March 9, 2017 at 1:05 pm

    Well we know chuckie won't speak out..

    http://thehill.com/homenews/administration/312605-schumer-trump-being-really-dumb-by-going-after-intelligence-community

    FTA "Schumer said that as he understands, intelligence officials are "very upset with how [Trump] has treated them and talked about them.""

    Oregoncharles , March 9, 2017 at 2:17 pm

    I've long thought that the reason Snowden was pursued so passionately was that he exposed the biggest, most embarrassing secret: that the National "Security" Agency's INTERNAL security was crap.

    And here it is: "Wikileaks claims that the CIA lost control of the majority of its hacking arsenal "

    The CIA's internal security is crap, too. Really a lot of people should be fired over that, as well as over Snowden's release. We didn't hear of it happening in the NSA, though I'm not sure we would have. Given Gaius's description of Trump's situation, it seems unlikely it will happen this time, either. One of my hopes for a Trump administration, as long as we're stuck with it, was a thorough cleanout of the upper echelons in the IC. It's obviously long overdue, and Obama wasn't up to it. But I used the past tense because I don't think it's going to happen. Trump seems more interested in sucking up to them, presumably so they won't kill him or his family. That being one of their options.

    Stephen Gardner , March 9, 2017 at 3:51 pm

    Ah, that's the beauty of contracting it out. No one gets fired. Did anyone get fired because of Snowden? It was officially a contractor problem and since there are only a small number of contractors capable of doing the work, well you know. We can't get new ones.

    tiebie66 , March 9, 2017 at 2:59 pm

    What I find by far the most distressing is this: "The CIA had created, in effect, its "own NSA" with even less accountability ." [My emphasis]. It seems to characterize an organization that operates outside of any control and oversight – and one that is intentionally structuring itself that way. That worries me.

    It is becoming increasingly clear that the Republic is lost because we didn't stand guard for it. Blaming others don't cut it either – we let it happen. And like the Germans about the Nazi atrocities, we will say that we didn't know about it.

    JTMcPhee , March 9, 2017 at 3:06 pm

    Hey, I didn't let it happen. Stuff that spooks and sh!tes do behind the Lycra ™ curtain happens because it is, what is the big word again, "ineluctable." Is my neighbor to blame for having his house half eaten by both kinds of termites, where the construction is such that the infestation and damage are invisible until the vast damage is done?

    Stephen Gardner , March 9, 2017 at 4:08 pm

    And just how were we supposed to stand guard against a secret and unaccountable organization that protected itself with a shield of lies? And every time some poor misfit complained about it they were told that they just didn't know the facts. If they only knew what our IC knows they would not complain.

    It's a dangerous world out there and only our brave IC can protect us from it. Come on. Stop blaming the victim and place the blame where it belongs–our IC and MIC. I say stop feeding the beast with your loyalty to a government that has ceased to be yours.

    Studiously avoid any military celebrations. Worship of the military is part of the problem. Remember, the people you thank for "their service" are as much victims as you are. Sadly they don't realize that their service is to a rotten empire that is not worthy of their sacrifice but every time we perform the obligatory ritual of thankfulness we participate in the lie that the service is to a democratic country instead of an undemocratic empire.

    It's clearly a case of Wilfred Owen's classic "Dulce et Decorum Est". Read the poem, google it and read it. It is instructive: " you would not tell with such high zest To children ardent for some desperate glory, The old Lie: Dulce et decorum est Pro patria mori." Make no mistake. It is a lie and it can only be undone if we all cease to tell it.

    nonsense factory , March 9, 2017 at 8:57 pm

    Here's a pretty decent review of the various CIA programs revealed by Wikileaks:

    http://www.libertyforjoe.com/2017/03/what-is-vault-7.html

    "These CIA revelations in conjunction with those of the NSA paints a pretty dark future for privacy and freedom. Edward Snowden made us aware of the NSA's program XKEYSCORE and PRISM which are utilized to monitor and bulk collect information from virtually any electronic device on the planet and put it into a searchable database. Now Wikileaks has published what appears to be additional Big Brother techniques used by a competing agency. Say what you want about the method of discovery, but Pandora's box has been opened."

    [Feb 21, 2017] Stockman Warns Trump Flynns Gone But They are Still Gunning For You, Donald by David Stockman

    Notable quotes:
    "... In any event, it was "intercepts" leaked from deep in the bowels of the CIA to the Washington Post and then amplified in a 24/7 campaign by the War Channel (CNN) that brought General Flynn down. ..."
    "... But here's the thing. They were aiming at Donald J. Trump. And for all of his puffed up bluster about being the savviest negotiator on the planet, the Donald walked right into their trap, as we shall amplify momentarily. ..."
    "... But let's first make the essence of the matter absolutely clear. The whole Flynn imbroglio is not about a violation of the Logan Act owing to the fact that the general engaged in diplomacy as a private citizen. ..."
    "... It's about re-litigating the 2016 election based on the hideous lie that Trump stole it with the help of Vladimir Putin. In fact, Nancy Pelosi was quick to say just that: ..."
    "... 'The American people deserve to know the full extent of Russia's financial, personal and political grip on President Trump and what that means for our national security,' House Minority Leader Nancy Pelosi said in a press release. ..."
    "... And Senator Graham, the member of the boobsey twins who ran for President in 2016 while getting a GOP primary vote from virtually nobody, made clear that General Flynn's real sin was a potential peace overture to the Russians: ..."
    "... We say good riddance to Flynn, of course, because he was a shrill anti-Iranian warmonger. But let's also not be fooled by the clinical term at the heart of the story. That is, "intercepts" mean that the Deep State taps the phone calls of the President's own closest advisors as a matter of course. ..."
    "... As one writer for LawNewz noted regarding acting Attorney General Sally Yates' voyeuristic pre-occupation with Flynn's intercepted conversations, Nixon should be rolling in his grave with envy: ..."
    "... Yes, that's the same career apparatchik of the permanent government that Obama left behind to continue the 2016 election by other means. And it's working. The Donald is being rapidly emasculated by the powers that be in the Imperial City due to what can only be described as an audacious and self-evident attack on Trump's Presidency by the Deep State. ..."
    "... Indeed, the paper details an apparent effort by Yates to misuse her office to launch a full-scale secret investigation of her political opponents, including 'intercepting calls' of her political adversaries. ..."
    "... Yet on the basis of the report's absolutely zero evidence and endless surmise, innuendo and "assessments", the Obama White House imposed another round of its silly school-boy sanctions on a handful of Putin's cronies. ..."
    "... Of course, Flynn should have been telling the Russian Ambassador that this nonsense would be soon reversed! ..."
    "... But here is the ultimate folly. The mainstream media talking heads are harrumphing loudly about the fact that the very day following Flynn's call -- Vladimir Putin announced that he would not retaliate against the new Obama sanctions as expected; and shortly thereafter, the Donald tweeted that Putin had shown admirable wisdom. ..."
    "... That's right. Two reasonably adult statesman undertook what might be called the Christmas Truce of 2016. But like its namesake of 1914 on the bloody no man's land of the western front, the War Party has determined that the truce-makers shall not survive. ..."
    "... The Donald has been warned. ..."
    Feb 21, 2017 | www.zerohedge.com
    Submitted via The Ron Paul Institute for Peace & Prosperity,

    General Flynn's tenure in the White House was only slightly longer than that of President-elect William Henry Harrison in 1841. Actually, with just 24 days in the White House, General Flynn's tenure fell a tad short of old "Tippecanoe and Tyler Too". General Harrison actually lasted 31 days before getting felled by pneumonia.

    And the circumstances were considerably more benign. It seems that General Harrison had a fondness for the same "firewater" that agitated the native Americans he slaughtered at the famous battle memorialized in his campaign slogan. In fact, during the campaign a leading Democrat newspaper skewered the old general, who at 68 was the oldest US President prior to Ronald Reagan, saying:

    Give him a barrel of hard [alcoholic] cider, and a pension of two thousand [dollars] a year and he will sit the remainder of his days in his log cabin.

    That might have been a good idea back then (or even now), but to prove he wasn't infirm, Harrison gave the longest inaugural address in US history (2 hours) in the midst of seriously inclement weather wearing neither hat nor coat.

    That's how he got pneumonia! Call it foolhardy, but that was nothing compared to that exhibited by Donald Trump's former national security advisor.

    General Flynn got the equivalent of political pneumonia by talking for hours during the transition to international leaders, including Russia's ambassador to the US, on phone lines which were bugged by the CIA. Or more accurately, making calls which were "intercepted" by the very same NSA/FBI spy machinery that monitors every single phone call made in America.

    Ironically, we learned what Flynn should have known about the Deep State's plenary surveillance from Edward Snowden. Alas, Flynn and Trump wanted the latter to be hung in the public square as a "traitor", but if that's the solution to intelligence community leaks, the Donald is now going to need his own rope factory to deal with the flood of traitorous disclosures directed against him.

    In any event, it was "intercepts" leaked from deep in the bowels of the CIA to the Washington Post and then amplified in a 24/7 campaign by the War Channel (CNN) that brought General Flynn down.

    But here's the thing. They were aiming at Donald J. Trump. And for all of his puffed up bluster about being the savviest negotiator on the planet, the Donald walked right into their trap, as we shall amplify momentarily.

    But let's first make the essence of the matter absolutely clear. The whole Flynn imbroglio is not about a violation of the Logan Act owing to the fact that the general engaged in diplomacy as a private citizen.

    It's about re-litigating the 2016 election based on the hideous lie that Trump stole it with the help of Vladimir Putin. In fact, Nancy Pelosi was quick to say just that:

    'The American people deserve to know the full extent of Russia's financial, personal and political grip on President Trump and what that means for our national security,' House Minority Leader Nancy Pelosi said in a press release.

    Yet, we should rephrase. The re-litigation aspect reaches back to the Republican primaries, too. The Senate GOP clowns who want a war with practically everybody, John McCain and Lindsey Graham, are already launching their own investigation from the Senate Armed Services committee.

    And Senator Graham, the member of the boobsey twins who ran for President in 2016 while getting a GOP primary vote from virtually nobody, made clear that General Flynn's real sin was a potential peace overture to the Russians:

    Sen. Lindsey Graham also said he wants an investigation into Flynn's conversations with a Russian ambassador about sanctions: "I think Congress needs to be informed of what actually Gen. Flynn said to the Russian ambassador about lifting sanctions," the South Carolina Republican told CNN's Kate Bolduan on "At This Hour. And I want to know, did Gen. Flynn do this by himself or was he directed by somebody to do it?"

    We say good riddance to Flynn, of course, because he was a shrill anti-Iranian warmonger. But let's also not be fooled by the clinical term at the heart of the story. That is, "intercepts" mean that the Deep State taps the phone calls of the President's own closest advisors as a matter of course.

    This is the real scandal as Trump himself has rightly asserted. The very idea that the already announced #1 national security advisor to a President-elect should be subject to old-fashion "bugging," albeit with modern day technology, overwhelmingly trumps the utterly specious Logan Act charge at the center of the case.

    As one writer for LawNewz noted regarding acting Attorney General Sally Yates' voyeuristic pre-occupation with Flynn's intercepted conversations, Nixon should be rolling in his grave with envy:

    Now, information leaks that Sally Yates knew about surveillance being conducted against potential members of the Trump administration, and disclosed that information to others. Even Richard Nixon didn't use the government agencies themselves to do his black bag surveillance operations. Sally Yates involvement with this surveillance on American political opponents, and possibly the leaking related thereto, smacks of a return to Hoover-style tactics. As writers at Bloomberg and The Week both noted, it wreaks of 'police-state' style tactics. But knowing dear Sally as I do, it comes as no surprise.

