Softpanorama
May the source be with you, but remember the KISS principle ;-)

Contents Bulletin Scripting in shell and Perl Network troubleshooting History Humor

Total Surveillance Regime: Big Uncle is Watching You

Mass surveillance is equal to totalitarism as Joseph Goebbels professed:
"if you have nothing to hide, then you have nothing to fear"

The slide above is courtesy of The Guardian
News National Security State Recommended Links Edward Snowden as Symbol of resistance to National Security State Privacy is Dead – Get Over It Neoliberalism as a New Form of Corporatism NSA revelations fallout NSA Surveillance
Totalitarian Decisionism The Re-emergence of Nazi Law Industrial Espionage Data Stealing Trojans Flame Duqu Trojan Magic Lantern CIPAV Cyberstalking
Interception of "in-transit" traffic as violation of human rights Search engines privacy Google Toolbar Is Google evil? Keywords in your posts that might trigger surveillance Blocking Facebook Facebook as Giant Database about Users Is national security state in the USA gone rogue ?
Damage to the US tech companies "Everything in the Cloud" Utopia Issues of security and trust in "cloud" env Email security How to analyze your own Web activity Interception of "in-transit" traffic as violation of human rights Steganography Building Snort-based IDS Infrastructure
Neoliberal Brainwashing: Journalism In the Service of the Powerful Few The Guardian Slips Beyond the Reach of Embarrassment Nineteen Eighty-Four   Cyberwarfare Prizm-related humor Etc
Version 1.4, Jan 8, 2015

Introduction

None are more hopelessly enslaved than those who falsely believe they are free.

- Goethe

1984 is supposed to be a warning, not an instruction manual

The troubling aspect about these disclosures is not so much their significance today, but what surveillance on the nation bodes for the future. Given human nature I am not optimistic.

Bill N. Cambridge MA, NYT.

NSA staff and private contractors have unfettered access to this information. I have a hard time believing that not one of them has used that access to information for personal or political gain. This system makes insider trading, industrial espionage, blackmail, and extortion an almost inevitable outcome. -- The Guardian (from comments).

New round of debates about the dominance of military industrial complex and the level of control it exert over civil society was caused by recent revelations about NSA activities in the USA.

Technology changes can really change the society. And not always in a beneficial for the society way. There is such thing as "blowback" in technologies. We can view recent NSA activities revealed by Snowden as a classic example of such blowback connected with the spread of Internet.  And it is a mistake to assume that such activities started with September 11 events and that Bush II was totally responsible for converting the USA into national-security state.  The technology was ready long before September 11 and what is available is always used by clandestine agencies.  They tend to adopt technology as soon as it is available, being in a pervert way "early adopters" of any communication technology. And this happens not only in the USA although the USA as technological leader was the most profoundly affected.

It might well be the Rubicon was crossed around JFK assassination time. On August 17, 1975 Senator Frank Church stated on NBC's Meet the Press without mentioning the name of the NSA (Church Committee - Wikipedia ):

In the need to develop a capacity to know what potential enemies are doing, the United States government has perfected a technological capability that enables us to monitor the messages that go through the air. Now, that is necessary and important to the United States as we look abroad at enemies or potential enemies. We must know, at the same time, that capability at any time could be turned around on the American people, and no American would have any privacy left such is the capability to monitor everything—telephone conversations, telegrams, it doesn't matter. There would be no place to hide.

If this government ever became a tyrant, if a dictator ever took charge in this country, the technological capacity that the intelligence community has given the government could enable it to impose total tyranny, and there would be no way to fight back because the most careful effort to combine together in resistance to the government, no matter how privately it was done, is within the reach of the government to know. Such is the capability of this technology.

I don't want to see this country ever go across the bridge. I know the capacity that is there to make tyranny total in America, and we must see to it that this agency and all agencies that possess this technology operate within the law and under proper supervision so that we never cross over that abyss. That is the abyss from which there is no return.[11]

The creation and use of databases of personal information and the systematic records (archives) of communications of citizens started simultaneously with NSA creation. The first targets were mail and telegraph. Some of this experience came from specialists of Third Reich. At the height of the Cold War in the 1950s, law enforcement and intelligence leaders like J. Edgar Hoover at the F.B.I. and Allen Dulles at the C.I.A. aggressively recruited onetime Nazis of all ranks as secret, anti-Soviet “assets,” declassified records show. They believed the ex-Nazis’ intelligence value against the Russians outweighed what one official called “moral lapses” in their service to the Third Reich. The agency hired one former SS officer as a spy in the 1950s, for instance, even after concluding he was probably guilty of “minor war crimes.” And in 1994, a lawyer with the C.I.A. pressured prosecutors to drop an investigation into an ex-spy outside Boston implicated in the Nazis’ massacre of tens of thousands of Jews in Lithuania, according to a government official (In Cold War, U.S. Spy Agencies Used 1,000 Nazis - NYTimes.com).

Recording of all email envelopes (which was also done for snail mail) started long before email was invented and became established practice since the WWII. It just a new name now -- collection of metadata. Recording metadata of phone calls and often the calls themselves first started before WWII and technology was polished on international calls, which for obvious reasons are of great interest to all governments.

We don't know then it was extended on domestic calls, this this was trivial extension of already existing capacity and probably abuse was stated gradually as soon as power of computers allow that. That means around 1958. Even in early 1960 three letter agencies were already semi-autonomous entities, a state within the state. And as assassination on President Kennedy had shown they were audacious enough to bypass Congress.

I think that the first attempt to create a comprehensive nation-wide intelligence network that monitors sentiments of the citizens and hunt enemies of the state goes as far bask as Napoleon and his famous minister of police Joseph Fouché. Or may be it even goes as far back as to Byzantine Empire with its first in history systematic network of spies. As for recording of mail envelopes, we can even claim that this function for international mail (in a form of "black chambers") is as old as states are. In the USA it started in full force in August 1919 when J. Edgar Hoover became head of the Bureau of Investigation's new General Intelligence Division—also known as the Radical Division because its explicit goal was to monitor and disrupt the work of domestic radicals.

Hoover and his chosen assistant, George Ruch monitored a variety of U.S. radicals with the intent to punish, arrest, or deport them. Targets during this period included Marcus Garvey; Rose Pastor Stokes and Cyril Briggs; Emma Goldman and Alexander Berkman; and future Supreme Court justice Felix Frankfurter, whom Hoover nicknamed as "the most dangerous man in the United States".

After 9/11 and the passage of the USA Patriot Act, the USA government got all the pre-conditions necessary for installing a regime of aggressive total surveillance. Which actually was a hidden intent and 9/11 was just a convenient pretext much like Tonkin incident in Vietnam war. And in this respect Ed Snowden whatever is his motivation (which might be not as simple as most people assume) did the right thin thing, when he with risk to his life informed the US public and the world about those activities. You may approve those revelations you may disapprove them (and they did damage the USA as a state), but keeping them secret from the US public is a crime.

NSA technically is a data collection agency. While it has legitimate function to monitor information that is crossing the national border, we need to understand that the abuse of this function and extension of it into domestic communications started nor after 9/11, but in 1950th. But the capacities to do this type of work had grown dramatically over last four decades. In a way NSA became a victim of growing power of computers and as well inherent tendency of bureaucracies, especially government bureaucracies to expand and self-justify their expansion. The classic case was the USSR where KGB was a real state within the state and sometimes it was not completely clear whether the Party controls KGB or KGB controls the Party.

In other words expansionism is an immanent quality, the second nature of large bureaucracies, and unless there is countervailing force it can be deadly for the society at large, as we observe in case with three letter agencies, which tend to escape from civil control and form a state within a state. In a way any state with powerful three-letter agencies stand with one leg in a tyranny, even if it class itself a democracy. and that fact was already known to everybody in 1975. Actually just after president Kennedy assassination, which, no matter which version of events you adopt, in all cases indirectly pointed out that three letter agencies jumped out of control of civil government. As one Guardian reader commented "The pernicious thing is that it is in the nature of bureaucracies in general and spy agencies in particular to expand beyond reason unless there is effective oversight. In the case of intelligence agencies it has proven impossible to control them."

The nature of bureaucracies in general and spy agencies in particular to expand beyond reason unless there is effective oversight. In the case of intelligence agencies it has proven impossible to control them.

But that also means that most of those efforts are highly politicized, inefficient waist of resources as typical for large bureaucracies which are not so far technological but political bodies (see Bureaucracy as a Political Coalition).

We can admire the immortal foresight of Secretary of State Henry Stimson's  who closed the Cipher Bureau in 1929.  But this highly ethical, moral and courageous act deprived the U.S. of the capacity to read foreign diplomatic cables as world-wide threats grew.  So it was quickly reversed. In a way technology dictates the level of government surveillance in the society and in Internet society it looks like this level is permanently set on "high". That does not mean that we can't fight it. Yes, we can ;-)

Against whom total surveillance is directed

Total surveillance is not about terrorism. It's about population control. Terrorism is a false pretext -- a smoke screen, if you like. Let's state clearly -- the main goal of total surveillance was the same since it was introduced in Nazi Germany. it's the same as in former German Democratic Republic (with its famous Stasi). In all cases it is to prevent any challenge to the ruling elite or in US-speak "regime change".   In other words total surveillance is part and parcel of the totalitarian state even if it more reserved as for violence form called inverted totalitarism.

State actors and well funded terrorist organization are a difficult nut to clack. that have access to technology and know how. that means that NSA has great difficulties intercepting and decoding traffic that is intended to be hidden. But for "open" traffic the situation is completely different. Here they are king of the hill.  Of cause correlation of open traffic can reveal some hidden information, but this is a pretty expensive undertaking.

The real questions about NSA activities


Concern about the NSA assault on our privacy is no paranoid fantasy. In the words of an agency PowerPoint slide released by Snowden, the goal is to "collect it all", "process it all" and "know it all". The massive surveillance program is a clear violation of the Forth amendment prohibiting "unreasonable searches" of "persons, houses, papers, and effects" without "probable cause."

- Gene Epstein. "In defence of Snowden",
review of "No Place to Hide" Barrons, Jan 5, 2015, p 17

Now everybody understand that since probably 2003 or even earlier that that he/she is watched 24 by 7, or as Soviet dissidents called it "Placed under the dome". Some question that we need to ask ourselves are:

All-in-all it's a good time to smell the coffee and talk about the rise of a new mutation of totalitarism (or may be even fascism -- as it is, essentially, the merger of corporate and state interests) in the US after 9/11. That's exactly what this "Internet-inspired" flavor of total surveillance due to modern technical capabilities means. There is also distinct shadow of STASI in all those activities. And some countries got into similar trap before, so nothing is new under the sun. As Reinhold Niebuhr noted:

"Communism is a vivid object lesson in the monstrous consequences of moral complacency about the relation of dubious means to supposedly good ends."

There is actually little difference between total surveillance as practiced by NSA and what was practiced by three letters agencies of Eastern block dictatorships such as STASI and KGB. The key goal in both cases is protection and preservation of power of existing elite against the will of common people. So this is more about oppression of 99.9% from top 0.1% then surveillance per see.

According to UN Human Right Council Report (17 April 2013) innovations in technology not only have increased the possibilities for communication and protections of free expression and opinion, enabling anonymity, rapid information-sharing and cross-cultural dialogues. They also simultaneously increased opportunities for State surveillance and interventions into individuals’ private communications facilitating to transformation of the state into National Security State, a form of corporatism characterized by continued and encompassing all forms of electronic communication electronic surveillance of all citizens.

Militarization of cyberspace makes Internet a very dangerous medium

We should view Snowden revelations in a larger context. Much of what he revealed about militarization of cyberspace was already known at the time when Flame and Stuxnet worms were discovered in 2011. He just dot the i's and cross the t's , so speak. As a result of his revelations, as The National Interest noted:

An increasing number of adversaries and even allies are coming to believe that the United States is militarizing cyberspace — and that impression of hubris and irresponsibility is beginning to have a real-world impact.

...The Snowden leaks have brought Stuxnet, the U.S.-Israeli program allegedly used to attack Iranian computer systems, back into public debate — and reminded us that the real damage of the Snowden revelations will be international.

...the perception that the United States has become a danger to the global internet is a cause for concern. In their understandable anger at the considerable damage Snowden has done (in the near term at the very least) to the operations of NSA and their allies, U.S. security officials should not lose sight of this fact.

Snowden’s claims build on the Stuxnet revelations. In doing so, they reinforce an impression of overbearing U.S. cyberpower (military and commercial) being used irresponsibly. That is strikingly at odds with the U.S. self-image as a standard bearer of internet freedom and “borderless” exchange, but it is a view that resonates around the world.

In fact the USA policies are stimulating economic and political rivals around the globe to organize and present unified front against this new and dangerous form of total surveillance. As well as implement similar domestic systems. In other words a new arm race started.

As methods and infrastructure of those activities are now revealed, the genie is out of the bottle and can't be put back -- the US now should expect the same or worse treatment from other nations. Which can be no less inventive, or even more inventive the USA specialists in this area. And in this new arm race economically weaker nations actually has some leverage. Blowback, a CIA term for unintended consequences of foreign, military, or clandestine policies, can be similar to the blowback of politically organizing Islamic radicals to fight Soviets in Afghanistan in the past.

Nemesis, the goddess of retribution and vengeance, the punisher of pride and hubris, probably already waits patiently for her meeting with the NSA brass.

Blowback can irreparably damage the ability of the United States to obtain crucial information in foreign environments that are poorly understood in Washington. The cultural divide that exists when operating away from home means that CIA and NSA frequently work overseas through a network of liaison contacts. This in theory limits their activity, but it broadens their ability to collect information that can only be plausibly obtained by a local organization with local capabilities. Though nearly everyone also operates clandestinely outside the parameters of the established relationships insofar as it is possible or expedient to do so, there is an awareness that being caught can cause grave damage to the liaison relationship. Because being exposed is nearly always very painful, such operations are normally limited to collection of critical information that the liaison partner would be unwilling to reveal.

So while it might be comforting to claim that “everyone does it” at least some of the time, and it may even be true that local spy agencies sometimes collaborated with NSA, the United States has a great deal to lose by spying on its friends. This is particularly true as Washington, uniquely, spies on everyone, all the time, even when there is no good reason for doing so.

NSA Blowback The American Conservative

Centralization of user activities on sites like Facebook, Amazon, Google, Microsoft, Yahoo, LinkedIn, with email account mainly at Gmail, Hotmail and Yahoo mail along with many positive aspects has tremendous negative side effects. The most significant is that it created a way too easy opportunity both for those organizations as well as government agencies and large corporations to data mine email and Web communications of millions of Americans critical about government (see Total control: keywords in your posts that might trigger surveillance) and all foreigners who use those services (and that includes a significant part of European population and Russia, who have Gmail, Facebook or Yahoo accounts). The history of "total surveillance" suggests that it tends to be abused. It is also huge, irreparable breach on trust in relation to allies. Closely resembles the situation in family when wife or husband learn that the other hired detective to snoop on you.

The analogy with KGB surveillance of dissidents (the Soviet term for total surveillance was "to be under the 'dome' ") and, especially, Stasi (viewing the film "The Lives of Others" might help to understand the phenomenon of "total surveillance") are way too close. At the same time there is an important difference: while such regime does mean indirect (and pretty effective) intimidation of dissidents, cases of prosecution on the base of the those data are either few or non existent, which is a big difference with KGB or Stasi practice. The latter aggressively pursued those who got in their net trying either to convert them into informers or charge them with the some suitable article of Criminal Code. In some cases that practice lead to suicides. So here we can talk more properly talk about total surveillance an instrument of Inverted Totalitarism, or totalitarism in velvet gloves.

We are talking about "passive total surveillance" and temporary (which might be several years or your lifetime) storage of all intercepted data. But in a way, Senator McCartney was probably right about "Communists sympathizers" and communist infiltration, he just was completely wrong about who they are ;-).

Every Breath You Take

Ich bin ein Berliner
J. F. Kennedy

The famous The Police hit Every Breath You Take should probably be the theme song for the NSA. As Dwight D. Eisenhower warned us in his famous speech:

In the councils of government, we must guard against the acquisition of unwarranted influence, whether sought or unsought, by the military-industrial complex. The potential for the disastrous rise of misplaced power exists and will persist.

Snowden revelations are not something new. The only real revelation was how much of it was going on domestically and gory details of such activities. Before 9/11 the NSA was basically prohibited from operating domestically. Of course it violates those prohibitions, but there were no systematic internal, all encompassing technical surveillance infrastructure in place. Now it is build and is deployed nation-wide. And that's a big change, big difference. Due to "novel" interpretation of a few provisions in the Patriot Act they created domestic dragnet which encompass most types of Internet communications. In addition to intercepting more then 70% of Internet traffic they also enjoy direct access to major cloud providers.

Total continued surveillance even without taking any action on collected data is totalitarian by its nature as it put severe restrictions of the freedom of expression. And like in the USSR, it does change people behavior on the Web. People start thinking about consequences and this page is one of attempts to collect information that might help you to see "bigger picture".

The key mechanism here, well known to those who used to live in the USSR before its dissolution is that people do react on the fact that everything they email, visit, buy on Amazon, etc is registered in giant database outside of their control. Internet will never be the same for most people after Snowden revelations...

The key mechanism here, well known to those who used to live in the USSR before its dissolution is that people do react on the fact that everything they email, visit, buy on Amazon, etc is registered in giant database outside of their control. Internet will never be the same for most people after Snowden revelations...

For example, no one in sound mind can now trust "cloud services" provided by Facebook, Google, Yahoo, Microsoft, etc. So attractiveness of Gmail, Hotmail and such are now different, then it was before. And separation of mail accounts between "junk mail" account and important mail account is something to think about. With the latter never in the cloud. In a way excessive using cloud services from a fashionable trend now became kind of indication of a person stupidity.

In a way excessive using of cloud services from a fashionable trend now became an indication of a person stupidity. There is no real justification of providing all your emails and address book to strangers who can abuse this information without your knowledge.

At the same time it is stupid to dramatize the situation. Still, what is really striking is the grotesque disproportionally of all this NSA surveillance "superdome" to the task of keeping the country safe from foreign enemies (NSA statute is about watching foreign communications), begging obvious questions of institutional sanity and competence. They turned all their super powerful collection mechanisms inside the country and now they drink from a firehouse. That means that the results and possibilities of abuse are pretty much predictable. Too many false positives create real danger of not to picking up weak signal. So the other question is "Who the hell made these decisions?" That's a lot of taxpayers money and I am not sure that they are well spend.

As for breach of privacy anyone with connected to Internet PC,  the first thing to understand that if somebody stores data in the cloud they should not expect any privacy, unless they encrypt them. Expecting that your unencrypted data are private is a sign of personal stupidity, no more no less. If somebody, who is keeping his address book in Google assumes that it remains private, that his own illusion. That has nothing to do with the reality.

And it not that only NSA threatens our privacy. After all there are millions of PC users that have computer(s) infected by spyware, which turns them into zombies, externally controlled monitoring devices. And such software BTW can pick up and offload, or encrypt for ransom all your data. I do not see much protest over this situation iether. Microsoft greed and stupidity is one reason for this dismal situation, but essentially any OS is vulnerable if enough money is invested in finding exploits.  And NSA actually created a market for such exploits. Now there are multiple "security firms" that do nothing then find "zero day" exploits and sell them to the highest bidder (which is of course government agencies).  Does not this reminds you 'war on drugs"?

In a way, any networked computer is an unsecure computer and should be treated as such. See Privacy is Dead – Get Over It. The same thing can be mentioned about a cell phone that is outside some metal box. That's two basic "laws of security" in the current environment.

But more important problem here is not snooping per se, but its interaction with self-profiling that you provide via social sites. If you are too enthusiastic about Facebook or Google++ or any similar site and engage regularly and indiscriminately in this "vanity fair" activity that simply means Privacy is Dead – Get Over It. You killed it yourself. The essence of the situation was exposed well in a humorous form in the following Amazon review of Orwell's novel 1984

Bjørn Anders See all my reviews

This is not an instruction manual!, June 14, 2013

This review is from: 1984: 60th-Anniversary Edition (Plume) (Paperback)

Note to US Congress and house of representatives: This is a fictional book, not an instruction manual...

Now we know what would a perfect prototype of Bid Brother ;-). The song (Every Breath You Take ) should probably be the theme song for the NSA. And not only NSA, but its counterparts in other parts of the globe; I think, other things equal, citizens of some other countries would greatly prefer NSA to their domestic counterparts.

Cell phones, laptops, Facebook, Skype, chat-rooms: all allow the NSA and other similar agencies to build a dossier, a detailed profile of a target and anyone associated with him/her. And the number of people caught up in this dragnet can be huge. The NSA say it needs all this data to help prevent another terrorist attack like 9/11. They lie. In order to find the needle in the haystack, they argue, they need access to the whole haystack. But one interesting side effect is that now they are drinking from the fire hose, so to speak.

The power of meta data collection

Another interesting side-effect of the Snowden disclosures that the term ‘metadata’ became a common word in English language. With the growing understanding that metadata includes enough personal information to built a detailed profile of a person without even listening into content of communications. This technology was invented in Iraq war for fighting insurgents (were phone companies were controlled by US) and now is applied at home. In fact, by just using electronic communications, you are sharing a lot more personal information than you think. It's a reflection of a fact that it is very cheap to collect and analyses information about your electronic communications. The digital revolution which led to an explosion in cell phone and internet use, also led to an explosion of snooping after you by the governments.

We need to distinguish "total collection" of data from "total analysis" (or creation of dossiers on everybody as was practiced by STASI and friends). Raw data contain both "signal" and "noise". Analysis or data mining of those raw data is the process of extraction of useful signal from the noise. Of course we should be so naive that to assume that "signal" is related to purely terrorist activities. As recently published documents had shown, the NSA interests are much wider ;-). In bald terms, it sets out its mission:

“Leverage unique key corporate partnerships to gain access to high-capacity international fiber-optic cables, switches and/or routes throughout the world.”

Along with major fiber-optic cables in the US, the NSA has access to data gathered by close intelligence partners such as Britain’s GCHQ.

Sometimes it appear to me that like Uncle Sam got "red disease" and now is trying to imitate "total surveillance" mantra of KGB, STASI and similar agencies on a new technological level. And the key lesson from Soviet experience is fully applicable to the current situation in the USA: when government consider everybody as a potential enemy you better watch your back. And having a cyberstooge following your every step more closely that it was possible for STASI spooks and informers is something you need to react to. Reading your address book, mail, list of books that you bought or borrowed from the library, analyzing your circuit of friends is what STASI was really good at. And it might well be that some unemployed specialists have found a new territory to apply their substantial talents.

The Snowden documents show that the NSA runs these surveillance programs through “partnerships” with major US telecom and internet companies. That means that if you are customer of those major telecom and Internet companies you are like a bug under the microscope.

It is important to understand that metadata of your communications will always be exposed (it other words you are always walking "naked" on the Internet) because those new surveillance capabilities are immanent properties of Internet protocols, as we known it. There is no way to encrypt connection metadata: this is technically impossible unless you owns a vast private VPN network (some large corporations do), but even in this case I have doubts. Even snail-mail metadata are collected (and from 50th to 80th letters were opened and selectively copied by CIA). Diplomatic mail might still be secure, but that's about it.

Technological blowback

Like with any new development there are countervailing trends that after Snowden revelation went in overdrive and can seriously affect NSA capabilities.

One is switching to encrypting communication with most websites such as YouTube. That prevent simple harvesting of video that you watched from HTTP logs (but does not prevent harvesting -- it can be done using other methods)

The second is usage of software like Tor, although I think all connection to Tor sites are closely monitored by NSA.

The third is usage of your own cashing DNS proxy to limit number of DNS requests you make.  

I also think that all those development might give steganography a huge boost.

The other areas of technology that might get huge boost due to Snowden revelations is "Browsing imitating internet robots" technology which permit to drown NSA collection devices in spam -- fake accesses to web sites that is very difficult to distinguish from real browsing, but that make all statistical metrics applied to your Web traffic useless.  For example top visited pages became completely bogus. 

Currently this requires some level of technical sophistication and available mostly to programmers and system administrators interested in "beating NSA back". Programs that have those capabilities are often marketed as proxy logs replayers,  or Apache logs replayers or debugging tools. See for example  Load Testing with JMeter Part 3 - Replaying Apache Logs and Charles Web Debugging Proxy  ( and http - Replaying a Charles proxy session and recording the results - Stack Overflow ). Actually good old Expect can do wonders here if logs are converted into expect scripts. Especially in combination with Javascript (Scalable, Flexible Performance Testing Replaying web server log)

Another danger to society: Lord Acton warning as applied to NSA

"Power tends to corrupt, and absolute power corrupts absolutely".

Lord Acton(1834–1902)

As Lord Acton(1834–1902) noted long before NSA started collecting all Internet communications "Power tends to corrupt, and absolute power corrupts absolutely". The history of "total surveillance" suggests that this is unavoidable side effect on the very institution that conducts: such an institution tends to escape the control of civil society and became a shadow power, the element of "deep state". 

The first grave consequence of total surveillance is that it tends to be abused. The history of "total surveillance" suggests that this is unavoidable side effect on the very institution that conducts: such an institution tends to escape the control of civil society and became a shadow power, the element of "deep state".  

And the ability to intercept electronic communications gives those who are in charge of such collection  tremendous political power. Please remember that J. Edgar Hoover was director of FBI very long time partially because he dug a lot of dirt on politicians of his time including both Kennedys. According to President Harry S Truman, Hoover transformed the FBI into his private secret police force. He used the FBI to harass political dissenters and activists, to amass secret files on political leaders, and to collect evidence using illegal methods. Essentially for half of the century he and his organization were out of control "state within the state" and nobody could do anything about it. Only after his death some measures were taken.

It's not that expanding bureaucracy per se is a problem. I doubt that those in the bureaucracy of those agencies do not think about larger consequences for societies of their attempts to expand their sphere of influence. It is much worse: they definitely knew about possible consequences, but go "full forward' anyway preferring job promotions and expansion of their influence. Like bureaucrats often do, they betrayed their nations like nomenklatura betrayed the people of the USSR (with a similar fig leaf of nice slogans about freedom as a smoke screen for pretty nefarious activities).

Elimination of possibility of opposition to the current regime

In case of NSA, this data on you, or particular political or social movement (for example "Occupy Wall Street") can be mined at any time, and what is even worse can be used to destroy any new political movement. And please remember that NSA is a just part of military-industrial complex, an entity that has some interesting political characteristics related to the term "the acquisition of unwarranted influence" . As Dwight D. Eisenhower warned us in his famous farewell speech (which introduced the term "military-industrial complex"):

In the councils of government, we must guard against the acquisition of unwarranted influence, whether sought or unsought, by the military-industrial complex. The potential for the disastrous rise of misplaced power exists and will persist.

People seldom understand that all three letter agencies are not just part of military industrial complex, but are the key parts. While ability of weapon manufactures to buy or just simply control Congress members matters, three-letter agencies is where "unwarranted influence" fully materialize. By definition they are out of control and as any bureaucracy they want to grow. That was clear to Senator Frank Church who stated on August 17, 1975 NBC's Meet the Press:

In the need to develop a capacity to know what potential enemies are doing, the United States government has perfected a technological capability that enables us to monitor the messages that go through the air. Now, that is necessary and important to the United States as we look abroad at enemies or potential enemies. We must know, at the same time, that capability at any time could be turned around on the American people, and no American would have any privacy left such is the capability to monitor everything—telephone conversations, telegrams, it doesn’t matter. There would be no place to hide.

If this government ever became a tyrant, if a dictator ever took charge in this country, the technological capacity that the intelligence community has given the government could enable it to impose total tyranny, and there would be no way to fight back because the most careful effort to combine together in resistance to the government, no matter how privately it was done, is within the reach of the government to know. Such is the capability of this technology.

I don’t want to see this country ever go across the bridge. I know the capacity that is there to make tyranny total in America, and we must see to it that this agency and all agencies that possess this technology operate within the law and under proper supervision so that we never cross over that abyss. That is the abyss from which there is no return.[11]

We can applaud his personal courage, but at this point it does not matter. The horse has left the barn. As sgtdoom commented The Guardian article NSA analysts 'willfully violated' surveillance systems, agency admits (August 24, 2013):

...let us be realistic and not fall for the usual story of this being a discrete event (all the latest surveillance, that is).

This dates back to the founding of the Financial-Intelligence-Complex during and in the aftermath of World War II, by the Wall Streeters for their super-rich bosses, the Rockefellers, Morgans, du Ponts, Mellons, Harrimans (now Mortimers), etc.

The most important factor that needs to be taken into account is the total surveillance make organized opposition to the regime impossible. So welcome to nicer, gentler, but no less totalitarian world of 1984 (aka "Back in USSR"). The key equation is very simple:

total surveillance = total control

That simple fact was well understood by various dictators and totalitarian regimes long ago, but none of them has had even a tiny fraction of technical capabilities NSA has now. I think one of the reason that Occupy movement completely dissipated so fast was that they were like a bug under microscope of the government. And government want them to stop harassing Wall Street sharks for their 2008 crisis misdeeds.

Instilling fear

Another important effect of "total surveillance" is instilling fear in the citizenry; fear that our thoughts, words and relationships are subject of interception and analysis; fear that all the content we access on the internet will be exposed. This fear can cause us to withdraw from public spaces like producing this website, censor our communications, refrain from accessing certain sites, buying certain books, etc.

An important effect of "total surveillance" is instilling fear in the citizenry; fear that our thoughts, words and relationships are subject of interception and analysis; fear that all the content we access on the internet will be exposed. This fear can cause us to withdraw from public spaces like producing this website, censor our communications, refrain from accessing certain sites, buying certain books, etc.

In other words understanding that you are watched on 24 x 7 basis modifies behavior and makes self-censorship your second nature exactly the same way as in any totalitarian state, but without any physical coercion. Here is one telling comment from Secret to Prism program Even bigger data seizure

wtpayne

Indeed: The intentions and motivations of the agencies in question; the degree of oversight and so on; is almost irrelevant. To a certain extent, I am content to believe that the intentions of the perpetrators is good; and that the oversight and abuse prevention systems that they have in place are strong.

However, none of that matters if people self-censor; if people worry, not about what the government of today will find objectionable, but what the government of tomorrow will not like. In effect, we end up censoring ourselves from a hypothetical worst-case future government.

Loss of privacy as a side effect of cloud-based Internet technologies


“Abandon all hope, ye who enter here.”

Maybe Dante had some serious vision.

The Guardian

We will concentrate on technical side of the this operation, trying to understand how much information can be stored about a regular "Joe Doer" based on technical capabilities that are available. Let's assume that we deal with mostly "passive surveillance": collection and storage of vast amount of Internet traffic on special computers using either mirrored ports on the key routers or special access to key providers of cloud services.

We can probably assume that several layers of storage of those data exist:

Technology development creates new types of communications as well as new types of government surveillance mechanisms (you can call them "externalities" of new methods of communication). Those externalities, especially low cost of mass surveillance (Wikipedia), unfortunately, bring us closer to the Electronic police state (Wikipedia) or National Security State whether we want it or not. A crucial element of such a state is that its data gathering, sorting and correlation are continuous, cover a large number of citizens and all foreigners, and those activities are seldom exposed.

Cloud computing as a technology that presuppose storing the data "offsite" have several security problems, and one of them is that it is way too much "surveillance friendly" (Misunderstanding of issues of security and trust). With cloud computing powers that be do not need to do complex job of recreating TCP/IP conversations on router level to capture, say, all the emails. You can access Web-based email mailbox directly with all mails in appropriate mailboxes and spam filtered. This is a huge saving of computational efforts ;-).

It means two things:

It puts you essentially in a situation of a bug under microscope on Big Brother. And please understand that modern storage capabilities are such that it is easy to store several years of at least some of your communications, especially emails.

The same is true about your phone calls metadata, credit card transactions and your activities on major shopping sites such as Amazon, and eBay. But here you can do almost nothing. Still I think our support of "brick" merchants is long overdue. Phones are traditional target of government three letter agencies (WSJ) since the WWII. Smartphones with GPS in addition to land line metadata also provide your current geo location. I do not think you can do much here.

I think our support of "brick" merchants is long overdue. And paying cash in the store in not something that you should try to avoid because credit card returns you 1% of the cost of the purchase. This 1% is actually a privacy tax ;-)

Total continued surveillance even without taking any action on collected data is totalitarian by its nature as it put severe restrictions of the freedom of expression and it changes people behavior on the Web. In this sense, Senator McCartney was probably right about "Communists sympathizers" and "KGB infiltration", he just was completely wrong about who they are ;-).

The centralization of searches on Google (and to lesser extent on Bing) are also serious threats to your privacy. Here diversification between three or more search engines might help a bit. Other then that and generally limited your time behind the computer I do not think much can be done. Growth of popularity of Duckduckgo suggests that people are vary of Google monopolizing the search, but it is unclear how big are the advantages. You can also save searches as many searches are recurrent and generally you can benefit from using your personal Web proxy with private cashing DNS server. This way to can "shrink" your radar picture, but that's about it. Search engines are now an integral part of our civilization whether we want it or not.

Collection of your searches for the last several years can pretty precisely outline sphere of your interests. And again technical constrains on storage of data no longer exists: how we can talk about privacy at the age of 3 TB harddrives for $99. There are approximately 314 million of the US citizens and residents, so storing one gigabyte of information for each citizen requires just 400 petabytes. For comparison

Films to Understand the Phenomenon

The analogy with KGB surveillance of dissidents (the term was "to be under the "kolpak" (dome) ") and, especially, Stasi (viewing the film "The Lives of Others" might help to understand the phenomenon of "total surveillance") are way too close. And psychological effects of anticipating that you are under total surveillance are well depicted in the final of the film The Conversation (1974) directed by famous Francis Ford Coppola

At the same time there is an important difference: while both regimes creates implicit intimidation and squash dissent, cases of prosecution on the base of the those data are either few or non existent. Which is a big difference with KGB or Stasi practice, which aggressively pursued those dissidents who got in their net, trying either to convert them into informers, or prosecute them using the existing articles of Criminal Code. In some cases that led to suicides. So here we can talk more about Inverted Totalitarism, a velvet gloves mode of suppressing of dissent.

Your email in toxic cloud

Still it is now dramatically more clear then before that centralization of email accounts and user activities on sites like Facebook, Amazon, Google, Microsoft, Yahoo, LinkedIn, with email accounts mainly at Gmail, Hotmail and Yahoo mail is far from being a positive development. Along with many positive aspects has tremendous negative side effects. Essentially it turns users into spies on themselves in a way that would be a dream by Stasi. The most significant is that it created an easy opportunities to data mine email databases both for those organizations as well as various government agencies and, possibly (in a limited way for special payment) by large corporations.

Those tendencies probably should be at least resisted, but we do not have means to reverse them.

Attempts to data mine email and Web communications of millions of Americans critical about government (see Total control: keywords in your posts that might trigger surveillance) and all foreigners who use those services (and that includes a significant part of European population and xUSSR area, who often use Gmail, Facebook or Yahoo accounts) means that the country became a National Security State. With all relevant consequences of such a transformation.

And interest in content of your "cloud based" email is not limited to the government:

A sweeping Wall Street Journal investigation in 2010 found that the biggest U.S. websites have technologies tracking people who visit their pages, sometimes upwards of 100 tools per site. One intrusive string of code even recorded users’ keystrokes and transmitted them to a data-gathering firm for analysis.

“A digital dossier over time is built up about you by that site or third-party service or data brokers,” says Adam Thierer, senior research fellow at the Mercatus Center’s Technology Policy Program at George Mason University. “They collect these data profiles and utilize them to sell you or market you better services or goods.”

This is what powers the free Internet we know and love; users pay nothing or next to nothing for services — and give up pieces of personal information for advertisers in exchange. If you search for a Mini Cooper on one website, you’re likely to see ads elsewhere for lightweight, fuel-efficient cars. Companies robotically categorize users with descriptions such as “urban upscale” to “rural NASCAR” to tailor the advertising experience, says Jim Harper of the libertarian Cato Institute. “They’ll use ZIP codes and census data to figure out what their lifestyle profile is.”

Tracking your Web access

Most of the site you visit those days was found via search engine, often Google. But Google is interested in more then search terms you use and sometimes plays with you a nasty trick: "Google may choose to exhibit its search results in the form of a 'URL redirector,'" reads Google's main privacy policy. That means that any time it wishes Google can spy on your Web activity:

"When Google uses a URL redirector, if you click on a URL from a search result, information about the click is sent to Google."

Few people check the URL before clicking on Google search results, so in a way this is perfect spying tool.