    Yes, that's the same career apparatchik of the permanent government that Obama left behind to continue the 2016 election by other means. And it's working. The Donald is being rapidly emasculated by the powers that be in the Imperial City due to what can only be described as an audacious and self-evident attack on Trump's Presidency by the Deep State.

    Indeed, it seems that the layers of intrigue have gotten so deep and convoluted that the nominal leadership of the permanent government machinery has lost track of who is spying on whom. Thus, we have the following curious utterance by none other than the Chairman of the House Intelligence Committee, Rep. Devin Nunes:

    'I expect for the FBI to tell me what is going on, and they better have a good answer,' he told The Washington Post. 'The big problem I see here is that you have an American citizen who had his phone calls recorded.'

    Well, yes. That makes 324 million of us, Congressman.

    But for crying out loud, surely the oh so self-important chairman of the House intelligence committee knows that everybody is bugged. But when it reaches the point that the spy state is essentially using its unconstitutional tools to engage in what amounts to "opposition research" with the aim of election nullification, then the Imperial City has become a clear and present danger to American democracy and the liberties of the American people.

    As Robert Barnes of LawNewz further explained, Sally Yates, former CIA director John Brennan and a large slice of the Never Trumper intelligence community were systematically engaged in "opposition research" during the campaign and the transition:

    According to published reports, someone was eavesdropping, and recording, the conversations of Michael Flynn, while Sally Yates was at the Department of Justice. Sally Yates knew about this eavesdropping, listened in herself (Pellicano-style for those who remember the infamous LA cases), and reported what she heard to others. For Yates to have such access means she herself must have been involved in authorizing its disclosure to political appointees, since she herself is such a political appointee. What justification was there for an Obama appointee to be spying on the conversations of a future Trump appointee?

    Consider this little tidbit in The Washington Post . The paper, which once broke Watergate, is now propagating the benefits of Watergate-style surveillance in ways that do make Watergate look like a third-rate effort. (With the) FBI 'routinely' monitoring conversations of Americans...... Yates listened to 'the intercepted call,' even though Yates knew there was 'little chance' of any credible case being made for prosecution under a law 'that has never been used in a prosecution.'

    And well it hasn't been. After all, the Logan Act was signed by President John Adams in 1799 in order to punish one of Thomas Jefferson's supporters for having peace discussions with the French government in Paris. That is, it amounted to pre-litigating the Presidential campaign of 1800 based on sheer political motivation.

    According to the Washington Post itself, that is exactly what Yates and the Obama holdovers did day and night during the interregnum:

    Indeed, the paper details an apparent effort by Yates to misuse her office to launch a full-scale secret investigation of her political opponents, including 'intercepting calls' of her political adversaries.

    So all of the feigned outrage emanating from Democrats and the Washington establishment about Team Trump's trafficking with the Russians is a cover story. Surely anyone even vaguely familiar with recent history would have known there was absolutely nothing illegal or even untoward about Flynn's post-Christmas conversations with the Russian Ambassador.

    Indeed, we recall from personal experience the thrilling moment on inauguration day in January 1981 when word came of the release of the American hostages in Tehran. Let us assure you, that did not happen by immaculate diplomatic conception -- nor was it a parting gift to the Gipper by the outgoing Carter Administration.

    To the contrary, it was the fruit of secret negotiations with the Iranian government during the transition by private American citizens. As the history books would have it because it's true, the leader of that negotiation, in fact, was Ronald Reagan's national security council director-designate, Dick Allen.

    As the real Washington Post later reported, under the by-line of a real reporter, Bob Woodward:

    Reagan campaign aides met in a Washington DC hotel in early October, 1980, with a self-described 'Iranian exile' who offered, on behalf of the Iranian government, to release the hostages to Reagan, not Carter, in order to ensure Carter's defeat in the November 4, 1980 election.

    The American participants were Richard Allen, subsequently Reagan's first national security adviser, Allen aide Laurence Silberman, and Robert McFarlane, another future national security adviser who in 1980 was on the staff of Senator John Tower (R-TX).

    To this day we have not had occasion to visit our old friend Dick Allen in the US penitentiary because he's not there; the Logan Act was never invoked in what is surely the most blatant case ever of citizen diplomacy.

    So let's get to the heart of the matter and be done with it. The Obama White House conducted a sour grapes campaign to delegitimize the election beginning November 9th and it was led by then CIA Director John Brennan.

    That treacherous assault on the core constitutional matter of the election process culminated in the ridiculous Russian meddling report of the Obama White House in December. The latter, of course, was issued by serial liar James Clapper, as national intelligence director, and the clueless Democrat lawyer and bag-man, Jeh Johnson, who had been appointed head of the Homeland Security Department.

    Yet on the basis of the report's absolutely zero evidence and endless surmise, innuendo and "assessments", the Obama White House imposed another round of its silly school-boy sanctions on a handful of Putin's cronies.

    Of course, Flynn should have been telling the Russian Ambassador that this nonsense would be soon reversed!

    But here is the ultimate folly. The mainstream media talking heads are harrumphing loudly about the fact that the very day following Flynn's call -- Vladimir Putin announced that he would not retaliate against the new Obama sanctions as expected; and shortly thereafter, the Donald tweeted that Putin had shown admirable wisdom.

    That's right. Two reasonably adult statesman undertook what might be called the Christmas Truce of 2016. But like its namesake of 1914 on the bloody no man's land of the western front, the War Party has determined that the truce-makers shall not survive.

    The Donald has been warned.

    xythras , Feb 20, 2017 10:02 PM

    Assange is about to face censorship from one LENIN Moreno (next Ecuadorian president)

    Assange must Reduce "Meddling" in US Policies While in Ecuadorian Embassy

    http://dailywesterner.com/news/2017-02-20/assange-must-reduce-meddling-i...

    How ironic

    Darktarra -> xythras , Feb 20, 2017 10:11 PM

    We haven't had deep state (successfully) take out a President since JFK. I am sure they will literally be gunning for Donald Trump! His election screwed up the elite's world order plans ... poor Soros ... time for him to take a dirt knap!

    Be careful Trump! They will try and kill you! The United States government is COMPLETELY corrupt. Draining the swamp means its either you or they die!

    wanglee -> Darktarra , Feb 20, 2017 10:18 PM

    Let us help Trump's presidency to make America (not globalist) great again.

    Not only democrats rigged Primary to elect Clinton as presidential candidate last year even though she has poor judgement (violating government cyber security policy) and is incompetent (her email server was not secured) when she was the Secretary of State, and was revealed to be corrupt by Bernie Sanders during the Primary, but also democrats encourage illegal immigration, discourage work, and "conned" young voters with free college/food/housing/health care/Obama phone. Democratic government employees/politicians also committed crimes to leak classified information which caused former National Security Adviser Michael Flynn losing his job and undermined Trump's presidency.

    However middle/working class used their common senses voting against Clinton last November. Although I am not a republican and didn't vote in primary but I voted for Trump and those Republicans who supported Trump in last November since I am not impressed with the "integrity" and "judgement" of democrats, Anti-Trump protesters, Anti-Trump republicans, and those media who endorsed Clinton during presidential election and they'll work for globalists, the super rich, who moved jobs/investment overseas for cheap labor/tax and demanded middle/working class to pay tax to support welfare of illegal aliens and refugees who will become globalist's illegal voters and anti-Trump protesters.

    To prevent/detect voter fraud, "voter ID" and "no mailing ballots" must be enforced to reduce possible "voter frauds on a massive scale" committed by democratic/republic/independent party operatives. All the sanctuary counties need to be recounted and voided county votes if recount fails since the only county which was found to count one vote many times is the only "Sanctuary" county, Wayne county, in recount states (Pennsylvania, Michigan and Wisconsin) last year. The integrity of voting equipment and voting system need to be tested, protected and audited. There were no voting equipment stuck to Trump. Yet, many voting equipment were found to switch votes to Clinton last November. Voter databases need to be kept current. Encourage reporting of "voter fraud on a massive scale" committed by political party operatives with large reward.

    Cashing in: Illegal immigrants get $1,261 more welfare than American families, $5,692 vs. $4,431 ( http://www.washingtonexaminer.com/cashing-in-illegal-immigrants-get-1261... ) DEA Report Shows Infiltration of Mexican Drug Cartels in Sanctuary Cities ( http://www.breitbart.com/texas/2015/09/08/dea-report-shows-infiltration-... ) Welfare Discourages Work( http://www.breitbart.com/big-government/2015/04/27/the-science-is-settle... ) Hillary Clinton Says Bernie Sanders's "Free College" Tuition Plan Is All a Lie ( http://www.teenvogue.com/story/clinton-says-sanders-free-tuition-wont-wo... UC Berkeley Chancellor: Hillary Clinton 'Free' College Tuition Plan Won't Happen ( http://www.breitbart.com/big-government/2016/09/30/uc-berkeley-chancello... ) Bill Clinton Impeachment Chief Investigator: I'm 'Terrified' of Hillary because we know that there were "People" who "Disappeared" ( http://www.breitbart.com/2016-presidential-race/2016/10/30/exclusive-bil... ) Former FBI Asst. Director Accuses Clintons Of Being A "Crime Family" ( http://www.zerohedge.com/news/2016-10-30/former-fbi-asst-director-accuse... ) FBI boss Comey's 7 most damning lines on Clinton ( http://www.cnn.com/2016/07/05/politics/fbi-clinton-email-server-comey-da... ). Aides claiming she "could not use a computer," and didn't know her email password– New FBI docs ( https://www.rt.com/usa/360528-obama-implicated-clinton-email/ ). 23 Shocking Revelations From The FBI's Clinton Email Report ( http://dailycaller.com/2016/09/02/23-shocking-revelations-from-the-fbis-... ) DOJ grants immunity to ex-Clinton staffer who set up her email server ( http://www.cnn.com/2016/03/02/politics/hillary-clinton-email-server-just... ) Former House Intelligence Chairman: I'm '100 Percent' Sure Hillary's Server Was Hacked ( http://www.breitbart.com/2016-presidential-race/2016/11/06/former-house-... ) Exclusive - Gen. Mike Flynn: Hillary Clinton's Email Setup Was 'Unbelievable Active Criminal Behavior' ( http://www.breitbart.com/2016-presidential-race/2016/11/06/exclusive-gen... ) Clinton directed her maid to print out classified materials ( http://nypost.com/2016/11/06/clinton-directed-her-maid-to-print-out-clas... ) Obama lied to the American people about his secret communications with Clinton( http://www.thepoliticalinsider.com/president-barack-obama-hillary-email-... ) Former U.S. Attorney General, John Ashcroft: FBI didn't 'clear' Clinton ( https://www.youtube.com/watch?v=VFYQ3Cdp0zQ ) When the Clintons Loved Russia Enough to Sell Them Our Uranium ( http://www.breitbart.com/2016-presidential-race/2016/07/25/flashback-cli... ) Wikileaks: Clinton Foundation Chatter with State Dept on Uranium Deal with Russia ( http://www.breitbart.com/big-government/2016/10/08/wikileaks-putting-on-... ) Russian officials donated $$$ to Clinton Foundation for Russian military research ( http://www.breitbart.com/radio/2016/12/16/schweizer-insecure-left-wants-... ) Cash Flowed to Clinton Foundation Amid Russian Uranium Deal ( https://www.nytimes.com/2015/04/24/us/cash-flowed-to-clinton-foundation-... ) HILLARY CAMPAIGN CHIEF LINKED TO MONEY-LAUNDERING IN RUSSIA ( HTTP://WWW.WND.COM/2016/10/HILLARY-CAMPAIGN-CHIEF-LINKED-TO-MONEY-LAUNDE... ) The largest source of Trump campaign funds is small donors giving under $200 ( http://www.huffingtonpost.com/entry/donald-trump-self-fund_us_57fd4556e4... ) How mega-donors helped raise $1 billion for Hillary Clinton ( https://www.washingtonpost.com/politics/how-mega-donors-helped-raise-1-b... ) Final newspaper endorsement count: Clinton 57, Trump 2 ( http://thehill.com/blogs/ballot-box/presidential-races/304606-final-news... ) Journalists shower Hillary Clinton with campaign cash ( https://www.publicintegrity.org/2016/10/17/20330/journalists-shower-hill... ) Judicial Watch Planning to Sue FBI, NSA, CIA for Flynn Records ( http://www.breitbart.com/big-government/2017/02/16/judicial-watch-planni... )

    President Trump Vowed to Investigate Voter Fraud. Then Lawmakers Voted to "Eliminate" Election Commission Charged with Helping States Improve their Voting Systems ( http://time.com/4663250/house-committee-eliminates-election-commission-v... ) California's Recipe for Voter Fraud on a Massive Scale( http://www.breitbart.com/california/2017/01/27/voter-fraud/ ) California Republican Party Official Alleges Voter Fraud In California, a "Sanctuary" state ( http://sanfrancisco.cbslocal.com/2016/11/28/trump-among-those-saying-vot... ) BREAKING: Massive Voter Fraud Discovered In Mailing Ballots In Pennsylvania! See Huge Twist In Results! ( http://www.usapoliticstoday.com/massive-voter-fraud-pennsylvania/ ) "Voting Fraud" revealed during "Recount": Scanners were used to count one vote many times to favor Clinton in Wayne County, a "Sanctuary" county including Detroit and surrounding areas.( http://www.zerohedge.com/news/2016-12-06/michigan-republicans-file-emerg... ) Illegal Voters Tipping Election Scales ( http://www.frontpagemag.com/fpm/243947/illegal-voters-tipping-election-s... ) Voter Fraud: We've Got Proof It's Easy ( http://www.nationalreview.com/article/368234/voter-fraud-weve-got-proof-... ) Voter Fraud Is Real. Here's The Proof ( http://thefederalist.com/2016/10/13/voter-fraud-real-heres-proof/ ) Here's Why State Election Officials Think Voter Fraud Is a Serious Problem ( http://dailysignal.com/2017/02/17/heres-why-state-election-officials-thi... ) Documented Voter Fraud in US ( http://www.discoverthenetworks.org/ViewSubCategory.asp?id=2216 ) No, voter fraud isn't a myth: 10 cases where it's all too real ( http://www.washingtontimes.com/news/2016/oct/17/no-voter-fraud-isnt-myth... ) Non-US citizen gets eight years for voter fraud in Texas after "Sucessfully Illegally Voted for at least Five Times" in Dallas county, a "Sanctuary" county( http://www.theblaze.com/news/2017/02/09/non-us-citizen-gets-eight-years-... ) Democratic party operatives tell us how to successfully commit voter fraud on a massive scale ( http://www.thegatewaypundit.com/2016/10/james-okeefe-rigging-elections-d... ) Texas Rigged? Reports Of Voting Machines Switching Votes To Hillary In Texas( http://www.zerohedge.com/news/2016-10-25/texas-rigged-first-reports-voti... ) Voting Machine "Irregularities" Reported in Utah, Tennessee, Pennsylvania, & North Carolina ( http://www.zerohedge.com/news/2016-11-08/voting-machine-irregularities-r... ) Video: Machine Refuses to Allow Vote For Trump in Pennsylvania ( http://www.infowars.com/video-machine-refuses-to-allow-vote-for-trump-in... ) Electoral fraud ( https://en.wikipedia.org/wiki/Electoral_fraud ) Voter fraud ( https://ballotpedia.org/Voter_fraud ) Sanctuary Cities Continue to Obstruct Enforcement, Threaten Public Safety( http://cis.org/Sanctuary-Cities-Map ) List of Sanctuary cities( http://www.apsanlaw.com/law-246.List-of-Sanctuary-cities.html ) Map Shows Sanctuary City Islands of Blue In Sea of Red ( http://www.infowars.com/map-shows-sanctuary-city-islands-of-blue-in-sea-... )

    Chris Dakota -> wanglee , Feb 20, 2017 10:59 PM

    I hit some long click bait about famous people IQ

    Barack Obama 140

    Donald Trump 156

    Trump knows whats coming. Rush Limbaugh said "I've known Trump for a long time, he is a winner and I am sure none of this phases him at all. The media didn't create him, the media can't destroy him."

    CheapBastard -> Darktarra , Feb 20, 2017 10:19 PM

    Flynn has been there for several years. If he was such a threat why did they not take action sooner since Soweeto appointed him in 2012? It must be that Soweto Obama is his spy buddy then, both of them in league with the Russians since Obama has been with Flynn for a much longer time he had to know if something was up.

    The entire Russian spy story is a complete Fake news rouse.

    I am wondering what they'll say tomorrow to draw attention awya form the muslim riots in Sweden. If the news of Muslim riots in Sweden, then Trump will be even more vindicated and the MSM will look even more stupid and Fake.

    Chupacabra-322 -> CheapBastard , Feb 20, 2017 10:54 PM

    The Deep State has accentually lost control of the Intelligence Community via its Agents / Operatives & Presstitute Media vehicle's to Gas Light the Masses.

    So what Criminals at large Obama, Clapper & Lynch have done 17 days prior to former CEO Criminal Obama leaving office was to Decentralize & weaken the NSA. As a result, Intel gathering was then regulated to the other 16 Intel Agencies.

    Thus, taking Centuries Old Intelligence based on a vey stringent Centralized British Model, De Centralized it, filling the remaining 16 Intel Agenices with potential Spies and a Shadow Deep State Mirror Government.

    All controlled from two blocks away at Pure Evil Criminal War Criminal Treasonous at large, former CEO Obama's Compound / Lair.

    It's High Treason being conducted "Hidden In Plain View" by the Deep State.

    It's the most Bizzare Transition of Power I've ever witnessed. Unprecedented.

    http://www.zerohedge.com/news/2017-02-18/jay-sekulow-obama-should-be-hel ...

    oncefired -> CheapBastard , Feb 20, 2017 11:07 PM

    http://www.thomaswictor.com/leakers-beware/

    Duc888 -> CheapBastard , Feb 20, 2017 11:11 PM

    Flynn did not tell Pence that Pence's best friend was front and center on the Pizzagate list. That's what cost Flynn his job...it had fuck all do do with the elections.

    [Feb 15, 2017] Flynn Resignation Is a Surveillance State Coup Nightmare

    The globalist mafia is trying to destroy Trump. There might be the same part of intelligence community which is still loyal to Bill and Hillary Clinton.
    Still Flynn discussing sanctions, which could have been a violation of an 18th century law, the Logan Act, that bars unauthorized citizens from brokering deals with foreign governments involved in disputes with the United States.
    Keith Kellogg links with Oracle my be as asset to Trump team.
    Feb 15, 2017 | www.breitbart.com

    As far back as the passage of the Patriot Act after 9/11, civil libertarians worried about the surveillance state, the Panopticon, the erosion of privacy rights and due process in the name of national security.

    Paranoid fantasies were floated that President George W. Bush was monitoring the library cards of political dissidents. Civil libertarians hailed NSA contractor Edward Snowden as a hero, or at least accepted him as a necessary evil, for exposing the extent of Internet surveillance under President Barack Obama.

    Will civil libertarians now speak up for former National Security Adviser Michael Flynn, whose career has been destroyed with a barrage of leaked wiretaps? Does anyone care if those leaks were accurate or legal?

    Over the weekend, a few honest observers of the Flynn imbroglio noted that none of the strategically leaked intercepts of his conversations with Russian Ambassador Sergey Kislyak proved he actually did anything wrong .

    The media fielded accusations that Flynn discussed lifting the Obama administration's sanctions on Russia – a transgression that would have been a serious violation of pre-inauguration protocol at best, and a prosecutable offense at worst. Flynn ostensibly sealed his fate by falsely assuring Vice President Mike Pence he had no such discussions with Kislyak, prompting Pence to issue a robust defense of Flynn that severely embarrassed Pence in retrospect.

    On Tuesday, Eli Lake of Bloomberg News joined the chorus of skeptics who said the hive of anonymous leakers infesting the Trump administration never leaked anything that proved Flynn lied to Pence:

    He says in his resignation letter that he did not deliberately leave out elements of his conversations with Ambassador Sergey Kislyak when he recounted them to Vice President Mike Pence. The New York Times and Washington Post reported that the transcript of the phone call reviewed over the weekend by the White House could be read different ways. One White House official with knowledge of the conversations told me that the Russian ambassador raised the sanctions to Flynn and that Flynn responded that the Trump team would be taking office in a few weeks and would review Russia policy and sanctions . That's neither illegal nor improper.

    Lake also noted that leaks of sensitive national security information, such as the transcripts of Flynn's phone calls to Kislyak, are extremely rare. In their rush to collect a scalp from the Trump administration, the media forgot to tell its readers how unusual and alarming the Flynn-quisition was:

    It's very rare that reporters are ever told about government-monitored communications of U.S. citizens, let alone senior U.S. officials. The last story like this to hit Washington was in 2009 when Jeff Stein, then of CQ, reported on intercepted phone calls between a senior Aipac lobbyist and Jane Harman, who at the time was a Democratic member of Congress.

    Normally intercepts of U.S. officials and citizens are some of the most tightly held government secrets. This is for good reason. Selectively disclosing details of private conversations monitored by the FBI or NSA gives the permanent state the power to destroy reputations from the cloak of anonymity. This is what police states do.

    In the past it was considered scandalous for senior U.S. officials to even request the identities of U.S. officials incidentally monitored by the government (normally they are redacted from intelligence reports). John Bolton's nomination to be U.S. ambassador to the United Nations was derailed in 2006 after the NSA confirmed he had made 10 such requests when he was Undersecretary of State for Arms Control in George W. Bush's first term. The fact that the intercepts of Flynn's conversations with Kislyak appear to have been widely distributed inside the government is a red flag.

    While President Trump contemplated Flynn's fate on Monday evening, the Wall Street Journal suggested: "How about asking if the spooks listening to Mr. Flynn obeyed the law?" Among the questions the WSJ posed was whether intelligence agents secured proper FISA court orders for the surveillance of Flynn.

    That s the sort of question that convulsed the entire political spectrum, from liberals to libertarians, after the Snowden revelations. Not long ago, both Democrats and Republicans were deeply concerned about accountability and procedural integrity for the sprawling surveillance apparatus developed by our law enforcement and intelligence agencies. Those are among the most serious concerns of the Information Age, and they should not be cast aside in a mad dash to draw some partisan blood.

    There are several theories as to exactly who brought Flynn down and why. Was it an internal White House power struggle, the work of Obama administration holdovers, or the alligators of the "Deep State" lunging to take a bite from the president who promised to "drain the swamp?"

    The Washington Free Beacon has sources who say Flynn's resignation is "the culmination of a secret, months-long campaign by former Obama administration confidantes to handicap President Donald Trump's national security apparatus and preserve the nuclear deal with Iran."