But there is another powerful spying tool in Google arsenal -- Google toolbar, and I am not sure that all those trick were not reused in Google browser. Google Toolbar sends all user clicks to Google, if advanced mode is enabled (and many people do enable it because they want to have spelling correction available which, conveniently for Google, belongs to the set of advanced features). This way you voluntarily subscribe to a 24x7 monitoring of your web activity using spyware that is installed on your computer with your consent. For the same reason recent smartphones fashion looks greatly misguided. It is better to use regular phone, then smartphone, and the last thing you probably want on your smartphone is Android OS or iOS, or windows 8 OS. In some deep way unlocked Nokia 1280 looks now much more attractive (and is way cheaper ;-).

Google Toolbar in advanced mode is another common snooping tool about your activities. It send each URL you visit to Google and you can be sure that from Google several three letter agencies get this information as well. After all Google has links to them from the very beginning:

Effects on behavior

As soon as they realize that they are watched, people start thinking about consequences and this article is a pretty telling (albeit slightly paranoid ;-) illustration of the effect. The key mechanism here, well known to those who used to live in the USSR before its dissolution is that people preemptively change their behavior, if they know or suspect that they got "under the dome" of government surveillance, that all their emails are intercepted, all web site visits recorded, anything they buy on Amazon, etc is registered in giant database outside of their control.

The angle under which will we try to cover the story is: the situation is such and such, now what? What are the most appropriate actions and strategy of behavior of people who are concerned about their privacy and no longer trust "cloud services" provided by Facebook, Google, Yahoo, Microsoft, etc ( and those who trust those providers should probably stop reading at this point). It is impossible to close all those accounts. But some can and should be closed; for example POP3 mail can replace web mail for all "important" mail; this way you avoid "cloud storage" of all your important correspondence. It is impossible not to use search engines, but you can chose which search language to use. It is impractical not to use smartphone and for Android phone you can't avoid registration -- that's the only way to get updates from Google, but you can root the phone, remove some snooping components and use Firefox instead of Chrome. But not it is clear that if mobile web browsing and checking email on your phone is not your thing you are better off with a very simple phone such as Nokia 1280.

The first and the most obvious "change we can believe in" is that we need to change our attitude toward cloud services and especially cloud services from large providers. Now the most reasonable assumption is that most national cloud providers including major retailers are in bed with the government three letter agencies. So you need to be careful what you browse for on Amazon, similarly to what you write from Gmail and Hotmail.

In a way, excessive usage of cloud services from a fashionable trend now became kind of indication of a person stupidity. It is important to understand that for anybody more or less competent with computers (or willing to learn), anything Facebook or Gmail or Hotmail can offer, regular small ISP account with Cpanel can offer with less risk for your privacy for, say, $5 a month or less. And your privacy definitely cost more then $60 a year.

In a way excessive using of cloud services from a fashionable trend now became an indication of a person stupidity. For anybody more or less competent with computers (or willing to learn), anything Facebook or Gmail can offer, regular ISP account with Cpanel can offer too with less risk for your privacy.

At the same time it is also stupid to over-dramatize the situation and isolate yourself by abandoning Internet communications and restricting usage of cell-phone. The reasonable hypothesis is that today’s surveillance is a side effect of new technological developments and it is a new fact of life. It is just a new level of information gathering, which has been going on since the Byzantine Empire. And it is still limited by technological capabilities of sifting through mass of communications. But at the same time, quantity does at one point turns into quality, so the danger is real and as such could providers are suspect by definition. In no way they are new level of technological development. In sense they are one step forward, two sets back.

Also being engages in foreign wars has an interesting side effect that technologies invented come home and used against citizens (naked capitalism). That's actually the origin of indiscriminant collection of metadata used now.

But at the same time we need to understand that there are millions of PC users that have computer(s) infected by spyware, which can make your computer a zombie. And world did not perished due to that.

Still the key lesson is unmistakable: from now on, any networked computer is an unsecure computer that can't be trusted really confidential information, unless it is isolated by firewall and proxy. And if we assume that it is unsecured computer, them it should be treated it as such. The first step is that all confidential data should be deleted and moved to removable storage. In case you need to work with it as much as possible should be done on non-networked computers, limiting the exposure of your data to bare minimum. And the less powerful computer you use for processing you confidential data, the best; the less powerful OS you use, the best (what about using Windows 98 or DOS for those who can still remember it ? ;-). From now on "retro-computing" movement now is inherently linked with the issues of security and privacy and might get a new life.

This retro-computing idea might create a new life for abandoned computers that are in excess in almost every family ;-) See Privacy is Dead – Get Over It. The same thing can be mentioned about a cell phone, which should be as simple as possible. Not all people really benefit from browsing the Web from their smartphones. If you are really paranoid you can think storing you cell phone at home in a metal box ;-).

In other words there are two new "laws of computer security":

But more important problem here is not snooping per se, but voluntarily self-profiling that you provide via social sites. If you are way too enthusiastic about Facebook or Google++ or any similar site and engage regularly and indiscriminately in this "vanity fair" activity you put yourselves voluntarily under surveillance. So not only Privacy is Dead – Get Over It. You killed it yourself. The essence of the situation was exposed well in a humorous form in the following Amazon review of Orwell's novel 1984

Bjørn Anders See all my reviews

This is not an instruction manual!, June 14, 2013

This review is from: 1984: 60th-Anniversary Edition (Plume) (Paperback)

Note to US Congress and house of representatives: This is a fictional book, not an instruction manual...

BTW just after Prism program was revealed in June 2013, Nineteen Eighty-Four became a bestseller on Amazon. As of June 15, 2013 it was #87 in Fiction. If you never have a chance to read it, please do it now. and again, if you think that this revelation of Prism program is a big news, you probably are mistaken. Many people understood that as soon new technical capabilities of surveillance are available they are instantly put to use. As John H. Summers noted in his review (The Deciders - New York Times) of John Mill "Power elite":

...official secrecy steadily expanded its reach.

"For the first time in American history, men in authority are talking about an 'emergency' without a foreseeable end,"

Mills wrote in a sentence that remains as powerful and unsettling as it was 50 years ago.

"Such men as these are crackpot realists: in the name of realism they have constructed a paranoid reality all their own."

Adding insult to injury: Self-profiling

Facebook has nothing without people
silly enough to exchange privacy for photosharing

The key problem with social sites is that many people voluntarily post excessive amount of personal data about themselves, including keeping their photo archives online, etc. So while East Germany analog of the Department of Homeland Security called Ministry for State Security (Stasi) needed to recruit people to spy about you, now you yourself serves as a informer voluntarily providing all the tracking information about your activities ;-).

Scientella, palo alto

...Facebook always had a very low opinion of peoples intelligence - and rightly so!

I can tell you Silicon Valley is scared. Facebook's very existence depends upon trusting young persons, their celebrity wannabee parents and other inconsequential people being prepared to give up their private information to Facebook.

Google, now that SOCIAL IS DEAD, at least has their day job also, of paid referral advertising where someone can without divulging their "social" identity, and not linking their accounts, can look for a product on line and see next to it some useful ads.

But Facebook has nothing without people silly enough to exchange privacy for photosharing.

... ... ...

Steve Fankuchen, Oakland CA

Cook, Brin, Gates, Zuckerberg, et al most certainly have lawyers and public relations hacks that have taught them the role of "plausible deniability."

Just as in the government, eventually some low or mid-level flunkie will likely be hung out to dry, when it becomes evident that the institution knew exactly what was going on and did nothing to oppose it. To believe any of these companies care about their users as anything other than cash cows is to believe in the tooth fairy.

The amount of personal data which users of site like Facebook put voluntarily on the Web is truly astonishing. Now anybody using just Google search can get quit substantial information about anybody who actively using social sites and post messages in discussion he/she particulates under his/her own name instead of a nickname. Just try to see what is available about you and most probably your jaw would drop...

This is probably right time for the users of social sites like Facebook, Google search, and Amazon (that means most of us ;-) to think a little bit more about the risks we are exposing ourselves. We all should became more aware about the risks involved as well as real implications of the catch phase Privacy is Dead – Get Over It.

This is probably right time for the users of social sites like Facebook, Google search, and Amazon (that means most of us ;-) to think a little bit more about the risks we are exposing ourselves.

As Peter Ludlow noted in NYT (The Real War on Reality):

If there is one thing we can take away from the news of recent weeks it is this: the modern American surveillance state is not really the stuff of paranoid fantasies; it has arrived.

Citizens of foreign countries have accounts at Facebook and mail accounts in Gmail, hotmail and Yahoo mail are even in less enviable position then the US citizens. They are legitimate prey. No legal protection for them exists, if they use those services. That means that they voluntarily open all the information they posted about themselves to the US government in addition to their own government. And the net is probably more wide then information leaked by NSA contractor Edward Snowden suggests. For any large company, especially a telecom corporation, operating is the USA it might be dangerous to refuse to cooperate (Qwest case).

Former Qwest CEO Joseph Nacchio, convicted of insider trading in April 2007, alleged in appeal documents that the NSA requested that Qwest participate in its wiretapping program more than six months before September 11, 2001. Nacchio recalls the meeting as occurring on February 27, 2001. Nacchio further claims that the NSA cancelled a lucrative contract with Qwest as a result of Qwest's refusal to participate in the wiretapping program.[13] Nacchio surrendered April 14, 2009 to a federal prison camp in Schuylkill, Pennsylvania to begin serving a six-year sentence for the insider trading conviction. The United States Supreme Court denied bail pending appeal the same day.[15]

It is not the case of some special evilness of the US government. It simply is more agile to understand and capitalize on those new technical opportunities. It is also conveniently located at the center of Internet universe with most traffic is flowing via US owned or controlled routers (67% or more). But it goes without saying that several other national governments and a bunch of large corporations also try to mine this new gold throve of private information on citizens. Probably with less sophistication and having less financial resources.

In many cases corporations themselves are interested in partnership with the government. Here is one telling comment:

jrs says on June 8, 2013

Yea in my experience that’s how “public/private partnerships” really work:

  1. Companies DO need protection FROM the government. An ill-conceived piece of legislation can put a perfectly decent out of business. Building ties with the government is protection.
  2. Government represents a huge market and eventually becomes one of the top customers for I think most businesses (of course the very fact that a government agency is a main customer is often kept hush hush even within the company and something you are not supposed to speak of as an employee even though you are aware of it)
  3. Of course not every company proceeds to step 3 -- being basically an arm of the government but ..

That means that not only Chinese citizens already operate on the Internet without any real sense of privacy. Even if you live outside the USA the chances are high that you automatically profiled by the USA instead of or in addition to your own government. Kind of neoliberalism in overdrive mode: looks like we all are already citizens of a global empire (Let's call it " Empire of Peace" ) with the capital in Washington.

It is reasonable to assume that a massive eavesdropping apparatus now tracks at least an "envelope" of every electronic communication you made during your lifetime. No need for somebody reporting about you like in "old" totalitarian state like East Germany with its analog of the Department of Homeland Security called the Ministry for State Security (Stasi). So in this new environment, you are like Russians used to say about dissidents who got under KGB surveillance is always "under the dome". In this sense this is just an old vine in a new bottles. But the global scope and lifetime storage of huge amount of personal information for each and every citizen is something new and was made possible the first time in world history by new technologies.

It goes without saying that records about time, sender and receiver of all your phone calls, emails, Amazon purchases, credit card transactions, and Web activities for the last decade are stored somewhere in a database and not necessary only government computers. And that means that your social circle (the set of people you associate with), books and films that you bought, your favorite websites, etc can be easily deducted from those records.

That brings us to an important question about whether we as consumers should support such ventures as Facebook and Google++ which profile you and after several years have a huge amount of pretty private and pretty damaging information about you, information which can get into wrong hands.

Recent discoveries about Prism program: quantity turned into quality.

The most constructive approach to NSA is to view is a large government bureaucracy that expanded to the extent that quantity turned into quality.

Any large bureaucracy is a political coalition with the primary goal of preserving and enhancing of its own power, no matter what are official declarations. And if breaching your privacy helps they will do it. Which is what Bush government did after 9/11. The question is how much bureaucratic bloat resulting in classic dynamics of organizational self-aggrandizement and expansionism happened in NSA. We don't know how much we got in exchange for undermining internet security and US constitution. But we do know the intelligence establishment happily appropriated billions of dollars, had grown by thousand of employees and got substantial "face lift" and additional power within the executive branch of government. To the extent that something it looks like a shadow government. And now they will fight tooth-and nail to protect the fruits of a decade long bureaucratic expansion. Now it is an Intelligence Church and like any religious organization they do not need fact to support their doctrine and influence.

Typically there is an infighting and many factions within any large hierarchical organization, some with and some without factual awareness of the rest. Basically any hierarchical institution corporate, religious, military will abuse available resources for internal political infighting. And with NSA "big data" push this is either happening or just waiting to happen. This is a danger of any warrantless wiretapping program: it naturally convert itself into a saga of eroding checks and disappearing balance. And this already happened in the past, so in a way it is just act two of the same drama (WhoWhatWhy):

After media revelations of intelligence abuses by the Nixon administration began to mount in the wake of Watergate, NSA became the subject of Congressional ire in the form of the United States Senate Select Committee to Study Governmental Operations with Respect to Intelligence Activities—commonly known as the “Church Committee” after its chair, Senator Frank Church (D-ID)—established on January 17, 1975. This ad-hoc investigative body found itself unearthing troves of classified records from the FBI, NSA, CIA and Pentagon that detailed the murky pursuits of each during the first decades of the Cold War. Under the mantle of defeating communism, internal documents confirmed the executive branch’s use of said agencies in some of the most fiendish acts of human imagination (including refined psychological torture techniques), particularly by the Central Intelligence Agency.

The Cold War mindset had incurably infected the nation’s security apparatus, establishing extralegal subversion efforts at home and brutish control abroad. It was revealed that the FBI undertook a war to destroy homegrown movements such as the Black Liberation Movement (including Martin Luther King, Jr.), and that NSA had indiscriminately intercepted the communications of Americans without warrant, even without the President’s knowledge. When confronted with such nefarious enterprises, Congress sought to rein in the excesses of the intelligence community, notably those directed at the American public.

The committee chair, Senator Frank Church, then issued this warning about NSA’s power:

That capability at any time could be turned around on the American people and no American would have any privacy left, such is the capability to monitor everything. Telephone conversations, telegrams, it doesn’t matter. There would be no place to hide. If this government ever became a tyranny, if a dictator ever took charge in this country, the technological capacity that the intelligence community has given the government could enable it to impose total tyranny, and there would be no way to fight back, because the most careful effort to combine together in resistance to the government, no matter how privately it was done, is within the reach of the government to know. Such is the capability of this technology. I don’t want to see this country ever go across the bridge. I know the capability that is there to make tyranny total in America, and we must see to it that this agency and all agencies that possess this technology operate within the law and under proper supervision, so that we never cross over that abyss. That is the abyss from which there is no return.

The reforms that followed, as enshrined in the Foreign Intelligence Surveillance Act (FISA) of 1978, included the establishment of the Foreign Intelligence Surveillance Court (FISC): a specially-designated panel of judges who are allowed to review evidence before giving NSA a warrant to spy on Americans (only in the case of overseas communication). Hardly a contentious check or balance, FISC rejected zero warrant requests between its inception in 1979 and 2000, only asking that two warrants be “modified” out of an estimated 13,000.

In spite of FISC’s rubberstamping, following 9/11 the Bush administration began deliberately bypassing the court, because even its minimal evidentiary standard was too high a burden of proof for the blanket surveillance they wanted. So began the dragnet monitoring of the American public by tapping the country’s major electronic communication chokepoints in collusion with the nation’s largest telecommunications companies.

When confronted with the criminal conspiracy undertaken by the Bush administration and telecoms, Congress confirmed why it retains the lowest approval rating of any major American institution by “reforming” the statute to accommodate the massive law breaking. The 2008 FISA Amendments Act [FAA] entrenched the policy of mass eavesdropping and granted the telecoms retroactive immunity for their criminality, withdrawing even the negligible individual protections in effect since 1979. Despite initial opposition, then-presidential candidate Barack Obama voted for the act as one of his last deeds in the Senate. A few brave (and unsuccessful) lawsuits later, this policy remains the status quo.

Similarly we should naturally expect that the notion of "terrorist" is flexible and in certain cases can be equal to "any opponent of regime". While I sympathize NYT readers reaction to this incident (see below), I think it is somewhat naive. They forget that they are living under neoliberal regime which like any rule of top 0.01% is afraid of and does not trust its own citizens. So massive surveillance program is a self-preservation measure which allow to crush or subvert the opposition at early stages. This is the same situation as existed with Soviet nomenklatura, with the only difference that Soviet nomenklatura was more modest pushing the USSR as a beacon of progress and bright hope of all mankind ;-). As Ron Paul noted:

Many of us are not so surprised.

Some of us were arguing back in 2001 with the introduction of the so-called PATRIOT Act that it would pave the way for massive US government surveillance—not targeting terrorists but rather aimed against American citizens. We were told we must accept this temporary measure to provide government the tools to catch those responsible for 9/11. That was nearly twelve years and at least four wars ago.

We should know by now that when it comes to government power-grabs, we never go back to the status quo even when the “crisis” has passed. That part of our freedom and civil liberties once lost is never regained. How many times did the PATRIOT Act need renewed? How many times did FISA authority need expanded? Why did we have to pass a law to grant immunity to companies who hand over our personal information to the government?

And while revealed sources of NSA Prism program include Apple, Google, Facebook, Microsoft, Yahoo and others major Internet players, that's probably just a tip of the iceberg. Ask yourself a question, why Amazon and VISA and MasterCard are not on the list? According to The Guardian:

The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document obtained by the Guardian.

The NSA access is part of a previously undisclosed program called Prism, which allows officials to collect material including search history, the content of emails, file transfers and live chats, the document says.

... ... ...

Microsoft – which is currently running an advertising campaign with the slogan "Your privacy is our priority" – was the first, with collection beginning in December 2007. It was followed by Yahoo in 2008; Google, Facebook and PalTalk in 2009; YouTube in 2010; Skype and AOL in 2011; and finally Apple, which joined the program in 2012. The program is continuing to expand, with other providers due to come online.

Collectively, the companies cover the vast majority of online email, search, video and communications networks

... ... ...

A chart prepared by the NSA, contained within the top-secret document obtained by the Guardian, underscores the breadth of the data it is able to obtain: email, video and voice chat, videos, photos, voice-over-IP (Skype, for example) chats, file transfers, social networking details, and more.

So while the document does not list Amazon, but I would keep fingers crossed.

Questions that arise

To be aware about a situation you need to be able to formulate and answer key questions about it. The first and the most important question is whether the government is engaged in cyberstalking of law abiding citizens. Unfortunately the answer is definite yes, as oligarchy needs total control of prols. As a result National Security State rise to prominence as a dominant social organization of neoliberal societies, the societies which characterized by very high level of inequality.

But there are some additional, albeit less important questions. The answers to them determine utility or futility of small changes of our own behavior in view of uncovered evidence. Among possible set of such question I would list the following:

There are also some minor questions about efficiency of "total surveillance approach". Among them:

The other part of understand the threat is understanding is what data are collected. The short answer is all your phone records and Internet activity (RT USA):

The National Security Agency is collecting information on the Internet habits of millions of innocent Americans never suspected of criminal involvement, new NSA documents leaked by former intelligence contractor Edward Snowden suggest.

Britain’s Guardian newspaper reported Monday that top-secret documents included in the trove of files supplied by the NSA contractor-turned-leaker Edward Snowden reveal that the US intelligence community obtains and keeps information on American citizens accumulated off the Internet without ever issuing a search warrant or opening an investigation into that person.

The information is obtained using a program codenamed Marina, the documents suggest, and is kept by the government for up to a full year without investigators ever having to explain why the subject is being surveilled.

Marina has the ability to look back on the last 365 days' worth of DNI metadata seen by the Sigint collection system, regardless whether or not it was tasked for collection,” the Guardian’s James Ball quotes from the documents.

According to a guide for intelligence analysts supplied by Mr. Snowden, “The Marina metadata application tracks a user's browser experience, gathers contact information/content and develops summaries of target.”

"This tool offers the ability to export the data in a variety of formats, as well as create various charts to assist in pattern-of-life development,” it continues.

Ball writes that the program collects “almost anything” a Web user does online, “from browsing history – such as map searches and websites visited – to account details, email activity, and even some account passwords.”

Only days earlier, separate disclosures attributed to Snowden revealed that the NSA was using a massive collection of metadata to create complex graphs of social connections for foreign intelligence purposes, although that program had pulled in intelligence about Americans as well.

After the New York Times broke news of that program, a NSA spokesperson said that “All data queries must include a foreign intelligence justification, period.” As Snowden documents continue to surface, however, it’s becoming clear that personal information pertaining to millions of US citizens is routinely raked in by the NSA and other agencies as the intelligence community collects as much data as possible.

In June, a top-secret document also attributed to Mr. Snowden revealed that the NSA was collecting the telephony metadata for millions of Americans from their telecom providers. The government has defended this practice by saying that the metadata — rough information that does not include the content of communications — is not protected by the US Constitution’s prohibition against unlawful search and seizure.

Metadata can be very revealing,” George Washington University law professor Orin S. Kerr told the Times this week. “Knowing things like the number someone just dialed or the location of the person’s cellphone is going to allow them to assemble a picture of what someone is up to. It’s the digital equivalent of tailing a suspect.”

According to the Guardian’s Ball, Internet metadata picked up by the NSA is routed to the Marina database, which is kept separate from the servers where telephony metadata is stored.

Only moments after the Guardian wrote of its latest leak on Monday, Jesselyn Radack of the Government Accountability Project read a statement before the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs penned by none other than Snowden himself.

When I began my work, it was with the sole intention of making possible the debate we see occurring here in this body,” Snowden said.

Snowden, who has been granted temporary asylum in Russia after being charged with espionage in the US, said through Raddack that “The cost for one in my position of returning public knowledge to public hands has been persecution and exile.”

Limits to spying via data collected about you

If the NSA's mining of data traffic is so effective, why weren't Tsarnaev's family's overseas calls predictive of a bombing at the Boston Marathon?

-Helen Corey WSJ.com

There are limits of this "powerful analytical software" as it currently used. As we mentioned above, even if NSA algorithms are incredibly clever they can't avoid producing large number of false positives. After two year investigation into the post 9/11 intelligence agencies, the Washington Post came to conclusion that they are collecting more information than anyone can comprehend ("drinking from a firehose" or "drowning is a sea of data"):

Every day, collection systems at the National Security Agency intercept and store 1.7 billions e-mails, phone calls and other types of communications. The NSA sorts a fraction of those into 70 separate databases"

First of all there is a classic problem of "signal vs. noise" (infoglut) in any large scale data collection and presence of noise in the channel makes signal much more difficult to detect.

Analysts who make sense of document and conversations obtained by foreign and domestic spying share their judgment by publishing 50,000 intelligence reports each year -- a volume so large that many are routinely ignored

The enormity of the database exacerbate the problem. That's why NSA is hunting for email on cloud providers, where they are already filtered from spam, and processing required is much less then for emails intercepted from the wire data. Still even with the direct access to user accounts, the volume of data, especially graphic (pictures) and video data, is really huge and that stress the limits of processing capabilities and storage.

Existence of Snowden saga when a single analyst was able to penetrate the system and extract considerable amount information with impunity suggests that the whole Agency is mess, probably like is typical for any large organization with a lot of incompetents or, worse, careerists and psychopaths  at the helm (see Toxic Managers). Which is typical for government agencies and large corporations.

Still the level of logs collection and internal monitoring in NSA proved to be surprisingly weak, as there are indirect signs that the agency does not even know what reports Snowden get into his hands. In any case we, unless this is a very clever inside operation, we need to assume that Edward Snowden stole thousands of documents, abused his sysadmin position in the NSA, and was never caught. Here is one relevant comment from The Guardian

carlitoontour

Oh NSA......that´s fine that you cannot find something......what did you tell us, the World and the US Congress about the "intelligence" of Edward Snowden and the low access he had?

SNOWDEN SUSPECTED OF BYPASSING ELECTRONIC LOGS

WASHINGTON (AP) -- The U.S. government's efforts to determine which highly classified materials leaker Edward Snowden took from the National Security Agency have been frustrated by Snowden's sophisticated efforts to cover his digital trail by deleting or bypassing electronic logs, government officials told The Associated Press. Such logs would have showed what information Snowden viewed or downloaded.

The government's forensic investigation is wrestling with Snowden's apparent ability to defeat safeguards established to monitor and deter people looking at information without proper permission, said the officials, who spoke on condition of anonymity because they weren't authorized to discuss the sensitive developments publicly.

http://hosted.ap.org/dynamic/stories/U/US_NSA_SURVEILLANCE_SNOWDEN?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2013-08-24-09-41-24

On the other hand government agencies were never good in making huge and complex software projects work. And large software projects are a very difficult undertaking in any case. Even in industry 50% of software projects fail, and anybody who works in the industry knows, that the more complex the project is the higher are chances that it will be mismanaged and its functionality crippled due to architectural defects ("a camel is a horse designed by a committee"). It is given that such project will be over budget. Possibly several times over...

But if money is not a problem such system will eventually be completed ("with enough thrust pigs can fly"). Still there’s no particular reason to think that corruption (major work was probably outsourced) and incompetence (on higher management levels and, especially on architectural level as in "camel is a horse designed by a committee") don't affect the design and functionality of such government projects. Now when this activity come under fire some adjustments might be especially badly thought out and potentially cripple the existing functionality.

As J. Kirk Wiebe, a NSA insider, noted

"The way the government was going about those digital data flows was poor formed, uninformed. There seen to be more of a desire to contract out and capture money flow then there was a [desire} to actually perform the mission".

See the interview of a trio of former National Security Agency whistle-blowers to USA TODAY ( J. Kirk Wiebe remarks starts at 2:06 and the second half of it continues from 6:10):

In military organizations the problem is seldom with the talent (or lack of thereof) of individual contributors. The problem is with the bureaucracy that is very effective in preventing people from exercising their talents at the service of their country. Such system is deformed in such a way that it hamstrings the men who are serving in it. As a results, more often then not the talents are squandered or misused by patching holes created by incompetence of higher-up or or just pushed aside in the interdepartmental warfare.

In a way, incompetence can be defined as the inability to avoid mistakes which, in a "normal" course of project development could and should be avoided. And that's the nature of military bureaucracy with its multiple layer of command and compete lack of accountability on higher levels.

In addition, despite the respectable name of the organization many members of technical staff are amateurs. They never managed to sharpen their technical skills, while at the same time acquiring the skills necessary to survive the bureaucracy. Many do not have basic academic education and are self-taught hackers and/or "grow on the job". Typically people at higher level of hierarchy, are simply not experts in software engineering, but more like typical corporate "PowerPoint" warriors. They can be very shred managers and accomplished political fighters, but that's it.

This is the same situation that exists in security departments of large multinationals, so we can extrapolate from that. The word of Admiral Nelson "If the enemy would know what officer corps will confront them, it will be trembling, like I am". Here is Bill Gross apt recollection of his service as naval officer (The Tipping Point) that illustrate the problems:

A few years ago I wrote about the time that our ship (on my watch) was almost cut in half by an auto-piloted tanker at midnight, but never have I divulged the day that the USS Diachenko came within one degree of heeling over during a typhoon in the South China Sea. “Engage emergency ballast,” the Captain roared at yours truly – the one and only chief engineer. Little did he know that Ensign Gross had slept through his classes at Philadelphia’s damage control school and had no idea what he was talking about. I could hardly find the oil dipstick on my car back in San Diego, let alone conceive of emergency ballast procedures in 50 foot seas. And so…the ship rolled to starboard, the ship rolled to port, the ship heeled at the extreme to 36 degrees (within 1 degree, as I later read in the ship’s manual, of the ultimate tipping point). One hundred sailors at risk, because of one twenty-three-year-old mechanically challenged officer, and a Captain who should have known better than to trust him.

Huge part of this work is outsourced to various contractors and this is where corruption really creeps in. So the system might be not as powerful as many people automatically assume when they hear the abbreviation of NSA. So in a way when news about such system reaches public it might serve not weakening but strengthening of the capabilities of the system. Moreover, nobody would question the ability of such system to store huge amount of raw or semi-processed data including all metadata for your transactions on the Internet.

Also while it is a large agency with a lot of top mathematic talent, NSA is not NASA and motivation of the people (and probably quality of architectural thinking about software projects involved) is different despite much better financing. While they do have high quality people, like most US agencies in general, large bureaucracies usually are unable to utilize their talent. Mediocrities with sharp elbows, political talent, as well as sociopaths typically rule the show.

That means two things:

So even with huge amount of subcontractors that can chase mostly "big fish". Although one open question is why with all those treasure trove of data organized crime is so hard to defeat. Having dataset like this should generally expose all the members of any gang. Or, say, network of blue collar insider traders. So in an indirect way the fact that organized crime not only exists and in some cities even flourish can suggest one of two things:

There is also a question of complexity of analysis:

Possibility of abuses of collected data

Errors in algorithms and bugs in those programs can bite some people in a different way then branding them as "terrorists". Such people have no way of knowing why all of a sudden, for example, they are paying a more for insurance, why their credit score is so low no matter what they do, etc. In no way government in the only one who are using the mass of data collected via Google / Facebook / Yahoo / Microsoft / Verizon / Optonline / AT&T / Comcast, etc. It also can lead to certain subtle types of bias if not error. And there are always problems of intentional misuse of data sets having extremely intimate knowledge about you.

Corporate corruption can lead to those data that are shared with the government can also be shared for money with private actors. Inept use of this unconstitutionally obtained data is a threat to all of us.

Then there can be cases when you can be targeted just because you are critical to the particular area of government policy, for example the US foreign policy. This is "Back in the USSR" situation in full swing, with its prosecution of dissidents. Labeling you as a "disloyal/suspicious element" in one of government "terrorism tracking" databases can have drastic result to your career and you never even realize whats happened. Kind of Internet era McCarthyism .

Obama claims that the government is aware about this danger and tried not to overstep, but he is an interested party in this discussion. In a way government is pushed in this area by the new technologies that open tremendous opportunities for collecting data and making some correlations.

That's why even if you are doing nothing wrong, it is still important to know your enemy, as well as avoid getting into some traps. One typical trap is excessive centralization of your email on social sites, including using a single Webmail provider. It is much safer to have mail delivery to your computer via POP3 and to use Thunderbird or other email client. If your computer is a laptop, you achieve, say, 80% of portability that Web-based email providers like Google Gmail offers. That does not mean that you should close your Gmail or Yahoo account. More important is separating email accounts into "important" and "everything else". "Junk mail" can be stored on Web-based email providers without any problems. Personal emails is completely another matter.

Conclusions

#14 Gus Hunt, the chief technology officer at the CIA: "We fundamentally try to collect everything and hang onto it forever."

New Internet technology developments has huge "Externality":
Profiling is now really easy and almost automatic, especially with your own help

Technology development create new types of communications as well as new types of government surveillance mechanisms (you can call them "externalities" of new methods of communication). Those externalities, especially low cost of mass surveillance (Wikipedia), unfortunately, bring us closer to the Electronic police state (Wikipedia) or National Security State whether we want it or not. A crucial element of such a state is that its data gathering, sorting and correlation are continuous, cover a large number of citizens and all foreigners and those activities are seldom exposed.

Cloud computing as a technology that presuppose storing the data "offsite" on third party servers have several security problems, and one of them is that it is way too much "surveillance friendly" (Misunderstanding of issues of security and trust). With cloud computing powers that be do not need to do complex job of recreating TCP/IP conversations on router level to capture, say, all the emails. You can access Web-based email mailbox directly with all mails in appropriate mailboxes and spam filtered. Your address book is a bonus ;-). This is huge saving of computational efforts.

See


Top updates

Softpanorama Switchboard
Softpanorama Search


NEWS CONTENTS

Old News ;-)

Total Surveillance Bulletin, 2014 Total Surveillance Bulletin, 2013

Total Surveillance Bulletin, 2012

[Feb 15, 2017] Flynn Resignation Is a Surveillance State Coup Nightmare

The globalist mafia is trying to destroy Trump. There might be the same part of intelligence community which is still loyal to Bill and Hillary Clinton.
Still Flynn discussing sanctions, which could have been a violation of an 18th century law, the Logan Act, that bars unauthorized citizens from brokering deals with foreign governments involved in disputes with the United States.
Keith Kellogg links with Oracle my be as asset to Trump team.
Feb 15, 2017 | www.breitbart.com

As far back as the passage of the Patriot Act after 9/11, civil libertarians worried about the surveillance state, the Panopticon, the erosion of privacy rights and due process in the name of national security.

Paranoid fantasies were floated that President George W. Bush was monitoring the library cards of political dissidents. Civil libertarians hailed NSA contractor Edward Snowden as a hero, or at least accepted him as a necessary evil, for exposing the extent of Internet surveillance under President Barack Obama.

Will civil libertarians now speak up for former National Security Adviser Michael Flynn, whose career has been destroyed with a barrage of leaked wiretaps? Does anyone care if those leaks were accurate or legal?

Over the weekend, a few honest observers of the Flynn imbroglio noted that none of the strategically leaked intercepts of his conversations with Russian Ambassador Sergey Kislyak proved he actually did anything wrong .

The media fielded accusations that Flynn discussed lifting the Obama administration's sanctions on Russia – a transgression that would have been a serious violation of pre-inauguration protocol at best, and a prosecutable offense at worst. Flynn ostensibly sealed his fate by falsely assuring Vice President Mike Pence he had no such discussions with Kislyak, prompting Pence to issue a robust defense of Flynn that severely embarrassed Pence in retrospect.

On Tuesday, Eli Lake of Bloomberg News joined the chorus of skeptics who said the hive of anonymous leakers infesting the Trump administration never leaked anything that proved Flynn lied to Pence:

He says in his resignation letter that he did not deliberately leave out elements of his conversations with Ambassador Sergey Kislyak when he recounted them to Vice President Mike Pence. The New York Times and Washington Post reported that the transcript of the phone call reviewed over the weekend by the White House could be read different ways. One White House official with knowledge of the conversations told me that the Russian ambassador raised the sanctions to Flynn and that Flynn responded that the Trump team would be taking office in a few weeks and would review Russia policy and sanctions . That's neither illegal nor improper.

Lake also noted that leaks of sensitive national security information, such as the transcripts of Flynn's phone calls to Kislyak, are extremely rare. In their rush to collect a scalp from the Trump administration, the media forgot to tell its readers how unusual and alarming the Flynn-quisition was:

It's very rare that reporters are ever told about government-monitored communications of U.S. citizens, let alone senior U.S. officials. The last story like this to hit Washington was in 2009 when Jeff Stein, then of CQ, reported on intercepted phone calls between a senior Aipac lobbyist and Jane Harman, who at the time was a Democratic member of Congress.

Normally intercepts of U.S. officials and citizens are some of the most tightly held government secrets. This is for good reason. Selectively disclosing details of private conversations monitored by the FBI or NSA gives the permanent state the power to destroy reputations from the cloak of anonymity. This is what police states do.

In the past it was considered scandalous for senior U.S. officials to even request the identities of U.S. officials incidentally monitored by the government (normally they are redacted from intelligence reports). John Bolton's nomination to be U.S. ambassador to the United Nations was derailed in 2006 after the NSA confirmed he had made 10 such requests when he was Undersecretary of State for Arms Control in George W. Bush's first term. The fact that the intercepts of Flynn's conversations with Kislyak appear to have been widely distributed inside the government is a red flag.

While President Trump contemplated Flynn's fate on Monday evening, the Wall Street Journal suggested: "How about asking if the spooks listening to Mr. Flynn obeyed the law?" Among the questions the WSJ posed was whether intelligence agents secured proper FISA court orders for the surveillance of Flynn.

That s the sort of question that convulsed the entire political spectrum, from liberals to libertarians, after the Snowden revelations. Not long ago, both Democrats and Republicans were deeply concerned about accountability and procedural integrity for the sprawling surveillance apparatus developed by our law enforcement and intelligence agencies. Those are among the most serious concerns of the Information Age, and they should not be cast aside in a mad dash to draw some partisan blood.

There are several theories as to exactly who brought Flynn down and why. Was it an internal White House power struggle, the work of Obama administration holdovers, or the alligators of the "Deep State" lunging to take a bite from the president who promised to "drain the swamp?"

The Washington Free Beacon has sources who say Flynn's resignation is "the culmination of a secret, months-long campaign by former Obama administration confidantes to handicap President Donald Trump's national security apparatus and preserve the nuclear deal with Iran."