    Flynn has prominently opposed that deal. According to the Free Beacon, this "small task force of Obama loyalists" are ready to waylay anyone in the Trump administration who threatens the Iran deal, their efforts coordinated by the sleazy Obama adviser who boasted of his ability to manipulate the press by feeding them lies, Ben Rhodes.

    Some observers are chucking at the folly of Michael Flynn daring to take on the intelligence community, and paying the price for his reckless impudence. That is not funny – it is terrifying. In fact, it is the nightmare of the rogue NSA come to life, the horror story that kept privacy advocates tossing in their sheets for years.

    Michael Flynn was appointed by the duly elected President of the United States. He certainly should not have been insulated from criticism, but if he was brought down by entrenched, unelected agency officials, it is nearly a coup – especially if, as Eli Lake worried on Twitter, Flynn's resignation inspires further attacks with even higher-ranking targets:

    This was a major error for @Reince & @mike_pence It's now open season on this administration from without and within. #FlynnResignation

    - Eli Lake (@EliLake) February 14, 2017

    Lake's article caught the eye of President Trump, who endorsed his point that intelligence and law enforcement agencies should not interfere in U.S. politics:

    Thank you to Eli Lake of The Bloomberg View – "The NSA & FBI should not interfere in our politics and is" Very serious situation for USA

    - Donald J. Trump (@realDonaldTrump) February 15, 2017

    On the other hand, Bill Kristol of the Weekly Standard openly endorsed the Deep State overthrowing the American electorate and overturning the results of the 2016 election:

    Obviously strongly prefer normal democratic and constitutional politics. But if it comes to it, prefer the deep state to the Trump state.

    - Bill Kristol (@BillKristol) February 14, 2017

    Among the many things hideously wrong with this sentiment is that the American people know absolutely nothing about the leakers who brought Flynn down, and might be lining up their next White House targets at this very moment. We have no way to evaluate their motives or credibility. We didn't vote for them, and we will have no opportunity to vote them out of office if we dissent from their agenda. As mentioned above, we do not know if the material they are leaking is accurate .

    Byron York of the Washington Examiner addressed the latter point by calling for full disclosure:

    Important that entire transcript of Flynn-Kislyak conversation be released. Leakers have already cherrypicked. Public needs to see it all.

    - Byron York (@ByronYork) February 14, 2017

    That is no less important with Flynn's resignation in hand. We still need to know the full story of his downfall. The American people deserve to know who is assaulting the government they voted for in 2016. They deserve protection from the next attempt to manipulate our government with cherry picked leaks.

    They also deserve some intellectual consistency from those who have long and loudly worried about the emergence of a surveillance state, and from conservatives who claim to value the rule of law. Unknown persons with a mysterious agenda just made strategic use of partial information from a surveillance program of uncertain legality to take out a presidential adviser.

    Whether it's an Obama shadow government staging a Beltway insurrection, or Deep State officials protecting their turf, this is the nightmare scenario of the post-Snowden era or are we not having that nightmare anymore, if we take partisan pleasure in the outcome?

    [Feb 07, 2017] How the CIA made Google

    Feb 07, 2017 | www.zerohedge.com

    Pinto Currency -> J S Bach , Feb 6, 2017 10:47 PM

    How the CIA made Google

    https://medium.com/insurge-intelligence/how-the-cia-made-google-e836451a...

    918pigpen -> buckstopshere , Feb 6, 2017 10:42 PM

    People ask me why I refused to use google many years ago.

    THIS!!!

    Yars Revenge , Feb 6, 2017 10:39 PM

    (((GOOGLE)))

    rlouis , Feb 6, 2017 10:45 PM

    So, the alphabet company, aka CIA is funding this?

    wisefool , Feb 6, 2017 10:45 PM

    Who would have think some kids working on bublesort 2.0 (1980s era search engine tech) could have bootstrapped themselves to the biggest brand in the world. Until facebook came along.

    They did not get a 1 million dollar loan from their dad like donald trump did. They might have got some money from big brother. But we don't talk about that in polite company.

    Neochrome , Feb 6, 2017 10:48 PM

    If you're a thief, it's your "duty" to break the law.

    http://www.huffingtonpost.com/2012/12/13/google-tax-dodge_n_2292077.html

    Google's chairman says he is "proud" of the way his company avoids paying taxes.

    "It's called capitalism," Eric Schmidt told Bloomberg in a Wednesday article. "We are proudly capitalistic. I'm not confused about this."

    Google's effective U.S. tax rate is unclear. Citizens for Tax Justice did not analyze Google in a 2011 study because Google reports most of its profits as foreign, even though that may not be true.

    [Jan 21, 2017] Obama promised to reverse the growth of the surveillance state. He did the opposite.

    Notable quotes:
    "... President Obama will go down in history as the man who helped entrench history's largest and most powerful surveillance state ..."
    "... Obama didn't just fall short of progressive hopes - he went in the opposite direction ..."
    "... he broke a campaign promise and voted for a bill expanding government surveillance and granting immunity to telecommunications companies who helped Bush spy on Americans. ..."
    "... Upon becoming president, the already vast surveillance powers of the United States have expanded . By 2010, the NSA was collecting 1.7 billion emails, phone calls, and other types of communications. By 2012, XKeyscore - which sweeps up "everything a user typically does on the internet" - was storing as much as forty-one billion records in thirty days. This gargantuan volume of data has the ironic effect of making it harder to detect security threats. ..."
    "... The use of secret laws - hidden from public eyes and often related to surveillance activities - shot up under Obama. The administration tried (and failed) to force Apple to insert security flaws in its phones, to give law enforcement a potential "back door" around encryption. ..."
    "... But this would not have happened - and the scope of US surveillance would have stayed secret - had it not been for the disclosures by Edward Snowden, whom Obama criticized and refused to pardon in the waning days of his administration, even as he claimed to " welcome " a debate on surveillance. ..."
    Jan 21, 2017 | www.jacobinmag.com

    President Obama will go down in history as the man who helped entrench history's largest and most powerful surveillance state, providing it with a liberal legitimacy that left it largely immune from criticism during his two terms. As President Trump takes the reins of that surveillance state's power in whatever terrifying ways he chooses, we should remember that it was Obama who paved the way for him.

    Obama has often been painted as a disappointing president, one who reached for the stars but ultimately, whether due to Republican obstructionism or the disappointing realities of governing, fell short. In the area of state surveillance, however, Obama didn't just fall short of progressive hopes - he went in the opposite direction.

    Obama built his career opposing the Patriot Act and Bush-era secrecy. He made this opposition a centerpiece of his presidential campaign, promising "no more illegal wiretapping of American citizens. No more national security letters to spy on citizens who are not suspected of a crime . . . No more ignoring the law when it is convenient."

    The first sign of his waning commitment came three months after a glowing Times op-ed declared him potentially the first civil libertarian president, when he broke a campaign promise and voted for a bill expanding government surveillance and granting immunity to telecommunications companies who helped Bush spy on Americans.

    Upon becoming president, the already vast surveillance powers of the United States have expanded . By 2010, the NSA was collecting 1.7 billion emails, phone calls, and other types of communications. By 2012, XKeyscore - which sweeps up "everything a user typically does on the internet" - was storing as much as forty-one billion records in thirty days. This gargantuan volume of data has the ironic effect of making it harder to detect security threats.

    The use of secret laws - hidden from public eyes and often related to surveillance activities - shot up under Obama. The administration tried (and failed) to force Apple to insert security flaws in its phones, to give law enforcement a potential "back door" around encryption.

    It extended controversial Patriot Act provisions year after year. Less than a week before Donald Trump, a man he has called "unfit" for office, took power, Obama expanded the NSA's power to share its data with other agencies. Meanwhile, the FBI is paying Best Buy employees to snoop through your computer.

    Where there have been privacy wins on Obama's watch, they have largely been inadvertent. The NSA collects a much smaller proportion of Americans' phone records today than it did eleven years ago because cell phone use has exploded. Furthermore, the USA Freedom Act passed in 2015, ending bulk collection of US phone records ( only of phone records, it must be said), something Obama tried to claim as part of his legacy in his farewell speech.

    But this would not have happened - and the scope of US surveillance would have stayed secret - had it not been for the disclosures by Edward Snowden, whom Obama criticized and refused to pardon in the waning days of his administration, even as he claimed to " welcome " a debate on surveillance.

    All of this happened under a liberal former constitutional law professor. The question must be asked: What will follow under Trump?

    -Branko Marcetic

    [Jan 15, 2017] Gaius Publius Who's Blackmailing the President Why Arent Democrats Upset About It

    Notable quotes:
    "... William Binney,another NSA whistleblower and hero, stated on his Truthdig interview with Sheer (who talked and repeated himself way too much, not leaving much time for Binney to talk) that Snowden knew from watching what happened to the five of them (among them,Thomas Drake/currently pensionless and an apple store worker ) and that Snowden did it the only way it could be done and did the leak well by gathering so much information up there was no chance of plausible deniability. ..."
    "... First they gaslight you. "There is no surveillance. You have no evidence." ..."
    "... As soon as there's evidence, they downplay it. "Everyone knew there was surveillance. This is nothing new!" ..."
    "... Snowden's leaks were crucial and necessary. State surveillance had been normalized long before him. He only told us it had happened. What happens next is a battle that is still being fought, despite the best efforts of people who weasel about "ambivalence". ..."
    "... Exposing the workings of the deep state is necessary if we are to ever reclaim democracy, if in fact we ever had it. ..."
    "... Greenwald isn't defending the Russians– he is asking for evidence so we don't have to rely on the intelligence community. ..."
    Jan 15, 2017 | www.nakedcapitalism.com
    HopeLB , January 14, 2017 at 5:22 pm

    William Binney,another NSA whistleblower and hero, stated on his Truthdig interview with Sheer (who talked and repeated himself way too much, not leaving much time for Binney to talk) that Snowden knew from watching what happened to the five of them (among them,Thomas Drake/currently pensionless and an apple store worker ) and that Snowden did it the only way it could be done and did the leak well by gathering so much information up there was no chance of plausible deniability.

    reslez , January 14, 2017 at 6:28 pm

    Your "ambivalence" is one of the favorite tactics of people in CTR, who start off all their comments with "I love Bernie, but ". Here's how it works:

    1. First they gaslight you. "There is no surveillance. You have no evidence."
    2. As soon as there's evidence, they downplay it. "Everyone knew there was surveillance. This is nothing new!"

    Snowden's leaks were crucial and necessary. State surveillance had been normalized long before him. He only told us it had happened. What happens next is a battle that is still being fought, despite the best efforts of people who weasel about "ambivalence".

    Jack , January 14, 2017 at 9:29 am

    SantaFe you said "his career was literally made by a document dump from guy who increasungly appears to be much more nefarious". Glenn Greenwald's "career" was made long before Snowden appeared on the scene. That's why Snowden chose him to release the documents to. He has long been known as a journalist who speaks truth to power. And what do you mean by this; " He is quickly losing credibility among many who admired him." ? Yourself? I see no reason why Greenwald should be losing credibility. Primarily what he is doing is in this particular instance is questioning the veracity of the documents being used against Trump and the means by which they are being "released". That is one of Greenwald's greatest strengths. He plays no favorites. As far as the WSJ article on Snowden, I assume you are referring to the now discredited op-ed (not an article) piece by Epstein? This self serving op-ed was clearly written by Epstein to promote his recent book and the "points" he made about Snowden have been discredited by many sources.

    Michael C. , January 14, 2017 at 10:39 am

    I agree with you wholeheartedly. Exposing the workings of the deep state is necessary if we are to ever reclaim democracy, if in fact we ever had it.

    DJG , January 14, 2017 at 12:01 pm

    Agreed: Further, the recent article in the New Yorker, in which Malcolm Gladwell (who isn't glib, of course) decides that Snowden isn't classy enough is more of the same.

    Santa Fe: Greenwald losing credibility? Sorry. You just lost credibility, if you ever had any.

    Donald , January 14, 2017 at 10:05 am

    Speak for yourself. Greenwald isn't defending the Russians– he is asking for evidence so we don't have to rely on the intelligence community. And while Assange appears motivated by animus against Clinton, I have yet to see anything about Snowden that would make me distrust him more than the press. What I do see are a lot of centrist liberals acting like Joseph McCarthy.

    And even with Assange, wikileaks has been invaluable. The mainstream press largely gored its most interesting revelations - for instance, the Clinton camp privately acknowledged that the Saudi government supports ISIS. We hear much more shooting the messenger stories about dissenters than we hear stories about the message.

    Donald , January 14, 2017 at 10:14 am

    Here is a link about the Isis, Saudi, Clinton story.

    http://www.independent.co.uk/voices/hillary-clinton-wikileaks-email-isis-saudi-arabia-qatar-us-allies-funding-barack-obama-knew-all-a7362071.html

    I didn't see anything about this in the US mainstream press, though I won't swear it didn't appear somewhere. But I have heard much more about how the wikileaks releases contained little of substance.

    [Jan 15, 2017] Days before far-right President-elect Donald Trump is sworn in, President Barack Obama has expanded all intelligence agencies access to private communications obtained via warrentless spying

    economistsview.typepad.com

    JohnH -> Peter K.... , January 14, 2017 at 12:28 PM

    Obama continues to set the table for Trump:

    "Days before far-right President-elect Donald Trump is sworn in, President Barack Obama has expanded all intelligence agencies' access to private communications obtained via warrentless spying.

    An executive order allows the National Security Agency (NSA) to share data collected via its global surveillance dragnet with all other U.S. intelligence agencies, without redacting untargeted American citizens' private information.

    "The change means that far more officials will be searching through raw data," explained the New York Times, which broke the story late Thursday. The Times also shared the 23-page declassified version of the president's order."
    http://www.commondreams.org/news/2017/01/13/obama-expands-spy-agencies-access-private-data-just-time-trump

    Not that Democrats like Pelosi/Schumer/Feinstein care...they're apparently quite happy to give Trump's people access to all Americans' most private data.

    [Jan 13, 2017] Mystery Hackers Blow Up Secret NSA Hacking Tools in 'Final F--k You'

    Notable quotes:
    "... The message was accompanied by a parting gift...an apparently complete NSA backdoor kit targeting the Windows operating system. The kit is comprised of 61 malicious Windows executables, only one of which was previously known to antivirus vendors... ..."
    Jan 13, 2017 | www.thedailybeast.com
    by Kevin Poulsen

    "A mysterious hacking group has been bedeviling the U.S. intelligence community for months, releasing a tranche of secret National Security Agency hacking tools to the public while offering to sell even more for the right price. Now with barely a week to go before Donald Trump's inauguration, the self-styled "Shadow Brokers" on Thursday announced that they were packing it in.

    "So long, farewell peoples. TheShadowBrokers is going dark, making exit," the group wrote on its darknet site... The message was accompanied by a parting gift...an apparently complete NSA backdoor kit targeting the Windows operating system. The kit is comprised of 61 malicious Windows executables, only one of which was previously known to antivirus vendors...

    ... ... ...

    The Shadow Brokers emerged in August with the announcement that they'd stolen the hacking tools used by a sophisticated computer-intrusion operation known as the Equation Group, and were putting them up for sale to the highest bidder. It was a remarkable claim, because the Equation Group is generally understood to be part of the NSA's elite Tailored Access Operations program and is virtually never detected, much less penetrated.

    ... ... ...

    Released along with the announcement was a huge cache of specialized malware, including dozens of backdoor programs and 10 exploits, two of them targeting previously unknown security holes in Cisco routers-a basic building block of the internet. While Cisco and other companies scrambled for a fix, security experts pored over the Shadow Brokers tranche like it was the Rosetta Stone. "It was the first time, as threat-intelligence professionals, that we've had access to what appears to be a relatively complete toolkit of a nation-state attacker," says Jake Williams, founder of Rendition Infosec. "It was excitement in some circles, dismay in other circles, and panic and a rush to patch if you're running vulnerable hardware."

    [Dec 26, 2016] Congress Passes BOTS Act To Ban Ticket-Buying Software

    Dec 26, 2016 | yro.slashdot.org
    (arstechnica.com) 221 Posted by BeauHD on Thursday December 08, 2016 @05:05PM from the level-the-playing-field dept. Congress passed a bill yesterday that will make it illegal for people to use software bots to buy concert tickets . Ars Technica reports: The Better Online Ticket Sales (BOTS) Act makes it illegal to bypass any computer security system designed to limit ticket sales to concerts, Broadway musicals, and other public events with a capacity of more than 200 persons. Violations will be treated as "unfair or deceptive acts" and can be prosecuted by the Federal Trade Commission or the states. The bill passed the Senate by unanimous consent last week, and the House of Representatives voted yesterday to pass it as well. It now proceeds to President Barack Obama for his signature. Computer programs that automatically buy tickets have been a frustration for the concert industry and fans for a few years now. The issue had wide exposure after a 2013 New York Times story on the issue. Earlier this year, the office of New York Attorney General Eric Schneiderman completed an investigation into bots. The New York AG's ticket sales report (PDF) found that the tens of thousands of tickets snatched up by bots were marked up by an average of 49 percent.

    [Dec 26, 2016] You Can Now Rent A Mirai Botnet Of 400,000 Bots

    Dec 26, 2016 | it.slashdot.org
    (bleepingcomputer.com) 62 Posted by EditorDavid on Sunday November 27, 2016 @05:35PM from the telnetting-for-dollars dept. An anonymous reader writes: Two hackers are renting access to a massive Mirai botnet , which they claim has more than 400,000 infected bots, ready to carry out DDoS attacks at anyone's behest. The hackers have quite a reputation on the hacking underground and have previously been linked to the GovRAT malware, which was used to steal data from several US companies. Renting around 50,000 bots costs between $3,000-$4,000 for 2 weeks, meaning renting the whole thing costs between $20,000-$30,000.

    After the Mirai source code leaked, there are countless smaller Mirai botnets around, but this one is [believed to be the one] accounting for more than half of all infected IoT devices...that supposedly shut down Internet access in Liberia . The original Mirai botnet was limited to only 200,000 bots because there were only 200,000 IoT devices connected online that had their Telnet ports open. The botnet that's up for rent now has received improvements and can also spread to IoT devices via SSH, hence the 400,000 bots total.
    Interestingly, the article claims the botnet's creators had access \to the Mirai source code "long before it went public ."

    [Dec 26, 2016] Uber Wants To Track Your Location Even When You're Not Using the App, Here's Why

    Dec 26, 2016 | yro.slashdot.org
    (businessinsider.com) 131 Posted by msmash on Wednesday November 30, 2016 @04:00PM from the why-they-do-what-they-do dept. With the most recent update to Uber's ride-hailing app, the company has begun requesting users if they are willing to share their location data with Uber app even while the app is not in use . The company says it plans to use the data gained to improve user experience -- including offering improved pick-up times and locations. From an article on Business Insider: In August the company moved away from using Google Maps for its service and began using its own mapping technology. Google's lack of accuracy in many non-Western countries led to increased friction between consumers and drivers. This means the company needs to boost the amount of location data it has. Location data could also be used to provide new channels of revenue for the digital platform. This could include serving ads of local businesses or recommending nearby places of interest to users. Mobile marketing, which relies on accurate location data is a rapidly growing industry and could serve as a revenue windfall for Uber in the years ahead as it faces increasing competition. In fact, revenue from location-targeted mobile ads is expected to grow at an annualized rate of almost 34% between 2014 and 2019, surpassing $18 billion, according to a forecast from BIA/Kelsey.

    [Dec 26, 2016] International Authorities Take Down Massive 'Avalanche' Botnet, Sinkhole Over 800,000 Domains

    Dec 26, 2016 | it.slashdot.org
    (arstechnica.com) 53 Posted by BeauHD on Thursday December 01, 2016 @10:30PM from the largest-ever dept. plover writes: Investigators from the U.S. Department of Justice, the FBI, Eurojust, Europol, and other global partners announced the takedown of a massive botnet named "Avalanche ," estimated to have involved as many as 500,000 infected computers worldwide on a daily basis. A Europol release says: "The global effort to take down this network involved the crucial support of prosecutors and investigators from 30 countries. As a result, five individuals were arrested, 37 premises were searched, and 39 servers were seized. Victims of malware infections were identified in over 180 countries. In addition, 221 servers were put offline through abuse notifications sent to the hosting providers. The operation marks the largest-ever use of sinkholing to combat botnet infrastructures and is unprecedented in its scale, with over 800,000 domains seized, sinkholed or blocked." Sean Gallagher writes via Ars Technica: "The domains seized have been 'sinkholed' to terminate the operation of the botnet, which is estimated to have spanned over hundreds of thousands of compromised computers around the world. The Justice Department's Office for the Western Federal District of Pennsylvania and the FBI's Pittsburgh office led the U.S. portion of the takedown. 'The monetary losses associated with malware attacks conducted over the Avalanche network are estimated to be in the hundreds of millions of dollars worldwide, although exact calculations are difficult due to the high number of malware families present on the network,' the FBI and DOJ said in their joint statement. In 2010, an Anti-Phishing Working Group report called out Avalanche as 'the world's most prolific phishing gang,' noting that the Avalanche botnet was responsible for two-thirds of all phishing attacks recorded in the second half of 2009 (84,250 out of 126,697). 'During that time, it targeted more than 40 major financial institutions, online services, and job search providers,' APWG reported. In December of 2009, the network used 959 distinct domains for its phishing campaigns. Avalanche also actively spread the Zeus financial fraud botnet at the time."

    [Dec 26, 2016] Watchdog Group Claims Smart Toys Are Spying On Kids

    Dec 26, 2016 | yro.slashdot.org
    (mashable.com) 70 Posted by BeauHD on Thursday December 08, 2016 @07:05PM from the always-listening dept. The Center for Digital Democracy has filed a complaint with the Federal Trade Commission warning of security and privacy holes associated with a pair of smart toys designed for children. Mashable reports: "This complaint concerns toys that spy," reads the complaint, which claims the Genesis Toys' My Friend Cayla and i-QUE Intelligent Robot can record and collect private conversations and offer no limitations on the collection and use of personal information . Both toys use voice recognition, internet connectivity and Bluetooth to engage with children in conversational manner and answer questions. The CDD claims they do all of this in wildly insecure and invasive ways. Both My Friend Cayla and i-QUE use Nuance Communications' voice-recognition platform to listen and respond to queries. On the Genesis Toy site, the manufacturer notes that while "most of Cayla's conversational features can be accessed offline," searching for information may require an internet connection. The promotional video for Cayla encourages children to "ask Cayla almost anything." The dolls work in concert with mobile apps. Some questions can be asked directly, but the toys maintain a constant Bluetooth connection to the dolls so they can also react to actions in the app and even appear to identify objects the child taps on on screen. While some of the questions children ask the dolls are apparently recorded and sent to Nuance's servers for parsing, it's unclear how much of the information is personal in nature. The Genesis Privacy Policy promises to anonymize information. The CDD also claims, however, that My Friend Cayla and i-Que employ Bluetooth in the least secure way possible. Instead of requiring a PIN code to complete pairing between the toy and a smartphone or iPad, "Cayla and i-Que do not employ... authentication mechanisms to establish a Bluetooth connection between the doll and a smartphone or tablet. The dolls do not implement any other security measure to prevent unauthorized Bluetooth pairing." Without a pairing notification on the toy or any authentication strategy, anyone with a Bluetooth device could connect to the toys' open Bluetooth networks, according to the complaint.