Flynn has prominently opposed that deal. According to the Free Beacon, this "small task force of Obama loyalists" are ready to waylay anyone in the Trump administration who threatens the Iran deal, their efforts coordinated by the sleazy Obama adviser who boasted of his ability to manipulate the press by feeding them lies, Ben Rhodes.

Some observers are chucking at the folly of Michael Flynn daring to take on the intelligence community, and paying the price for his reckless impudence. That is not funny – it is terrifying. In fact, it is the nightmare of the rogue NSA come to life, the horror story that kept privacy advocates tossing in their sheets for years.

Michael Flynn was appointed by the duly elected President of the United States. He certainly should not have been insulated from criticism, but if he was brought down by entrenched, unelected agency officials, it is nearly a coup – especially if, as Eli Lake worried on Twitter, Flynn's resignation inspires further attacks with even higher-ranking targets:

This was a major error for @Reince & @mike_pence It's now open season on this administration from without and within. #FlynnResignation

- Eli Lake (@EliLake) February 14, 2017

Lake's article caught the eye of President Trump, who endorsed his point that intelligence and law enforcement agencies should not interfere in U.S. politics:

Thank you to Eli Lake of The Bloomberg View – "The NSA & FBI should not interfere in our politics and is" Very serious situation for USA

- Donald J. Trump (@realDonaldTrump) February 15, 2017

On the other hand, Bill Kristol of the Weekly Standard openly endorsed the Deep State overthrowing the American electorate and overturning the results of the 2016 election:

Obviously strongly prefer normal democratic and constitutional politics. But if it comes to it, prefer the deep state to the Trump state.

- Bill Kristol (@BillKristol) February 14, 2017

Among the many things hideously wrong with this sentiment is that the American people know absolutely nothing about the leakers who brought Flynn down, and might be lining up their next White House targets at this very moment. We have no way to evaluate their motives or credibility. We didn't vote for them, and we will have no opportunity to vote them out of office if we dissent from their agenda. As mentioned above, we do not know if the material they are leaking is accurate .

Byron York of the Washington Examiner addressed the latter point by calling for full disclosure:

Important that entire transcript of Flynn-Kislyak conversation be released. Leakers have already cherrypicked. Public needs to see it all.

- Byron York (@ByronYork) February 14, 2017

That is no less important with Flynn's resignation in hand. We still need to know the full story of his downfall. The American people deserve to know who is assaulting the government they voted for in 2016. They deserve protection from the next attempt to manipulate our government with cherry picked leaks.

They also deserve some intellectual consistency from those who have long and loudly worried about the emergence of a surveillance state, and from conservatives who claim to value the rule of law. Unknown persons with a mysterious agenda just made strategic use of partial information from a surveillance program of uncertain legality to take out a presidential adviser.

Whether it's an Obama shadow government staging a Beltway insurrection, or Deep State officials protecting their turf, this is the nightmare scenario of the post-Snowden era or are we not having that nightmare anymore, if we take partisan pleasure in the outcome?

[Feb 15, 2017] Google, Youtube and net neutarality

Feb 15, 2017 | www.nakedcapitalism.com
Eureka Springs , February 15, 2017 at 7:22 am

Net neutrality has always been confined to the narrowest of meanings to a point of being self-defeating by simply self-kettling ourselves into such limited fights/expectations. I know you coastal and big city elites (that's half snark) will never understand much more empathize or rally with us flyover deplorables who are limited to 10 gigs a month no matter what provider we use, no matter how much we pay. I recently read that most homes with fiber now utilize over a thousand gigs a month that one HD movie can be much more bandwidth than my entire monthly 70 bucks can buy.

Over twenty years ago the entire U.S. should have established high speed affordable unlimited fiber to every home on the grid and that's where the argument should be today. It covers the neutrality issue and so, so very much more. And it is far more inclusive of many more people who would benefit in so many ways. It's way past time to remove the internet highway system. Separate the content providers, the monitors, data mining, from the public highway system itself. That's where the beginning of neutrality should begin.

So yes, point out the most egregious hypocrites in the misleadership class, but don't let them all win by keeping us divided and losing within the extremely limited confines of their argument.

oh , February 15, 2017 at 8:59 am

Among the many promises that Barry broke was the one to provide hi speed internet. One grifter follows another!
We the people need to set some discrete goals and protest. Calling or writing to the Congress critters will not work. We need to storm their office on behalf each issue.

Sally , February 15, 2017 at 2:14 pm

"Separate the content providers, the monitors, data mining, from the public highway system itself. That's where the beginning of neutrality should begin."

That is the key point.

Trump would be an idiot if he allowed the likes of Google/UTube, Facebook, big tech boys to be able to start rigging the content because his campaign relied hugely on the Internet. A lot of his support by-passed the traditional TV/Newspaper media. I heard that Twitter are apparantly using ways and means to make his Twitter acccount only see hostile responses for the first 100 or so responses. Have no idea if that's true but some of these firms are getting very close to utility status.

Anti trust laws should be wheeled out. They are already on the books.

likbez , February 15, 2017 at 2:45 pm

Your comment is awaiting moderation.

Companies such as Netflix are essentially subsidized by telecom providers. So this is a model that somewhat reminds me of Uber.

The same is true for Google (especially YouTube part of it) and Facebook. When somebody tries to download 4.7Gb movie that affects other people on the same subnet,

On the other hand if, for example, popular blogs are forced to pay per gigabyte of consumed bandwidth, that is as close to censorship as we can get. 1000 gigabytes per month that is consumed by a medium site even at $1 per gigabyte is $1000 per month rent. And guess who will be able to afford it.

There are a lot complex nuances here. For example, everybody who use wireless at home are not in the same group as who are using landlines (fiber or cable) even if they live in metropolitan areas. They are closer to flyover country residents.

Also as soon as something is not metered some sophisticated forms of abuse emerge. For example, some corporations are abusing public networks by switching to "home office" model which dramatically cuts the required office and parking space. Several corporations built their new headquarters with the assumption that only half of employees are present at any given day (so called hotel model). When employees view some clueless corporate video conference via VPN that affects their neighborhood the same way as heavy Netflix users. Excessive WebEx videoconferences have a similar effect.

Quanka , February 15, 2017 at 8:08 am

+1 to Eureka Springs.

Go back to Bill Clinton's administration when Verizon was a fledgling company and the government gave massive subsidies to the Telecoms to do exactly what Eureka Springs notes: bring fast, reliable internet service across the country. Fast forward to today - those companies took all the subsidies, didn't build out shit for network capacity, and now spend all their money lobbying to give themselves more power and limit net neutrality.

If there were a microcosm for this whole problem, this is it. Dems give big subsidies to corporate players, dont track the work/take for granted that they "did something" and then get caught flat footed. Now we are all left to battle it out for the scraps. Exactly where we were 20 years ago.

Watching the Oroville Dam, juxtaposing with all this "infrastructure spending" talk - everyone should be weary b/c we've been here before with Telecoms.

cocomaan , February 15, 2017 at 9:12 am

+1 to both of you!

It reminds me of the land grant system that enabled the railroad industry to thrive.

Guess what happened to Southern Pacific Railroad Company, who benefited greatly from this government intervention? Later, they turned into Sprint ( S outhern P acific R ailroad I nternal N etworking T elephony)!

Scott , February 15, 2017 at 9:41 am

I really wish I could get more worked up about Net Neutrality, but I can't. I'm deeply concerned about the high prices and lack of availability in much of the country, but I find that much of the debate boils down to conflict between Silicon Valley and the Telcos about who controls the internet. Content providers (Facebook, Google, Netflix) want to use the network effects to manipulate public opinion in their favored version of Net Neutrality, which seems to involve universal unmetered broadband, which ISPs must build out to meet demand, shifting costs from the providers to the ISPs, while profits go the other way. Meanwhile the ISPs do the tricks described in the post and overchange customers for poor service. I have little sympathy for either group.

My general belief is that broadband should be cheap, universal, regulated, and, yes, metered. The latter would encourage high volume users and content providers to change their behavior and technology to use bandwidth more efficiently, which would reduce the size of the infrastructure needed over the long-term. I would also include search neutrality at the same time, but for some reason that doesn't have the same level of support among the technology industry.

[Feb 12, 2017] Washington Post Caught Spreading More Fake News About Russian Hackers Zero Hedge

Notable quotes:
"... Use a linux system Kirk, no need for firewalls, Firefox with duckduckgo search, set options to clear after every session, Adblocker, it's not Tor, but the best open option. ..."
"... I am using DuckDuckGo.Com for search (and looking at YaCy) ..."
"... I also use Firefox for my browser, with AdBlockplus, Flasblock, EFF's Privacy Badger, and a password management app called LastPass (which gives me unique, 16-character, random passwords for each of my sites). ..."
"... Another thing to suggest is to use a private e-mail. ..."
"... I long ago gave up yahoo and g-mail(never had one) ..."
Dec 31, 2016 | www.zerohedge.com

Readers of the Washington Post received some alarming news yesterday when the paper published a story alleging that those pesky "Russian hackers" were up to their no good tricks again and had managed to "penetrate the U.S. electricity grid through a utility in Vermont."

Kirk2NCC1701, Dec 31, 2016 9:17 PM
Not surprised. I wonder if ZH users are also under cyber attack. Today I noticed that my desktop browser (Firefox and Chrome) deny me access to any ZH link or pages. I get the "URL does not exist". Have to use Tor browser to get to ZH.

Anyone know what's going on, and what the RX is? Thanks.

refill6times Kirk2NCC1701 , Dec 31, 2016 9:31 PM
Use a linux system Kirk, no need for firewalls, Firefox with duckduckgo search, set options to clear after every session, Adblocker, it's not Tor, but the best open option.

I use cinnimon 17.3, but your flavor may vary.

Zarbo refill6times , Dec 31, 2016 9:47 PM
Good R x , however I would use the firewall -- best to not tempt fate. There are rootkits for Linux.

That said, it is stable and quite usable.

I am using DuckDuckGo.Com for search (and looking at YaCy), also using TutaNova.Com encrypted email, looking at Frendica to replace Facebook, using http://Gab.ai as a Twitter replacement, Thunderbird (replace Outlook) with Enigmail for encryption and email signing.

I also use Firefox for my browser, with AdBlockplus, Flasblock, EFF's Privacy Badger, and a password management app called LastPass (which gives me unique, 16-character, random passwords for each of my sites).

The open, free, reliable solutions are out there.

Side note: Enable two-factor login for all your accounts, you won't regret it.

peddling-fiction Zarbo , Dec 31, 2016 10:29 PM
You always need to enable the Ubuntu uncomplicated firewall, or else. All that is needed is to type the following command:

> sudo ufw enable

refill6times Zarbo , Dec 31, 2016 11:36 PM
Thank you Zarbo, any help and sugestions that don't come from Microsoft are best.

I saw on another thread a poster who asked how to stop the annoying ads, someone replied to get firefox, and he replied " how do I get that ?"

I feel bad as I replied to use duckduckgo, I suppose it was sarcasm.

Another thing to suggest is to use a private e-mail.

I long ago gave up yahoo and g-mail(never had one)

Akzed Kirk2NCC1701 , Dec 31, 2016 9:35 PM
No problems detected here. Over.
rejected Kirk2NCC1701 , Dec 31, 2016 10:06 PM
Use their IP Addr if you suspect meddling. ZH has 2:

34.192.18.153
52.6.109.9

A nice site to find IP of a Host Name is: http://www.hcidata.info/host2ip.htm

Be sure to clear history and do that twice. Clear History.... Shut down FF,,, Start FF,,, Clear History.

Linux is a good system if your not married to MS Windows for some reason.

Happy New Year to Everyone....

[Feb 07, 2017] How the CIA made Google

Feb 07, 2017 | www.zerohedge.com

Pinto Currency -> J S Bach , Feb 6, 2017 10:47 PM

How the CIA made Google

https://medium.com/insurge-intelligence/how-the-cia-made-google-e836451a...

918pigpen -> buckstopshere , Feb 6, 2017 10:42 PM

People ask me why I refused to use google many years ago.

THIS!!!

Yars Revenge , Feb 6, 2017 10:39 PM

(((GOOGLE)))

rlouis , Feb 6, 2017 10:45 PM

So, the alphabet company, aka CIA is funding this?

wisefool , Feb 6, 2017 10:45 PM

Who would have think some kids working on bublesort 2.0 (1980s era search engine tech) could have bootstrapped themselves to the biggest brand in the world. Until facebook came along.

They did not get a 1 million dollar loan from their dad like donald trump did. They might have got some money from big brother. But we don't talk about that in polite company.

Neochrome , Feb 6, 2017 10:48 PM

If you're a thief, it's your "duty" to break the law.

http://www.huffingtonpost.com/2012/12/13/google-tax-dodge_n_2292077.html

Google's chairman says he is "proud" of the way his company avoids paying taxes.

"It's called capitalism," Eric Schmidt told Bloomberg in a Wednesday article. "We are proudly capitalistic. I'm not confused about this."

Google's effective U.S. tax rate is unclear. Citizens for Tax Justice did not analyze Google in a 2011 study because Google reports most of its profits as foreign, even though that may not be true.

[Jan 21, 2017] Obama promised to reverse the growth of the surveillance state. He did the opposite.

Notable quotes:
"... President Obama will go down in history as the man who helped entrench history's largest and most powerful surveillance state ..."
"... Obama didn't just fall short of progressive hopes - he went in the opposite direction ..."
"... he broke a campaign promise and voted for a bill expanding government surveillance and granting immunity to telecommunications companies who helped Bush spy on Americans. ..."
"... Upon becoming president, the already vast surveillance powers of the United States have expanded . By 2010, the NSA was collecting 1.7 billion emails, phone calls, and other types of communications. By 2012, XKeyscore - which sweeps up "everything a user typically does on the internet" - was storing as much as forty-one billion records in thirty days. This gargantuan volume of data has the ironic effect of making it harder to detect security threats. ..."
"... The use of secret laws - hidden from public eyes and often related to surveillance activities - shot up under Obama. The administration tried (and failed) to force Apple to insert security flaws in its phones, to give law enforcement a potential "back door" around encryption. ..."
"... But this would not have happened - and the scope of US surveillance would have stayed secret - had it not been for the disclosures by Edward Snowden, whom Obama criticized and refused to pardon in the waning days of his administration, even as he claimed to " welcome " a debate on surveillance. ..."
Jan 21, 2017 | www.jacobinmag.com

President Obama will go down in history as the man who helped entrench history's largest and most powerful surveillance state, providing it with a liberal legitimacy that left it largely immune from criticism during his two terms. As President Trump takes the reins of that surveillance state's power in whatever terrifying ways he chooses, we should remember that it was Obama who paved the way for him.

Obama has often been painted as a disappointing president, one who reached for the stars but ultimately, whether due to Republican obstructionism or the disappointing realities of governing, fell short. In the area of state surveillance, however, Obama didn't just fall short of progressive hopes - he went in the opposite direction.

Obama built his career opposing the Patriot Act and Bush-era secrecy. He made this opposition a centerpiece of his presidential campaign, promising "no more illegal wiretapping of American citizens. No more national security letters to spy on citizens who are not suspected of a crime . . . No more ignoring the law when it is convenient."

The first sign of his waning commitment came three months after a glowing Times op-ed declared him potentially the first civil libertarian president, when he broke a campaign promise and voted for a bill expanding government surveillance and granting immunity to telecommunications companies who helped Bush spy on Americans.

Upon becoming president, the already vast surveillance powers of the United States have expanded . By 2010, the NSA was collecting 1.7 billion emails, phone calls, and other types of communications. By 2012, XKeyscore - which sweeps up "everything a user typically does on the internet" - was storing as much as forty-one billion records in thirty days. This gargantuan volume of data has the ironic effect of making it harder to detect security threats.

The use of secret laws - hidden from public eyes and often related to surveillance activities - shot up under Obama. The administration tried (and failed) to force Apple to insert security flaws in its phones, to give law enforcement a potential "back door" around encryption.

It extended controversial Patriot Act provisions year after year. Less than a week before Donald Trump, a man he has called "unfit" for office, took power, Obama expanded the NSA's power to share its data with other agencies. Meanwhile, the FBI is paying Best Buy employees to snoop through your computer.

Where there have been privacy wins on Obama's watch, they have largely been inadvertent. The NSA collects a much smaller proportion of Americans' phone records today than it did eleven years ago because cell phone use has exploded. Furthermore, the USA Freedom Act passed in 2015, ending bulk collection of US phone records ( only of phone records, it must be said), something Obama tried to claim as part of his legacy in his farewell speech.

But this would not have happened - and the scope of US surveillance would have stayed secret - had it not been for the disclosures by Edward Snowden, whom Obama criticized and refused to pardon in the waning days of his administration, even as he claimed to " welcome " a debate on surveillance.

All of this happened under a liberal former constitutional law professor. The question must be asked: What will follow under Trump?

-Branko Marcetic

[Jan 18, 2017] Mainstream Media's Russian Bogeymen

Jan 18, 2017 | original.antiwar.com

The mainstream hysteria over Russia has led to dubious or downright false stories that have deepened the New Cold War

by Gareth Porter , January 16, 2017 Print This | Share This In the middle of a major domestic crisis over the U.S. charge that Russia had interfered with the US election, the Department of Homeland Security (DHS) triggered a brief national media hysteria by creating and spreading a bogus story of Russian hacking into US power infrastructure.

DHS had initiated the now-discredited tale of a hacked computer at the Burlington, Vermont Electricity Department by sending the utility's managers misleading and alarming information, then leaked a story they certainly knew to be false and continued to put out a misleading line to the media.

Even more shocking, however, DHS had previously circulated a similar bogus story of Russian hacking of a Springfield, Illinois water pump in November 2011.

The story of how DHS twice circulated false stories of Russian efforts to sabotage US "critical infrastructure" is a cautionary tale of how senior leaders in a bureaucracy-on-the-make take advantage of every major political development to advance its own interests, with scant regard for the truth.

The DHS had carried out a major public campaign to focus on an alleged Russian threat to US power infrastructure in early 2016. The campaign took advantage of a US accusation of a Russian cyber-attack against the Ukrainian power infrastructure in December 2015 to promote one of the agency's major functions - guarding against cyber-attacks on America's infrastructure.

Beginning in late March 2016, DHS and FBI conducted a series of 12 unclassified briefings for electric power infrastructure companies in eight cities titled, "Ukraine Cyber Attack: implications for US stakeholders." The DHS declared publicly, "These events represent one of the first known physical impacts to critical infrastructure which resulted from cyber-attack."

That statement conveniently avoided mentioning that the first cases of such destruction of national infrastructure from cyber-attacks were not against the United States, but were inflicted on Iran by the Obama administration and Israel in 2009 and 2012.

Beginning in October 2016, the DHS emerged as one of the two most important players – along with the CIA-in the political drama over the alleged Russian effort to tilt the 2016 election toward Donald Trump. Then on Dec. 29, DHS and FBI distributed a "Joint Analysis Report" to US power utilities across the country with what it claimed were "indicators" of a Russian intelligence effort to penetrate and compromise US computer networks, including networks related to the presidential election, that it called "GRIZZLY STEPPE."

The report clearly conveyed to the utilities that the "tools and infrastructure" it said had been used by Russian intelligence agencies to affect the election were a direct threat to them as well. However, according to Robert M. Lee, the founder and CEO of the cyber-security company Dragos, who had developed one of the earliest US government programs for defense against cyber-attacks on US infrastructure systems, the report was certain to mislead the recipients.

"Anyone who uses it would think they were being impacted by Russian operations," said Lee. "We ran through the indicators in the report and found that a high percentage were false positives."

Lee and his staff found only two of a long list of malware files that could be linked to Russian hackers without more specific data about timing. Similarly a large proportion of IP addresses listed could be linked to "GRIZZLY STEPPE" only for certain specific dates, which were not provided.

The Intercept discovered, in fact, that 42 percent of the 876 IP addresses listed in the report as having been used by Russian hackers were exit nodes for the Tor Project, a system that allows bloggers, journalists and others – including some military entities – to keep their Internet communications private.

Lee said the DHS staff that worked on the technical information in the report is highly competent, but the document was rendered useless when officials classified and deleted some key parts of the report and added other material that shouldn't have been in it. He believes the DHS issued the report "for a political purpose," which was to "show that the DHS is protecting you."

Planting the Story, Keeping it Alive

Upon receiving the DHS-FBI report the Burlington Electric Company network security team immediately ran searches of its computer logs using the lists of IP addresses it had been provided. When one of IP addresses cited in the report as an indicator of Russian hacking was found on the logs, the utility immediately called DHS to inform it as it had been instructed to do by DHS.

In fact, the IP address on the Burlington Electric Company's computer was simply the Yahoo e-mail server, according to Lee, so it could not have been a legitimate indicator of an attempted cyber-intrusion. That should have been the end of the story. But the utility did not track down the IP address before reporting it to DHS. It did, however, expect DHS to treat the matter confidentially until it had thoroughly investigated and resolved the issue.

"DHS wasn't supposed to release the details," said Lee. "Everybody was supposed to keep their mouth shut."

Instead, a DHS official called The Washington Post and passed on word that one of the indicators of Russian hacking of the DNC had been found on the Burlington utility's computer network. The Post failed to follow the most basic rule of journalism, relying on its DHS source instead of checking with the Burlington Electric Department first. The result was the Post's sensational Dec. 30 story under the headline "Russian hackers penetrated US electricity grid through a utility in Vermont, US officials say."

DHS official evidently had allowed the Post to infer that the Russians hack had penetrated the grid without actually saying so. The Post story said the Russians "had not actively used the code to disrupt operations of the utility, according to officials who spoke on condition of anonymity in order to discuss a security matter," but then added, and that "the penetration of the nation's electrical grid is significant because it represents a potentially serious vulnerability."

The electric company quickly issued a firm denial that the computer in question was connected to the power grid. The Post was forced to retract, in effect, its claim that the electricity grid had been hacked by the Russians. But it stuck by its story that the utility had been the victim of a Russian hack for another three days before admitting that no such evidence of a hack existed.

The day after the story was published, the DHS leadership continued to imply, without saying so explicitly, that the Burlington utility had been hacked by Russians. Assistant Secretary for Pubic Affairs J. Todd Breasseale gave CNN a statement that the "indicators" from the malicious software found on the computer at Burlington Electric were a "match" for those on the DNC computers.

As soon as DHS checked the IP address, however, it knew that it was a Yahoo cloud server and therefore not an indicator that the same team that allegedly hacked the DNC had gotten into the Burlington utility's laptop. DHS also learned from the utility that the laptop in question had been infected by malware called "neutrino," which had never been used in "GRIZZLY STEPPE."

Only days later did the DHS reveal those crucial facts to the Post. And the DHS was still defending its joint report to the Post, according to Lee, who got part of the story from Post sources. The DHS official was arguing that it had "led to a discovery," he said. "The second is, 'See, this is encouraging people to run indicators.'"

Original DHS False Hacking Story

The false Burlington Electric hack scare is reminiscent of an earlier story of Russian hacking of a utility for which the DHS was responsible as well. In November 2011, it reported an "intrusion" into a Springfield, Illinois water district computer that similarly turned out to be a fabrication.

Like the Burlington fiasco, the false report was preceded by a DHS claim that US infrastructure systems were already under attack. In October 2011, acting DHS deputy undersecretary Greg Schaffer was quoted by The Washington Post as warning that "our adversaries" are "knocking on the doors of these systems." And Schaffer added, "In some cases, there have been intrusions." He did not specify when, where or by whom, and no such prior intrusions have ever been documented.

On Nov. 8, 2011, a water pump belonging to the Curran-Gardner township water district near Springfield, Illinois, burned out after sputtering several times in previous months. The repair team brought in to fix it found a Russian IP address on its log from five months earlier. That IP address was actually from a cell phone call from the contractor who had set up the control system for the pump and who was vacationing in Russia with his family, so his name was in the log by the address.

Without investigating the IP address itself, the utility reported the IP address and the breakdown of the water pump to the Environmental Protection Agency, which in turn passed it on to the Illinois Statewide Terrorism and Intelligence Center, also called a fusion center composed of Illinois State Police and representatives from the FBI, DHS and other government agencies.

On Nov. 10 – just two days after the initial report to EPA – the fusion center produced a report titled "Public Water District Cyber Intrusion" suggesting a Russian hacker had stolen the identity of someone authorized to use the computer and had hacked into the control system causing the water pump to fail.

The contractor whose name was on the log next to the IP address later told Wired magazine that one phone call to him would have laid the matter to rest. But the DHS, which was the lead in putting the report out, had not bothered to make even that one obvious phone call before opining that it must have been a Russian hack.

The fusion center "intelligence report," circulated by DHS Office of Intelligence and Research, was picked up by a cyber-security blogger, who called The Washington Post and read the item to a reporter. Thus the Post published the first sensational story of a Russian hack into a US infrastructure on Nov. 18, 2011.

After the real story came out, DHS disclaimed responsibility for the report, saying that it was the fusion center's responsibility. But a Senate subcommittee investigation revealed in a report a year later that even after the initial report had been discredited, DHS had not issued any retraction or correction to the report, nor had it notified the recipients about the truth.

DHS officials responsible for the false report told Senate investigators such reports weren't intended to be "finished intelligence," implying that the bar for accuracy of the information didn't have to be very high. They even claimed that report was a "success" because it had done what "what it's supposed to do – generate interest."

Both the Burlington and Curran-Gardner episodes underline a central reality of the political game of national security in the New Cold War era: major bureaucratic players like DHS have a huge political stake in public perceptions of a Russian threat, and whenever the opportunity arises to do so, they will exploit it.

Gareth Porter, an investigative historian and journalist specializing in US national security policy, received the UK-based Gellhorn Prize for journalism for 2011 for articles on the U.S. war in Afghanistan. His new book is Manufactured Crisis: the Untold Story of the Iran Nuclear Scare . He can be contacted at porter.gareth50@gmail.com .

Reprinted from Consortium News with the author's permission.

Read more by Gareth Porter

[Jan 16, 2017] Mainstream Medias Russian Bogeymen

DHS security honchos want to justify their existence. There is not greater danger to national security then careerists in position of security professionals. Lying and exaggerating the treats to get this dollars is is what many security professionals do for living. They are essentially charlatans.
Notable quotes:
"... In the middle of a major domestic crisis over the U.S. charge that Russia had interfered with the US election, the Department of Homeland Security (DHS) triggered a brief national media hysteria by creating and spreading a bogus story of Russian hacking into US power infrastructure. ..."
"... Even more shocking, however, DHS had previously circulated a similar bogus story of Russian hacking of a Springfield, Illinois water pump in November 2011. ..."
"... Beginning in late March 2016, DHS and FBI conducted a series of 12 unclassified briefings for electric power infrastructure companies in eight cities titled, "Ukraine Cyber Attack: implications for US stakeholders." The DHS declared publicly, "These events represent one of the first known physical impacts to critical infrastructure which resulted from cyber-attack." ..."
"... That statement conveniently avoided mentioning that the first cases of such destruction of national infrastructure from cyber-attacks were not against the United States, but were inflicted on Iran by the Obama administration and Israel in 2009 and 2012. ..."
"... Beginning in October 2016, the DHS emerged as one of the two most important players – along with the CIA-in the political drama over the alleged Russian effort to tilt the 2016 election toward Donald Trump. Then on Dec. 29, DHS and FBI distributed a "Joint Analysis Report" to US power utilities across the country with what it claimed were "indicators" of a Russian intelligence effort to penetrate and compromise US computer networks, including networks related to the presidential election, that it called "GRIZZLY STEPPE." ..."
"... according to Robert M. Lee, the founder and CEO of the cyber-security company Dragos, who had developed one of the earliest US government programs for defense against cyber-attacks on US infrastructure systems, the report was certain to mislead the recipients. ..."
"... "Anyone who uses it would think they were being impacted by Russian operations," said Lee. "We ran through the indicators in the report and found that a high percentage were false positives." ..."
"... The Intercept discovered, in fact, that 42 percent of the 876 IP addresses listed in the report as having been used by Russian hackers were exit nodes for the Tor Project, a system that allows bloggers, journalists and others – including some military entities – to keep their Internet communications private. ..."
"... Instead, a DHS official called The Washington Post and passed on word that one of the indicators of Russian hacking of the DNC had been found on the Burlington utility's computer network. The Post failed to follow the most basic rule of journalism, relying on its DHS source instead of checking with the Burlington Electric Department first. The result was the Post's sensational Dec. 30 story under the headline "Russian hackers penetrated US electricity grid through a utility in Vermont, US officials say." ..."
"... DHS official evidently had allowed the Post to infer that the Russians hack had penetrated the grid without actually saying so. The Post story said the Russians "had not actively used the code to disrupt operations of the utility, according to officials who spoke on condition of anonymity in order to discuss a security matter," but then added, and that "the penetration of the nation's electrical grid is significant because it represents a potentially serious vulnerability." ..."
"... The electric company quickly issued a firm denial that the computer in question was connected to the power grid. The Post was forced to retract, in effect, its claim that the electricity grid had been hacked by the Russians. But it stuck by its story that the utility had been the victim of a Russian hack for another three days before admitting that no such evidence of a hack existed. ..."
"... Only days later did the DHS reveal those crucial facts to the Post. And the DHS was still defending its joint report to the Post, according to Lee, who got part of the story from Post sources. The DHS official was arguing that it had "led to a discovery," he said. "The second is, 'See, this is encouraging people to run indicators.'" ..."
"... The false Burlington Electric hack scare is reminiscent of an earlier story of Russian hacking of a utility for which the DHS was responsible as well. In November 2011, it reported an "intrusion" into a Springfield, Illinois water district computer that similarly turned out to be a fabrication. ..."
"... The contractor whose name was on the log next to the IP address later told Wired magazine that one phone call to him would have laid the matter to rest. But the DHS, which was the lead in putting the report out, had not bothered to make even that one obvious phone call before opining that it must have been a Russian hack. ..."
Jan 16, 2017 | original.antiwar.com

The mainstream hysteria over Russia has led to dubious or downright false stories that have deepened the New Cold War

In the middle of a major domestic crisis over the U.S. charge that Russia had interfered with the US election, the Department of Homeland Security (DHS) triggered a brief national media hysteria by creating and spreading a bogus story of Russian hacking into US power infrastructure.

DHS had initiated the now-discredited tale of a hacked computer at the Burlington, Vermont Electricity Department by sending the utility's managers misleading and alarming information, then leaked a story they certainly knew to be false and continued to put out a misleading line to the media.

Even more shocking, however, DHS had previously circulated a similar bogus story of Russian hacking of a Springfield, Illinois water pump in November 2011.

The story of how DHS twice circulated false stories of Russian efforts to sabotage US "critical infrastructure" is a cautionary tale of how senior leaders in a bureaucracy-on-the-make take advantage of every major political development to advance its own interests, with scant regard for the truth.

The DHS had carried out a major public campaign to focus on an alleged Russian threat to US power infrastructure in early 2016. The campaign took advantage of a US accusation of a Russian cyber-attack against the Ukrainian power infrastructure in December 2015 to promote one of the agency's major functions - guarding against cyber-attacks on America's infrastructure.

Beginning in late March 2016, DHS and FBI conducted a series of 12 unclassified briefings for electric power infrastructure companies in eight cities titled, "Ukraine Cyber Attack: implications for US stakeholders." The DHS declared publicly, "These events represent one of the first known physical impacts to critical infrastructure which resulted from cyber-attack."

That statement conveniently avoided mentioning that the first cases of such destruction of national infrastructure from cyber-attacks were not against the United States, but were inflicted on Iran by the Obama administration and Israel in 2009 and 2012.

Beginning in October 2016, the DHS emerged as one of the two most important players – along with the CIA-in the political drama over the alleged Russian effort to tilt the 2016 election toward Donald Trump. Then on Dec. 29, DHS and FBI distributed a "Joint Analysis Report" to US power utilities across the country with what it claimed were "indicators" of a Russian intelligence effort to penetrate and compromise US computer networks, including networks related to the presidential election, that it called "GRIZZLY STEPPE."

The report clearly conveyed to the utilities that the "tools and infrastructure" it said had been used by Russian intelligence agencies to affect the election were a direct threat to them as well. However, according to Robert M. Lee, the founder and CEO of the cyber-security company Dragos, who had developed one of the earliest US government programs for defense against cyber-attacks on US infrastructure systems, the report was certain to mislead the recipients.

"Anyone who uses it would think they were being impacted by Russian operations," said Lee. "We ran through the indicators in the report and found that a high percentage were false positives."

Lee and his staff found only two of a long list of malware files that could be linked to Russian hackers without more specific data about timing. Similarly a large proportion of IP addresses listed could be linked to "GRIZZLY STEPPE" only for certain specific dates, which were not provided.

The Intercept discovered, in fact, that 42 percent of the 876 IP addresses listed in the report as having been used by Russian hackers were exit nodes for the Tor Project, a system that allows bloggers, journalists and others – including some military entities – to keep their Internet communications private.

Lee said the DHS staff that worked on the technical information in the report is highly competent, but the document was rendered useless when officials classified and deleted some key parts of the report and added other material that shouldn't have been in it. He believes the DHS issued the report "for a political purpose," which was to "show that the DHS is protecting you."

Planting the Story, Keeping it Alive

Upon receiving the DHS-FBI report the Burlington Electric Company network security team immediately ran searches of its computer logs using the lists of IP addresses it had been provided. When one of IP addresses cited in the report as an indicator of Russian hacking was found on the logs, the utility immediately called DHS to inform it as it had been instructed to do by DHS.

In fact, the IP address on the Burlington Electric Company's computer was simply the Yahoo e-mail server, according to Lee, so it could not have been a legitimate indicator of an attempted cyber-intrusion. That should have been the end of the story. But the utility did not track down the IP address before reporting it to DHS. It did, however, expect DHS to treat the matter confidentially until it had thoroughly investigated and resolved the issue.

"DHS wasn't supposed to release the details," said Lee. "Everybody was supposed to keep their mouth shut."

Instead, a DHS official called The Washington Post and passed on word that one of the indicators of Russian hacking of the DNC had been found on the Burlington utility's computer network. The Post failed to follow the most basic rule of journalism, relying on its DHS source instead of checking with the Burlington Electric Department first. The result was the Post's sensational Dec. 30 story under the headline "Russian hackers penetrated US electricity grid through a utility in Vermont, US officials say."

DHS official evidently had allowed the Post to infer that the Russians hack had penetrated the grid without actually saying so. The Post story said the Russians "had not actively used the code to disrupt operations of the utility, according to officials who spoke on condition of anonymity in order to discuss a security matter," but then added, and that "the penetration of the nation's electrical grid is significant because it represents a potentially serious vulnerability."

The electric company quickly issued a firm denial that the computer in question was connected to the power grid. The Post was forced to retract, in effect, its claim that the electricity grid had been hacked by the Russians. But it stuck by its story that the utility had been the victim of a Russian hack for another three days before admitting that no such evidence of a hack existed.

The day after the story was published, the DHS leadership continued to imply, without saying so explicitly, that the Burlington utility had been hacked by Russians. Assistant Secretary for Pubic Affairs J. Todd Breasseale gave CNN a statement that the "indicators" from the malicious software found on the computer at Burlington Electric were a "match" for those on the DNC computers.

As soon as DHS checked the IP address, however, it knew that it was a Yahoo cloud server and therefore not an indicator that the same team that allegedly hacked the DNC had gotten into the Burlington utility's laptop. DHS also learned from the utility that the laptop in question had been infected by malware called "neutrino," which had never been used in "GRIZZLY STEPPE."

Only days later did the DHS reveal those crucial facts to the Post. And the DHS was still defending its joint report to the Post, according to Lee, who got part of the story from Post sources. The DHS official was arguing that it had "led to a discovery," he said. "The second is, 'See, this is encouraging people to run indicators.'"

Original DHS False Hacking Story

The false Burlington Electric hack scare is reminiscent of an earlier story of Russian hacking of a utility for which the DHS was responsible as well. In November 2011, it reported an "intrusion" into a Springfield, Illinois water district computer that similarly turned out to be a fabrication.

Like the Burlington fiasco, the false report was preceded by a DHS claim that US infrastructure systems were already under attack. In October 2011, acting DHS deputy undersecretary Greg Schaffer was quoted by The Washington Post as warning that "our adversaries" are "knocking on the doors of these systems." And Schaffer added, "In some cases, there have been intrusions." He did not specify when, where or by whom, and no such prior intrusions have ever been documented.

On Nov. 8, 2011, a water pump belonging to the Curran-Gardner township water district near Springfield, Illinois, burned out after sputtering several times in previous months. The repair team brought in to fix it found a Russian IP address on its log from five months earlier. That IP address was actually from a cell phone call from the contractor who had set up the control system for the pump and who was vacationing in Russia with his family, so his name was in the log by the address.