    [Dec 26, 2016] Ransomware Compromises San Francisco's Mass Transit System

    Dec 26, 2016 | news.slashdot.org
    (cbslocal.com) 141

    osted by EditorDavid on Sunday November 27, 2016 @01:34PM

    Buses and light rail cars make San Francisco's "Muni" fleet the seventh largest mass transit system in America. But yesterday its arrival-time screens just displayed the message "You Hacked, ALL Data Encrypted" -- and all the rides were free, according to a local CBS report shared by RAYinNYC :

    Inside sources say the system has been hacked for days . The San Francisco Municipal Transportation Agency has officially confirmed the hack, but says it has not affected any service... The hack affects employees, as well. According to sources, SFMTA workers are not sure if they will get paid this week. Cyber attackers also hit Muni's email systems.
    Though the article claims "The transit agency has no idea who is behind it, or what the hackers are demanding in return," Business Insider reports "The attack seems to be an example of ransomware, where a computer system is taken over and the users are locked out until a certain amount of money is sent to the attacker." In addition, they're reporting the attack "reportedly included an email address where Muni officials could ask for the key to unlock its systems."

    One San Francisco local told CBS, "I think it is terrifying. I really do I think if they can start doing this here, we're not safe anywhere."

    [Dec 26, 2016] Adobe Flash Responsible For Six of the Top 10 Bugs Used By Exploit Kits In 2016

    Dec 26, 2016 | it.slashdot.org
    (onthewire.io) 72 Posted by BeauHD on Wednesday December 07, 2016 @09:05PM from the majority-rules dept. Trailrunner7 quotes a report from On the Wire: Vulnerabilities in Flash and Internet Explorer dominated the exploit kit landscape in the last year , with a high-profile bug in Flash being found in seven separate kits, new research shows. Exploit kits have long been a key tool in the arsenal of many attackers, from low-level gangs to highly organized cybercrime crews. Their attraction stems from their ease of use and the ability for attackers to add exploits for new vulnerabilities as needed. While there are dozens of exploit kits available, a handful of them attract the most use and attention, including Angler, Neutrino, Nuclear, and Rig. Researchers at Recorded Future looked at more than 140 exploit kits and analyzed which exploits appeared in the most kits in the last year, and it's no surprise that Flash and IE exploits dominated the landscape. Six of the top 10 most-refquently targeted vulnerabilities in the last year were in Flash, while the other four were in Microsoft products, including IE, Windows, and Silverlight. Flash has been a favorite target for attackers for a long time, for two main reasons: it's deployed on hundreds of millions of machines, and it has plenty of vulnerabilities. Recorded Future's analysis shows that trend is continuing, and one Flash bug disclosed October 2015 was incorporated into seven individual exploit kits. The flaw was used by a number of high-level attackers, including some APT groups. "Adobe Flash Player's CVE-2015-7645, number 10 in terms of references to exploit kits, stands out as the vulnerability with the most adoption by exploit kits. Exploit kits adopting the Adobe bug in the past year include Neutrino, Angler, Magnitude, RIG, Nuclear Pack, Spartan, and Hunter," the analysis by Recorded Future says .

    [Dec 26, 2016] Snowden: 'The Central Problem of the Future' Is Control of User Data

    Dec 26, 2016 | tech.slashdot.org
    (techcrunch.com) 157 Posted by BeauHD on Wednesday December 14, 2016 @05:00AM from the no-place-to-hide dept. Twitter CEO Jack Dorsey interviewed Edward Snowden via Periscope about the wide world of technology. The NSA whistleblower " discussed the data that many online companies continue to collect about their users , creating a 'quantified world' -- and more opportunities for government surveillance," reports TechCrunch. Snowden said, "If you are being tracked, this is something you should agree to, this is something you should understand, this is something you should be aware of and can change at any time." TechCrunch reports: Snowden acknowledged that there's a distinction between collecting the content of your communication (i.e., what you said during a phone call) and the metadata (information like who you called and how long it lasted). For some, surveillance that just collects metadata might seem less alarming, but in Snowden's view, "That metadata is in many cases much more dangerous and much more intrusive, because it can be understood at scale." He added that we currently face unprecedented perils because of all the data that's now available -- in the past, there was no way for the government to get a list of all the magazines you'd read, or every book you'd checked out from the library. "[In the past,] your beliefs, your future, your hopes, your dreams belonged to you," Snowden said. "Increasingly, these things belong to companies, and these companies can share them however they want, without a lot of oversight." He wasn't arguing that companies shouldn't collect user data at all, but rather that "the people who need to be in control of that are the users." "This is the central problem of the future, is how do we return control of our identities to the people themselves?" Snowden said.

    [Dec 26, 2016] NSA's Best Are 'Leaving In Big Numbers,' Insiders Say

    Dec 26, 2016 | yro.slashdot.org
    (cyberscoop.com) 412 Posted by EditorDavid on Sunday December 11, 2016 @11:34AM from the blaming-Oliver-Stone dept. schwit1 quotes CyberScoop: Low morale at the National Security Agency is causing some of the agency's most talented people to leave in favor of private sector jobs , former NSA Director Keith Alexander told a room full of journalism students, professors and cybersecurity executives Tuesday. The retired general and other insiders say a combination of economic and social factors including negative press coverage -- have played a part... "I am honestly surprised that some of these people in cyber companies make up to seven figures. That's five times what the chairman of the Joint Chiefs of Staff makes. Right? And these are people that are 32 years old. Do the math. [The NSA] has great competition," he said.

    The rate at which these cyber-tacticians are exiting public service has increased over the last several years and has gotten considerably worse over the last 12 months, multiple former NSA officials and D.C. area-based cybersecurity employers have told CyberScoop in recent weeks... In large part, Alexander blamed the press for propagating an image of the NSA that causes people to believe they are being spied on at all times by the U.S. government regardless of their independent actions.
    "What really bothers me is that the people of NSA, these folks who take paltry government salaries to protect this nation, are made to look like they are doing something wrong," the former NSA Director added. "They are doing exactly what our nation has asked them to do to protect us. They are the heroes."

    [Nov 25, 2016] Is Obama presiding over a national security state gone rogue? by

    National security state gone rogue is fascism. Frankly, I don't see evidence of huge abuse of US liberties. But I do see our foreign policy distorted by a counter-terror obsession
    Notable quotes:
    "... the government's interpretation of that law ..."
    "... "One reports a crime; and one commits a crime." ..."
    "... but does not include differences of opinion concerning public policy matters ..."
    Jun 21, 2013 | The Guardian

    Jump to comments (118)

    Two weeks ago, the Guardian began publishing a series of eye-opening revelations about the National Security Agency and its surveillance efforts both in the United States and overseas. These stories raised long-moribund and often-ignored questions about the pervasiveness of government surveillance and the extent to which privacy rights are being violated by this secret and seemingly unaccountable security apparatus.

    However, over the past two weeks, we've begun to get a clearer understanding of the story and the implications of what has been published – informed in part by a new-found (if forced upon them) transparency from the intelligence community. So here's one columnist's effort to sort the wheat from the chaff and offer a few answers to the big questions that have been raised.

    These revelations are a big deal, right?

    To fully answer this question, it's important to clarify the revelations that have sparked such controversy. The Guardian (along with the Washington Post) has broken a number of stories, each of which tells us very different things about what is happening inside the US government around matters of surveillance and cyber operations. Some are relatively mundane, others more controversial.

    The story that has shaped press coverage and received the most attention was the first one – namely, the publication of a judicial order from the Fisa court to Verizon that indicated the US is "hoovering" up millions of phone records (so-called "metadata") into a giant NSA database. When it broke, the story was quickly portrayed as a frightening tale of government overreach and violation of privacy rights. After all, such metadata – though it contains no actual content – can be used rather easily as a stepping-stone to more intrusive forms of surveillance.

    But what is the true extent of the story here: is this picture of government Big Brotherism correct or is this massive government surveillance actually quite benign?

    First of all, such a collection of data is not, in and of itself, illegal. The Obama administration was clearly acting within the constraints of federal law and received judicial approval for this broad request for data. That doesn't necessarily mean that the law is good or that the government's interpretation of that law is not too broad, but unlike the Bush "warrantless wiretapping" stories of several years ago, the US government is here acting within the law.

    The real question that should concern us is one raised by the TV writer David Simon in a widely cited blogpost looking at the issues raised by the Guardian's reporting, namely:

    "Is government accessing the data for the legitimate public safety needs of the society, or are they accessing it in ways that abuse individual liberties and violate personal privacy – and in a manner that is unsupervised."

    We know, for example, that the NSA is required to abide by laws that prevent the international targeting of American citizens (you can read more about that here). So, while metadata about phone calls made can be used to discover information about the individuals making the calls, there are "minimization" rules, procedures and laws that guide the use of such data and prevent possible abuse and misuse of protected data.

    The minimization procedures used by the NSA are controlled by secret Fisa courts. In fact, last year, the Fisa court ruled that these procedures didn't pass constitutional muster and had to be rewritten.

    Sure, the potential for abuse exists – but so, too, does the potential for the lawful use of metadata in a way that protects the privacy of individual Americans – and also assists the US government in pursuit of potential terrorist suspects. Of course, without information on the specific procedures used by the NSA to minimize the collection of protected data, it is impossible to know that no laws are being broken or no abuse is occurring.

    In that sense, we have to take the government's word for it. And that is especially problematic when you consider the Fisa court decisions authorizing this snooping are secret and the congressional intelligence committees tasked with conducting oversight tend to be toothless.

    But assumptions of bad faith and violations of privacy by the US government are just that assumptions. When President Obama says that the NSA is not violating privacy rights because it would be against the law, we can't simply disregard such statements as self-serving. Moreover, when one considers the privacy violations that Americans willingly submit to at airports, what personal data they give to the government in their tax returns, and what is regularly posted voluntarily on Facebook, sent via email and searched for online, highly-regulated data-mining by the NSA seems relatively tame.

    Edward Snowden: is he a hero or a traitor?

    One of the key questions that have emerged over this story is the motivation of the leaker in question, Edward Snowden. In his initial public interview, with Glenn Greenwald on 9 June, Snowden explained his actions, in part, thus:

    "I'm willing to sacrifice because I can't in good conscience allow the US government to destroy privacy, internet freedom and basic liberties for people around the world with this massive surveillance machine they're secretly building."

    Now, while one can argue that Snowden's actions do not involve personal sacrifice, whether they are heroic is a much higher bar to cross. First of all, it's far from clear that the US government is destroying privacy, internet freedom and basic liberties for people around the world. Snowden may sincere about being "valiant for truth", but he wouldn't be the first person to believe himself such and yet be wrong.

    Second, one can make the case that there is a public interest in knowing that the US is collecting reams of phone records, but where is the public interest – and indeed, to Snowden's own justification, the violation of privacy – in leaking a presidential directive on cyber operations or leaking that the US is spying on the Russian president?

    The latter is both not a crime it's actually what the NSA was established to do! In his recent online chat hosted by the Guardian, Snowden suggested that the US should not be spying on any country with whom it's not formally at war. That is, at best, a dubious assertion, and one that is at odds with years of spycraft.

    On the presidential directive on cyber operations, the damning evidence that Snowden revealed was that President Obama has asked his advisers to create a list of potential targets for cyber operations – but such planning efforts are rather routine contingency operations. For example, if the US military drew up war plans in case conflict ever occurred between the US and North Korea – and that included offensive operations – would that be considered untoward or perhaps illegitimate military planning?

    This does not mean, however, that Snowden is a traitor. Leaking classified data is a serious offense, but treason is something else altogether.

    The problem for Snowden is that he has now also leaked classified information about ongoing US intelligence-gathering efforts to foreign governments, including China and Russia. That may be crossing a line, which means that the jury is still out on what label we should use to describe Snowden.

    Shouldn't Snowden be protected as a whistleblower?

    This question of leakers v whistleblowers has frequently been conflated in the public reporting about the NSA leak (and many others). But this is a crucial error. As Tara Lee, a lawyer at the law firm DLA Piper, with expertise in defense industry and national security litigation said to me there is an important distinction between leakers and whistleblowers, "One reports a crime; and one commits a crime."

    Traditionally (and often technically), whistleblowing refers to specific actions that are taken to bring to attention illegal behavior, fraud, waste, abuse etc. Moreover, the US government provides federal employees and contractors with the protection to blow the whistle on wrongdoing. In the case of Snowden, he could have gone to the inspector general at the Department of Justice or relevant congressional committees.

    From all accounts, it appears that he did not go down this path. Of course, since the material he was releasing was approved by the Fisa court and had the sign-off of the intelligence committee, he had good reason to believe that he would have not received the most receptive hearing for his complaints.

    Nevertheless, that does not give him carte blanche to leak to the press – and certainly doesn't give him carte blanche to leak information on activities that he personally finds objectionable but are clearly legal. Indeed, according to the Intelligence Community Whistleblower Protection Act (ICWPA), whistleblowers can make complaints over matter of what the law calls "urgent concern", which includes "a serious or flagrant problem, abuse, violation of law or executive order, or deficiency relating to the funding, administration, or operations of an intelligence activity involving classified information, but does not include differences of opinion concerning public policy matters [my italics]."

    In other words, simply believing that a law or government action is wrong does not give one the right to leak information; and in the eyes of the law, it is not considered whistleblowing. Even if one accepts the view that the leaked Verizon order fell within the bounds of being in the "public interest", it's a harder case to make for the presidential directive on cyber operations or the eavesdropping on foreign leaders.

    The same problem is evident in the incorrect description of Bradley Manning as a whistleblower. When you leak hundreds of thousands of documents – not all of which you reviewed and most of which contain the mundane and not illegal diplomatic behavior of the US government – you're leaking. Both Manning and now Snowden have taken it upon themselves to decide what should be in the public domain; quite simply, they don't have the right to do that. If every government employee decided actions that offended their sense of morality should be leaked, the government would never be able to keep any secrets at all and, frankly, would be unable to operate effectively.

    So, like Manning, Snowden is almost certainly not a whistleblower, but rather a leaker. And that would mean that he, like Manning, is liable to prosecution for leaking classified material.

    Are Democrats hypocrites over the NSA's activities?

    A couple of days ago, my Guardian colleague, Glenn Greenwald made the following assertion:

    "The most vehement defenders of NSA surveillance have been, by far, Democratic (especially Obama-loyal) pundits. One of the most significant aspects of the Obama legacy has been the transformation of Democrats from pretend-opponents of the Bush "war on terror" and national security state into their biggest proponents."

    This is regular line of argument from Glenn, but it's one that, for a variety of reasons, I believe is not fair. (I don't say this because I'm an Obama partisan – though I may be called one for writing this.)

    First, the lion's share of criticism of these recent revelations has come, overwhelmingly, from Democrats and, indeed, from many of the same people, including Greenwald, who were up in arms when the so-called warrantless wiretapping program was revealed in 2006. The reality is that outside a minority of activists, it's not clear that many Americans – Democrats or Republicans – get all that excited about these types of stories. (Not that this is necessarily a good thing.)

    Second, opposition to the Bush program was two-fold: first, it was illegal and was conducted with no judicial or congressional oversight; second, Bush's surveillance policies did not occur in a vacuum – they were part of a pattern of law-breaking, disastrous policy decisions and Manichean rhetoric over the "war on terror". So, if you opposed the manner in which Bush waged war on the "axis of evil", it's not surprising that you would oppose its specific elements. In the same way, if you now support how President Obama conducts counter-terrorism efforts, it's not surprising that you'd be more inclined to view specific anti-terror policies as more benign.

    Critics will, of course, argue – and rightly so – that we are a country of laws first. In which case it shouldn't matter who is the president, but rather what the laws are that govern his or her conduct. Back in the world of political reality, though, that's not how most Americans think of their government. Their perceptions are defined in large measure by how the current president conducts himself, so there is nothing at all surprising about Republicans having greater confidence in a Republican president and Democrats having greater confidence in a Democratic one, when asked about specific government programs.

    Beyond that, simply having greater confidence in President Obama than President Bush to wield the awesome powers granted the commander-in-chief to conduct foreign policy is not partisanship. It's common sense.

    George Bush was, undoubtedly, one of the two or three worst foreign policy presidents in American history (and arguably, our worst president, period). He and Dick Cheney habitually broke the law, including but not limited to the abuse of NSA surveillance. President Obama is far from perfect: he made the terrible decision to surge in Afghanistan, and he's fought two wars of dubious legality in Libya and Pakistan, but he's very far from the sheer awfulness of the Bush/Cheney years.

    Unless you believe the US should have no NSA, and conduct no intelligence-gathering in the fight against terrorism, you have to choose a president to manage that agency. And there is nothing hypocritical or partisan about believing that one president is better than another to handle those responsibilities.

    Has NSA surveillance prevented terrorist attacks, as claimed?

    In congressional testimony this week, officials from the Department of Justice and the NSA argued that surveillance efforts stopped "potential terrorist events over 50 times since 9/11". Having spent far too many years listening to public officials describe terrifying terror plots that fell apart under greater scrutiny, this assertion sets off for me a set of red flags (even though it may be true).

    I have no doubt that NSA surveillance has contributed to national security investigations, but whether it's as extensive or as vital as the claims of government officials is more doubtful. To be honest, I'm not sure it matters. Part of the reason the US government conducts NSA surveillance in the first place is not necessarily to stop every potential attack (though that would be nice), but to deter potential terrorists from acting in the first place.

    Critics of the program like to argue that "of course, terrorists know their phones are being tapped and emails are being read", but that's kind of the point. If they know this, it forces them to choose more inefficient means of communicating, and perhaps to put aside potential attacks for fear of being uncovered.

    We also know that not every terrorist has the skills of a Jason Bourne. In fact, many appear to be not terribly bright, which means that even if they know about the NSA's enormous dragnet, it doesn't mean they won't occasionally screw up and get caught.

    Yet, this gets to a larger issue that is raised by the NSA revelations.

    When is enough counter-terrorism enough?

    Over the past 12 years, the US has developed what can best be described as a dysfunctional relationship with terrorism. We've become obsessed with it and with a zero-tolerance approach to stopping it. While the former is obviously an important goal, it has led the US to take steps that not only undermine our values (such as torture), but also make us weaker (the invasion of Iraq, the surge in Afghanistan, etc).

    To be sure, this is not true of every anti-terror program of the past dozen years. For example, the US does a better job of sharing intelligence among government agencies, and of screening those who are entering the country. And military efforts in the early days of the "war on terror" clearly did enormous damage to al-Qaida's capabilities.

    In general, though, when one considers the relatively low risk of terrorist attacks – and the formidable defenses of the United States – the US response to terrorism has been one of hysterical over-reaction. Indeed, the balance we so often hear about when it comes to protecting privacy while also ensuring security is only one part of the equation. The other is how do we balance the need to stop terrorists (who certainly aspire to attack the United States) and the need to prevent anti-terrorism from driving our foreign policy to a disproportionate degree. While the NSA revelations might not be proof that we've gone too far in one direction, there's not doubt that, for much of the past 12 years, terrorism has distorted and marred our foreign policy.

    Last month, President Obama gave a seminal speech at the National Defense University, in which he essentially declared the "war on terror" over. With troops coming home from Afghanistan, and drone strikes on the decline, that certainly seems to be the case. But as the national freakout over the Boston Marathon bombing – and the extraordinary over-reaction of a city-wide lockdown for one wounded terrorist on the loose – remind us, we still have a ways to go.

    Moreover, since no politician wants to find him- or herself in a situation after a terrorist attack when the criticism "why didn't you do more?" can be aired, that political imperative of zero tolerance will drive our counterterrorism policies. At some point, that needs to end.

    In fact, nine years ago, our current secretary of state, John Kerry, made this exact point; it's worth reviewing his words:

    "We have to get back to the place we were, where terrorists are not the focus of our lives, but they're a nuisance I know we're never going to end prostitution. We're never going to end illegal gambling. But we're going to reduce it, organized crime, to a level where it isn't on the rise. It isn't threatening people's lives every day, and fundamentally, it's something that you continue to fight, but it's not threatening the fabric of your life.''

    What the NSA revelations should spark is not just a debate on surveillance, but on the way we think about terrorism and the steps that we should be willing to take both to stop it and ensure that it does not control us. We're not there yet.

    007Prometheus

    No GCHQ - MI5 - MI6 - NSA - CIA - FBI etc........... ad nausem!

    How many Billions / Trillions are spent on these services? If 11/9 and 7/7 were homegrown attacks, then i think, they will take us all down with them.

    NOTaREALmerican

    @007Prometheus

    Re: How many Billions / Trillions are spent on these services?

    The wonderful thing about living in a "Keynesian" perpetually increasing debt paradise is you NEVER have to say you can't afford anything. (Well, unless you want to say it, but if you do it's just political bullshit).

    So, to answer your question... A "Keynesian" never asks how much, just how much do you want.

    bloopie2

    "Frankly, I don't see evidence of huge abuse of US liberties"

    Just wait until they come for you.

    bloopie2

    "When one considers the privacy violations that Americans willingly submit to at airports, what personal data they give to the government in their tax returns, and what is regularly posted voluntarily on Facebook, sent via email and searched for online, highly-regulated data-mining by the NSA seems relatively tame."

    Dear Sir: Please post your email addresses, bank accounts, and passwords. We'd like to look at everything.

    Got a problem with that?

    Tonieja

    "When one considers the privacy violations that Americans willingly submit to at airports, what personal data they give to the government in their tax returns, and what is regularly posted voluntarily on Facebook, sent via email and searched for online [...]"

    Wow! I don't really care about my personal email. I do care about all political activists, journalists, lawyers etc. That a journalist would support Stasi style surveillance state is astonishing.

    gisbournelove

    I wish I had the time to go through this article and demolish it sentence by sentence as it so richly deserves, but at the moment I don't. Instead, might I suggest to the author that he go to the guardian archive, read every single story about this in chronological order and then read every damn link posted in the comment threads on the three most recent stories.