Without investigating the IP address itself, the utility reported the IP address and the breakdown of the water pump to the Environmental Protection Agency, which in turn passed it on to the Illinois Statewide Terrorism and Intelligence Center, also called a fusion center composed of Illinois State Police and representatives from the FBI, DHS and other government agencies.

On Nov. 10 – just two days after the initial report to EPA – the fusion center produced a report titled "Public Water District Cyber Intrusion" suggesting a Russian hacker had stolen the identity of someone authorized to use the computer and had hacked into the control system causing the water pump to fail.

The contractor whose name was on the log next to the IP address later told Wired magazine that one phone call to him would have laid the matter to rest. But the DHS, which was the lead in putting the report out, had not bothered to make even that one obvious phone call before opining that it must have been a Russian hack.

The fusion center "intelligence report," circulated by DHS Office of Intelligence and Research, was picked up by a cyber-security blogger, who called The Washington Post and read the item to a reporter. Thus the Post published the first sensational story of a Russian hack into a US infrastructure on Nov. 18, 2011.

After the real story came out, DHS disclaimed responsibility for the report, saying that it was the fusion center's responsibility. But a Senate subcommittee investigation revealed in a report a year later that even after the initial report had been discredited, DHS had not issued any retraction or correction to the report, nor had it notified the recipients about the truth.

DHS officials responsible for the false report told Senate investigators such reports weren't intended to be "finished intelligence," implying that the bar for accuracy of the information didn't have to be very high. They even claimed that report was a "success" because it had done what "what it's supposed to do – generate interest."

Both the Burlington and Curran-Gardner episodes underline a central reality of the political game of national security in the New Cold War era: major bureaucratic players like DHS have a huge political stake in public perceptions of a Russian threat, and whenever the opportunity arises to do so, they will exploit it.

Gareth Porter, an investigative historian and journalist specializing in US national security policy, received the UK-based Gellhorn Prize for journalism for 2011 for articles on the U.S. war in Afghanistan. His new book is Manufactured Crisis: the Untold Story of the Iran Nuclear Scare . He can be contacted at porter.gareth50@gmail.com .

Reprinted from Consortium News with the author's permission.

[Jan 15, 2017] Gaius Publius Who's Blackmailing the President Why Arent Democrats Upset About It

Notable quotes:
"... William Binney,another NSA whistleblower and hero, stated on his Truthdig interview with Sheer (who talked and repeated himself way too much, not leaving much time for Binney to talk) that Snowden knew from watching what happened to the five of them (among them,Thomas Drake/currently pensionless and an apple store worker ) and that Snowden did it the only way it could be done and did the leak well by gathering so much information up there was no chance of plausible deniability. ..."
"... First they gaslight you. "There is no surveillance. You have no evidence." ..."
"... As soon as there's evidence, they downplay it. "Everyone knew there was surveillance. This is nothing new!" ..."
"... Snowden's leaks were crucial and necessary. State surveillance had been normalized long before him. He only told us it had happened. What happens next is a battle that is still being fought, despite the best efforts of people who weasel about "ambivalence". ..."
"... Exposing the workings of the deep state is necessary if we are to ever reclaim democracy, if in fact we ever had it. ..."
"... Greenwald isn't defending the Russians– he is asking for evidence so we don't have to rely on the intelligence community. ..."
Jan 15, 2017 | www.nakedcapitalism.com
HopeLB , January 14, 2017 at 5:22 pm

William Binney,another NSA whistleblower and hero, stated on his Truthdig interview with Sheer (who talked and repeated himself way too much, not leaving much time for Binney to talk) that Snowden knew from watching what happened to the five of them (among them,Thomas Drake/currently pensionless and an apple store worker ) and that Snowden did it the only way it could be done and did the leak well by gathering so much information up there was no chance of plausible deniability.

reslez , January 14, 2017 at 6:28 pm

Your "ambivalence" is one of the favorite tactics of people in CTR, who start off all their comments with "I love Bernie, but ". Here's how it works:

1. First they gaslight you. "There is no surveillance. You have no evidence."
2. As soon as there's evidence, they downplay it. "Everyone knew there was surveillance. This is nothing new!"

Snowden's leaks were crucial and necessary. State surveillance had been normalized long before him. He only told us it had happened. What happens next is a battle that is still being fought, despite the best efforts of people who weasel about "ambivalence".

Jack , January 14, 2017 at 9:29 am

SantaFe you said "his career was literally made by a document dump from guy who increasungly appears to be much more nefarious". Glenn Greenwald's "career" was made long before Snowden appeared on the scene. That's why Snowden chose him to release the documents to. He has long been known as a journalist who speaks truth to power. And what do you mean by this; " He is quickly losing credibility among many who admired him." ? Yourself? I see no reason why Greenwald should be losing credibility. Primarily what he is doing is in this particular instance is questioning the veracity of the documents being used against Trump and the means by which they are being "released". That is one of Greenwald's greatest strengths. He plays no favorites. As far as the WSJ article on Snowden, I assume you are referring to the now discredited op-ed (not an article) piece by Epstein? This self serving op-ed was clearly written by Epstein to promote his recent book and the "points" he made about Snowden have been discredited by many sources.

Michael C. , January 14, 2017 at 10:39 am

I agree with you wholeheartedly. Exposing the workings of the deep state is necessary if we are to ever reclaim democracy, if in fact we ever had it.

DJG , January 14, 2017 at 12:01 pm

Agreed: Further, the recent article in the New Yorker, in which Malcolm Gladwell (who isn't glib, of course) decides that Snowden isn't classy enough is more of the same.

Santa Fe: Greenwald losing credibility? Sorry. You just lost credibility, if you ever had any.

Donald , January 14, 2017 at 10:05 am

Speak for yourself. Greenwald isn't defending the Russians– he is asking for evidence so we don't have to rely on the intelligence community. And while Assange appears motivated by animus against Clinton, I have yet to see anything about Snowden that would make me distrust him more than the press. What I do see are a lot of centrist liberals acting like Joseph McCarthy.

And even with Assange, wikileaks has been invaluable. The mainstream press largely gored its most interesting revelations - for instance, the Clinton camp privately acknowledged that the Saudi government supports ISIS. We hear much more shooting the messenger stories about dissenters than we hear stories about the message.

Donald , January 14, 2017 at 10:14 am

Here is a link about the Isis, Saudi, Clinton story.

http://www.independent.co.uk/voices/hillary-clinton-wikileaks-email-isis-saudi-arabia-qatar-us-allies-funding-barack-obama-knew-all-a7362071.html

I didn't see anything about this in the US mainstream press, though I won't swear it didn't appear somewhere. But I have heard much more about how the wikileaks releases contained little of substance.

[Jan 15, 2017] Days before far-right President-elect Donald Trump is sworn in, President Barack Obama has expanded all intelligence agencies access to private communications obtained via warrentless spying

economistsview.typepad.com

JohnH -> Peter K.... , January 14, 2017 at 12:28 PM

Obama continues to set the table for Trump:

"Days before far-right President-elect Donald Trump is sworn in, President Barack Obama has expanded all intelligence agencies' access to private communications obtained via warrentless spying.

An executive order allows the National Security Agency (NSA) to share data collected via its global surveillance dragnet with all other U.S. intelligence agencies, without redacting untargeted American citizens' private information.

"The change means that far more officials will be searching through raw data," explained the New York Times, which broke the story late Thursday. The Times also shared the 23-page declassified version of the president's order."
http://www.commondreams.org/news/2017/01/13/obama-expands-spy-agencies-access-private-data-just-time-trump

Not that Democrats like Pelosi/Schumer/Feinstein care...they're apparently quite happy to give Trump's people access to all Americans' most private data.

[Jan 13, 2017] Mystery Hackers Blow Up Secret NSA Hacking Tools in 'Final F--k You'

Notable quotes:
"... The message was accompanied by a parting gift...an apparently complete NSA backdoor kit targeting the Windows operating system. The kit is comprised of 61 malicious Windows executables, only one of which was previously known to antivirus vendors... ..."
Jan 13, 2017 | www.thedailybeast.com
by Kevin Poulsen

"A mysterious hacking group has been bedeviling the U.S. intelligence community for months, releasing a tranche of secret National Security Agency hacking tools to the public while offering to sell even more for the right price. Now with barely a week to go before Donald Trump's inauguration, the self-styled "Shadow Brokers" on Thursday announced that they were packing it in.

"So long, farewell peoples. TheShadowBrokers is going dark, making exit," the group wrote on its darknet site... The message was accompanied by a parting gift...an apparently complete NSA backdoor kit targeting the Windows operating system. The kit is comprised of 61 malicious Windows executables, only one of which was previously known to antivirus vendors...

... ... ...

The Shadow Brokers emerged in August with the announcement that they'd stolen the hacking tools used by a sophisticated computer-intrusion operation known as the Equation Group, and were putting them up for sale to the highest bidder. It was a remarkable claim, because the Equation Group is generally understood to be part of the NSA's elite Tailored Access Operations program and is virtually never detected, much less penetrated.

... ... ...

Released along with the announcement was a huge cache of specialized malware, including dozens of backdoor programs and 10 exploits, two of them targeting previously unknown security holes in Cisco routers-a basic building block of the internet. While Cisco and other companies scrambled for a fix, security experts pored over the Shadow Brokers tranche like it was the Rosetta Stone. "It was the first time, as threat-intelligence professionals, that we've had access to what appears to be a relatively complete toolkit of a nation-state attacker," says Jake Williams, founder of Rendition Infosec. "It was excitement in some circles, dismay in other circles, and panic and a rush to patch if you're running vulnerable hardware."

[Jan 13, 2017] Former Employee Sues Google, Claims It Maintained an Internal Spy Network That Encouraged Workers to Snitch on Each Other

Notable quotes:
"... By Michael Arria, an associate editor at AlterNet and AlterNet's labor editor. Follow @MichaelArria on Twitter. Originally published at Alternet ..."
"... The lawsuit was filed by a former product manager who claims that the alleged program violates California labor law. The same person filed a National Labor Relations Board complaint against Google and its sister firm Nest this June. The NLRB complaint alleged that the employee was terminated after making a social media post that was critical of the company. The allegation also contends that the companies illegally monitored workers' electronic devices to prevent them from airing criticisms of Google. ..."
"... Google could be fined up to $100 for each of the 12 alleged violations in the suit, multiplied by 65,000 employees. If an allegedly unlawful policy lasted for more than one pay period, the fine doubles to $200 per pay period, per employee, for up to a year. If 'Doe' prevails on every allegation in the lawsuit, the maximum fine would be $3.8 billion, with about $14,600 going to each Google employee. ..."
"... Company with business model based entirely around mass surveillance enforces a "transparency" (just another word for it) culture among its employees? Who could've knew I'm really interested how the lawsuit works out. ..."
Jan 03, 2017 | www.nakedcapitalism.com
From a legal standpoint, the arguments that Google is making in its defense in an employee lawsuit are lame. Of course, it could be saving its real case for the court. Oddly, the summary below omits a key issue as to why Google's surveillance and secrecy policies are problematic. From the underlying story at Information:

The lawsuit alleges that Google warns employees to not put into writing concerns about potential illegal activity within Google, even to the company's own attorneys, because the disclosures could fall into the hands of regulators and law enforcement. It also alleges that confidentiality provisions include a prohibition on employees writing "a novel about someone working at a tech company in Silicon Valley," without Google signing off on the final draft.

Among other things, this makes it impossible for Google to have any sort of internal whistleblower program, even when most are strictly cosmetic. Most corporate governance experts deem them to be necessary as a liability shield for management. Moreover, these agreements also violate the SEC's whistleblower rules, which bar companies from hindering employees contacting agency officials regarding suspected abuses. Google's top brass appear convinced that their internal code of omerta plus their connections means that they can dispense with that sort of thing.

Google's internal non-disclosure agreements apparently didn't contain standard "outs," the most important being that the signer can disclose information when compelled to by judicial decree, as long as they inform the company first and give them the opportunity to contest the order.

I hope California readers will tell me about the reputation of the firm suing Google. The claim looks to be spare (a good sign) and well argued. Even though the usual rule of thumb with employee suits is that the big companies have a huge advantage by being able to hire better counsel, Google looks to have overreached to such a remarkable degree that the employee may well prevail. It would also help if outside parties take interest and provide amicus briefs on behalf of the plaintiff.

By Michael Arria, an associate editor at AlterNet and AlterNet's labor editor. Follow @MichaelArria on Twitter. Originally published at Alternet

Tech news site the Information reports that a former Google employee is suing the company, claiming it maintained an internal spying program that encouraged workers to rat each other out.

The lawsuit was filed by a former product manager who claims that the alleged program violates California labor law. The same person filed a National Labor Relations Board complaint against Google and its sister firm Nest this June. The NLRB complaint alleged that the employee was terminated after making a social media post that was critical of the company. The allegation also contends that the companies illegally monitored workers' electronic devices to prevent them from airing criticisms of Google.

The lawsuit points out that employees should be able to discuss workplace conditions without fearing retaliatory action.

Google has called the lawsuit "baseless." The Information piece quotes a statement from the company:

We're very committed to an open internal culture, which means we frequently share with employees details of product launches and confidential business information. Transparency is a huge part of our culture. Our employee confidentiality requirements are designed to protect proprietary business information, while not preventing employees from disclosing information about terms and conditions of employment, or workplace concerns.

If the lawsuit ends up being successful, it could be extremely expensive for Google. The Information report breaks down the math:

Google could be fined up to $100 for each of the 12 alleged violations in the suit, multiplied by 65,000 employees. If an allegedly unlawful policy lasted for more than one pay period, the fine doubles to $200 per pay period, per employee, for up to a year. If 'Doe' prevails on every allegation in the lawsuit, the maximum fine would be $3.8 billion, with about $14,600 going to each Google employee.

Read the entire article at the Information's website .

Teddy , January 3, 2017 at 12:44 pm

Company with business model based entirely around mass surveillance enforces a "transparency" (just another word for it) culture among its employees? Who could've knew I'm really interested how the lawsuit works out.

Tom Stone , January 3, 2017 at 1:15 pm

They ain't MoFo, but that's not a lightweight law firm.

[Jan 12, 2017] I read all my email on via SSH on a shell server

Jan 12, 2017 | www.nakedcapitalism.com
Matthew G. Saroff , January 12, 2017 at 2:56 pm

I read all my email on via SSH on a shell server.

If someone can hack my machine through a text window, they deserve to control my machine.

[Jan 12, 2017] Be very careful, because in your hotel rooms and no matter where you go, you're gonna probably have cameras

Jan 12, 2017 | economistsview.typepad.com
Fred C. Dobbs : Thursday, January 12, 2017 at 06:05 AM , January 12, 2017 at 06:05 AM
Trump, Sex and Lots of Whining
https://nyti.ms/2jxbsl0
NYT - Gail Collins - Jan 11

... About that press conference. Here are some of the things we learned:

■ The reason he hasn't shown up to answer questions from reporters since July is "inaccurate news."

■ The Russians don't have any secret tapes of him behaving badly in a hotel room because every time he goes to hotels abroad, he warns everybody: "Be very careful, because in your hotel rooms and no matter where you go, you're gonna probably have cameras." Of everything Trump said during the press conference, this was perhaps the most convincing.

[Jan 12, 2017] We surveilled some folks

Notable quotes:
"... "We surveilled some folks." ..."
Jan 12, 2017 | www.nakedcapitalism.com
allan , January 12, 2017 at 2:34 pm

The Obama administration opens the raw, unminimized NSA spigot for domestic law enforcement
just in time to hand over to the incoming regime.


N.S.A. Gets More Latitude to Share Intercepted Communications
[NYT]

Time to lace up those walking shoes and do some organizing.

MyLessThanPrimeBeef , January 12, 2017 at 2:56 pm

Never give up the fight, though, like a lot of things in life, it would have been easier to oppose it in the beginning.

"Because Obama, we did little until."

Ivy , January 12, 2017 at 3:35 pm

"We surveilled some folks."

[Jan 11, 2017] Gaius Publius: Best Buy National Repair Techs Routinely Search Customer Devices, Act as "Paid Informers" for FBI

Jan 11, 2017 | www.nakedcapitalism.com

What can to prevent a Geek Squad employee from planting compromising material on one's computer out of pure greed, or if the FBI wants is out to get someone? How do you prove that the image or file or whatever wasn't planted?

Posted on January 10, 2017 by Yves Smith Yves here. There is an additional layer to this ugly picture. I have whistleblowers as contacts, and one is particularly technology savvy. He has long been above-board in how he conducts his personal and business affairs. His big worry has been that it is not hard to plant information on devices.

By Gaius Publius , a professional writer living on the West Coast of the United States and frequent contributor to DownWithTyranny, digby, Truthout, and Naked Capitalism. Follow him on Twitter @Gaius_Publius , Tumblr and Facebook . GP article archive here . Originally published at DownWithTyranny

Did you know that Best Buy's central computer repair facility - their so-called "Geek Squad" - contains at least three employees who are also regular informers for the FBI? And that these employees routinely search through computers and other devices that Best Buy customers send in for repair? And when they find something they think the FBI would be interested in, they turn over the information for rewards of up to $500?

That's a sideline business you probably didn't imagine existed - outside of the old Soviet Union or communist East Germany.

I want to look briefly at two aspects of this - first, the story itself (it's chilling) and second, its implications .

The Story - Best Buy Repair Techs Routinely Inform on Their Computer Repair Customers to the FBI

Let's look first at the story via the OC Weekly in Orange County, California. Note, as you read, the use of phrases like "FBI informant" and "paid FBI informant." We'll also look at other versions of this story. In all versions, Best Buy repair employees routinely search customers' computers for information they can sell to the FBI, and get paid if the FBI wants the info.

In the FBI-centered versions, the Best Buy employees act on their own and get paid as "honest citizens," as it were, merely offering tips, even though this practice seems to be routine. For the FBI, the fact that the same employees frequently offer tips for which they get paid doesn't make them "paid informers" in the sense that a regular street snitch regularly sells tips to cops.

For the Best Buy customer in question, that's a distinction without a difference. But you'll see that distinction made in articles about this incident, depending on whose side the writer seems to favor.

Now to the OC Weekly 's write-up by R. Scott Moxley (h/t reddit user Spacewoman3 , posting in the valuable link source r/WayOfTheBern ; emphasis mine):

[Dr. Mark A.] Rettenmaier is a prominent Orange County physician and surgeon who had no idea that a Nov. 1, 2011, trip to a Mission Viejo Best Buy would jeopardize his freedom and eventually raise concerns about, at a minimum, FBI competency or, at worst, corruption. Unable to boot his HP Pavilion desktop computer, he sought the assistance of the store's Geek Squad. At the time, nobody knew the company's repair technicians routinely searched customers' devices for files that could earn them $500 windfalls as FBI informants . This case produced that national revelation.

According to court records, Geek Squad technician John "Trey" Westphal, an FBI informant , reported he accidentally [sic] located on Rettenmaier's computer an image of "a fully nude, white prepubescent female on her hands and knees on a bed, with a brown choker-type collar around her neck." Westphal notified his boss, Justin Meade, also an FBI informant , who alerted colleague Randall Ratliff, another FBI informant at Best Buy, as well as the FBI. Claiming the image met the definition of child pornography and was tied to a series of illicit pictures known as the "Jenny" shots, agent Tracey Riley seized the hard drive.

The story goes on to detail rights violations committed by the FBI on its own, such as these:

Setting aside the issue of whether the search of Rettenmaier's computer constituted an illegal search by private individuals acting as government agents , the FBI undertook a series of dishonest measures in hopes of building a case, according to James D. Riddet, Rettenmaier's San Clemente-based defense attorney. Riddet says agents conducted two additional searches of the computer without obtaining necessary warrants , lied to trick a federal magistrate judge into authorizing a search warrant , then tried to cover up their misdeeds by initially hiding records .

To convict someone of child-pornography charges, the government must prove the suspect knowingly possessed the image. But in Rettenmaier's case, the alleged "Jenny" image was found on unallocated "trash" space, meaning it could only be retrieved by "carving" with costly, highly sophisticated forensics tools. In other words, it's arguable a computer's owner wouldn't know of its existence. (For example, malware can secretly implant files.) Worse for the FBI, a federal appellate court unequivocally declared in February 2011 ( USA v. Andrew Flyer ) that pictures found on unallocated space did not constitute knowing possession because it is impossible to determine when, why or who downloaded them.

The doctor's lawyer, of course, is contesting all of this, and the article's main point is that these discoveries have the FBI on the defensive. From the article's lead paragraph:

[A]n unusual child-pornography-possession case has placed officials on the defensive for nearly 26 months. Questions linger about law-enforcement honesty, unconstitutional searches, underhanded use of informants and twisted logic. Given that a judge recently ruled against government demands to derail a defense lawyer's dogged inquiry into the mess, United States of America v. Mark A. Rettenmaier is likely to produce additional courthouse embarrassments in 2017.

I want to ignore the wrangling between the court, the FBI and the attorneys for this piece and focus on the practices of Best Buy's employees and the government's defense of those practices. After discussing attempts to manipulate the court by withholding information in order to get authorization for a raid, the author notes:

Assistant U.S. Attorney M. Anthony Brown believes the "Jenny" image shouldn't be suppressed because it's only "wild speculation" that the Geek Squad performed searches at FBI instigation . To him, the defense is pushing a "flawed" theory slyly shifting focus to innocent FBI agents ; he maintains that Rettenmaier-who is smart enough to have taught medicine at USC and UCLA-was dumb enough to seek Best Buy recovery of all of his computer files after knowingly storing child porn there.

Reading this, it's easy to see that the issue of what constitutes a "paid informant" is being obscured. After all, what counts as "FBI instigation"? If someone pays you regularly for something that she never directly asks for, is that "innocent" behavior or caused behavior ("instigation")?

Yes, Best Buy Did This Regularly

The article answers the questions above:

But the biggest issue remains whether Geek Squad technicians acted as secret law-enforcement agents and, thus, violated Fourth Amendment prohibitions against warrantless government searches. Riddet [the defendant's lawyer] claims records show "FBI and Best Buy made sure that during the period from 2007 to the present, there was always at least one supervisor who was an active informant." He also said, " The FBI appears to be able to access data at [Best Buy's main repair facility in Brooks, Kentucky] whenever they want ." Calling the relationship between the agency and the Geek Squad relevant to pretrial motions, [Judge] Carney approved Riddet's request to question agents under oath.

The writer goes on to discuss the ins and outs of this particular case. But consider just what's above:

And finally, from the article's lead:

The LA Times handles this question similarly in a piece when the case first broke (my emphasis):

An employee at Best Buy's nationwide computer repair center served as a paid FBI informant who for years tipped off agents to illicit material found on customers' hard drives, according to the lawyer for a Newport Beach doctor facing child pornography charges as a result of information from the employee.

Federal authorities deny they directed the man to actively look for illegal activity. But the attorney alleges the FBI essentially used the employee to perform warrantless searches on electronics that passed through the massive maintenance facility outside Louisville, Ky., where technicians known as Geek Squad agents work on devices from across the country.

And note:

The Geek Squad had to use specialized technical tools to recover the photos because they were either damaged or had been deleted, according to court papers.

This contrasts with the Best Buy assertion that "Geek Squad technician John "Trey" Westphal, an FBI informant, reported he accidentally located [the image] on Rettenmaier's computer".

The Times thinks this case could turn into a constitutional issue, regardless of whether the doctor is guilty or innocent. (For the record, I'll note that the later (perhaps illegal as well) search of the doctor's other devices turned up what is asserted to be more incriminating pictures, mere possession of which is a "sex crime" in the U.S.)

The Implications

First point - This is an eager prosecutorial society; we really are a punishing bunch, we Americans. We've never left the world of Hawthorne's The Scarlet Letter . So we give our police great latitude, allowing them to shoot and kill almost anyone for almost any reason, so long as the stated reason is in the form "I was afraid for my safety." Our prosecutors have great latitude in putting as many of our fellows in prison as possible. Our judges routinely clear their court calendars using plea-bargained guilty verdicts sans trial. This is the American judicial system, and it looks nothing like Law and Order , which is mainly propaganda.

And we, the spectators, are happy as clams to see the guilty (and the innocent) tortured and punished - witness our entertainment and the many popular programs that vilify the unworthy, from Judge Judy and her ilk, to Jerry Springer knockoffs, to all of those Lockup -type programs (extremely popular, by the way) on MSNBC. We love to see the "wicked" get it, in media and in life, much more so than people in many other first-world countries do. Witness our incarceration rate, the highest in the world .

Thus we give our "law enforcement" personnel - cops of all stripes, prosecutors, courts of all stripes (including the secret ones) - great latitude in finding people to punish and then making them truly miserable for as long as possible. We have been like this as a society for some time, all done with most people's permission.

Second point - With a Democrat in the White House, we're inclined to think this setup is mainly well-managed (even when it obviously isn't). Thus it has our blessing, more or less - or at least it has the blessing of middle class and working class white people - the bulk of people who vote.

Third point - We therefore fail to ask the most obvious questions. For example, about this Best Buy case, we ought to be asking this:

How common is the practice of paid FBI informants spying on fellow citizens in the ordinary performance of their jobs?

Are other computer repair companies and facilities similarly infected (infiltrated) by government agents?

Are other businesses also infiltrated to this degree?

Are "sex crimes" the only activity paid FBI informers watch for?

Is political activity subject to this kind of spying?

How much will this practice widen under AG Beauregard Sessions and President Trump?

Much to think about. I don't see the practice ending soon. I do see this as the tip of what could be a very large iceberg. Disturbed Voter , January 10, 2017 at 5:44 am

Some professionals are required by law or professional ethics to report wrong doing by others. So this isn't new. You should expect, at least in some cases, that anything you do online or offline is public knowledge and can be used against you in a court of law (or by a blackmailer) by both good and bad actors. You may or may not have a right to privacy, but in actual practice, it is primarily the needle in the haystack that protects you it isn't easy to uncover bad behavior in the midst of countless pointless information.

I know a private businessman who repairs computers. Even he has formal paperwork to cover both himself (while working on your computer) and to cover his customer, in regards to what junk you have on your hard drive. He doesn't want to be an accessory to a crime by a customer. And the customer needs reassurance that he isn't trolling the customers data (more profitable to borrow financial info, not porn).

reslez , January 10, 2017 at 12:24 pm

Sorry, but computer repair techs who are secretly on the payroll of the FBI and this apparently being normal and routine (ensuring that at least one supervisor was always an informant) is absolutely shocking and extreme. As are routine computer searches by personnel acting on behalf of the FBI without a warrant - searches that extend into unallocated areas of the hard drive requiring special software - this was not an accidental or inadvertent discovery, it was a purposeful fishing expedition.

To pooh pooh the severity of the surveillance does no one any favors. We may not have privacy in practice but de jure we have something called the Fourth Amendment. Behavior like this from our institutions does nothing but confirm RT's line that the United States is a surveillance state of historically unprecedented levels. Sadly the same people who pretend to champion the Bill of Rights in other contexts (such as gun rights) don't care a snapped twig about all our other rights that are routinely and with malice dismantled by the government acting under the cover of private business.

Disturbed Voter , January 10, 2017 at 1:01 pm

While I sympathize with your quaint notion of civil rights that was pretty much cancelled by the NDAA of 2012, and the carte blanche given by the secret court of warrants. A legal fig leaf perhaps. If you want better civil rights, you have to abolish the secret court of warrants, and any other Star Chamber. Also get rid of the NDAA and the Patriot Act of 2001.

The FBI and CIA are, and have always been, in competition and that leads to an always expanding need to tabulate everything and examine anything. Ultimately those who seek safety, lose liberty. RT is completely correct (when they want to be) about the US. Of course, even France 24 has its own agenda too.

bob , January 10, 2017 at 6:10 pm

"searches that extend into unallocated areas of the hard drive requiring special software"

This is BS. Stop repeating it. It's a very weak case, and only serves to make people feel secure in their insecurity.

When you are looking at a hard drive you look at the whole hard drive. You have to. Just because windoze and apple don't let you see this, doesn't mean it doesn't happen every second of everyday in the background.

If you are going to try to legislate that *anyone* can only look at "allocated" data, then, well, you can't turn a computer on. The entire boot sector isn't "allocated" (in the way that you are using the term), and you'd need *special software* to read it (an OS, or a disk utility)

Any boot issue should be made illegal to fix?

Jeff , January 10, 2017 at 5:51 am

quick one: M. Publius has Gaius as his first name. You have put "Gauis" in the last few articles that you reposted.

Yves Smith Post author , January 10, 2017 at 3:24 pm

Sorry, fixing.

bob , January 10, 2017 at 6:15 am

I'm not in favor of what BB is doing, but this is completely believable. He sent the drive to be analyzed (recovery of lost files). They analyzed it and found his deleted files.

This is pretty basic computer stuff.

"And note:

The Geek Squad had to use specialized technical tools to recover the photos because they were either damaged or had been deleted, according to court papers.

This contrasts with the Best Buy assertion that "Geek Squad technician John "Trey" Westphal, an FBI informant, reported he accidentallylocated [the image] on Rettenmaier's computer"."

I've done it before with my own drives that have failed. You find all of the files that were "deleted" but not overwritten.

This is why you NEVER, EVER get rid of a hard drive without physically destroying it first. You might not be able to access the failed drive to write over the old data anymore (drive failure). Lots of times, you can still access the drive to READ it.

c , January 10, 2017 at 7:08 am

where did you read: "He sent the drive to be analyzed (recovery of lost files). They analyzed it"?

Unable to boot his HP Pavilion desktop computer
battery, clock battery, any other hardware failure nothing would affect the integrity of your hard disc

bob , January 10, 2017 at 7:57 am

https://www.washingtonpost.com/local/public-safety/if-a-best-buy-technician-is-a-paid-fbi-informant-are-his-computer-searches-legal/2017/01/09/f56028b4-d442-11e6-9cb0-54ab630851e8_story.html

"Rettenmaier's hard drive was shipped to Geek Squad City in Brooks, Ky., a suburb of Louisville.

"Prosecutors said that the Geek Squad technician who searched the unallocated space was merely trying to recover all the data Rettenmaier had asked to be restored. Riddet argued that the technician was going beyond the regular search to deleted material to find evidence the FBI might want."

It seems as if the people working for BB in Louiville were data recovery people. You can't really be surprised that A) they recovered data or B) that the FBI might be interested in knowing people who work there - they were paying them.

Dave , January 10, 2017 at 4:22 pm

Bob,

Speaking of privacy, I believe that all those numbers appended to the end of the WAPO link you posted lead straight back to your computer and the chain of links you used to find it.
Sometimes you can strip them out and get to the link without them. Other times you cannot. Anyone savvy enough to explain an easy formula anonymize the link by removing all or part of those numbers?

bob , January 10, 2017 at 4:45 pm

Yeah, I posted that link quickly this morning without looking.

Dave , January 10, 2017 at 12:56 pm

H.P.? Serves him right for buying Hewlett Packard shit and for trusting Best Buy.
Thanks to Carly Fiorina, ALL H.P. products have become absolute unreliable garbage.
The way to get back at Best Buy is to use them as a free rental service; i.e. Buy a product you want to use for a little while, keep the receipt and then return it within the allowed period and get your money back.

Any corporation that allows the nonsense profiled in this article deserves the corporate death penalty.

If you have an old hard drive you can do the following to disable it at home:
Drill multiple holes, at least half an inch in diameter, all the way through the casing and the disk of the hard drive so you can look through the holes. You will need a vice and high quality drill bits. Don't do this unless you are familiar with tools and take safety precautions. Your hand is worth more than your privacy.

Make as least several holes, and make sure they are not opposite each other on the disc. This will cause it to blow up when it's spinning at x thousand RPM.
Pour glue into the holes and tip the casing on its edge so the glue flows inside the hard drive casing.

bob , January 10, 2017 at 5:46 pm

Drilling holes through the platters is probably the quickest, easiest way to render the drive useless to most.

It's not about having the drive blow up, it's about how much time and effort they are going to have to expend trying to get that data back.

If you're worried about state level actors, you're not going to be able to do much. They have unlimited time and money. You have to assume they will get it.

-they don't have to spin the drive at 5,400 rpm. In fact, at that level, they can't. The analyze it, very slowly, with an electron microscope.

fajensen , January 10, 2017 at 7:28 am

Not only that there can be stuff hiding in un-allocated space – it can be sucked into allocated space when new stuff is created when sloppy – or performance fetishistic – programmers do not zero out memory on allocation.

So, you create a new file / document / image and now inside the binary blob that contains your data, other stuff now lurks.

Tuff Titties if you send a picture of your dog in Christmas Dress to Granny and the "padding" added to align the image data with physical sectors on the hard disk suck in a "Jenny thumbnail" that Firefox cached for you when some pr0n site did a popup.

Once on the net, STASI's robots will sniff that out because "padding space" is EXACTLY one of the channels that "Evul Terrierists" would use to hide nefarious plots – Prosecutions will follow, because they have blown billions on this surveillance machine so they always need cases to prove the worth of the "investment".

In the US, "Progress" is commonly measured in "Effort Spent" so it does not matter that the charges will eventually be dismissed.

PS:
I often buy used business computers through vendors like Arrow Value Recovery. I do this to save money, because nothing radically good has come up for some years now making a 2 year old computer perfectly good especially at 1/3 of the new-price and also for environmental reasons.

I never keep the original hard drive that come with the computer, I replace it with a new SSD and reinstall from original media. Why?

Because even though the drive has been initialized by the vendor of the used PC, there may be stuff lurking in there that I don't want to maybe take through customs or airport security! Or maybe known things I don't want running on the inside of my firewall. Lenovo is kinda in-famous for that, others haven't been outed yet, one must assume.

Katharine , January 10, 2017 at 11:02 am

You seem to discount what the article says when you say:
> They analyzed it and found his deleted files.

It is quite a jump to identify this as his or even necessarily as a deleted file given this:

But in Rettenmaier's case, the alleged "Jenny" image was found on unallocated "trash" space, meaning it could only be retrieved by "carving" with costly, highly sophisticated forensics tools. In other words, it's arguable a computer's owner wouldn't know of its existence. (For example, malware can secretly implant files.)

To the best of my limited understanding deleted files go to Windows "Trash" in Windows space, not to unallocated space. If someone could explain how lost files could move out of the Windows partition to unallocated space, or clarify how else the term "unallocated" might be interpreted here I would appreciate it.

Knifecatcher , January 10, 2017 at 12:23 pm

Files in "Trash" aren't really deleted until the trash (or Recycling Bin, or whatever) is emptied. But even then the data isn't really gone. The 1s and 0s that make up the "Jenny" image or your 1040 or the torrid letter to your mistress are still there.

The operating system just erases the pointer or bookmark that tells it "this is a file" and marks the space as unallocated, meaning it can now store other stuff there. But until it does so any program that can read the data directly – not through the operating system – can still find and view the contents of those files.

Katharine , January 10, 2017 at 1:11 pm

So they're only referring to space temporarily unallocated on that partition, not another partition that is unallocated? Okay, thanks!

bob , January 10, 2017 at 4:26 pm

When you look at hard drive, especially with the intent to "recover data" there is no way to look at just want you want to see,

You have to look at everything on the hard drive. You take an image of the hard drive, then try to piece the files back together.

That there were "deleted" files on that hard drive, and that the tech recovered them, is not nefarious. It's his job.

I'm more than willing to admit that this is very shady business. He was also working for the FBI? That ain't cool.

Once you let that hard drive out of your sight, and let someone else poke at it, you can't be surprised that they find things.

"But I didn't want them to find THAT!" is not a legal excuse.

I'm pretty amazed at how this story is taking off. It really demonstrates how little people understand the tech that they use everyday.

This is a very bad case to try to make some sort of example out of. But, he's a rich doctor from Cali. It's not that surprising.

reslez , January 10, 2017 at 12:39 pm

At $500 a pop, an hourly Geek Squad worker has plenty of incentive to make up whatever is needed to keep the FBI happy. Think they have too much integrity or there's too much oversight of their actions? What about the multiple incidents where these same technicians charge for services that aren't warranted or weren't performed or save off copies of their customers' nude photos and share them with the entire internet?

Geek Squad Accused Of Stealing, Distributing Customer's Naked Photos. Yes, Again (2013)

bob , January 10, 2017 at 4:30 pm

"Think they have too much integrity or there's too much oversight of their actions?"

Who said that?

If you don't want your nude photos to be shared, DON'T SHARE THEM.

I'd recommend never getting them near the internet if you are that worried.

crittermom , January 10, 2017 at 6:27 am

Great article. Thanks, Yves.
Perhaps it was a little too early in the morn for me to read it, however. I remain stunned (which is rare following this past election season).
At $500 a pop, it seems the temptation would be huge for the Geeks to plant things on your computer to get a 'reward' from the FBI.
This 'private spy' practice is wrong on so many levels.
I've never used the Geek Squad & now I certainly never would.
Apparently, they are just one more enemy to avoid. Wowsers. I'll be forwarding this article to friends. Best Buy is now Big Brother.

River , January 10, 2017 at 12:18 pm

You'd have more incentive since your hourly wage, from what is probably a part time job or "part time" i.e. just few enough hours to deny you full time is pretty meager. At $500 a tip, you can be sure that at least the temptation is there to give the Feds what they want.

Roger Smith , January 10, 2017 at 6:48 am

Great article. I would love to know whether or not the Apple Stores do this, especially since Macs are largely not self repairable, even at the most basic level. i.e. Went into get a cracked screen/battery fixed, ended up with a federal investigation!

Eureka Springs , January 10, 2017 at 8:43 am

I took a friend into an apple store a couple days ago because she was having problems getting in/passed her own password. Within minutes they literally put her entire hd in the cloud and then told her after the fact. I lost it when they asked if I wanted the same.

A family member of mine frequently has problems with a windows based laptop and best buy geeks just accesses her entire computer remotely. I've never understood why someone would allow such a thing. Can't wait to send her this article/link.

katiebird , January 10, 2017 at 8:54 am

Can those files be deleted from iCloud or are the there forever?

Eureka Springs , January 10, 2017 at 9:18 am

I don't know but assume the worst considering the value to so many and the difficulty of truly erasing files from ones own hd. The apple store "cloud" was a room full of large servers just behind the counter. They don't ask, or charge for that 'service' so once again, we must be the product.

And as for the police state and the courts . could we find a mafia more intrusive, less trustworthy? As I keep thinking, why oh why aren't computers and phones the very expanded definition of papers and effects?

ambrit , January 10, 2017 at 11:11 am

I'm wondering just how big the data file capacity of the Utah federal server farm really is. It is "common knowledge" that the, say, military regularly hides the true capabilities of it's machinery on the basis of combat efficiency. "Keep 'em guessing" is the idea. This gives one a potential edge if real conflict should occur. Logically, the same should apply to federal cyber capabilities. So, how much of the nation's cyber traffic can be stored and analyzed? All of it? The mind boggles.
Here, the quality of algorithmic sorting functions is key. Sloppy searches will yield excesses of false positive prosecutions. It would be easy for "revenge" prosecutions and "silencing" actions to be inserted and hidden this way. Thus, the "powers" actually have a disincentive to perfect their sorting algorithms. Bad days ahead.

Knifecatcher , January 10, 2017 at 12:28 pm

My brother used to live a few minutes away from that facility so I've driven past it. It's hard to get a scale for the place from photos but in person it's absolutely massive.

Old Jake , January 10, 2017 at 5:11 pm

Once data is out of your hands you have to assume it's public.

For example: you tell Apple to delete your data. How do they do it? The same way your computer does it, their system deletes the pointer to that data (file) from an "index" of the data (files) disk. In other words it does not delete the data from the disk, it only tells itself to ignore it in the future. If someone comes along later, and wants to scan the disk and recover deleted files they can do just what the Geek guy did.

Quick answer: No, once files are in the iCloud they are effectively there forever.

bob , January 10, 2017 at 5:24 pm

Agreed.

Roger Smith , January 10, 2017 at 11:19 am

Yikes! "Just in case" no doubt, or "standard protocol".

bob , January 10, 2017 at 5:09 pm

It's "standard protocol" for any professional level computer tech to image the drive before they do anything else. In case they do something that wipes out the rest of the data while working on it.

What they do with that image, and how they store it, is the tricky part.

It's much easier and quicker to "image" a hard drive, than to securely delete a hard drive.

How long does it take to fill up a 500 GB hard drive? It's going to take at least that long, and probably several multiples of that time, to securely delete that drive by OVERWRITING the drives.

I think DOD level "wiping" calls for 20 overwrites.

Drives do 2 things- Read or write. There is no "delete".

Even the spooks in the plane over China a few years ago were forced to use axes to "delete" the data, before the Chinese got to it. It's WAY quicker.

They also, on that level, weren't deleting the data. When trying to defend against a state level attack, all you're doing is increasing the time that it will take them to recover the data, or most of the data.

oho , January 10, 2017 at 9:01 am

anyone w/a cable and access to your device can clone, sniff around or modify your drive.

.unless you encrypt.

"The Courier-Mail said customers had also had photos stolen from their phones."

https://www.theguardian.com/australia-news/2016/oct/13/staff-at-brisbane-apple-store-fired-for-stealing-pictures-from-customer-phones

bob , January 10, 2017 at 5:17 pm

It depends on how you encrypt. It's not a panacea, and much harder to achieve in practice than certain iHoles will make you believe

The techs at the genus bar can see your files? You ain't encrypting right..

Ivy , January 10, 2017 at 11:59 am

What do people recommend on how to secure or scrub a MacBook or similar Apple product after Genius Bar service?

Old Jake , January 10, 2017 at 5:04 pm

After? Isn't that a bit late?

Ivy , January 10, 2017 at 9:02 pm

Old Jake, other NC readers may have similar concerns about data security, and your other comments seem to indicate some familiarity with computers. What would you advise people to do post-Apple or post-Best Buy?

bob , January 10, 2017 at 9:57 pm

The best way to help is to-

Back things up on a dedicated, local drive. A true backup is not kept in the same physical location as the computer is. Keep it in a different building, in case of fire, or disaster.

If you're not backing your files up, don't have that drive plugged in. Don't have it in the same place.

Don't ever "throw out" any computer, or anything with a hard drive or storage. Don't assume that because you can't access it, no one can.

Destroy it, or keep it forever. Those are the only two "safe" choices.

"but i know someone who recycles computer equipment"

You mean they sell it? That's what "recycling" is in the tech industry. I'd be very wary of anyone willing to "take a drive" off my hands for me. They aren't going to securely delete it, they're going to sell it for a few bucks to someone else. They certainly aren't going to take the time to securely "wipe" the drive. That takes hours, and lots of power. For a few dollars they are going to get on the sale?

There are people who offer "shredding" (grinding the drive into pieces with a big machine) or secure disk disposal. This costs money. Yes, you will have to pay to get rid of it safely, and then trust that whomever you pay actually does what they say they are going to do.

"why do I have to pay to get rid of it? I have very good taste, and spent a ton of money on that computer. It's worth something"

No, it's not. It's a liability.

bob , January 10, 2017 at 10:16 pm

Along those lines-

Never use "cloud based" backups, unless you are OK with the files being up on the internet. YOU ARE PUTTING THEM ON THE INTERNET. Cloud based backups are a great place for hackers to target, lots of stuff there.

if you keep backups, you shouldn't have to ever bring your computer in with anything on it. If you are in a situation where you MUST leave the hard drive in the machine to get it serviced, securely delete (overwrite the drive) and then restore the computer to the zero day state of when you took it out of the box. This may require another computer.

If you are in a situation where the drive is cooked(drive failure), keep the drive, buy a new one, and restore from backups to the new drive.

This is getting much harder. Getting install disks is very tough these days. Disk imaging programs are better, but they are also prone to hardware compatibility issues.

Before you use the computer, make sure you have a good backup first. This means actually deleting and re-writing the disk from backups. You don't know if it will work until you try. You don't want to find out it doesn't work when you are scrambling to get things fixed.

90% of "computer problems" are disk and/or OS related issues.

Done right, this can save a ton of time, and risk.

bob , January 10, 2017 at 10:18 pm

LSS-

There's no "solution". Just best practices.

If anyone tries to sell you a box that "will do everything", walk away.

Security is a process, not a product.

bob , January 10, 2017 at 4:35 pm

I'm 99% positive that apple is probably worse. Apple and time machine are "cloud" based. No need for the FBI, or paid agents of the FBI, to look at the physical drive to see your files. All they have to do is look at the cloud, which may be done with or without apple's help or permission.

Not that apple has any problem cooperating with authoritarian govs-

http://www.nytimes.com/2017/01/04/business/media/new-york-times-apps-apple-china.html

Octopii , January 10, 2017 at 9:35 am

All of us who work or have worked in consumer-oriented technical service are well aware that it's an unscalable business. Unless something else is going on that favors an organization. This doesn't surprise me one bit.

bob , January 10, 2017 at 4:37 pm

It's a tempest in a teapot.

I'm very surprised this story is getting anywhere.

Where have you people been living for the past decade?

different clue , January 10, 2017 at 8:21 pm

Computerologists and digitologists and coderologists assume that every American is ( or should be) a computerologist or a digitologist or a coderologist. Most of us are no such thing. Most of us are various levels of analog holdovers, helpless and afraid . . . victims of a world we never made.

So what looks like a tempest in a teapot to you might look like botulism in the beans to many.

bob , January 10, 2017 at 9:40 pm

I'm sorry, it's difficult to deal with all the BS that the tech industry has fed people.

I used to do tech support, and got out of it for this reason "but apple makes it a lot easier!"

Then, go get an apple.

"I want my files secure. I want to be able to access them anywhere"

Those are mutually exclusive terms. You can't have both. You can pay for both. There are more than a few companies who will sell this idea to you, but since when do you get what you pay for?

"But apple lets me do that, and they don't talk to me like this"

Go find a genie. They'll tell you whatever you want as long as you keep feeding the vending machine money.

"you're a jerk"

PNW_WarriorWoman , January 10, 2017 at 10:36 am

KIRO TV's (Seattle) Jesse Jones did a story in November 2016 on Office Depot selling fixes for computer problems that don't exist and pushing customers to purchase costly repairs. As a result, Senator Maria Cantwell called for the Federal Trade Commission to investigate.

Furzymouse , January 10, 2017 at 10:36 am

​In the aughts, the Geek Squad in CA ​copied our credit card, which we had used to charge a repair to a laptop, to purchase a trip for two to Italy​ ​​​took months to get the charge reversed, as they also hacked all our personal info as well, making it appear that we had indeed booked the trip ..​

Praedor , January 10, 2017 at 12:31 pm

Well, I'll NEVER use those turds. I haven't actually bought a computer since 1998. Since that time I buy parts and construct my own PC, buy software and install (or re-install) that, and if there's any problems I do the fixing/replacing. Now I know to NEVER get lazy and let those asshats do the work for me.

craazyboy , January 10, 2017 at 2:17 pm

I'm migrating to wrinkle porn, just to be on the safe side. I've also searched for and scrubbed any pizza images off my hard disk.

JTMcPhee , January 10, 2017 at 2:40 pm

Would it be silly to refer to this set of "geeks" as "iPaid iInformants?"

Nothing is ever what it seems. Corruption is everywhere. Murphy and the Second Law and the Ruling Principles of the Universe, accident and error are ascendant and triumphant

bob , January 10, 2017 at 5:58 pm

one more bit-

SDD's. They are harder to delete, in some respects. Some very knowledgeable people have claimed that it's 1) impossible to wipe an SSD, and 2) it's impossible to truly encrypt them because of the way the that the flash controllers interface with the computer. I'm not so sure that it's a flaw.

bob , January 10, 2017 at 6:01 pm

Link to some discussion on this subject-

http://arstechnica.com/civis/viewtopic.php?f=11&t=1243475

Elizabeth , January 10, 2017 at 6:16 pm

Yves, thanks for posting this – I thought I couldn't be shocked anymore, but I had no idea this was happening. What's to prevent a Geek Squad employee from planting compromising material on one's computer, if the FBI wants is out to get someone? Nothing is ever really deleted, but how do you prove something wasn't planted? I'm sending this around to my relatives, because they use GS frequently.

I never thought BB/GS would be the new Stasi.

aab , January 10, 2017 at 7:44 pm

Actually, doesn't it make PERFECT SENSE that a large chain retail appliance store with an in-house repair team branded as "geeks" would be EXACTLY the new Stasi? It's sort of perfect.

It's literally the TV show Chuck , only in the real world, the CIA is bad, so Chuck is bad, and Buy More is bad. Which really shouldn't be surprising, if you think about it for two seconds.

On a somewhat related note, the CIA really wants its Russian War, doesn't it? I can't believe mainstream publications are publishing "golden showers" allegations about the incoming President. This can't work, can it? And if it doesn't, won't Trump shut them down the second his hand lifts off the Bible on Inauguration Day? I'm starting to have a lot of respect for Donald Trump on a personal level. I mean, I guess he never anticipated facing this degree of meretricious, toxic nonsense when he got into the race, but he seems to have been forewarned about today's attack.

oho , January 10, 2017 at 10:04 pm

' can't believe mainstream publications are publishing "golden showers" allegations about the incoming President.'

CIA/MI6 + MSM got trolled by 4chan. "Curveball" + yellowcake all over again. except this time it's funny and doesn't involve death and decades of geopolitical fallout.

Please Kek, give Trump the power to clean house at Langley. Praise Kek. Amen.

[Dec 29, 2016] Cell phones can track their location, hoover up their personal info, record their conversations but that doesn't stop most people from owning one anyway. The populace has been convinced that owning the device that constantly spies on them is a necessity

Notable quotes:
"... I'd wager that most people know that cell phones can track their location, hoover up their personal info, record their conversations, etc, etc but that doesn't stop most people from owning one anyway. The populace has been convinced that owning the device that constantly spies on them is a necessity. ..."
"... I've often wondered whether the relatively high difficulty in buying a smartphone with less than two cameras has something to do with the SIGINT Enabling Project. ..."
Dec 29, 2016 | www.nakedcapitalism.com
PQS , December 28, 2016 at 11:30 am

I was paranoid about the Roomba and I'm pretty sure it doesn't have any connectivity, nor does it record anything.
Personal assistant connected to both the 'net and Large Corp? No. Way.

lyman alpha blob , December 28, 2016 at 1:01 pm

I'd wager that most people know that cell phones can track their location, hoover up their personal info, record their conversations, etc, etc but that doesn't stop most people from owning one anyway. The populace has been convinced that owning the device that constantly spies on them is a necessity.

Don't think learning that Echo is doing the same thing would deter most people from using it. 'Convenience' and all

cocomaan , December 28, 2016 at 5:40 pm

Fortunately, I can barely hear the person I'm talking to through my smartphone, so I am not optimistic that it can actually hear me from someplace else in the house, especially compared to someone's Echo I have experience with. But point taken.

hunkerdown , December 28, 2016 at 6:20 pm

The microphoneS (often there is an extra mic to cancel ambient noise) in a phone are exquisitely sensitive. The losses you're hearing are those from crushing that comparatively high-fidelity signal into a few thousand bits per second for transmission to/from the base station.

I've often wondered whether the relatively high difficulty in buying a smartphone with less than two cameras has something to do with the SIGINT Enabling Project. (Not that I'm foily )

carycat , December 28, 2016 at 3:17 pm

Wonder if Mr. B gave Mr. T and all the other attendees an Echo at Mr. T's tech summit. ATT and all the other big telcom players all said, scout's honor, they don't listen in on their customer's phone calls, so no worries because Fortune 500 companies are such ethical people. That may even be technically true because the 3 letter agencies and their minions (human or otherwise) are doing the actual listening. So if you are too lazy to go to Amazon.com to delete your idle chit chat, I can sell you a cloth to wipe it with (maybe I'll even list it on Amazon's marketplace).

Daryl , December 28, 2016 at 8:09 pm

It should be fairly simple to determine whether it's sending everything home by analyzing network traffic.

Of course, just because it doesn't right now, doesn't mean that Amazon or your local three letter agency cannot alter it to do so in the future

[Dec 26, 2016] Snowden: 'The Central Problem of the Future' Is Control of User Data

Dec 26, 2016 | tech.slashdot.org
(techcrunch.com) 157 Posted by BeauHD on Wednesday December 14, 2016 @05:00AM from the no-place-to-hide dept. Twitter CEO Jack Dorsey interviewed Edward Snowden via Periscope about the wide world of technology. The NSA whistleblower " discussed the data that many online companies continue to collect about their users , creating a 'quantified world' -- and more opportunities for government surveillance," reports TechCrunch. Snowden said, "If you are being tracked, this is something you should agree to, this is something you should understand, this is something you should be aware of and can change at any time." TechCrunch reports: Snowden acknowledged that there's a distinction between collecting the content of your communication (i.e., what you said during a phone call) and the metadata (information like who you called and how long it lasted). For some, surveillance that just collects metadata might seem less alarming, but in Snowden's view, "That metadata is in many cases much more dangerous and much more intrusive, because it can be understood at scale." He added that we currently face unprecedented perils because of all the data that's now available -- in the past, there was no way for the government to get a list of all the magazines you'd read, or every book you'd checked out from the library. "[In the past,] your beliefs, your future, your hopes, your dreams belonged to you," Snowden said. "Increasingly, these things belong to companies, and these companies can share them however they want, without a lot of oversight." He wasn't arguing that companies shouldn't collect user data at all, but rather that "the people who need to be in control of that are the users." "This is the central problem of the future, is how do we return control of our identities to the people themselves?" Snowden said.

[Dec 26, 2016] NSA's Best Are 'Leaving In Big Numbers,' Insiders Say

Dec 26, 2016 | yro.slashdot.org
(cyberscoop.com) 412 Posted by EditorDavid on Sunday December 11, 2016 @11:34AM from the blaming-Oliver-Stone dept. schwit1 quotes CyberScoop: Low morale at the National Security Agency is causing some of the agency's most talented people to leave in favor of private sector jobs , former NSA Director Keith Alexander told a room full of journalism students, professors and cybersecurity executives Tuesday. The retired general and other insiders say a combination of economic and social factors including negative press coverage -- have played a part... "I am honestly surprised that some of these people in cyber companies make up to seven figures. That's five times what the chairman of the Joint Chiefs of Staff makes. Right? And these are people that are 32 years old. Do the math. [The NSA] has great competition," he said.

The rate at which these cyber-tacticians are exiting public service has increased over the last several years and has gotten considerably worse over the last 12 months, multiple former NSA officials and D.C. area-based cybersecurity employers have told CyberScoop in recent weeks... In large part, Alexander blamed the press for propagating an image of the NSA that causes people to believe they are being spied on at all times by the U.S. government regardless of their independent actions.
"What really bothers me is that the people of NSA, these folks who take paltry government salaries to protect this nation, are made to look like they are doing something wrong," the former NSA Director added. "They are doing exactly what our nation has asked them to do to protect us. They are the heroes."

[Dec 26, 2016] HP Shutting Down Default FTP, Telnet Access To Network Printers

Dec 26, 2016 | hardware.slashdot.org
(pcworld.com) 83 Posted by msmash on Tuesday December 06, 2016 @11:00AM from the business-as-usual dept. Security experts consider the aging FTP and Telnet protocols unsafe, and HP has decided to clamp down on access to networked printers through the remote-access tools . From a report on PCWorld: Some of HP's new business printers will, by default, be closed to remote access via protocols like FTP and Telnet. However, customers can activate remote printing access through those protocols if needed. "HP has started the process of closing older, less-maintained interfaces including ports, protocols and cipher suites" identified by the U.S. National Institute of Standards and Technology as less than secure, the company said in a statement. In addition, HP also announced firmware updates to existing business printers with improved password and encryption settings, so hackers can't easily break into the devices.

[Dec 26, 2016] New Stegano Exploit Kit Hides Malvertising Code In Banner Pixels

Dec 26, 2016 | it.slashdot.org
(bleepingcomputer.com) 207 Posted by BeauHD on Tuesday December 06, 2016 @08:25PM from the hidden-in-plain-sight dept. An anonymous reader quotes a report from BleepingComputer: For the past two months, a new exploit kit has been serving malicious code hidden in the pixels of banner ads via a malvertising campaign that has been active on several high profile websites. Discovered by security researchers from ESET , this new exploit kit is named Stegano, from the word steganography , which is a technique of hiding content inside other files. In this particular scenario, malvertising campaign operators hid malicious code inside PNG images used for banner ads. The crooks took a PNG image and altered the transparency value of several pixels. They then packed the modified image as an ad, for which they bought ad displays on several high-profile websites. Since a large number of advertising networks allow advertisers to deliver JavaScript code with their ads, the crooks also included JS code that would parse the image, extract the pixel transparency values, and using a mathematical formula, convert those values into a character. Since images have millions of pixels, crooks had all the space they needed to pack malicious code inside a PNG photo. When extracted, this malicious code would redirect the user to an intermediary ULR, called gate, where the host server would filter users. This server would only accept connections from Internet Explorer users. The reason is that the gate would exploit the CVE-2016-0162 vulnerability that allowed the crooks to determine if the connection came from a real user or a reverse analysis system employed by security researchers. Additionally, this IE exploit also allowed the gate server to detect the presence of antivirus software. In this case, the server would drop the connection just to avoid exposing its infrastructure and trigger a warning that would alert both the user and the security firm. If the gate server deemed the target valuable, then it would redirect the user to the final stage, which was the exploit kit itself, hosted on another URL. The Stegano exploit kit would use three Adobe Flash vulnerabilities (CVE-2015-8651, CVE-2016-1019 or CVE-2016-4117) to attack the user's PC, and forcibly download and launch into execution various strains of malware.

[Dec 26, 2016] Backdoor Accounts Found in 80 Sony IP Security Camera Models

Dec 26, 2016 | yro.slashdot.org
(pcworld.com) 55 Posted by msmash on Wednesday December 07, 2016 @12:20PM from the security-woes dept. Many network security cameras made by Sony could be taken over by hackers and infected with botnet malware if their firmware is not updated to the latest version. Researchers from SEC Consult have found two backdoor accounts that exist in 80 models of professional Sony security cameras , mainly used by companies and government agencies given their high price, PCWorld reports. From the article: One set of hard-coded credentials is in the Web interface and allows a remote attacker to send requests that would enable the Telnet service on the camera, the SEC Consult researchers said in an advisory Tuesday. The second hard-coded password is for the root account that could be used to take full control of the camera over Telnet. The researchers established that the password is static based on its cryptographic hash and, while they haven't actually cracked it, they believe it's only a matter of time until someone does. Sony released a patch to the affected camera models last week.

[Dec 26, 2016] Yahoo Fixes Flaw Allowing an Attacker To Read Any User's Emails

Dec 26, 2016 | tech.slashdot.org
(zdnet.com) 30 Posted by msmash on Thursday December 08, 2016 @11:45AM from the security-woes-and-fixes dept. Yahoo says it has fixed a severe security vulnerability in its email service that allowed an attacker to read a victim's email inbox . From a report on ZDNet: The cross-site scripting (XSS) attack only required a victim to view an email in Yahoo Mail. The internet giant paid out $10,000 to security researcher Jouko Pynnonen for privately disclosing the flaw through the HackerOne bug bounty, In a write-up, Pynnonen said that the flaw was similar to last year's Yahoo Mail bug, which similarly let an attacker compromise a user's account. Yahoo filters HTML messages to ensure that malicious code won't make it through into the user's browser, but the researcher found that the filters didn't catch all of the malicious data attributes.

[Dec 26, 2016] Zeus Variant 'Floki Bot' Targets PoS Data

Dec 26, 2016 | it.slashdot.org
(onthewire.io) 25 Posted by BeauHD on Friday December 09, 2016 @05:00AM from the out-of-the-woodwork dept. Trailrunner7 quotes a report from On the Wire: Malware gangs, like sad wedding bands bands, love to play the hits. And one of the hits they keep running back over and over is the Zeus banking Trojan, which has been in use for many years in a number of different forms. Researchers have unearthed a new piece of malware called Floki Bot that is based on the venerable Zeus source code and is being used to infect point-of-sale systems, among other targets. Flashpoint conducted the analysis of Floki Bot with Cisco's Talos research team, and the two organizations said that the author behind the bot maintains a presence on a number of different underground forums, some of which are in Russian or other non-native languages for him. Kremez said that attackers sometimes will participate in foreign language forums as a way to expand their knowledge. Along with its PoS infection capability, Floki Bot also has a feature that allows it to use the Tor network to communicate. "During our analysis of Floki Bot, Talos identified modifications that had been made to the dropper mechanism present in the leaked Zeus source code in an attempt to make Floki Bot more difficult to detect. Talos also observed the introduction of new code that allows Floki Bot to make use of the Tor network. However, this functionality does not appear to be active for the time being," Cisco's Talos team said in its analysis .

[Dec 26, 2016] 5-Year-Old Critical Linux Vulnerability Patched

Dec 26, 2016 | linux.slashdot.org
(threatpost.com) 68 Posted by EditorDavid on Saturday December 10, 2016 @12:34PM from the local-Linux-attacks dept. msm1267 quotes Kaspersky Lab's ThreatPost: A critical, local code-execution vulnerability in the Linux kernel was patched more than a week ago, continuing a run of serious security issues in the operating system, most of which have been hiding in the code for years. Details on the vulnerability were published Tuesday by researcher Philip Pettersson , who said the vulnerable code was introd in August 2011.

A patch was pushed to the mainline Linux kernel December 2, four days after it was privately disclosed. Pettersson has developed a proof-of-concept exploit specifically for Ubuntu distributions, but told Threatpost his attack could be ported to other distros with some changes. The vulnerability is a race condition that was discovered in the af_packet implementation in the Linux kernel, and Pettersson said that a local attacker could exploit the bug to gain kernel code execution from unprivileged processes. He said the bug cannot be exploited remotely.
"Basically it's a bait-and-switch," the researcher told Threatpost. "The bug allows you to trick the kernel into thinking it is working with one kind of object, while you actually switched it to another kind of object before it could react."

[Dec 26, 2016] Vulnerability Prompts Warning: Stop Using Netgear WiFi Routers

Dec 26, 2016 | mobile.slashdot.org
(securityledger.com) 147 Posted by EditorDavid on Sunday December 11, 2016 @01:34PM from the nixing-the-network dept. "By convincing a user to visit a specially crafted web site, a remote attacker may execute arbitrary commands with root privileges on affected routers," warns a new vulnerability notice from Carnegie Mellon University's CERT. Slashdot reader chicksdaddy quotes Security Ledger's story about certain models of Netgear's routers: Firmware version 1.0.7.2_1.1.93 (and possibly earlier) for the R7000 and version 1.0.1.6_1.0.4 (and possibly earlier) for the R6400 are known to contain the arbitrary command injection vulnerability . CERT cited "community reports" that indicate the R8000, firmware version 1.0.3.4_1.1.2, is also vulnerable... The flaw was found in new firmware that runs the Netgear R7000 and R6400 routers. Other models and firmware versions may also be affected, including the R8000 router, CMU CERT warned.

With no work around to the flaw, CERT recommended that Netgear customers disable their wifi router until a software patch from the company that addressed the hole was available... A search of the public internet using the Shodan search engine finds around 8,000 R6450 and R7000 devices that can be reached directly from the Internet and that would be vulnerable to takeover attacks. The vast majority of those are located in the United States.
Proof-of-concept exploit code was released by a Twitter user who, according to the article, said "he informed Netgear of the flaw more than four months ago, but did not hear back from the company since then."

[Dec 26, 2016] Malvertising Campaign Infects Your Router Instead of Your Browser

Dec 26, 2016 | it.slashdot.org
(bleepingcomputer.com) 137 Posted by BeauHD on Wednesday December 14, 2016 @07:45PM from the connected-devices dept. An anonymous reader quotes a report from BleepingComputer: Malicious ads are serving exploit code to infect routers , instead of browsers, in order to insert ads in every site users are visiting. Unlike previous malvertising campaigns that targeted users of old Flash or Internet Explorer versions, this campaign focused on Chrome users, on both desktop and mobile devices. The malicious ads included in this malvertising campaign contain exploit code for 166 router models, which allow attackers to take over the device and insert ads on websites that didn't feature ads, or replace original ads with the attackers' own. Researchers haven't yet managed to determine an exact list of affected router models , but some of the brands targeted by the attackers include Linksys, Netgear, D-Link, Comtrend, Pirelli, and Zyxel. Because the attack is carried out via the user's browser, using strong router passwords or disabling the administration interface is not enough. The only way users can stay safe is if they update their router's firmware to the most recent versions, which most likely includes protection against the vulnerabilities used by this campaign. The "campaign" is called DNSChanger EK and works when attackers buy ads on legitimate websites and insert malicious JavaScript in these ads, "which use a WebRTC request to a Mozilla STUN server to determine the user's local IP address," according to BleepingComputer. "Based on this local IP address, the malicious code can determine if the user is on a local network managed by a small home router, and continue the attack. If this check fails, the attackers just show a random legitimate ad and move on. For the victims the crooks deem valuable, the attack chain continues. These users receive a tainted ad which redirects them to the DNSChanger EK home, where the actual exploitation begins. The next step is for the attackers to send an image file to the user's browser, which contains an AES (encryption algorithm) key embedded inside the photo using the technique of steganography. The malicious ad uses this AES key to decrypt further traffic it receives from the DNSChanger exploit kit. Crooks encrypt their operations to avoid the prying eyes of security researchers."

[Dec 26, 2016] Newly Uncovered Site Suggests NSA Exploits For Direct Sale

Dec 26, 2016 | news.slashdot.org
(vice.com) 33 Posted by BeauHD on Wednesday December 14, 2016 @08:25PM from the buy-one-get-one dept. An anonymous reader quotes a report from Motherboard: The Shadow Brokers -- a hacker or group of hackers that stole computer exploits from the National Security Agency -- has been quiet for some time. After their auction and crowd-funded approach for selling the exploits met a lukewarm reception, the group seemingly stopped posting new messages in October. But a newly uncovered website, which includes a file apparently signed with The Shadow Brokers' cryptographic key, suggests the group is trying to sell hacking tools directly to buyers one by one , and a cache of files appears to include more information on specific exploits. On Wednesday, someone calling themselves Boceffus Cleetus published a Medium post called "Are the Shadow Brokers selling NSA tools on ZeroNet?" Cleetus, who has an American flag with swastikas as their profile picture, also tweeted the post from a Twitter account created this month. The site includes a long list of supposed items for sale, with names like ENVOYTOMATO, EGGBASKET, and YELLOWSPIRIT. Each is sorted into a type, such as "implant," "trojan," and "exploit," and comes with a price tag between 1 and 100 bitcoins ($780 -- $78,000). Customers can purchase the whole lot for 1000 bitcoins ($780,000). The site also lets visitors download a selection of screenshots and files related to each item. Along with those is a file signed with a PGP key with an identical fingerprint to that linked to the original Shadow Brokers dump of exploits from August. This newly uncovered file was apparently signed on 1 September; a different date to any of The Shadow Brokers' previously signed messages .

[Dec 26, 2016] Netgear Releases 'Beta' Patches For Additional Routers Found With Root Vulnerability

Dec 26, 2016 | it.slashdot.org
(netgear.com) 26 Posted by EditorDavid on Saturday December 17, 2016 @10:34AM from the but-they-might-not-work dept. The Department of Homeland Security's CERT issued a warning last week that users should "strongly consider" not using some models of NetGear routers, and the list expanded this week to include 11 different models. Netgear's now updated their web page, announcing eight "beta" fixes, along with three more "production" fixes. chicksdaddy writes: The company said the new [beta] firmware has not been fully tested and " might not work for all users ." The company offered it as a "temporary solution" to address the security hole. "Netgear is working on a production firmware version that fixes this command injection vulnerability and will release it as quickly as possible," the company said in a post to its online knowledgebase early Tuesday.

The move follows publication of a warning from experts at Carnegie Mellon on December 9 detailing a serious "arbitrary command injection" vulnerability in the latest version of firmware used by a number of Netgear wireless routers. The security hole could allow a remote attacker to take control of the router by convincing a user to visit a malicious web site... The vulnerability was discovered by an individual...who says he contacted Netgear about the flaw four months ago , and went public with information on it after the company failed to address the issue on its own.

[Dec 26, 2016] McAfee Takes Six Months To Patch Remote Code Exploit In Linux VirusScan Enterprise

Dec 26, 2016 | linux.slashdot.org
Posted by EditorDavid on Saturday December 17, 2016 @05:34PM from the jeopardized-in-June dept. mask.of.sanity writes: A researcher has reported 10 vulnerabilities in McAfee's VirusScan Enterprise for Linux that when chained together result in root remote code execution. McAfee took six months to fix the bugs issuing a patch December 9th.
Citing the security note , CSO adds that "one of the issues affects Virus Scan Enterprise for Windows version 8.7i through at least 8.8 ." The vulnerability was reported by Andrew Fasano at MIT's federally-funded security lab, who said he targeted McAfee's client because "it runs as root, it claims to make your machine more secure, it's not particularly popular, and it looks like it hasn't been updated in a long time."

[Dec 26, 2016] Massive Mirai Botnet Hides Its Control Servers On Tor

Dec 26, 2016 | it.slashdot.org
Posted by EditorDavid on Saturday December 17, 2016 @06:34PM from the catch-me-if-you-can dept. "Following a failed takedown attempt, changes made to the Mirai malware variant responsible for building one of today's biggest botnets of IoT devices will make it incredibly harder for authorities and security firms to shut it down," reports Bleeping Computer. An anonymous reader writes: Level3 and others" have been very close to taking down one of the biggest Mirai botnets around, the same one that attempted to knock the Internet offline in Liberia , and also hijacked 900,000 routers from German ISP Deutsche Telekom .The botnet narrowly escaped due to the fact that its maintainer, a hacker known as BestBuy, had implemented a domain-generation algorithm to generate random domain names where he hosted his servers.

Currently, to avoid further takedown attempts from similar security firms, BestBuy has started moving the botnet's command and control servers to Tor . "It's all good now. We don't need to pay thousands to ISPs and hosting. All we need is one strong server," the hacker said. "Try to shut down .onion 'domains' over Tor," he boasted, knowing that nobody can.

[Dec 26, 2016] LinkedIn Warns 9.5 Million Lynda Users About Database Breach

Dec 26, 2016 | yro.slashdot.org
(neowin.net) 35 Posted by EditorDavid on Sunday December 18, 2016 @02:34PM from the profile-views dept. Less than four weeks after Microsoft formally acquired LinkedIn for $26 billion , there's been a database breach. An anonymous reader writes: LinkedIn is sending emails to 9.5 million users of Lynda.com, its online learning subsidiary, warning the users of a database breach by "an unauthorized third party" . The affected database included contact information for at least some of the users. An email to customers says "while we have no evidence that your specific account was accessed or that any data has been made publicly available, we wanted to notify you as a precautionary measure." Ironically, the breach comes less than a month after Russia blocked access to LinkedIn over privacy concerns .
LinkedIn has also reset the passwords for 55,000 Lynda.com accounts (though apparently many of its users don't have accounts with passwords).

[Dec 26, 2016] The FBI Is Arresting People Who Rent DDoS Botnets

Dec 26, 2016 | yro.slashdot.org
(bleepingcomputer.com) 211 Posted by EditorDavid on Sunday December 18, 2016 @04:44PM from the denial-of-liberty-counterattack dept. This week the FBI arrested a 26-year-old southern California man for launching a DDoS attack against online chat service Chatango at the end of 2014 and in early 2015 -- part of a new crackdown on the customers of "DDoS-for-hire" services. An anonymous reader writes: Sean Krishanmakoto Sharma, a computer science graduate student at USC, is now facing up to 10 years in prison and/or a fine of up to $250,000. Court documents describe a service called Xtreme Stresser as "basically a Linux botnet DDoS tool," and allege that Sharma rented it for an attack on Chatango, an online chat service. "Sharma is now free on a $100,000 bail," reports Bleeping Computer, adding "As part of his bail release agreement, Sharma is banned from accessing certain sites such as HackForums and tools such as VPNs..."

"Sharma's arrest is part of a bigger operation against DDoS-for-Hire services, called Operation Tarpit ," the article points out. "Coordinated by Europol, Operation Tarpit took place between December 5 and December 9, and concluded with the arrest of 34 users of DDoS-for-hire services across the globe, in countries such as Australia, Belgium, France, Hungary, Lithuania, the Netherlands, Norway, Portugal, Romania, Spain, Sweden, the United Kingdom and the United States." It grew out of an earlier investigation into a U.K.-based DDoS-for-hire service which had 400 customers who ultimately launched 603,499 DDoS attacks on 224,548 targets.
Most of the other suspects arrested were under the age of 20.