    Most especially the links in the comment threads. If after that, he cannot see why we "civil libertarian freaks" are not just outraged, but frightened, he frankly lacks both historical knowledge and any ability to analyze the facts that are staring him in the face. I can't believe I am going to have to say this again but here goes: YOU do not get to give away my contitutional rights, Mr. Cohen.

    I don't give a shit how much you trust Obama compared to dubya. The Bill of Rights states in clear, unambiguous language what the Federal government may NOT do do its citizens no matter WHO is president.

    goodkurtz

    Michael Cohen
    Frankly, I don't see evidence of huge abuse of US liberties.

    Well of course you wont see them.
    But the abuses are very probably already happening on a one to one basis in the same shadows in which the intelligence was first gathered.

    [Nov 24, 2016] Dutch media company VPRO and Amsterdam based interactive design company Studio Moniker have created the site to remind online users about the big data and privacy

    Nov 24, 2016 | yro.slashdot.org
    (news.com.au) 74

    Posted by BeauHD on Tuesday November 22, 2016 @05:00AM from the creepy-websites dept.

    mi writes:

    The site called ClickClickClick annotates your every move on its one and only page . Turn on the sound to listen to verbal annotations in addition to reading them. The same is possible for, and therefore done by, the regular sites as they attempt to study visitors looking for various trends -- better to gauge our opinions and sell us things. While not a surprise to regular Slashdotters, it is certainly a good illustration...

    Dutch media company VPRO and Amsterdam based interactive design company Studio Moniker have created the site to remind online users about the "serious themes of big data and privacy." Studio Monkier designer Roel Wouters said , "It seemed fun to thematize this in a simple and lighthearted way."

    [Nov 18, 2016] On Clapper resignation

    Notable quotes:
    "... "Top US intelligence official: I submitted my resignation" As of January 20th or so. When he was going to be gone anyway. Just had to get his name in the news one more time. ..."
    "... Clapper has been like a difficult to eradicate sexually transmitted disease in the intelligence community. Unfortunately, I suspect he may have already infected others who will remain and pass it around. ..."
    Nov 18, 2016 | www.nakedcapitalism.com

    paulmeli November 17, 2016 at 3:00 pm

    "Top US intelligence official: I submitted my resignation" As of January 20th or so. When he was going to be gone anyway. Just had to get his name in the news one more time.

    Peter Pan November 17, 2016 at 6:37 pm

    Clapper has been like a difficult to eradicate sexually transmitted disease in the intelligence community. Unfortunately, I suspect he may have already infected others who will remain and pass it around.

    fresno dan November 17, 2016 at 6:54 pm

    paulmeli
    November 17, 2016 at 3:00 pm

    So, is Obama gonna pardon him? Silly me, I keep forgetting that indisputable violations of the law are not prosecuted when done by those at the top

    [Nov 07, 2016] Under the Din of the Presidential Race Lies a Once and Future Threat Cyberwarfare

    This neocon propagandists (or more correctly neocon provocateur) got all major facts wrong. And who unleashed Flame and Stuxnet I would like to ask him. Was it Russians? And who invented the concept of "color revolution" in which influencing of election was the major part of strategy ? And which nation instituted the program of covert access to email boxes of all major webmail providers? He should study the history of malware and the USA covert operations before writing this propagandist/provocateur opus to look a little bit more credible...
    Notable quotes:
    "... Email, a main conduit of communication for two decades, now appears so vulnerable that the nation seems to be wondering whether its bursting inboxes can ever be safe. ..."
    www.nytimes.com

    The 2016 presidential race will be remembered for many ugly moments, but the most lasting historical marker may be one that neither voters nor American intelligence agencies saw coming: It is the first time that a foreign power has unleashed cyberweapons to disrupt, or perhaps influence, a United States election.

    And there is a foreboding sense that, in elections to come, there is no turning back.

    The steady drumbeat of allegations of Russian troublemaking - leaks from stolen emails and probes of election-system defenses - has continued through the campaign's last days. These intrusions, current and former administration officials agree, will embolden other American adversaries, which have been given a vivid demonstration that, when used with some subtlety, their growing digital arsenals can be particularly damaging in the frenzy of a democratic election.

    "Most of the biggest stories of this election cycle have had a cybercomponent to them - or the use of information warfare techniques that the Russians, in particular, honed over decades," said David Rothkopf, the chief executive and editor of Foreign Policy, who has written two histories of the National Security Council. "From stolen emails, to WikiLeaks, to the hacking of the N.S.A.'s tools, and even the debate about how much of this the Russians are responsible for, it's dominated in a way that we haven't seen in any prior election."

    The magnitude of this shift has gone largely unrecognized in the cacophony of a campaign dominated by charges of groping and pay-for-play access. Yet the lessons have ranged from the intensely personal to the geostrategic.

    Email, a main conduit of communication for two decades, now appears so vulnerable that the nation seems to be wondering whether its bursting inboxes can ever be safe. Election systems, the underpinning of democracy, seem to be at such risk that it is unimaginable that the United States will go into another national election without treating them as "critical infrastructure."

    But President Obama has been oddly quiet on these issues. He delivered a private warning to President Vladimir V. Putin of Russia during their final face-to-face encounter two months ago, aides say. Still, Mr. Obama has barely spoken publicly about the implications of foreign meddling in the election. His instincts, those who have worked with him on cyberissues say, are to deal with the problem by developing new norms of international behavior or authorizing covert action rather than direct confrontation.

    After a series of debates in the Situation Room, Mr. Obama and his aides concluded that any public retaliation should be postponed until after the election - to avoid the appearance that politics influenced his decision and to avoid provoking Russian counterstrikes while voting is underway. It remains unclear whether Mr. Obama will act after Tuesday, as his aides hint, or leave the decision about a "proportional response" to his successor.

    Cybersleuths, historians and strategists will debate for years whether Russia's actions reflected a grand campaign of interference or mere opportunism on the part of Mr. Putin. While the administration has warned for years about the possibility of catastrophic attacks, what has happened in the past six months has been far more subtle.

    Russia has used the techniques - what they call "hybrid war," mixing new technologies with old-fashioned propaganda, misinformation and disruption - for years in former Soviet states and elsewhere in Europe. The only surprise was that Mr. Putin, as he intensified confrontations with Washington as part of a nationalist campaign to solidify his own power amid a deteriorating economy, was willing to take them to American shores.

    The most common theory is that while the Russian leader would prefer the election of Donald J. Trump - in part because Mr. Trump has suggested that NATO is irrelevant and that the United States should pull its troops back to American shores - his primary motive is to undercut what he views as a smug American sense of superiority about its democratic processes.

    Madeleine K. Albright, a former secretary of state who is vigorously supporting Hillary Clinton, wrote recently that Mr. Putin's goal was "to create doubt about the validity of the U.S. election results, and to make us seem hypocritical when we question the conduct of elections in other countries."

    If so, this is a very different use of power than what the Obama administration has long prepared the nation for.

    Four years ago, Leon E. Panetta, the defense secretary at the time, warned of an impending "cyber Pearl Harbor" in which enemies could "contaminate the water supply in major cities or shut down the power grid across large parts of the country," perhaps in conjunction with a conventional attack.

    [Oct 22, 2016] Botnets can use internet enabled devices other then PC, tablets and phones

    Oct 22, 2016 | www.nakedcapitalism.com

    Not mentioned in the News of the Wired snips: the Dyn DDOS was the latest using a megascale IOT botnet. Coming soon to a Smart Toaster|Thermostat|Fridge|WasherDryer|EggTimer|PencilSharpener|Dishwasher|GarbageCompacter|BabyMonitor near you!

    hunkerdown October 21, 2016 at 7:36 pm

    I suspect various enforcement agencies are using those cameras for something else, like mass video surveillance, and having just lost a lot of TLS vulnerabilities, are motivated to keep their sources' name out of the news (as befits TS/SI NOFORN projects), though steering the industry's and the commercial market economy's Confidence Fairy out of an imminent uncontrolled landing would suffice to explain the quiet.

    OpenThePodBayDoorsHAL October 21, 2016 at 7:38 pm

    For people who understand what that means it is mind-blowing, the processors in your parking garage gate or your nursery's NannyCam being used in a giant global concerto of digital disruption. Smells like the NSA in a desperate attempt to disrupt the flows from Wiki, they already gave the Clinton camp their best spyware (FoxAcid) and this would be par for the course given the level of lawbreaking and dirty tricks.

    cm October 22, 2016 at 1:13 am

    Will be illuminating to see if Congress demands IOT accountabilty. IMO the IOT manufacturers should be held to the same level of accountability as car manufacturers,

    [Oct 08, 2016] Yahoo Email Scanner Was Installed by Government

    Oct 07, 2016 | news.antiwar.com
    Software Could've Given NSA Much More Access Than Just Emails
    Former employees of Yahoo have corroborated this week's stories about the company scanning all emails coming into their servers on behalf of the NSA, saying that the "email scanner" software was not Yahoo-built, but actually made and installed by the US government .

    The employees, including at least one on Yahoo's own internal security team, reported finding the software on the email server and believing they were begin hacked, before executives informed them the government had done it. They described the software as a broader "rootkit" that could give the NSA access to much more than just emails.

    To make matters worse, the employees say the government's software was "buggy" and poorly-designed , meaning it could've given other hackers who discovered it the same access to the Yahoo server, adding to the danger it posed to customers' privacy.

    Yahoo itself has been mostly mum on the matter, issuing a statement claiming the initial reports were "misleading" but not elaborating at all. The NSA denied the claim outright, though they have been repeatedly caught lying about similar programs in the past.

    [Sep 26, 2016] Probe of leaked U.S. NSA hacking tools examines operatives mistake

    Notable quotes:
    "... A U.S. investigation into a leak of hacking tools used by the National Security Agency is focusing on a theory that one of its operatives carelessly left them available on a remote computer ..."
    "... The tools, which enable hackers to exploit software flaws in computer and communications systems from vendors such as Cisco Systems and Fortinet Inc, were dumped onto public websites last month by a group calling itself Shadow Brokers. ..."
    "... But officials heading the FBI-led investigation now discount both of those scenarios, the people said in separate interviews. NSA officials have told investigators that an employee or contractor made the mistake about three years ago during an operation that used the tools, the people said. ..."
    "... That person acknowledged the error shortly afterward, they said. But the NSA did not inform the companies of the danger when it first discovered the exposure of the tools, the sources said. Since the public release of the tools, the companies involved have issued patches in the systems to protect them. ..."
    "... Because the sensors did not detect foreign spies or criminals using the tools on U.S. or allied targets, the NSA did not feel obligated to immediately warn the U.S. manufacturers, an official and one other person familiar with the matter said. ..."
    Reuters
    A U.S. investigation into a leak of hacking tools used by the National Security Agency is focusing on a theory that one of its operatives carelessly left them available on a remote computer and Russian hackers found them, four people with direct knowledge of the probe told Reuters.

    The tools, which enable hackers to exploit software flaws in computer and communications systems from vendors such as Cisco Systems and Fortinet Inc, were dumped onto public websites last month by a group calling itself Shadow Brokers.

    The public release of the tools coincided with U.S. officials saying they had concluded that Russia or its proxies were responsible for hacking political party organizations in the run-up to the Nov. 8 presidential election. On Thursday, lawmakers accused Russia of being responsible

    ... ... ...

    But officials heading the FBI-led investigation now discount both of those scenarios, the people said in separate interviews. NSA officials have told investigators that an employee or contractor made the mistake about three years ago during an operation that used the tools, the people said.

    That person acknowledged the error shortly afterward, they said. But the NSA did not inform the c