[Dec 26, 2016] Russians Used Malware On Android Devices To Track and Target Ukraine Artillery, Says Report

Dec 26, 2016 | yro.slashdot.org
(reuters.com) 101 Posted by BeauHD on Thursday December 22, 2016 @06:25PM from the come-out-come-out-wherever-you-are dept. schwit1 quotes a report from Reuters: A hacking group linked to the Russian government and high-profile cyber attacks against Democrats during the U.S. presidential election likely used a malware implant on Android devices to track and target Ukrainian artillery units from late 2014 through 2016, according to a new report released Thursday. The malware was able to retrieve communications and some locational data from infected devices, intelligence that would have likely been used to strike against the artillery in support of pro-Russian separatists fighting in eastern Ukraine, the report from cyber security firm CrowdStrike found. The hacking group, known commonly as Fancy Bear or APT 28, is believed by U.S. intelligence officials to work primarily on behalf of the GRU, Russia's military intelligence agency. The implant leveraged a legitimate Android application developed by a Ukrainian artillery officer to process targeting data more quickly, CrowdStrike said. Its deployment "extends Russian cyber capabilities to the front lines of the battlefield," the report said, and "could have facilitated anticipatory awareness of Ukrainian artillery force troop movement, thus providing Russian forces with useful strategic planning information."

[Dec 26, 2016] Security Researchers Can Turn Headphones Into Microphones

Dec 26, 2016 | news.slashdot.org
(techcrunch.com) 122 Posted by BeauHD on Thursday November 24, 2016 @08:00AM from the proof-of-concept dept. As if we don't already have enough devices that can listen in on our conversations, security researchers at Israel's Ben Gurion University have created malware that will turn your headphones into microphones that can slyly record your conversations. TechCrunch reports: The proof-of-concept, called " Speake(a)r ," first turned headphones connected to a PC into microphones and then tested the quality of sound recorded by a microphone vs. headphones on a target PC. In short, the headphones were nearly as good as an unpowered microphone at picking up audio in a room. It essentially "retasks" the RealTek audio codec chip output found in many desktop computers into an input channel. This means you can plug your headphones into a seemingly output-only jack and hackers can still listen in. This isn't a driver fix, either. The embedded chip does not allow users to properly prevent this hack which means your earbuds or nice cans could start picking up conversations instantly. In fact, even if you disable your microphone, a computer with a RealTek chip could still be hacked and exploited without your knowledge. The sound quality, as shown by this chart, is pretty much the same for a dedicated microphone and headphones. The researchers have published a video on YouTube demonstrating how this malware works.

[Dec 26, 2016] Personal Data For More Than 130,000 Sailors Hacked: U.S. Navy

Dec 26, 2016 | news.slashdot.org
(reuters.com) 57 Posted by msmash on Thursday November 24, 2016 @10:04AM from the security-woes dept. Hackers gained access to sensitive information, including Social Security numbers, for 134,386 current and former U.S. sailors, the U.S. Navy has said . According to Reuters: It said a laptop used by a Hewlett Packard Enterprise Services employee working on a U.S. Navy contract was hacked. Hewlett Packard informed the Navy of the breach on Oct. 27 and the affected sailors will be notified in the coming weeks, the Navy said. "The Navy takes this incident extremely seriously - this is a matter of trust for our sailors," Chief of Naval Personnel Vice Admiral Robert Burke said in a statement.

[Dec 26, 2016] Muni System Hacker Hit Others By Scanning For Year-Old Java Vulnerability

Dec 26, 2016 | developers.slashdot.org
(arstechnica.com) 30 Posted by BeauHD on Tuesday November 29, 2016 @09:05PM from the thank-God-for-backups dept. An anonymous reader quotes a report from Ars Technica: The attacker who infected servers and desktop computers at the San Francisco Metropolitan Transit Agency (SFMTA) with ransomware on November 25 apparently gained access to the agency's network by way of a known vulnerability in an Oracle WebLogic server . That vulnerability is similar to the one used to hack a Maryland hospital network's systems in April and infect multiple hospitals with crypto-ransomware. And evidence suggests that SFMTA wasn't specifically targeted by the attackers; the agency just came up as a target of opportunity through a vulnerability scan. In an e-mail to Ars, SFMTA spokesperson Paul Rose said that on November 25, "we became aware of a potential security issue with our computer systems, including e-mail." The ransomware "encrypted some systems mainly affecting computer workstations," he said, "as well as access to various systems. However, the SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls. Muni operations and safety were not affected. Our customer payment systems were not hacked. Also, despite media reports, no data was accessed from any of our servers." That description of the ransomware attack is not consistent with some of the evidence of previous ransomware attacks by those behind the SFMTA incident -- which Rose said primarily affected about 900 desktop computers throughout the agency. Based on communications uncovered from the ransomware operator behind the Muni attack published by security reporter Brian Krebs , an SFMTA Web-facing server was likely compromised by what is referred to as a "deserialization" attack after it was identified by a vulnerability scan. A security researcher told Krebs that he had been able to gain access to the mailbox used in the malware attack on the Russian e-mail and search provider Yandex by guessing its owner's security question, and he provided details from the mailbox and another linked mailbox on Yandex. Based on details found in e-mails for the accounts, the attacker ran a server loaded with open source vulnerability scanning tools to identify and compromise servers to use in spreading the ransomware, known as HDDCryptor and Mamba , within multiple organizations' networks.

[Dec 26, 2016] Russia Says Foreign Spies Plan Cyber Attack On Banking System

Dec 26, 2016 | it.slashdot.org
(reuters.com) 88 Posted by msmash on Friday December 02, 2016 @12:20PM from the hmmm dept. Russia said on Friday it had uncovered a plot by foreign spy agencies to sow chaos in Russia's banking system via a coordinated wave of cyber attacks and fake social media reports about banks going bust . From a report on Reuters: Russia's domestic intelligence agency, the Federal Security Service (FSB), said that the servers to be used in the alleged cyber attack were located in the Netherlands and registered to a Ukrainian web hosting company called BlazingFast. The attack, which was to target major national and provincial banks in several Russian cities, was meant to start on Dec. 5, the FSB said in a statement. "It was planned that the cyber attack would be accompanied by a mass send-out of SMS messages and publications in social media of a provocative nature regarding a crisis in the Russian banking system, bankruptcies and license withdrawals," it said. "The FSB is carrying out the necessary measures to neutralize threats to Russia's economic and information security."

[Dec 26, 2016] Sysadmin Gets Two Years In Prison For Sabotaging ISP

Dec 26, 2016 | news.slashdot.org
Posted by EditorDavid on Sunday December 04, 2016 @02:39PM from the BOFH dept. After being let go over a series of "personal issues" with his employer, things got worse for 26-year-old network administrator Dariusz J. Prugar, who will now have to spend two years in prison for hacking the ISP where he'd worked. An anonymous reader writes: Prugar had used his old credentials to log into the ISP's network and "take back" some of the scripts and software he wrote... "Seeking to hide his tracks, Prugar used an automated script that deleted various logs," reports Bleeping Computer. "As a side effect of removing some of these files, the ISP's systems crashed, affecting over 500 businesses and over 5,000 residential customers."

When the former ISP couldn't fix the issue, they asked Prugar to help. "During negotiations, instead of requesting money as payment, Prugar insisted that he'd be paid using the rights to the software and scripts he wrote while at the company, software which was now malfunctioning, a week after he left." This tipped off the company, who detected foul play, contacted the FBI and rebuilt its entire network.

Six years later, Prugar was found guilty after a one-week jury trial, and was ordered by the judge to pay $26,000 in restitution to the ISP (which went out of business in October of 2015).

Prugar's two-year prison sentence begins December 27.

[Dec 26, 2016] Crooks Need Just Six Seconds To Guess A Credit Card Number

Dec 26, 2016 | it.slashdot.org
(independent.co.uk) 110 Posted by EditorDavid on Sunday December 04, 2016 @07:39AM from the one-Mississippi-two-Mississippi dept. schwit1 quotes The Independent: Criminals can work out the card number, expiration date, and security code for a Visa debit or credit card in as little as six seconds using guesswork , researchers have found... Fraudsters use a so-called Distributed Guessing Attack to get around security features put in place to stop online fraud, and this may have been the method used in the recent Tesco Bank hack ...

According to a study published in the academic journal IEEE Security & Privacy, fraudsters could use computers to systematically fire different variations of security data at hundreds of websites simultaneously . Within seconds, by a process of elimination, the criminals could verify the correct card number, expiration date and the three-digit security number on the back of the card.
One of the researchers explained this attack combines two weaknesses into one powerful attack. "Firstly, current online payment systems do not detect multiple invalid payment requests from different websites... Secondly, different websites ask for different variations in the card data fields to validate an online purchase. This means it's quite easy to build up the information and piece it together like a jigsaw puzzle."

[Dec 17, 2016] You think Putin personally supervised the Yahoo hacking? This could make many people patriotic in a hurry.

Notable quotes:
"... this will probably be in tomorrow's washington post. "how putin sabotaged the election by hacking yahoo mail". and "proton" and "putin" are 2 syllable words beginning with "p", which is dispositive according to experts who don't want to be indentified. ..."
"... [Neo]Liberals have gone truly insane, I made the mistake of trying to slog through the comments the main "putin did it" piece on huffpo out of curiosity. Big mistake, liberals come across as right wing nutters in the comments, I never knew they were so very patriotic, they never really expressed it before. ..."
"... Be sure and delete everything from your Yahoo account BEFORE you push the big red button. They intentionally wait 90 days to delete the account in order that ECPA protections expire and content can just be handed over to the fuzz. ..."
"... It's a good thing for Obama that torturing logic and evasive droning are not criminal acts. ..."
"... "Relations with Russia have declined over the past several years" I reflexively did a Google search. Yep, Victoria Nuland is still employed. ..."
"... With all the concern expressed about Russian meddling in our election process why are we forgetting the direct quid pro quo foreign meddling evidenced in the Hillary emails related to the seldom mentioned Clinton Foundation or the more likely meddling by local election officials? Why have the claims of Russian hacking received such widespread coverage in the Press? ..."
"... I watched it too and agree with your take on it. For all the build up about this press conference and how I thought we were going to engage in direct combat with Russia for these hacks (or so they say it is Russia, I still wonder about that), he did not add any fuel to this fire. ..."
"... The whole thing was silly – the buildup to this press conference and then how Obama handled the hacking. A waste of time really. I don't sense something is going on behind the scenes but it is weird that the news has been all about this Russian hacking. He did not get into the questions about the Electoral College either and he made it seem like Trump indeed is the next President. I mean it seems like the MSM was making too much about this issue but then nothing happened. ..."
Dec 17, 2016 | www.nakedcapitalism.com
pretzelattack , December 16, 2016 at 3:46 pm

this will probably be in tomorrow's washington post. "how putin sabotaged the election by hacking yahoo mail". and "proton" and "putin" are 2 syllable words beginning with "p", which is dispositive according to experts who don't want to be indentified.

HBE , December 16, 2016 at 4:13 pm

[Neo]Liberals have gone truly insane, I made the mistake of trying to slog through the comments the main "putin did it" piece on huffpo out of curiosity. Big mistake, liberals come across as right wing nutters in the comments, I never knew they were so very patriotic, they never really expressed it before.

B1whois , December 16, 2016 at 6:45 pm

The great sucking pit of need that keeps on giving. when will it abate?

different clue , December 16, 2016 at 6:49 pm

They are only hurt at the loss of their beloved Clintron, and are seizing on the Puttin Diddit excuse.

polecat , December 16, 2016 at 7:45 pm

Did they happen to offer you some Guyana Kool-Aid with that order of vitriol ?

Brad , December 16, 2016 at 10:26 pm

Unfortunately the whole "grief cycle" will get a reboot after next Monday's "Election II".

The rest of us are to be pissed off that the CIA and Clinton clique have continued to agiprop this.

Knot Galt , December 16, 2016 at 10:48 pm

Since the ex-Correct The Record key jockeys are out of a job they have to practice their craft somewhere.

hunkerdown , December 16, 2016 at 5:23 pm

Be sure and delete everything from your Yahoo account BEFORE you push the big red button. They intentionally wait 90 days to delete the account in order that ECPA protections expire and content can just be handed over to the fuzz.

auntienene , December 16, 2016 at 8:07 pm

I don't think I've looked at my yahoo account in 8-10 years and I didn't use their email; just had an address. I don't remember my user name or password. I did get an email from them (to my not-yahoo address) advising of the breach.

Do I need to do anything at all?

hunkerdown , December 16, 2016 at 8:22 pm

auntienene, probably not, but as a general principle it's better to close accounts down properly than to abandon them.

Tvc15 , December 16, 2016 at 10:50 pm

I was amazed as I watched a local am news show in Pittsburgh recommend adding your cell phone number in addition to changing your password. Yeah, that's a great idea, maybe my ss# would provide even more security.

Jeremy Grimm , December 16, 2016 at 4:30 pm

I use yahoo email. Why should I move? As I understood the breach it was primarily a breach of the personal information used to establish the account. I've already changed my password - did it a couple of days after the breach was reported. I had a security clearance with DoD which requires disclosure of a lot more personal information than yahoo had. The DoD data has been breached twice from two separate servers.

As far as reading my emails - they may prove useful for phishing but that's about all. I'm not sure what might be needed for phishing beyond a name and email address - easily obtained from many sources I have no control over.

So - what am I vulnerable to by remaining at yahoo that I'm not already exposed to on a more secure server?

polecat , December 16, 2016 at 7:53 pm

You are vulnerable to the knowledge that Marissa Mayer is STILL employed as a high-level corporate twit !

Lee , December 16, 2016 at 3:05 pm

It's a good thing for Obama that torturing logic and evasive droning are not criminal acts.

Ranger Rick , December 16, 2016 at 3:12 pm

"Relations with Russia have declined over the past several years" I reflexively did a Google search. Yep, Victoria Nuland is still employed.

Pat , December 16, 2016 at 3:32 pm

Yeah, it isn't like Mr. 'We go high' is going to admit our relationship has declined because we have underhandedly tried to isolate and knee cap them for pretty much his entire administration.

Jeremy Grimm , December 16, 2016 at 4:44 pm

Are you referring to Obama's press conference? If so, I am glad he didn't make a big deal out of the Russian hacking allegations - as in it didn't sound like he planned a retaliation for the fictional event and its fictional consequences. He rose slightly in stature in my eyes - he's almost as tall as a short flea.

With all the concern expressed about Russian meddling in our election process why are we forgetting the direct quid pro quo foreign meddling evidenced in the Hillary emails related to the seldom mentioned Clinton Foundation or the more likely meddling by local election officials? Why have the claims of Russian hacking received such widespread coverage in the Press?

Why is a lameduck messing with the Chinese in the South China sea? What is the point of all the "fake" news hogwash? Is it related to Obama's expression of concern about the safety of the Internet? I can't shake the feeling that something is going on below the surface of these murky waters.

Susan C , December 16, 2016 at 5:44 pm

I watched it too and agree with your take on it. For all the build up about this press conference and how I thought we were going to engage in direct combat with Russia for these hacks (or so they say it is Russia, I still wonder about that), he did not add any fuel to this fire.

He did respond at one point to a reporter that the hacks from Russia were to the DNC and Podesta but funny how he didn't say HRC emails. Be it as it may, I think what was behind it was HRC really trying to impress all her contributors that Russia really did do her in, see Obama said so, since she must be in hot water over all the money she has collected from foreign governments for pay to play and her donors.

The whole thing was silly – the buildup to this press conference and then how Obama handled the hacking. A waste of time really. I don't sense something is going on behind the scenes but it is weird that the news has been all about this Russian hacking. He did not get into the questions about the Electoral College either and he made it seem like Trump indeed is the next President. I mean it seems like the MSM was making too much about this issue but then nothing happened.

Pat , December 16, 2016 at 7:02 pm

Unfortunately the nightly news is focusing on Obama says Russia hacked the DNC and had it in for Clinton!!! He warned them to stay out of the vote! There will be consequences! Russia demands the evidence and then a story about the evidence. (This one might have a few smarter people going "huh, that's it?!?!")

I do like the some private some public on that consequences and retaliation thing. You either have to laugh or throw up about the faux I've got this and the real self-righteousness. Especially since it is supposedly to remind people we can do it to you. Is there anyone left outside of America who doesn't think they already do do it to anyone Uncle Sam doesn't want in office and even some they do? Mind you I'm not sure how many harried people watching the news are actually going to laugh at that one because they don't know how how much we meddle.

Knot Galt , December 16, 2016 at 10:55 pm

Obamameter. ty L. Scofield ;-)

[Dec 17, 2016] Yahoo's Hack Could Force Paying $145 Million Verizon Break-up Fee - Breitbart

Notable quotes:
"... potential material adverse event ..."
"... exploring a price cut or possible exit ..."
"... Net Neutrality . ..."
"... These enforceable, bright-line rules will ban paid prioritization, and the blocking and throttling of lawful content and services ..."
"... communicated with a total of 51 parties to evaluate their interest in a potential transaction ..."
"... 32 parties signed confidentiality agreements with Yahoo ..."
"... Payment card data and bank account information are not stored in the system the company believes was affected ..."
Dec 17, 2016 | www.breitbart.com
Given that the Donald Trump victory already made Yahoo less attractive for Verizon, the latest billion-account-hack at Yahoo could let Verizon dump their buy-out and still collect a $145 million break-up fee .

Yahoo's stock plunged over 6 percent after the company admitted its customer data had been hacked again, with at least 1 billion accounts exposed in 2014. The horribly bad news for Yahoo followed an equally bad news report in September that 500 million e-mail account were hacked in 2013. Yahoo unfortunately now has the distinction of suffering both of the history's largest client hacks.

SIGN UP FOR OUR NEWSLETTER

Verizon's top lawyer told reporters after the first Yahoo hack that the disclosure constituted a " potential material adverse event " that would allow for the mobile powerhouse to pull out of the $4.83 billion deal they announced on July 25, 2016.

Less than 24 hours after Yahoo disclosed the even larger hack of client accounts by a "state-sponsored actor," Bloomberg reported that Verizon is " exploring a price cut or possible exit " from its proposed Yahoo acquisition.

Breitbart reported that Google and other Silicon Valley companies were huge corporate winners when Chairman Tom Wheeler and the other two Democrat political appointees on the FCC voted on a party-line vote in mid-February 2015 for a new regulatory structure called ' Net Neutrality . ' Although Wheeler claimed, " These enforceable, bright-line rules will ban paid prioritization, and the blocking and throttling of lawful content and services ," they were a huge economic disaster for Verizon's high-speed broadband business model.

Verizon responded last year by paying $4.4 billion to buy AOL in order to pick up popular news sites, large advertising business, and more than 2 million Internet dial-up subscribers. Buying Yahoo was expected to give the former telephone company to achieve "scale" by controlling a second web content pioneer.

After President and CEO Marissa Mayer began organizing an auction in March, Yahoo stock doubled from $26 a share to $51 by September. But she announced on Wednesday the new hack, Yahoo's stock has been plunging to $38.40 in after-market trading.

The buyer normally has to pay a break-up fee if an acquisition fails. But Yahoo chose to run its own auction that " communicated with a total of 51 parties to evaluate their interest in a potential transaction ." Then between February and April 2016, a "short list" of " 32 parties signed confidentiality agreements with Yahoo ," including 10 strategic parties and 22 financial sponsors.

Yahoo's 13D proxy statement filed with the SEC was mostly boilerplate disclosure, but it seemed that something must have been a potential problem at Yahoo for the company to offer a $145 million termination fee to Verizon if the deal did not close.

Yahoo on Wednesday issued a statement saying personal information from more than a billion user accounts was stolen in 2014. The news followed the company's announcement in September that hackers had stolen personal data from at least half a billion accounts in 2013. Yahoo said it believes the two thefts were by different parties.

Yahoo admitted that both hacks were so extensive that they included users' names, email addresses, phone numbers, dates of birth, scrambled passwords and security questions and answers. But Yahoo stated, " Payment card data and bank account information are not stored in the system the company believes was affected ."

Yahoo said they have invalidated unencrypted security questions and answers in user accounts. They are in the process of notifying potentially affected users and is requiring them to change their passwords.

Yahoo was already facing nearly two dozen class-action lawsuits over the first breach and the company's failure to report it on a timely basis. A federal 3 judge panel last week consolidated 5 of the suits into a mass tort in the San Jose U.S. District Court.

Undoubtedly, there will be a huge number of user lawsuits filed against Yahoo in the next few weeks.

[Dec 15, 2016] Georgia asks Trump to investigate DHS cyberattacks

Dec 15, 2016 | marknesop.wordpress.com
Pavlo Svolochenko , December 14, 2016 at 2:43 pm
Georgia asks Trump to investigate DHS 'cyberattacks'

If you want to know what Washington is doing at any given time, just look at what they're accusing the competition of.

yalensis , December 14, 2016 at 5:05 pm
As the Worm Turns!
For all those Amurican rubes out there who beleived that Homeland Security was protecting them against foreign terrorists – ha hahahahahaha!

[Dec 14, 2016] Yahoo discovers hack affecting 1 billion users, breaking its own world record

www.dailynews.com
Yahoo has discovered a 3-year-old security breach that enabled a hacker to compromise more than 1 billion user accounts, breaking the company's own humiliating record for the biggest security breach in history.

The digital heist disclosed Wednesday occurred in August 2013, more than a year before a separate hack that Yahoo announced nearly three months ago . That breach affected at least 500 million users, which had been the most far-reaching hack until the latest revelation.

Yahoo has more than a billion monthly active users, although some have multiple accounts and others have none at all. An unknown number of accounts were affected by both hacks.

In both attacks, the stolen information included names, email addresses, phone numbers, birthdates and security questions and answers. The company says it believes bank-account information and payment-card data were not affected.

[Dec 10, 2016] The head of the worlds largest private surveillance operation, billionaire Eric Schmidt

Notable quotes:
"... the world's largest private surveillance operation ..."
"... Ha! I wish I'd thought of that line! I just laughed out loud on the train and my fellow commuter drones are shuffling and wondering to themselves if I'm on day release from an institution. ..."
"... Of course, the joke's on us, because that's exactly what they (Google) are with all the right friends in high places to boot ..."
"... Something that has been occurring lately with Chrome makes me think that Google is truly watching. A lot of sites (RT et al) are having the https// crossed out in red implying that the connection is no longer secure. ..."
Dec 10, 2016 | www.nakedcapitalism.com
Clive December 9, 2016 at 2:42 am

" the head of the world's largest private surveillance operation , billionaire Eric Schmidt "

Ha! I wish I'd thought of that line! I just laughed out loud on the train and my fellow commuter drones are shuffling and wondering to themselves if I'm on day release from an institution.

Of course, the joke's on us, because that's exactly what they (Google) are with all the right friends in high places to boot .

heresy101 December 9, 2016 at 1:33 pm

Something that has been occurring lately with Chrome makes me think that Google is truly watching. A lot of sites (RT et al) are having the https// crossed out in red implying that the connection is no longer secure.

For instance, the "true" link in the article above has the https// in red when using Chrome, but Firefox does not make it unsecure (at least it isn't showing it). https://www.opendemocracy.net/od-russia/maxim-eristavi/terror-against-ukraine-s-journalists-is-fueled-by-political-elites Does this have something to do with certificates or is something more sinister going on?

Chrome puts each tab in a new process versus Firefox creating one big file that becomes unstable if you open too many tabs.

There was a comment on ZH recently that referenced a secure browser but now I can't find the link. Does anyone have a suggestion?

Clive December 9, 2016 at 2:09 pm

Probably TOR but I would caution this is far from foolproof and may even incur The Panopticon's more intrusive surveillance attention.

I value my privacy as much as anyone but I don't use TOR or similar simply because if they are not a guaranteed solution, what's the point? And besides, why should I have to? It's just another tax on my time and resources.

Dopey Panda December 9, 2016 at 7:08 pm

The opendemocracy link you gave shows up as having issues in firefox also. It looks like they have some insecure images on the page, which is probably what chrome is complaining about.

[Dec 05, 2016] Peggy Noonan What We Lose if We Give Up Privacy

Notable quotes:
"... A loss of the expectation of privacy in communications is a loss of something personal and intimate, and it will have broader implications. ..."
"... Mr. Hentoff sees the surveillance state as a threat to free speech, too ..."
"... An entrenched surveillance state will change and distort the balance that allows free government to function successfully. ..."
"... "When you have this amount of privacy invasion put into these huge data banks, who knows what will come out?" ..."
"... Asked about those attempts, he mentions the Alien and Sedition Acts of 1798, the Red Scare of the 1920s and the McCarthy era. Those times and incidents, he says, were more than specific scandals or news stories, they were attempts to change our nature as a people. ..."
"... What of those who say they don't care what the federal government does as long as it keeps us safe? The threat of terrorism is real, Mr. Hentoff acknowledges. Al Qaeda is still here, its networks are growing. But you have to be careful about who's running U.S. intelligence and U.S. security, and they have to be fully versed in and obey constitutional guarantees. ..."
"... Mr. Hentoff notes that J. Edgar Hoover didn't have all this technology. "He would be so envious of what NSA can do." ..."
Aug 16, 2013 | WSJ

...Among the pertinent definitions of privacy from the Oxford English Dictionary: "freedom from disturbance or intrusion," "intended only for the use of a particular person or persons," belonging to "the property of a particular person." Also: "confidential, not to be disclosed to others." Among others, the OED quotes the playwright Arthur Miller, describing the McCarthy era: "Conscience was no longer a private matter but one of state administration."

Privacy is connected to personhood. It has to do with intimate things-the innards of your head and heart, the workings of your mind-and the boundary between those things and the world outside.

A loss of the expectation of privacy in communications is a loss of something personal and intimate, and it will have broader implications. That is the view of Nat Hentoff, the great journalist and civil libertarian. He is 88 now and on fire on the issue of privacy. "The media has awakened," he told me. "Congress has awakened, to some extent." Both are beginning to realize "that there are particular constitutional liberty rights that [Americans] have that distinguish them from all other people, and one of them is privacy."

Mr. Hentoff sees excessive government surveillance as violative of the Fourth Amendment, which protects "the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures" and requires that warrants be issued only "upon probable cause . . . particularly describing the place to be searched, and the persons or things to be seized."

But Mr. Hentoff sees the surveillance state as a threat to free speech, too. About a year ago he went up to Harvard to speak to a class. He asked, he recalled: "How many of you realize the connection between what's happening with the Fourth Amendment with the First Amendment?" He told the students that if citizens don't have basic privacies-firm protections against the search and seizure of your private communications, for instance-they will be left feeling "threatened." This will make citizens increasingly concerned "about what they say, and they do, and they think." It will have the effect of constricting freedom of expression. Americans will become careful about what they say that can be misunderstood or misinterpreted, and then too careful about what they say that can be understood. The inevitable end of surveillance is self-censorship.

All of a sudden, the room became quiet. "These were bright kids, interested, concerned, but they hadn't made an obvious connection about who we are as a people." We are "free citizens in a self-governing republic."

Mr. Hentoff once asked Justice William Brennan "a schoolboy's question": What is the most important amendment to the Constitution? "Brennan said the First Amendment, because all the other ones come from that. If you don't have free speech you have to be afraid, you lack a vital part of what it is to be a human being who is free to be who you want to be." Your own growth as a person will in time be constricted, because we come to know ourselves by our thoughts.

He wonders if Americans know who they are compared to what the Constitution says they are.

Mr. Hentoff's second point: An entrenched surveillance state will change and distort the balance that allows free government to function successfully. Broad and intrusive surveillance will, definitively, put government in charge. But a republic only works, Mr. Hentoff notes, if public officials know that they-and the government itself-answer to the citizens. It doesn't work, and is distorted, if the citizens must answer to the government. And that will happen more and more if the government knows-and you know-that the government has something, or some things, on you. "The bad thing is you no longer have the one thing we're supposed to have as Americans living in a self-governing republic," Mr. Hentoff said. "The people we elect are not your bosses, they are responsible to us." They must answer to us. But if they increasingly control our privacy, "suddenly they're in charge if they know what you're thinking."

This is a shift in the democratic dynamic. "If we don't have free speech then what can we do if the people who govern us have no respect for us, may indeed make life difficult for us, and in fact belittle us?"

If massive surveillance continues and grows, could it change the national character? "Yes, because it will change free speech."

What of those who say, "I have nothing to fear, I don't do anything wrong"? Mr. Hentoff suggests that's a false sense of security.

"When you have this amount of privacy invasion put into these huge data banks, who knows what will come out?"

Or can be made to come out through misunderstanding the data, or finagling, or mischief of one sort or another.

"People say, 'Well I've done nothing wrong so why should I worry?' But that's too easy a way to get out of what is in our history-constant attempts to try to change who we are as Americans."

Asked about those attempts, he mentions the Alien and Sedition Acts of 1798, the Red Scare of the 1920s and the McCarthy era. Those times and incidents, he says, were more than specific scandals or news stories, they were attempts to change our nature as a people.

What of those who say they don't care what the federal government does as long as it keeps us safe? The threat of terrorism is real, Mr. Hentoff acknowledges. Al Qaeda is still here, its networks are growing. But you have to be careful about who's running U.S. intelligence and U.S. security, and they have to be fully versed in and obey constitutional guarantees.

"There has to be somebody supervising them who knows what's right. . . . Terrorism is not going to go away. But we need someone in charge of the whole apparatus who has read the Constitution."

Advances in technology constantly up the ability of what government can do. Its technological expertise will only become deeper and broader.

"They think they're getting to how you think. The technology is such that with the masses of databases, then privacy will get even weaker."

Mr. Hentoff notes that J. Edgar Hoover didn't have all this technology. "He would be so envious of what NSA can do."

[Dec 05, 2016] The internet is at risk of transforming from an open platform to myriad national networks

Notable quotes:
"... Far from being seen as the guardian of a free and open online medium, the US has been painted as an oppressor, cynically using its privileged position to spy on foreign nationals. The result, warn analysts, could well be an acceleration of a process that has been under way for some time as other countries ringfence their networks to protect their citizens' data and limit the flow of information. ..."
"... At the most obvious level, the secret data-collection efforts being conducted by the US National Security Agency threaten to give would-be censors of the internet in authoritarian countries rhetorical cover as they put their own stamp on their local networks. ..."
"... But the distrust of the US that the disclosures are generating in the democratic world, including in Europe , are also likely to have an impact. From the operation of a nation's telecoms infrastructure to the regulation of the emerging cloud computing industry, changes in the architecture of networks as countries seek more control look set to cause a sea change in the broader internet. ..."
www.ft.com

Revelations about US surveillance of the global internet – and the part played by some of the biggest American internet companies in facilitating it – have stirred angst around the world.

Far from being seen as the guardian of a free and open online medium, the US has been painted as an oppressor, cynically using its privileged position to spy on foreign nationals. The result, warn analysts, could well be an acceleration of a process that has been under way for some time as other countries ringfence their networks to protect their citizens' data and limit the flow of information.

"It is difficult to imagine the internet not becoming more compartmentalised and Balkanised," says Rebecca MacKinnon, an expert on online censorship. "Ten years from now, we will look back on the free and open internet" with nostalgia, she adds.

At the most obvious level, the secret data-collection efforts being conducted by the US National Security Agency threaten to give would-be censors of the internet in authoritarian countries rhetorical cover as they put their own stamp on their local networks.

But the distrust of the US that the disclosures are generating in the democratic world, including in Europe, are also likely to have an impact. From the operation of a nation's telecoms infrastructure to the regulation of the emerging cloud computing industry, changes in the architecture of networks as countries seek more control look set to cause a sea change in the broader internet.

[Nov 25, 2016] Is Obama presiding over a national security state gone rogue?

National security state gone rogue is fascism. Frankly, I don't see evidence of huge abuse of US liberties. But I do see our foreign policy distorted by a counter-terror obsession
Notable quotes:
"... the government's interpretation of that law ..."
"... "One reports a crime; and one commits a crime." ..."
"... but does not include differences of opinion concerning public policy matters ..."
Jun 21, 2013 | The Guardian

Jump to comments (118)

Two weeks ago, the Guardian began publishing a series of eye-opening revelations about the National Security Agency and its surveillance efforts both in the United States and overseas. These stories raised long-moribund and often-ignored questions about the pervasiveness of government surveillance and the extent to which privacy rights are being violated by this secret and seemingly unaccountable security apparatus.

However, over the past two weeks, we've begun to get a clearer understanding of the story and the implications of what has been published – informed in part by a new-found (if forced upon them) transparency from the intelligence community. So here's one columnist's effort to sort the wheat from the chaff and offer a few answers to the big questions that have been raised.

These revelations are a big deal, right?

To fully answer this question, it's important to clarify the revelations that have sparked such controversy. The Guardian (along with the Washington Post) has broken a number of stories, each of which tells us very different things about what is happening inside the US government around matters of surveillance and cyber operations. Some are relatively mundane, others more controversial.

The story that has shaped press coverage and received the most attention was the first one – namely, the publication of a judicial order from the Fisa court to Verizon that indicated the US is "hoovering" up millions of phone records (so-called "metadata") into a giant NSA database. When it broke, the story was quickly portrayed as a frightening tale of government overreach and violation of privacy rights. After all, such metadata – though it contains no actual content – can be used rather easily as a stepping-stone to more intrusive forms of surveillance.

But what is the true extent of the story here: is this picture of government Big Brotherism correct or is this massive government surveillance actually quite benign?

First of all, such a collection of data is not, in and of itself, illegal. The Obama administration was clearly acting within the constraints of federal law and received judicial approval for this broad request for data. That doesn't necessarily mean that the law is good or that the government's interpretation of that law is not too broad, but unlike the Bush "warrantless wiretapping" stories of several years ago, the US government is here acting within the law.

The real question that should concern us is one raised by the TV writer David Simon in a widely cited blogpost looking at the issues raised by the Guardian's reporting, namely:

"Is government accessing the data for the legitimate public safety needs of the society, or are they accessing it in ways that abuse individual liberties and violate personal privacy – and in a manner that is unsupervised."

We know, for example, that the NSA is required to abide by laws that prevent the international targeting of American citizens (you can read more about that here). So, while metadata about phone calls made can be used to discover information about the individuals making the calls, there are "minimization" rules, procedures and laws that guide the use of such data and prevent possible abuse and misuse of protected data.

The minimization procedures used by the NSA are controlled by secret Fisa courts. In fact, last year, the Fisa court ruled that these procedures didn't pass constitutional muster and had to be rewritten.

Sure, the potential for abuse exists – but so, too, does the potential for the lawful use of metadata in a way that protects the privacy of individual Americans – and also assists the US government in pursuit of potential terrorist suspects. Of course, without information on the specific procedures used by the NSA to minimize the collection of protected data, it is impossible to know that no laws are being broken or no abuse is occurring.

In that sense, we have to take the government's word for it. And that is especially problematic when you consider the Fisa court decisions authorizing this snooping are secret and the congressional intelligence committees tasked with conducting oversight tend to be toothless.

But assumptions of bad faith and violations of privacy by the US government are just that assumptions. When President Obama says that the NSA is not violating privacy rights because it would be against the law, we can't simply disregard such statements as self-serving. Moreover, when one considers the privacy violations that Americans willingly submit to at airports, what personal data they give to the government in their tax returns, and what is regularly posted voluntarily on Facebook, sent via email and searched for online, highly-regulated data-mining by the NSA seems relatively tame.

Edward Snowden: is he a hero or a traitor?

One of the key questions that have emerged over this story is the motivation of the leaker in question, Edward Snowden. In his initial public interview, with Glenn Greenwald on 9 June, Snowden explained his actions, in part, thus:

"I'm willing to sacrifice because I can't in good conscience allow the US government to destroy privacy, internet freedom and basic liberties for people around the world with this massive surveillance machine they're secretly building."

Now, while one can argue that Snowden's actions do not involve personal sacrifice, whether they are heroic is a much higher bar to cross. First of all, it's far from clear that the US government is destroying privacy, internet freedom and basic liberties for people around the world. Snowden may sincere about being "valiant for truth", but he wouldn't be the first person to believe himself such and yet be wrong.

Second, one can make the case that there is a public interest in knowing that the US is collecting reams of phone records, but where is the public interest – and indeed, to Snowden's own justification, the violation of privacy – in leaking a presidential directive on cyber operations or leaking that the US is spying on the Russian president?

The latter is both not a crime it's actually what the NSA was established to do! In his recent online chat hosted by the Guardian, Snowden suggested that the US should not be spying on any country with whom it's not formally at war. That is, at best, a dubious assertion, and one that is at odds with years of spycraft.

On the presidential directive on cyber operations, the damning evidence that Snowden revealed was that President Obama has asked his advisers to create a list of potential targets for cyber operations – but such planning efforts are rather routine contingency operations. For example, if the US military drew up war plans in case conflict ever occurred between the US and North Korea – and that included offensive operations – would that be considered untoward or perhaps illegitimate military planning?

This does not mean, however, that Snowden is a traitor. Leaking classified data is a serious offense, but treason is something else altogether.

The problem for Snowden is that he has now also leaked classified information about ongoing US intelligence-gathering efforts to foreign governments, including China and Russia. That may be crossing a line, which means that the jury is still out on what label we should use to describe Snowden.

Shouldn't Snowden be protected as a whistleblower?

This question of leakers v whistleblowers has frequently been conflated in the public reporting about the NSA leak (and many others). But this is a crucial error. As Tara Lee, a lawyer at the law firm DLA Piper, with expertise in defense industry and national security litigation said to me there is an important distinction between leakers and whistleblowers, "One reports a crime; and one commits a crime."

Traditionally (and often technically), whistleblowing refers to specific actions that are taken to bring to attention illegal behavior, fraud, waste, abuse etc. Moreover, the US government provides federal employees and contractors with the protection to blow the whistle on wrongdoing. In the case of Snowden, he could have gone to the inspector general at the Department of Justice or relevant congressional committees.

From all accounts, it appears that he did not go down this path. Of course, since the material he was releasing was approved by the Fisa court and had the sign-off of the intelligence committee, he had good reason to believe that he would have not received the most receptive hearing for his complaints.

Nevertheless, that does not give him carte blanche to leak to the press – and certainly doesn't give him carte blanche to leak information on activities that he personally finds objectionable but are clearly legal. Indeed, according to the Intelligence Community Whistleblower Protection Act (ICWPA), whistleblowers can make complaints over matter of what the law calls "urgent concern", which includes "a serious or flagrant problem, abuse, violation of law or executive order, or deficiency relating to the funding, administration, or operations of an intelligence activity involving classified information, but does not include differences of opinion concerning public policy matters [my italics]."

In other words, simply believing that a law or government action is wrong does not give one the right to leak information; and in the eyes of the law, it is not considered whistleblowing. Even if one accepts the view that the leaked Verizon order fell within the bounds of being in the "public interest", it's a harder case to make for the presidential directive on cyber operations or the eavesdropping on foreign leaders.

The same problem is evident in the incorrect description of Bradley Manning as a whistleblower. When you leak hundreds of thousands of documents – not all of which you reviewed and most of which contain the mundane and not illegal diplomatic behavior of the US government – you're leaking. Both Manning and now Snowden have taken it upon themselves to decide what should be in the public domain; quite simply, they don't have the right to do that. If every government employee decided actions that offended their sense of morality should be leaked, the government would never be able to keep any secrets at all and, frankly, would be unable to operate effectively.

So, like Manning, Snowden is almost certainly not a whistleblower, but rather a leaker. And that would mean that he, like Manning, is liable to prosecution for leaking classified material.

Are Democrats hypocrites over the NSA's activities?

A couple of days ago, my Guardian colleague, Glenn Greenwald made the following assertion:

"The most vehement defenders of NSA surveillance have been, by far, Democratic (especially Obama-loyal) pundits. One of the most significant aspects of the Obama legacy has been the transformation of Democrats from pretend-opponents of the Bush "war on terror" and national security state into their biggest proponents."

This is regular line of argument from Glenn, but it's one that, for a variety of reasons, I believe is not fair. (I don't say this because I'm an Obama partisan – though I may be called one for writing this.)

First, the lion's share of criticism of these recent revelations has come, overwhelmingly, from Democrats and, indeed, from many of the same people, including Greenwald, who were up in arms when the so-called warrantless wiretapping program was revealed in 2006. The reality is that outside a minority of activists, it's not clear that many Americans – Democrats or Republicans get all that excited about these types of stories. (Not that this is necessarily a good thing.)

Second, opposition to the Bush program was two-fold: first, it was illegal and was conducted with no judicial or congressional oversight; second, Bush's surveillance policies did not occur in a vacuum – they were part of a pattern of law-breaking, disastrous policy decisions and Manichean rhetoric over the "war on terror". So, if you opposed the manner in which Bush waged war on the "axis of evil", it's not surprising that you would oppose its specific elements. In the same way, if you now support how President Obama conducts counter-terrorism efforts, it's not surprising that you'd be more inclined to view specific anti-terror policies as more benign.

Critics will, of course, argue – and rightly so – that we are a country of laws first. In which case it shouldn't matter who is the president, but rather what the laws are that govern his or her conduct. Back in the world of political reality, though, that's not how most Americans think of their government. Their perceptions are defined in large measure by how the current president conducts himself, so there is nothing at all surprising about Republicans having greater confidence in a Republican president and Democrats having greater confidence in a Democratic one, when asked about specific government programs.

Beyond that, simply having greater confidence in President Obama than President Bush to wield the awesome powers granted the commander-in-chief to conduct foreign policy is not partisanship. It's common sense.

George Bush was, undoubtedly, one of the two or three worst foreign policy presidents in American history (and arguably, our worst president, period). He and Dick Cheney habitually broke the law, including but not limited to the abuse of NSA surveillance. President Obama is far from perfect: he made the terrible decision to surge in Afghanistan, and he's fought two wars of dubious legality in Libya and Pakistan, but he's very far from the sheer awfulness of the Bush/Cheney years.

Unless you believe the US should have no NSA, and conduct no intelligence-gathering in the fight against terrorism, you have to choose a president to manage that agency. And there is nothing hypocritical or partisan about believing that one president is better than another to handle those responsibilities.

Has NSA surveillance prevented terrorist attacks, as claimed?

In congressional testimony this week, officials from the Department of Justice and the NSA argued that surveillance efforts stopped "potential terrorist events over 50 times since 9/11". Having spent far too many years listening to public officials describe terrifying terror plots that fell apart under greater scrutiny, this assertion sets off for me a set of red flags (even though it may be true).

I have no doubt that NSA surveillance has contributed to national security investigations, but whether it's as extensive or as vital as the claims of government officials is more doubtful. To be honest, I'm not sure it matters. Part of the reason the US government conducts NSA surveillance in the first place is not necessarily to stop every potential attack (though that would be nice), but to deter potential terrorists from acting in the first place.

Critics of the program like to argue that "of course, terrorists know their phones are being tapped and emails are being read", but that's kind of the point. If they know this, it forces them to choose more inefficient means of communicating, and perhaps to put aside potential attacks for fear of being uncovered.

We also know that not every terrorist has the skills of a Jason Bourne. In fact, many appear to be not terribly bright, which means that even if they know about the NSA's enormous dragnet, it doesn't mean they won't occasionally screw up and get caught.

Yet, this gets to a larger issue that is raised by the NSA revelations.

When is enough counter-terrorism enough?

Over the past 12 years, the US has developed what can best be described as a dysfunctional relationship with terrorism. We've become obsessed with it and with a zero-tolerance approach to stopping it. While the former is obviously an important goal, it has led the US to take steps that not only undermine our values (such as torture), but also make us weaker (the invasion of Iraq, the surge in Afghanistan, etc).

To be sure, this is not true of every anti-terror program of the past dozen years. For example, the US does a better job of sharing intelligence among government agencies, and of screening those who are entering the country. And military efforts in the early days of the "war on terror" clearly did enormous damage to al-Qaida's capabilities.

In general, though, when one considers the relatively low risk of terrorist attacks – and the formidable defenses of the United States – the US response to terrorism has been one of hysterical over-reaction. Indeed, the balance we so often hear about when it comes to protecting privacy while also ensuring security is only one part of the equation. The other is how do we balance the need to stop terrorists (who certainly aspire to attack the United States) and the need to prevent anti-terrorism from driving our foreign policy to a disproportionate degree. While the NSA revelations might not be proof that we've gone too far in one direction, there's not doubt that, for much of the past 12 years, terrorism has distorted and marred our foreign policy.

Last month, President Obama gave a seminal speech at the National Defense University, in which he essentially declared the "war on terror" over. With troops coming home from Afghanistan, and drone strikes on the decline, that certainly seems to be the case. But as the national freakout over the Boston Marathon bombing – and the extraordinary over-reaction of a city-wide lockdown for one wounded terrorist on the loose – remind us, we still have a ways to go.

Moreover, since no politician wants to find him- or herself in a situation after a terrorist attack when the criticism "why didn't you do more?" can be aired, that political imperative of zero tolerance will drive our counterterrorism policies. At some point, that needs to end.

In fact, nine years ago, our current secretary of state, John Kerry, made this exact point; it's worth reviewing his words:

"We have to get back to the place we were, where terrorists are not the focus of our lives, but they're a nuisance I know we're never going to end prostitution. We're never going to end illegal gambling. But we're going to reduce it, organized crime, to a level where it isn't on the rise. It isn't threatening people's lives every day, and fundamentally, it's something that you continue to fight, but it's not threatening the fabric of your life.''

What the NSA revelations should spark is not just a debate on surveillance, but on the way we think about terrorism and the steps that we should be willing to take both to stop it and ensure that it does not control us. We're not there yet.

007Prometheus

No GCHQ - MI5 - MI6 - NSA - CIA - FBI etc........... ad nausem!

How many Billions / Trillions are spent on these services? If 11/9 and 7/7 were homegrown attacks, then i think, they will take us all down with them.

NOTaREALmerican

@007Prometheus

Re: How many Billions / Trillions are spent on these services?

The wonderful thing about living in a "Keynesian" perpetually increasing debt paradise is you NEVER have to say you can't afford anything. (Well, unless you want to say it, but if you do it's just political bullshit).

So, to answer your question... A "Keynesian" never asks how much, just how much do you want.

bloopie2

"Frankly, I don't see evidence of huge abuse of US liberties"

Just wait until they come for you.

bloopie2

"When one considers the privacy violations that Americans willingly submit to at airports, what personal data they give to the government in their tax returns, and what is regularly posted voluntarily on Facebook, sent via email and searched for online, highly-regulated data-mining by the NSA seems relatively tame."

Dear Sir: Please post your email addresses, bank accounts, and passwords. We'd like to look at everything.

Got a problem with that?

Tonieja

"When one considers the privacy violations that Americans willingly submit to at airports, what personal data they give to the government in their tax returns, and what is regularly posted voluntarily on Facebook, sent via email and searched for online [...]"

Wow! I don't really care about my personal email. I do care about all political activists, journalists, lawyers etc. That a journalist would support Stasi style surveillance state is astonishing.

gisbournelove

I wish I had the time to go through this article and demolish it sentence by sentence as it so richly deserves, but at the moment I don't. Instead, might I suggest to the author that he go to the guardian archive, read every single story about this in chronological order and then read every damn link posted in the comment threads on the three most recent stories.

Most especially the links in the comment threads. If after that, he cannot see why we "civil libertarian freaks" are not just outraged, but frightened, he frankly lacks both historical knowledge and any ability to analyze the facts that are staring him in the face. I can't believe I am going to have to say this again but here goes: YOU do not get to give away my contitutional rights, Mr. Cohen.

I don't give a shit how much you trust Obama compared to dubya. The Bill of Rights states in clear, unambiguous language what the Federal government may NOT do do its citizens no matter WHO is president.

goodkurtz

Michael Cohen
Frankly, I don't see evidence of huge abuse of US liberties.

Well of course you wont see them.
But the abuses are very probably already happening on a one to one basis in the same shadows in which the intelligence was first gathered.

[Nov 21, 2016] Apples iCloud retains the entire call history of every iPhone for as long as four months, making it an easy target for law enforcement and surveillance

Nov 17, 2016 | economistsview.typepad.com
Rusty tell us of Android hacking by the Chinese and today we learn the iphone has issues too

http://bgr.com/2016/11/17/iphone-security-secret-call-history-icloud/

"Russian security firm says iPhone secretly logs all your phone calls"

By Mike Wehner...Nov 17, 2016...10:36 AM

"A Russian security firm is casting doubt on just how big of an ally Apple is when it comes to consumer privacy. In a new report, the company alleges that Apple's iCloud retains the entire call history of every iPhone for as long as four months, making it an easy target for law enforcement and surveillance.

The firm, Elcomsoft, discovered that as long as a user has iCloud enabled, their call history is synced and stored. The log includes phone numbers, dates and durations of the calls, and even missed calls, but the log doesn't stop there; FaceTime call logs, as well as calls from apps that utilize the "Call History" feature, such as Facebook and WhatsApp, are also stored.

There is also apparently no way to actually disable the feature without disabling iCloud entirely, as there is no toggle for call syncing.

"We offer call history syncing as a convenience to our customers so that they can return calls from any of their devices," an Apple spokesperson told The Intercept via email."Device data is encrypted with a user's passcode, and access to iCloud data including backups requires the user's Apple ID and password. Apple recommends all customers select strong passwords and use two-factor authentication."

But security from unauthorized eyes isn't what users should be worrying about, according to former FBI agent and computer forensics expert Robert Osgood. "Absolutely this is an advantage [for law enforcement]," Osgood told The Intercept. ""Four months is a long time [to retain call logs]. It's generally 30 or 60 days for telecom providers, because they don't want to keep more [records] than they absolutely have to."

If the name Elcomsoft sounds familiar, it's because the company's phone-cracking software was used by many of the hackers involved in 2014's massive celebrity nudes leak. Elcomsoft's "Phone Breaker" software claims the ability to crack iCloud backups, as well as backup files from Microsoft OneDrive and BlackBerry."

[Nov 18, 2016] On Clapper resignation

Notable quotes:
"... "Top US intelligence official: I submitted my resignation" As of January 20th or so. When he was going to be gone anyway. Just had to get his name in the news one more time. ..."
"... Clapper has been like a difficult to eradicate sexually transmitted disease in the intelligence community. Unfortunately, I suspect he may have already infected others who will remain and pass it around. ..."
Nov 18, 2016 | www.nakedcapitalism.com

paulmeli November 17, 2016 at 3:00 pm

"Top US intelligence official: I submitted my resignation" As of January 20th or so. When he was going to be gone anyway. Just had to get his name in the news one more time.

Peter Pan November 17, 2016 at 6:37 pm

Clapper has been like a difficult to eradicate sexually transmitted disease in the intelligence community. Unfortunately, I suspect he may have already infected others who will remain and pass it around.

fresno dan November 17, 2016 at 6:54 pm

paulmeli
November 17, 2016 at 3:00 pm

So, is Obama gonna pardon him? Silly me, I keep forgetting that indisputable violations of the law are not prosecuted when done by those at the top

[Nov 18, 2016] Physical access is not equal to game over

Notable quotes:
"... What if the disk is passworded? What about that not all systems are exclusively for business/corporate use (see also BYOD) and therefore may be tuned to varying security postures owing to other factors? ..."
"... Physical access ≠ game over. Physical access + unguarded time + experience + tooling = game over. One used to could safely leave someone alone with their computer while one went to the kitchen for a glass of water. Now this tooling has made the time and experience components a bit less relevant to successful, quick pwnage with few or no tracks. Neato! ..."
www.nakedcapitalism.com
LarryB November 17, 2016 at 2:59 pm

The "Poison Tap" is not really that big of deal. It's usually trivially easy to break into any computer that you can physically access. You can boot from a CD or USB drive, for instance, or even just steal the hard drive. Security on USB needs to be improved, but this is not even close to being the end of the world.

Knifecatcher November 17, 2016 at 4:07 pm

+1. If someone has direct physical access to your device – PC or smartphone – you're pretty much hosed.

Daryl November 17, 2016 at 6:30 pm

Yep. Physical access is root access.

River November 17, 2016 at 7:35 pm

If you have the time with the physical machine anyway.

I could see kids having fun with this though. Going into a box store that has computers on display, getting access (even better if they have a web cam on it). Upload porn or shocking material and showing the customers and watching/recording the reactions and putting it on youtube.

Or more nefarious, the same thing but for casing a store (limited vantage from the web cam .but may better than nothing).

Etc. lots you could do and more importantly not a lot of skill required. Lower bar for entry for hacking mischief and a low cost.

hunkerdown November 17, 2016 at 7:51 pm

LarryB, and how long will that take you? And will you have the computer back together by the time they see you? And will logs suggest anything funny happened around that time? What if the disk is passworded? What about that not all systems are exclusively for business/corporate use (see also BYOD) and therefore may be tuned to varying security postures owing to other factors?

Physical access ≠ game over. Physical access + unguarded time + experience + tooling = game over. One used to could safely leave someone alone with their computer while one went to the kitchen for a glass of water. Now this tooling has made the time and experience components a bit less relevant to successful, quick pwnage with few or no tracks. Neato!

[Nov 11, 2016] In the last few years, the Federal Trade Commission has sued more than dozen debt relief companies. They simply lie to consumers, says the FTC's Alice Hrdy.

Nov 11, 2016 | www.nbcnews.com

A widespread problem
In the last few years, the Federal Trade Commission has sued more than dozen debt relief companies. "They simply lie to consumers," says the FTC's Alice Hrdy.

FTC ad IRS investigators have also found some counseling services that claim to be non-profit when they are actually a for-profit company. The non-profit pitch can make a potential client feel confident about signing up for the service. "They're preying on the consumer's trust," Hrdy says.

Some of the bad apples in this industry mislead people about their charges. "They either say there are no fees involved or just a small fee," Hrdy explains. Sometimes, they don't mention fees at all.

Bruce, who lives near Seattle, signed up with a company that promised to lower his interest rates. He was told to send them a check for $265.

"It was my clear understanding that money was going to pay off my credit card bills," Bruce told me. It turned out to be a "referral fee" to find him a company that would supposedly help him.

"It was a nasty experience," Bruce says. "They basically stole my money."

Warning: Debt settlement programs
Some companies now claim they can negotiate a one-time settlement with all of your creditors that will reduce your principal by as much as 50 to 70 percent. By doing this, they say, your monthly payments will drop dramatically.

"That is virtually impossible under any circumstances," says Travis Plunkett, Legislative Director of the Consumer Federation of America. That's why CFA warns consumers not to use debt settlement programs. "They are promising something they can't deliver," Plunkett says.

Credit counselors - a better option
Charles Helms, president of Consumer Counseling Northwest, sees a lot of people who have been burned by these phony debt relief programs. "It's horrible," he says. Because most of them have a large up-front fee, they'll take anyone who can pay.

"Their goal is to get you to sign up, not to successfully complete the program," Helms says. "So here's someone who is financially damaged to begin with and then these companies just go out and take the last of their resources and kill any hope they have of getting out of that situation."

With a legitimate credit counselor, there is no right answer for everyone. They sit down with you and give you a free and objective assessment of your financial situation. At Credit Counseling Northwest, they saw 6,000 people last year and found that debt management was the right option for only 19 percent of them. The rest were given a plan to work things out on their own.

With a customized consolidated payment plan you should be able to pay off your credit card debt in 3 to 5 years. You write the counseling agency one check each month and they pay all your creditors.

Advertise Advertise Advertise

Do your homework
Facing mounting bills can be frightening, but getting debt relief is not a decision that should be based on hearing a radio commercial or getting a sales call. You want to find an organization that will design a debt relief plan specifically for you.

Shop around. Compare a couple of services and get a feel for how they operate. The credit counselor should spend at least 20 to 30 minutes with you in order to get a complete picture of your finances. If they don't do that, you're not really getting any counseling.

Ask a lot of questions and get those answers in writing. Find out about the fees. The Consumer Federation of America says you shouldn't pay more than $50 for the set-up fee and no more than a $25 monthly maintenance fee. If the agency is vague or reluctant to talk about fees, go someplace else.

Don't rely on names or the claim of a non-profit status. Check them out with the Better Business Bureau or your local consumer protection office.

By doing your homework you should be able to find a service that doesn't over-charge or over-promise. Here's a good place to start: The National Foundation for Credit Counseling . They'll help you find a certified counselor near you.

More Information:

[Nov 07, 2016] Under the Din of the Presidential Race Lies a Once and Future Threat Cyberwarfare

This neocon propagandists (or more correctly neocon provocateur) got all major facts wrong. And who unleashed Flame and Stuxnet I would like to ask him. Was it Russians? And who invented the concept of "color revolution" in which influencing of election was the major part of strategy ? And which nation instituted the program of covert access to email boxes of all major webmail providers? He should study the history of malware and the USA covert operations before writing this propagandist/provocateur opus to look a little bit more credible...
Notable quotes:
"... Email, a main conduit of communication for two decades, now appears so vulnerable that the nation seems to be wondering whether its bursting inboxes can ever be safe. ..."
www.nytimes.com

The 2016 presidential race will be remembered for many ugly moments, but the most lasting historical marker may be one that neither voters nor American intelligence agencies saw coming: It is the first time that a foreign power has unleashed cyberweapons to disrupt, or perhaps influence, a United States election.

And there is a foreboding sense that, in elections to come, there is no turning back.

The steady drumbeat of allegations of Russian troublemaking - leaks from stolen emails and probes of election-system defenses - has continued through the campaign's last days. These intrusions, current and former administration officials agree, will embolden other American adversaries, which have been given a vivid demonstration that, when used with some subtlety, their growing digital arsenals can be particularly damaging in the frenzy of a democratic election.

"Most of the biggest stories of this election cycle have had a cybercomponent to them - or the use of information warfare techniques that the Russians, in particular, honed over decades," said David Rothkopf, the chief executive and editor of Foreign Policy, who has written two histories of the National Security Council. "From stolen emails, to WikiLeaks, to the hacking of the N.S.A.'s tools, and even the debate about how much of this the Russians are responsible for, it's dominated in a way that we haven't seen in any prior election."

The magnitude of this shift has gone largely unrecognized in the cacophony of a campaign dominated by charges of groping and pay-for-play access. Yet the lessons have ranged from the intensely personal to the geostrategic.

Email, a main conduit of communication for two decades, now appears so vulnerable that the nation seems to be wondering whether its bursting inboxes can ever be safe. Election systems, the underpinning of democracy, seem to be at such risk that it is unimaginable that the United States will go into another national election without treating them as "critical infrastructure."

But President Obama has been oddly quiet on these issues. He delivered a private warning to President Vladimir V. Putin of Russia during their final face-to-face encounter two months ago, aides say. Still, Mr. Obama has barely spoken publicly about the implications of foreign meddling in the election. His instincts, those who have worked with him on cyberissues say, are to deal with the problem by developing new norms of international behavior or authorizing covert action rather than direct confrontation.

After a series of debates in the Situation Room, Mr. Obama and his aides concluded that any public retaliation should be postponed until after the election - to avoid the appearance that politics influenced his decision and to avoid provoking Russian counterstrikes while voting is underway. It remains unclear whether Mr. Obama will act after Tuesday, as his aides hint, or leave the decision about a "proportional response" to his successor.

Cybersleuths, historians and strategists will debate for years whether Russia's actions reflected a grand campaign of interference or mere opportunism on the part of Mr. Putin. While the administration has warned for years about the possibility of catastrophic attacks, what has happened in the past six months has been far more subtle.

Russia has used the techniques - what they call "hybrid war," mixing new technologies with old-fashioned propaganda, misinformation and disruption - for years in former Soviet states and elsewhere in Europe. The only surprise was that Mr. Putin, as he intensified confrontations with Washington as part of a nationalist campaign to solidify his own power amid a deteriorating economy, was willing to take them to American shores.

The most common theory is that while the Russian leader would prefer the election of Donald J. Trump - in part because Mr. Trump has suggested that NATO is irrelevant and that the United States should pull its troops back to American shores - his primary motive is to undercut what he views as a smug American sense of superiority about its democratic processes.

Madeleine K. Albright, a former secretary of state who is vigorously supporting Hillary Clinton, wrote recently that Mr. Putin's goal was "to create doubt about the validity of the U.S. election results, and to make us seem hypocritical when we question the conduct of elections in other countries."

If so, this is a very different use of power than what the Obama administration has long prepared the nation for.

Four years ago, Leon E. Panetta, the defense secretary at the time, warned of an impending "cyber Pearl Harbor" in which enemies could "contaminate the water supply in major cities or shut down the power grid across large parts of the country," perhaps in conjunction with a conventional attack.

[Nov 06, 2016] Russia expects Washington to provide an explanation after a report claimed that Pentagon cyber-offensive specialists have hacked into Russias power grids, telecommunications networks, and the Kremlins command systems for a possible sabotage

Nov 06, 2016 | www.moonofalabama.org

Molin | Nov 5, 2016 7:21:49 AM | 52

Obama hack Russia openly,

"Russia expects Washington to provide an explanation after a report claimed that Pentagon cyber-offensive specialists have hacked into Russia's power grids, telecommunications networks, and the Kremlin's command systems for a possible sabotage."

https://www.rt.com/news/365423-russia-us-hacker-grid/

[Nov 03, 2016] And Now For Some Comic Relief

Nov 03, 2016 | www.weeklystandard.com
Presenting...the Clinton IT Department! This has not been an especially ennobling election. Or a rewarding one. Or even entertaining. Pretty much everything about 2016 has been boorish and grotesque. But finally it is time to laugh.

This has not been an especially ennobling election. Or a rewarding one. Or even entertaining. Pretty much everything about 2016 has been boorish and grotesque. But finally it is time to laugh.

Ladies and gentlemen, I present the Clinton IT department.

Over the weekend we finally found out how Clinton campaign honcho John Podesta's emails were hacked. But first a couple disclaimers:

1) Yes, it's unpleasant to munch on the fruit of the poisoned tree. But this isn't a court of law and you can't just ignore information that's dragged into the public domain.

2) We're all vulnerable to hackers. Even if you're a security nut who uses VPNs and special email encryption protocols, you can be hacked. The only real security is the anonymity of the herd. Once a hacker targets you, specifically, you're toast.

I'm a pretty tech-savvy guy and if the Chinese decided to hack my emails tonight, you'd have everything I've ever written posted to Wikileaks before the sun was up tomorrow.

But that is … not John Podesta's situation.

What happened was this: On March 19, Podesta got what looked--kind of, sort of--like an email from Google's Gmail team. The email claimed that someone from the Ukraine had tried to hack into Podesta's Gmail account and that he needed to change his password immediately.

This is what's called a "phishing" scam, where hackers send legitimate-looking emails that, when you click on the links inside them, actually take you someplace dangerous. In Podesta's case, there was a link that the email told him to click in order to change his password.

This was not an especially good bit of phishing. Go have a look yourself. The email calls Podesta by his first name. It uses bit.ly as a link shortener. Heck, the subject line is the preposterous "*someone has your password*". Why would Google say "someone has your password?" They wouldn't. They'd say that there had been log-in attempts that failed two-step authentication, maybe. Or that the account had been compromised, perhaps. If you've spent any time using email over the last decade, you know exactly how these account security emails are worded.

And what's more, you know that you never click on the link in the email. If you get a notice from your email provider or your bank or anyone who holds sensitive information of yours saying that your account has been compromised, you leave the email, open your web browser, type in the URL of the website, and then manually open your account information. Again, let me emphasize: You never click on the link in the email!

But what makes this story so priceless isn't that John Podesta got fooled by an fourth-rate phishing scam. After all, he's just the guy who's going to be running Hillary Clinton's administration. What does he know about tech? And Podesta, to his credit, knew what he didn't know: He emailed the Clinton IT help desk and said, Hey, is this email legit?

And the Clinton tech team's response was: Hell yes!

No, really. Here's what they said: One member of the team responded to Podesta by saying "The gmail one is REAL." Another answered by saying "This is a legitimate email. John needs to change his password immediately."

It's like the Clinton IT department is run by 90-year-old grandmothers. I half-expect the next Wikileaks dump to have an email from one Clinton techie to another asking for help setting their VCR clock.

As the other guy likes to say, "only the best people."

[Oct 30, 2016] Speaking also of Pedesta email, not Huma Abedin, it is interesting that it was Podesta who make mistake of assessing phishing email  link, probably accidentally

turcopolier.typepad.com

mistah charley, ph.d. said... 30 October 2016 at 09:13 AM

Speaking also of Podesta's email, not Huma's, the following is interesting:

http://www.cnn.com/2016/10/28/politics/phishing-email-hack-john-podesta-hillary-clinton-wikileaks/index.html

Briefly, it seems Podesta received an email "You need to change your password", asked for professional advice from his staff if it was legit, was told "Yes, you DO need to change your password", but then clicked on the link in the original email, which was sent him with malicious intent, as he suspected at first and then was inappropriately reassured about - rather than on the link sent him by the IT staffer.

Result - the "phishing" email got his password info, and the world now gets to see all his emails.

Personally, my hope is that Huma and HRC will be pardoned for all their crimes, by Obama, before he leaves office.

Then I hope that Huma's divorce will go through, and that once Hillary is sworn in she will at last be courageous enough to divorce Bill (who actually performed the Huma-Anthony Weiner nuptials - you don't have to make these things up).

Then it could happen that the first same-sex marriage will be performed in the White House, probably by the minister of DC's Foundry United Methodist Church, which has a policy of LBGQT equality. Or maybe Hillary, cautious and middle-of-the-road as usual, will go to Foundry UMC sanctuary for the ceremony, recognizing that some Americans' sensibilities would be offended by having the rite in the White House.

As Nobel Laureate Bob Dylan wrote, "Love is all there is, it makes the world go round, love and only love, it can't be denied. No matter what you think about it, you just can't live without it, take a tip from one who's tried."

[Oct 29, 2016] A recent linguistic analysis cited in the New York Times speculates without any real trace of evidence that the hackers language in threats against Sony was written by a native Russian speaker and not a native Korean speaker

Notable quotes:
"... An important thing about that Time article regarding the Sony Hack is that it is almost two years old. Important because I'm still having to tell people that despite what the President and the government said North Korea didn't hack Sony because of a really bad movie, but that insiders did it for reasons that were never part of the media blitz about it. And believe me, considering that Clinton is lying through her teeth beyond even the government about this, I point this out a lot. ..."
"... Something that jumped out at me in December 2014 was a blog post by David E Martin. His blog post more or less laid out the whole game plan–and in so doing, I suspect he thwarted the planned story line. It was amazing to read that the whole plot had actually been presented to Congress years before. ..."
"... I'm inferring his intention in writing the post was to spill enough beans to prevent a catastrophic false flag event, as that is why he wrote his book "Coup d'Twelve" . (He spoke about this on numerous radio interviews at the time, and as also discussed it in person.) ..."
"... Never let an opportunity for a bit of Russian bashing go to waste it seems. Is there anything at all in the history of the entire world that the Russians aren't responsible for? ..."
www.nakedcapitalism.com
Pat October 26, 2016 at 2:21 pm

An important thing about that Time article regarding the Sony Hack is that it is almost two years old. Important because I'm still having to tell people that despite what the President and the government said North Korea didn't hack Sony because of a really bad movie, but that insiders did it for reasons that were never part of the media blitz about it. And believe me, considering that Clinton is lying through her teeth beyond even the government about this, I point this out a lot.

TheCatSaid October 26, 2016 at 8:32 pm

Something that jumped out at me in December 2014 was a blog post by David E Martin. His blog post more or less laid out the whole game plan–and in so doing, I suspect he thwarted the planned story line. It was amazing to read that the whole plot had actually been presented to Congress years before.

I'm inferring his intention in writing the post was to spill enough beans to prevent a catastrophic false flag event, as that is why he wrote his book "Coup d'Twelve" . (He spoke about this on numerous radio interviews at the time, and as also discussed it in person.)

Foy October 26, 2016 at 9:09 pm

I had to laugh when I read this in the article though:

"A recent linguistic analysis cited in the New York Times found that the hackers' language in threats against Sony was written by a native Russian speaker and not a native Korean speaker."

Never let an opportunity for a bit of Russian bashing go to waste it seems. Is there anything at all in the history of the entire world that the Russians aren't responsible for?

[Oct 29, 2016] Phishing for Fools, Hipster Edition

Oct 29, 2016 | www.nakedcapitalism.com
allan October 28, 2016 at 10:19 pm

Phishing for Fools, Hipster Edition:

Emails show how Clinton campaign chairman apparently hacked [AP]

New evidence appears to show how hackers earlier this year stole more than 50,000 emails of Hillary Clinton's campaign chairman, an audacious electronic attack blamed on Russia's government and one that has resulted in embarrassing political disclosures about Democrats in the final weeks before the U.S. presidential election.

The hackers sent John Podesta an official-looking email on Saturday, March 19, that appeared to come from Google. It warned that someone in Ukraine had obtained Podesta's personal Gmail password and tried unsuccessfully to log in, and it directed him to a website where he should "change your password immediately."

Podesta's chief of staff, Sara Latham, forwarded the email to the operations help desk of Clinton's campaign, where staffer Charles Delavan in Brooklyn, New York, wrote back 25 minutes later, "This is a legitimate email. John needs to change his password immediately."

But the email was not authentic. …

Lambert Strether Post author October 29, 2016 at 12:49 am

And if the ploy was that low-grade, that means that the Russki superbrains in the KGB didn't have to be behind it. Dear Lord.

This really is a hubris followed by nemesis thing, isn't it? And how sad it is, how tragic, that it was Brooklyn that brought Podesta down. Somehow I think Delavan is going to have a hard time getting a job in politics again, but he did the country a great service.

TheCatSaid October 29, 2016 at 1:17 pm

Social engineering wins again. This was something I learned about long ago when Black Box Voting.org started (approx. 2004). It was one of the many vulnerabilities in various points of election systems, both with paper and paperless. Very easy to get officials to reveal passwords that allowed access–that's in addition to the corruption situations. (Or rather, the social engineering angle would be just one of the tools used by insiders.)

[Oct 28, 2016] Note on propagandists masquerading as security experts

All their arguments does not stand even entry level programmer scrutiny. Especially silly are "Russian keyboard and timestamps" argument. As if, say Israelis or, say, Estonians, or any other country with sizable Russian speaking population can't use those to direct investigation at the wrong track ;-).
If I were a Russian hacker trying to penetrate into DNC servers I would use only NSA toolkit and libraries that I can find on black market. First on all they are reasonably good. the second that help to direct people to in a wrong direction. and if knew Spanish or English or French reasonably well I would use them exclusively. If not I would pay for translation of set of variables into those languages and "forget" to delete symbol table in one of the module giving raw meat to idiots like those.
Actually you can find a lot of such people even in London, Paris, Madrid and NYC, and some of them really do not like the US neoliberal administration with its unending wars of expansion of neoliberal empire :-) But still they are considered to be "security expert". When you hear now the word "security expert", please substitute it for "security charlatan" for better comprehensions -- that's almost always the case about people posing as security experts for MSM. The only reliable exception are whistleblowers -- those people sacrifices their lucrative carriers for telling the truth, so they can usually be trusted. They might exaggerate things on the negative side, though. I personally highly respect William Binney.
The "regular" security expects especially from tiny, struggling security companies in reality they are low paid propagandists amplifying the set of prepared talking point. The arguments are usually pretty childish. BTW, after the USA/Israeli operation against Iran using Stixnet and Flame in Middle East, complex Trojans are just commonplace and are actually available to more or less qualified hacker, or even a unqualified person with some money and desire to take risks.
I especially like the phrase "beyond a reasonable doubt that the hack was in fact an operation of the Russian state." Is not this a slander, or what ? Only two cagagiry of peopel: impetcils and paid presstitutes has think about complex hacking operation origin "beyond reasonable doubt")
observer.com

Oct 28, 2016 | observer.com

Original title: 7 Reasons Security Firms Believe the Russian State Hacked the DNC

Originally from: Bloomberg

• 10/26/16 1:02pm

How do we really know that the breaches of the Democratic National Committee were conducted by organizations working on behalf of the Russian state? With the CIA considering a major counterstrike against the superpower, as NBC has reported , it's worthwhile for the public to measure how confident we can be that Putin's government actually deserves retribution.

"When you're investigating a cybersecurity breach, no one knows whether you're a Russian hacker or a Chinese hacker pretending to be a Russian hacker or even a U.S. hacker pretending to be a Chinese hacker pretending to be a Russian hacker," reporter Jordan Robertson says during the third episode of a solid new podcast from Bloomberg, called "Decrypted." In the new episode, he and fellow reporter Aki Ito break down the facts that put security experts beyond a reasonable doubt that the hack was in fact an operation of the Russian state.

Here are the key points:

From there, the podcast asks: what does this hack mean for the U.S. election. They come to basically the same conclusions that the Observer did in September : voting systems are very safe-voter rolls are less so, but nation-states probably want to discredit our system more than they want to change outcomes.

How sure can we be? Buratowski says, "Barring seeing someone at a keyboard or a confession, you're relying on that circumstantial evidence." So, we can never really know for sure. In fact, even Crowdstrike's attribution is based on prior experience, which assumes that they have attributed other hacks correctly in the past. Former congressional staffer Richard Diamond in USA Today argues that the hacks can be explained by bad passwords, but he also neglects to counter Crowdstrike's descriptions of the sophisticated code placed inside the servers. From Bloomberg's version of events, how the hackers got in was really the least interesting part of their investigation.

So what does it all mean? It's natural for political junkies to wonder if there might be further disclosures coming before Election Day, but - if this is an information operation-it might be even more disruptive to hold documents until after the election in order to throw doubt on our final choice. Either way, further disclosures will probably come.

[Oct 28, 2016] I find the whole hysteria over Russian hacking very one-sided.

Notable quotes:
"... I find the whole hysteria over Russian hacking very one-sided. If the US takes it upon itself, out of sincere concern, to help out "moderates" in overthrowing a repressive, evil government in Syria, Libya and Iraq, maybe the same thing happening to the US itself is not that weird? Here is a tyrannical government with little regard for its demotivated and demoralized citizens who can not on their own displace it. This government threatens nuclear war and kills an unjustified number of its own citizens. Its public infrastructure is in ruins and oligarchy is everywhere. In the past the US has set the example for dealing with such troubled states; its time the doctor took his own medicine. ..."
"... Ahhhh, but that exactly where the "exceptional" clause kicks in. You see, America is justified in intervening in other countries' business because we see further, with a clearer gaze and a purer heart, than any other country in the world. Mired as they are in ignorance or inertia, no other country is qualified to judge us, and any mistakes that we make only occur because of the depths of our love for others and our passion for freedom. ..."
"... America has entered one of its periods of historical madness, but this the worst I can remember: worse than McCarthyism, worse that the Bay of Pigs and in the long term potentially more disastrous than the Vietnam War. ~John le Carre ..."
"... It is terrifying to watch Clinton rave about adopting a more "muscular, aggressive" approach to foreign affairs - with little or no push back from the national media, either party or even many citizens. Hell, they are applause lines at her rallies. ..."
"... If 15 years of endless wars, trillions of dollars of wasted money, hundreds of thousands of casualties on all sides and metastasizing terrorist threat with no end in sight doesn't give one a little pause before advocating more of the same, then we might have a problem. ..."
"... Hillary said twice during the debates that "America is great because America is good." Translation: We can do whatever we damn well please because we can. Lord, help us all. I'm so sick of hearing this and our endless criminal wars. ..."
www.nakedcapitalism.com

Bjornasson October 26, 2016 at 3:20 pm

I find the whole hysteria over Russian hacking very one-sided. If the US takes it upon itself, out of sincere concern, to help out "moderates" in overthrowing a repressive, evil government in Syria, Libya and Iraq, maybe the same thing happening to the US itself is not that weird? Here is a tyrannical government with little regard for its demotivated and demoralized citizens who can not on their own displace it. This government threatens nuclear war and kills an unjustified number of its own citizens. Its public infrastructure is in ruins and oligarchy is everywhere. In the past the US has set the example for dealing with such troubled states; its time the doctor took his own medicine.

reslez October 26, 2016 at 5:07 pm

The "evidence" for Russian hacking is so suspect that anyone who repeats the story instantly stamps themselves as either a con or a mark. It's depressing to see media corruption so blatantly displayed. Now I know what 2003 must have felt like (I was too young to have much of an opinion back then).

Gareth October 26, 2016 at 6:21 pm

The "17 intelligence agencies" claim is complete Clinton bullshit. I'm kind of amazed that journalists are now stating this as fact. I could say I'm shocked but nothing the presstitutes do surprises me anymore. They are busy preening for their future White House access. It kind of makes me want to get drunk and vote for the orange haired guy.

Kokuanani October 26, 2016 at 6:57 pm

Just finished trying to "re-educate" my husband after he listened to [and apparently believed] a report in the CBS Evening News on the "Russian hacking of Clinton's e-mails." They reported it as complete "fact," without even a perfunctory "alleged."

Too difficult to do this correction one person at a time, while the networks have such massive reach.

Kurt Sperry October 26, 2016 at 9:42 pm

It *is* highly asymmetric warfare. And as is normal when working the insurgent side, the trick isn't to try to win by a large number of winning individual engagements, but rather of delegitimatizing the side with the resource advantage in a broader, cultural way. Delegitimize the mainstream media actively. If you win the culture war, you win the political war too just as a bonus. Tell the truth, unapologetically. That's as bad-ass as it gets.

WJ October 26, 2016 at 10:30 pm

This is sound advice. Problem is, how to delegitimate media generally? Actual insurgents avoid direct confrontations with superior occupying power and opt for a variety of other strategies of attack, including: IED's, flash attacks, suicide bombings, disruption of civilian life, etc. What are some equivalent, concrete (and legal) strategies for disrupting the order of imposed media? The use of social media seems to be one option, and maybe the most successful. Yet this tends to reach only certain segments of population who are unlikely to watch CNN or read the Post in any case. How can one harm the media powers where it hurts them most, by reaching and disrupting their actual consumers, who tend to be older, establishment-minded, white, etc…?

Kurt Sperry October 26, 2016 at 11:36 pm

How to delegitimize the media? They are doing that themselves. In spades. Listen to the people around you, they are getting wise to it. Just point it out to anyone who'll listen. It isn't the bombs and attacks that win an insurgency, none of that stuff works if the cause isn't widely understood and shared. The victory is won–to recycle a cliché–in the hearts and minds of the ordinary people. Naked Capitalism is a big ammo depot and we are the grunts and the munitions are ideas. And as I alluded to above, the power of truth. Truth will kick ass and take names if you let it.

Ulysses October 27, 2016 at 10:30 am

"Truth will kick ass and take names if you let it."

Thanks for the spirit-raising exhortation Kurt!! Many Americans are walking around with heads like over-inflated cognitive dissonance balloons. If you listen closely, you can hear these balloons popping off all the time, resulting in yet another person able to confront reality.

Massinissa October 26, 2016 at 7:26 pm

What other intelligence agencies are there than the CIA and NSA? Does anyone know the other 15, and why are these intelligence agencies never spoken of in the media except when its useful for Clinton?

xformbykr October 26, 2016 at 7:33 pm

see http://www.businessinsider.com/17-agencies-of-the-us-intelligence-community-2013-5#

JTMcPhee October 27, 2016 at 3:14 pm

Why is it called a "community?" Cabal? Coven? Hey, isn't the proper collective noun for lawyers (Clintons, Yoo, Meese, Obama, etc.) a "conspiracy?"

Bjornasson October 26, 2016 at 6:09 pm

The idea is essentially that even if the evidence did exist, it should be welcomed with the same enthusiasm that US interventions have in Syria and Libya.

dennison p nyberg October 27, 2016 at 11:24 am

truth

Tom October 26, 2016 at 5:23 pm

Ahhhh, but that exactly where the "exceptional" clause kicks in. You see, America is justified in intervening in other countries' business because we see further, with a clearer gaze and a purer heart, than any other country in the world. Mired as they are in ignorance or inertia, no other country is qualified to judge us, and any mistakes that we make only occur because of the depths of our love for others and our passion for freedom.

abynormal October 26, 2016 at 6:26 pm

America has entered one of its periods of historical madness, but this the worst I can remember: worse than McCarthyism, worse that the Bay of Pigs and in the long term potentially more disastrous than the Vietnam War. ~John le Carre

KILLING MACHINES AND THE MADNESS OF MILITARISM
http://www.artsandopinion.com/2014_v13_n5/giroux-6.htm
by Henry Giroux

Tom October 26, 2016 at 6:48 pm

historical madness/hysterical madness … take your pick.

It is terrifying to watch Clinton rave about adopting a more "muscular, aggressive" approach to foreign affairs - with little or no push back from the national media, either party or even many citizens. Hell, they are applause lines at her rallies.

If 15 years of endless wars, trillions of dollars of wasted money, hundreds of thousands of casualties on all sides and metastasizing terrorist threat with no end in sight doesn't give one a little pause before advocating more of the same, then we might have a problem.

abynormal October 26, 2016 at 7:12 pm

she's a scorned woman beginning with her father. she's passive-aggressive with women…projects her never ending insecurities. SO she has something to prove…vengeance is mine.

First, she'll drone Mercy Street(s)…

Elizabeth October 26, 2016 at 7:58 pm

Hillary said twice during the debates that "America is great because America is good." Translation: We can do whatever we damn well please because we can. Lord, help us all. I'm so sick of hearing this and our endless criminal wars.

[Oct 22, 2016] Botnets can use internet enabled devices other then PC, tablets and phones

Oct 22, 2016 | www.nakedcapitalism.com

Not mentioned in the News of the Wired snips: the Dyn DDOS was the latest using a megascale IOT botnet. Coming soon to a Smart Toaster|Thermostat|Fridge|WasherDryer|EggTimer|PencilSharpener|Dishwasher|GarbageCompacter|BabyMonitor near you!

hunkerdown October 21, 2016 at 7:36 pm

I suspect various enforcement agencies are using those cameras for something else, like mass video surveillance, and having just lost a lot of TLS vulnerabilities, are motivated to keep their sources' name out of the news (as befits TS/SI NOFORN projects), though steering the industry's and the commercial market economy's Confidence Fairy out of an imminent uncontrolled landing would suffice to explain the quiet.

OpenThePodBayDoorsHAL October 21, 2016 at 7:38 pm

For people who understand what that means it is mind-blowing, the processors in your parking garage gate or your nursery's NannyCam being used in a giant global concerto of digital disruption. Smells like the NSA in a desperate attempt to disrupt the flows from Wiki, they already gave the Clinton camp their best spyware (FoxAcid) and this would be par for the course given the level of lawbreaking and dirty tricks.

cm October 22, 2016 at 1:13 am

Will be illuminating to see if Congress demands IOT accountabilty. IMO the IOT manufacturers should be held to the same level of accountability as car manufacturers,

[Oct 18, 2016] Dear Clinton Team We Noticed You Might Need Some Email Security Tips

Notable quotes:
"... Well-crafted spear-phishing emails can be incredibly hard to spot, but if you ever end up on a website asking you for a password, you should be skeptical. Check the URL and make sure you're at a legitimate login page before typing in your password, or navigate to the login page directly. ..."
theintercept.com

Here are some easy ways the Clinton team could have avoided getting hacked and might prevent it in the future.

There is probably no one more acutely aware of the importance of good cybersecurity right now than Hillary Clinton's campaign chairman John Podesta, whose emails have been laid bare by WikiLeaks, are being mined for news by journalists (including at The Intercept), and are available for anyone with internet access to read.

So as a public service to Podesta and everyone else on Clinton's staff, here are some email security tips that could have saved you from getting hacked, and might help you in the future.

Use a strong password

There's a method for coming up with passwords that are mathematically unfeasible for anyone to ever guess by brute force, but that are still possible for you to memorize. I've written about it before, in detail, including an explanation of the math behind it.

But in short: You start with a long list of words and then randomly select one (by rolling dice), then another, and so on, until you end up with something like: "slinging gusty bunny chill gift." Using this method, called Diceware, there is a one in 28 quintillion (that is, 28 with 18 zeros at the end) chance of guessing this exact password.

For online services that prevent attackers from making very many guesses - including Gmail - a five-word Diceware password is much stronger than you'll ever need. To make it super easy, use this wordlist from the Electronic Frontier Foundation.

.... ... ...

Use a unique password for each application

The same day that WikiLeaks published Podesta's email, his Twitter account got hacked as well. How do you think that happened? I have a guess: He reused a password that was exposed in his email, and someone tried it on his Twitter account.

... ... ...

Turn on two-factor authentication

Last year, when I asked National Security Agency whistleblower Edward Snowden what ordinary people could do to improve their computer security, one of the first pieces of advice he gave was to use two-factor authentication. If Podesta had enabled it on his Gmail account, you probably wouldn't be reading his email today.

Google calls it "2-Step Verification" and has an excellent website explaining why you need it, how it works, and how it protects you. In short: When you log in to your account, after you type in your password you'll need one more piece of information before Google will allow you to proceed. Depending on how you set it up you might receive this uniquely generated information in a text message, a voice call, or a mobile app, or you could plug in a special security key into your USB port.

Once you start using it, hackers who manage to trick you into giving up your password still won't be able to log in to your account - at least not without successfully executing a separate attack against your phone or physically stealing your security key.


Watch out for phishers

... ... ...

Well-crafted spear-phishing emails can be incredibly hard to spot, but if you ever end up on a website asking you for a password, you should be skeptical. Check the URL and make sure you're at a legitimate login page before typing in your password, or navigate to the login page directly.

Encrypt your email

.... ... ...

To get started, check out the Electronic Frontier Foundation's Surveillance Self-Defense guide for using email encryption for Windows, Mac OS X, and Linux. If enough people in your organization use encrypted email, consider using our newly released tool GPG Sync to make it somewhat simpler.

Don't listen to the wrong people

... ... ...

[Oct 12, 2016] NSA whistleblower says DNC hack was not done by Russia, but by U.S. intelligence

Notable quotes:
"... Stated Binney: "Now what he (Mueller) is talking about is going into the NSA database, which is shown of course in the (Edward) Snowden material released, which shows a direct access into the NSA database by the FBI and the CIA. Which there is no oversight of by the way. So that means that NSA and a number of agencies in the U.S. government also have those emails." ..."
"... "Yes," he responded. "That would be my point. They have them all and the FBI can get them right there." ..."
"... And the other point is that Hillary, according to an article published by the Observer in March of this year, has a problem with NSA because she compromised Gamma material. Now that is the most sensitive material at NSA. And so there were a number of NSA officials complaining to the press or to the people who wrote the article that she did that. She lifted the material that was in her emails directly out of Gamma reporting. That is a direct compromise of the most sensitive material at the NSA. So she's got a real problem there. So there are many people who have problems with what she has done in the past. So I don't necessarily look at the Russians as the only one(s) who got into those emails. ..."
"... GAMMA compartment, which is an NSA handling caveat that is applied to extraordinarily sensitive information (for instance, decrypted conversations between top foreign leadership, as this was). ..."
Oct 12, 2016 | theduran.com
Binney also proclaimed that the NSA has all of Clinton's deleted emails, and the FBI could gain access to them if they so wished. No need for Trump to ask the Russians for those emails, he can just call on the FBI or NSA to hand them over.

Breitbart reports further

Binney referenced testimony before the Senate Judiciary Committee in March 2011 by then-FBI Director Robert S. Mueller in which Meuller spoke of the FBI's ability to access various secretive databases "to track down known and suspected terrorists."

Stated Binney: "Now what he (Mueller) is talking about is going into the NSA database, which is shown of course in the (Edward) Snowden material released, which shows a direct access into the NSA database by the FBI and the CIA. Which there is no oversight of by the way. So that means that NSA and a number of agencies in the U.S. government also have those emails."

"So if the FBI really wanted them they can go into that database and get them right now," he stated of Clinton's emails as well as DNC emails.

Asked point blank if he believed the NSA has copies of "all" of Clinton's emails, including the deleted correspondence, Binney replied in the affirmative.

"Yes," he responded. "That would be my point. They have them all and the FBI can get them right there."

Binney surmised that the hack of the DNC could have been coordinated by someone inside the U.S. intelligence community angry over Clinton's compromise of national security data with her email use.

And the other point is that Hillary, according to an article published by the Observer in March of this year, has a problem with NSA because she compromised Gamma material. Now that is the most sensitive material at NSA. And so there were a number of NSA officials complaining to the press or to the people who wrote the article that she did that. She lifted the material that was in her emails directly out of Gamma reporting. That is a direct compromise of the most sensitive material at the NSA. So she's got a real problem there. So there are many people who have problems with what she has done in the past. So I don't necessarily look at the Russians as the only one(s) who got into those emails.

The Observer defined the GAMMA classification:

GAMMA compartment, which is an NSA handling caveat that is applied to extraordinarily sensitive information (for instance, decrypted conversations between top foreign leadership, as this was).

Zerohedge has some background on Binney , who is about as rock solid a security analyst as you could get.

Over a year before Edward Snowden shocked the world in the summer of 2013 with revelations that have since changed everything from domestic to foreign US policy but most of all, provided everyone a glimpse into just what the NSA truly does on a daily basis, a former NSA staffer, and now famous whistleblower, William Binney, gave excruciating detail to Wired magazine about all that Snowden would substantiate the following summer.

We covered it in a 2012 post titled " We Are This Far From A Turnkey Totalitarian State" – Big Brother Goes Live September 2013." Not surprisingly, Binney received little attention in 2012 – his suggestions at the time were seen as preposterous and ridiculously conspiratorial. Only after the fact, did it become obvious that he was right. More importantly, in the aftermath of the Snowden revelations, what Binney has to say has become gospel.

Binney was an architect of the NSA's surveillance program. He became a famed whistleblower when he resigned on October 31, 2001, after spending more than 30 years with the agency. He referenced testimony before the Senate Judiciary Committee in March 2011 by then-FBI Director Robert S. Mueller in which Meuller spoke of the FBI's ability to access various secretive databases "to track down known and suspected terrorists."

[Oct 09, 2016] All your ISP's have been carrying NSA gear within their infrastructure for how long now

Oct 09, 2016 | www.zerohedge.com

poeg -> junction: Oct 8, 2016 2:30 PM

You cats haven't had end to end encryption for more than 5 years and while not at all difficult to accomplish, the resistance to using such code has amazed all in the ITSEC community not feeding at the .gov trough. All your ISP's have been carrying NSA gear within their infrastructure for how long now? Juniper's back door in their gear wasn't to push firmware updates. The whole system has been left open for a number of reasons, none of which would be capitalism, free markets or satisfied consumers.

Kirk2NCC1701 -> junction •Oct 8, 2016 2:59 PM

Well, if you use Yahoo, Outlook or Google mail, then you're the Village Idiot, if you use those free services for anything other than harmless, boring stuff. You know, Yoga and Cooking recipes -- like Hillary.

IF you're serious about email privacy, use an email service that is OUTSIDE the US.

As you know, I use Hushmail.me for my Kirk2NCC1701 handle and ZH friends. Hushmail is in Canada and after speaking with them in person, I am confident that they take their customer's Privacy seriously, especially for their paying customers. Now, I may have used a Yahoo alt-persona account, but only for "Trumping". I also may have used Google and Outlook for "vanilla" stuff, and I may have used other offshore emails for "secure" purposes where lawful business and personal privacy matters were involved (but No illegal activities, as I'm not an "illegal" type. Devious, curious, inquiring, opinionated? Hell yes. Illegal? No.)

"Trunping" (copyright 2016, Kirk2NCC1701) -- behaving Trump-like: bombastic, pleasure-seeking, pussy-seeking, pussy-pleasuring

Dugald -> Kirk2NCC1701 •Oct 8, 2016 5:35 PM

Been using Pidgeon and Forked stick for years for private stuff.....

as for my Gmail account, I don't give a shit.....

Parrotile -> Kirk2NCC1701 •Oct 8, 2016 8:46 PM

I very rarely need to send anything particularly confidential. My employers expect me to use the systems they provide for all "Medical in Confidence" stuff, and so since that requirement is part of my Contract, they are entirely liable for any failures, not me.

EMail - Outlook. It works and again nothing of "interest" is ever sent. If I DO need to send information that's "Sensitive", I have one of these: -

http://thumbs.picclick.com/00/s/OTAwWDExMTk=/z/GWMAAOSw3YNXbDD6/$/Canon-typestar-10-ii-portable-electronic-typewriter-_57.jpg

- Which works very well, and the cartridges are easily available. Person-to-Person, or Recorded Delivery mail. Works just fine and of course NO "electronic paper trail" . . . .

[Oct 08, 2016] As the Surveillance Expands, Best Way to Resist is to Bury the NSA in Garbage

Notable quotes:
"... Waihopai, INFOSEC, Information Security, Information Warfare, IW, IS, Priavacy, Information Terrorism, Terrorism Defensive Information, Defense Information Warfare, Offensive Information, Offensive Information Warfare, National Information Infrastructure, InfoSec, Reno, Compsec, Computer Terrorism, Firewalls, Secure Internet Connections, ISS, Passwords, DefCon V, Hackers, Encryption, Espionage, USDOJ, NSA, CIA, S/Key, SSL, FBI, Secert Service, USSS, Defcon, Military, White House, Undercover, NCCS, Mayfly, PGP, PEM, RSA, Perl-RSA, MSNBC, bet, AOL, AOL TOS, CIS, CBOT, AIMSX, STARLAN, 3B2, BITNET, COSMOS, DATTA, E911, FCIC, HTCIA, IACIS, UT/RUS, JANET, JICC, ReMOB, LEETAC, UTU, VNET, BRLO, BZ, CANSLO, CBNRC, CIDA, JAVA, Active X, Compsec 97, LLC, DERA, Mavricks, Meta-hackers, ^?, Steve Case, Tools, Telex, Military Intelligence, Scully, Flame, Infowar, Bubba, Freeh, Archives, Sundevil, jack, Investigation, ISACA, NCSA, spook words, Verisign, Secure, ASIO, Lebed, ICE, NRO, Lexis-Nexis, NSCT, SCIF, FLiR, Lacrosse, Flashbangs, HRT, DIA, USCOI, CID, BOP, FINCEN, FLETC, NIJ, ACC, AFSPC, BMDO, NAVWAN, NRL, RL, NAVWCWPNS, NSWC, USAFA, AHPCRC, ARPA, LABLINK, USACIL, USCG, NRC, ~, CDC, DOE, FMS, HPCC, NTIS, SEL, USCODE, CISE, SIRC, CIM, ISN, DJC, SGC, UNCPCJ, CFC, DREO, CDA, DRA, SHAPE, SACLANT, BECCA, DCJFTF, HALO, HAHO, FKS, 868, GCHQ, DITSA, SORT, AMEMB, NSG, HIC, EDI, SAS, SBS, UDT, GOE, DOE, GEO, Masuda, Forte, AT, GIGN, Exon Shell, CQB, CONUS, CTU, RCMP, GRU, SASR, GSG-9, 22nd SAS, GEOS, EADA, BBE, STEP, Echelon, Dictionary, MD2, MD4, MDA, MYK, 747,777, 767, MI5, 737, MI6, 757, Kh-11, Shayet-13, SADMS, Spetznaz, Recce, 707, CIO, NOCS, Halcon, Duress, RAID, Psyops, grom, D-11, SERT, VIP, ARC, S.E.T. Team, MP5k, DREC, DEVGRP, DF, DSD, FDM, GRU, LRTS, SIGDEV, NACSI, PSAC, PTT, RFI, SIGDASYS, TDM. SUKLO, SUSLO, TELINT, TEXTA. ELF, LF, MF, VHF, UHF, SHF, SASP, WANK, Colonel, domestic disruption, smuggle, 15kg, nitrate, Pretoria, M-14, enigma, Bletchley Park, Clandestine, nkvd, argus, afsatcom, CQB, NVD, Counter Terrorism Security, Rapid Reaction, Corporate Security, Police, sniper, PPS, ASIS, ASLET, TSCM, Security Consulting, High Security, Security Evaluation, Electronic Surveillance, MI-17, Counterterrorism, spies, eavesdropping, debugging, interception, COCOT, rhost, rhosts, SETA, Amherst, Broadside, Capricorn, Gamma, Gorizont, Guppy, Ionosphere, Mole, Keyhole, Kilderkin, Artichoke, Badger, Cornflower, Daisy, Egret, Iris, Hollyhock, Jasmine, Juile, Vinnell, B.D.M.,Sphinx, Stephanie, Reflection, Spoke, Talent, Trump, FX, FXR, IMF, POCSAG, Covert Video, Intiso, r00t, lock picking, Beyond Hope, csystems, passwd, 2600 Magazine, Competitor, EO, Chan, Alouette,executive, Event Security, Mace, Cap-Stun, stakeout, ninja, ASIS, ISA, EOD, Oscor, Merlin, NTT, SL-1, Rolm, TIE, Tie-fighter, PBX, SLI, NTT, MSCJ, MIT, 69, RIT, Time, MSEE, Cable & Wireless, CSE, Embassy, ETA, Porno, Fax, finks, Fax encryption, white noise, pink noise, CRA, M.P.R.I., top secret, Mossberg, 50BMG, Macintosh Security, Macintosh Internet Security, Macintosh Firewalls, Unix Security, VIP Protection, SIG, sweep, Medco, TRD, TDR, sweeping, TELINT, Audiotel, Harvard, 1080H, SWS, Asset, Satellite imagery, force, Cypherpunks, Coderpunks, TRW, remailers, replay, redheads, RX-7, explicit, FLAME, Pornstars, AVN, Playboy, Anonymous, Sex, chaining, codes, Nuclear, 20, subversives, SLIP, toad, fish, data havens, unix, c, a, b, d, the, Elvis, quiche, DES, 1*, NATIA, NATOA, sneakers, counterintelligence, industrial espionage, PI, TSCI, industrial intelligence, H.N.P., Juiliett Class Submarine, Locks, loch, Ingram Mac-10, sigvoice, ssa, E.O.D., SEMTEX, penrep, racal, OTP, OSS, Blowpipe, CCS, GSA, Kilo Class, squib, primacord, RSP, Becker, Nerd, fangs, Austin, Comirex, GPMG, Speakeasy, humint, GEODSS, SORO, M5, ANC, zone, SBI, DSS, S.A.I.C., Minox, Keyhole, SAR, Rand Corporation, Wackenhutt, EO, Wackendude, mol, Hillal, GGL, CTU, botux, Virii, CCC, Blacklisted 411, Internet Underground, XS4ALL, Retinal Fetish, Fetish, Yobie, CTP, CATO, Phon-e, Chicago Posse, l0ck, spook keywords, PLA, TDYC, W3, CUD, CdC, Weekly World News, Zen, World Domination, Dead, GRU, M72750, Salsa, 7, Blowfish, Gorelick, Glock, Ft. Meade, press-release, Indigo, wire transfer, e-cash, Bubba the Love Sponge, Digicash, zip, SWAT, Ortega, PPP, crypto-anarchy, AT&T, SGI, SUN, MCI, Blacknet, Middleman, KLM, Blackbird, plutonium, Texas, jihad, SDI, Uzi, Fort Meade, supercomputer, bullion, 3, Blackmednet, Propaganda, ABC, Satellite phones, Planet-1, cryptanalysis, nuclear, FBI, Panama, fissionable, Sears Tower, NORAD, Delta Force, SEAL, virtual, Dolch, secure shell, screws, Black-Ops, Area51, SABC, basement, data-haven, black-bag, TEMPSET, Goodwin, rebels, ID, MD5, IDEA, garbage, market, beef, Stego, unclassified, utopia, orthodox, Alica, SHA, Global, gorilla, Bob, Pseudonyms, MITM, Gray Data, VLSI, mega, Leitrim, Yakima, Sugar Grove, Cowboy, Gist, 8182, Gatt, Platform, 1911, Geraldton, UKUSA, veggie, 3848, Morwenstow, Consul, Oratory, Pine Gap, Menwith, Mantis, DSD, BVD, 1984, Flintlock, cybercash, government, hate, speedbump, illuminati, president, freedom, cocaine, $, Roswell, ESN, COS, E.T., credit card, b9, fraud, assasinate, virus, anarchy, rogue, mailbomb, 888, Chelsea, 1997, Whitewater, MOD, York, plutonium, William Gates, clone, BATF, SGDN, Nike, Atlas, Delta, TWA, Kiwi, PGP 2.6.2., PGP 5.0i, PGP 5.1, siliconpimp, Lynch, 414, Face, Pixar, IRIDF, eternity server, Skytel, Yukon, Templeton, LUK, Cohiba, Soros, Standford, niche, 51, H&K, USP, ^, sardine, bank, EUB, USP, PCS, NRO, Red Cell, Glock 26, snuffle, Patel, package, ISI, INR, INS, IRS, GRU, RUOP, GSS, NSP, SRI, Ronco, Armani, BOSS, Chobetsu, FBIS, BND, SISDE, FSB, BfV, IB, froglegs, JITEM, SADF, advise, TUSA, HoHoCon, SISMI, FIS, MSW, Spyderco, UOP, SSCI, NIMA, MOIS, SVR, SIN, advisors, SAP, OAU, PFS, Aladdin, chameleon man, Hutsul, CESID, Bess, rail gun, Peering, 17, 312, NB, CBM, CTP, Sardine, SBIRS, SGDN, ADIU, DEADBEEF, IDP, IDF, Halibut, SONANGOL, Flu, &, Loin, PGP 5.53, EG&G, AIEWS, AMW, WORM, MP5K-SD, 1071, WINGS, cdi, DynCorp, UXO, Ti, THAAD, package, chosen, PRIME, SURVIAC ..."
Oct 08, 2016 | www.counterpunch.org
by Dave Lindorff

Word that Yahoo! last year, at the urging of the National Security Agency, secretly developed a program that monitored the mail of all 280 million of its customers and turned over to the NSA all mail from those who used any of the agency's thousands of keywords, shows that the US has become a total police state in terms of trying to monitor every person in the country (and outside too).

With the courts, especially at the appellate and Supreme Court level, rolling over and supporting this massive evisceration of basic freedoms, including the First Amendment guarantee of freedom of speech and the Fourth Amendment protection against illegal search and seizure and invasion of privacy, perhaps the best way for us to fight back is to overload the spy system. How to do this? Just copy and paste random fragments of the following list (a bit dated, but useable), provided courtesy of the publication Business Insider, and include them in every communication - email, social media, etc. - that you send out.

The secret Yahoo! assault (reported on here by Alfredo Lopez in yesterday's article ), works by searching users' emails for keywords on an NSA list of suspected words that might be used by alleged terrorists or anti-government activists, and then those suspect communications are forwarded to the NSA, where humans eventually have to separate the wheat from the chaff. Too much chaff (and they surely have too much chaff anyhow!) and they will be buried with work and unable to read anything.

In fact, critics of the government's metastasizing universal surveillance program, including former FBI agents and other experts, have long criticized the effort to turn the US into a replica of East Germany with its Stazi secret police, cannot work and is actually counter-productive, because with spy agencies' limited manpower looking at all the false leads provided by keyword monitoring, they are bound to miss the real dangerous messages. In fact, this was also the argument used against the FBI's program of monitoring mosques and suspecting every Muslim American who expressed criticism of the US. Most are just people saying what a lot of us say: that the US wars in the Middle East are wrong or even criminal, but they are just citizens or immigrants exercising their free speech when they do this, not terrorists, and spying on them is and has been a huge waste or time and resources.

... ... ...

a sample of the NSA's keyword list:

Waihopai, INFOSEC, Information Security, Information Warfare, IW, IS, Priavacy, Information Terrorism, Terrorism Defensive Information, Defense Information Warfare, Offensive Information, Offensive Information Warfare, National Information Infrastructure, InfoSec, Reno, Compsec, Computer Terrorism, Firewalls, Secure Internet Connections, ISS, Passwords, DefCon V, Hackers, Encryption, Espionage, USDOJ, NSA, CIA, S/Key, SSL, FBI, Secert Service, USSS, Defcon, Military, White House, Undercover, NCCS, Mayfly, PGP, PEM, RSA, Perl-RSA, MSNBC, bet, AOL, AOL TOS, CIS, CBOT, AIMSX, STARLAN, 3B2, BITNET, COSMOS, DATTA, E911, FCIC, HTCIA, IACIS, UT/RUS, JANET, JICC, ReMOB, LEETAC, UTU, VNET, BRLO, BZ, CANSLO, CBNRC, CIDA, JAVA, Active X, Compsec 97, LLC, DERA, Mavricks, Meta-hackers, ^?, Steve Case, Tools, Telex, Military Intelligence, Scully, Flame, Infowar, Bubba, Freeh, Archives, Sundevil, jack, Investigation, ISACA, NCSA, spook words, Verisign, Secure, ASIO, Lebed, ICE, NRO, Lexis-Nexis, NSCT, SCIF, FLiR, Lacrosse, Flashbangs, HRT, DIA, USCOI, CID, BOP, FINCEN, FLETC, NIJ, ACC, AFSPC, BMDO, NAVWAN, NRL, RL, NAVWCWPNS, NSWC, USAFA, AHPCRC, ARPA, LABLINK, USACIL, USCG, NRC, ~, CDC, DOE, FMS, HPCC, NTIS, SEL, USCODE, CISE, SIRC, CIM, ISN, DJC, SGC, UNCPCJ, CFC, DREO, CDA, DRA, SHAPE, SACLANT, BECCA, DCJFTF, HALO, HAHO, FKS, 868, GCHQ, DITSA, SORT, AMEMB, NSG, HIC, EDI, SAS, SBS, UDT, GOE, DOE, GEO, Masuda, Forte, AT, GIGN, Exon Shell, CQB, CONUS, CTU, RCMP, GRU, SASR, GSG-9, 22nd SAS, GEOS, EADA, BBE, STEP, Echelon, Dictionary, MD2, MD4, MDA, MYK, 747,777, 767, MI5, 737, MI6, 757, Kh-11, Shayet-13, SADMS, Spetznaz, Recce, 707, CIO, NOCS, Halcon, Duress, RAID, Psyops, grom, D-11, SERT, VIP, ARC, S.E.T. Team, MP5k, DREC, DEVGRP, DF, DSD, FDM, GRU, LRTS, SIGDEV, NACSI, PSAC, PTT, RFI, SIGDASYS, TDM. SUKLO, SUSLO, TELINT, TEXTA. ELF, LF, MF, VHF, UHF, SHF, SASP, WANK, Colonel, domestic disruption, smuggle, 15kg, nitrate, Pretoria, M-14, enigma, Bletchley Park, Clandestine, nkvd, argus, afsatcom, CQB, NVD, Counter Terrorism Security, Rapid Reaction, Corporate Security, Police, sniper, PPS, ASIS, ASLET, TSCM, Security Consulting, High Security, Security Evaluation, Electronic Surveillance, MI-17, Counterterrorism, spies, eavesdropping, debugging, interception, COCOT, rhost, rhosts, SETA, Amherst, Broadside, Capricorn, Gamma, Gorizont, Guppy, Ionosphere, Mole, Keyhole, Kilderkin, Artichoke, Badger, Cornflower, Daisy, Egret, Iris, Hollyhock, Jasmine, Juile, Vinnell, B.D.M.,Sphinx, Stephanie, Reflection, Spoke, Talent, Trump, FX, FXR, IMF, POCSAG, Covert Video, Intiso, r00t, lock picking, Beyond Hope, csystems, passwd, 2600 Magazine, Competitor, EO, Chan, Alouette,executive, Event Security, Mace, Cap-Stun, stakeout, ninja, ASIS, ISA, EOD, Oscor, Merlin, NTT, SL-1, Rolm, TIE, Tie-fighter, PBX, SLI, NTT, MSCJ, MIT, 69, RIT, Time, MSEE, Cable & Wireless, CSE, Embassy, ETA, Porno, Fax, finks, Fax encryption, white noise, pink noise, CRA, M.P.R.I., top secret, Mossberg, 50BMG, Macintosh Security, Macintosh Internet Security, Macintosh Firewalls, Unix Security, VIP Protection, SIG, sweep, Medco, TRD, TDR, sweeping, TELINT, Audiotel, Harvard, 1080H, SWS, Asset, Satellite imagery, force, Cypherpunks, Coderpunks, TRW, remailers, replay, redheads, RX-7, explicit, FLAME, Pornstars, AVN, Playboy, Anonymous, Sex, chaining, codes, Nuclear, 20, subversives, SLIP, toad, fish, data havens, unix, c, a, b, d, the, Elvis, quiche, DES, 1*, NATIA, NATOA, sneakers, counterintelligence, industrial espionage, PI, TSCI, industrial intelligence, H.N.P., Juiliett Class Submarine, Locks, loch, Ingram Mac-10, sigvoice, ssa, E.O.D., SEMTEX, penrep, racal, OTP, OSS, Blowpipe, CCS, GSA, Kilo Class, squib, primacord, RSP, Becker, Nerd, fangs, Austin, Comirex, GPMG, Speakeasy, humint, GEODSS, SORO, M5, ANC, zone, SBI, DSS, S.A.I.C., Minox, Keyhole, SAR, Rand Corporation, Wackenhutt, EO, Wackendude, mol, Hillal, GGL, CTU, botux, Virii, CCC, Blacklisted 411, Internet Underground, XS4ALL, Retinal Fetish, Fetish, Yobie, CTP, CATO, Phon-e, Chicago Posse, l0ck, spook keywords, PLA, TDYC, W3, CUD, CdC, Weekly World News, Zen, World Domination, Dead, GRU, M72750, Salsa, 7, Blowfish, Gorelick, Glock, Ft. Meade, press-release, Indigo, wire transfer, e-cash, Bubba the Love Sponge, Digicash, zip, SWAT, Ortega, PPP, crypto-anarchy, AT&T, SGI, SUN, MCI, Blacknet, Middleman, KLM, Blackbird, plutonium, Texas, jihad, SDI, Uzi, Fort Meade, supercomputer, bullion, 3, Blackmednet, Propaganda, ABC, Satellite phones, Planet-1, cryptanalysis, nuclear, FBI, Panama, fissionable, Sears Tower, NORAD, Delta Force, SEAL, virtual, Dolch, secure shell, screws, Black-Ops, Area51, SABC, basement, data-haven, black-bag, TEMPSET, Goodwin, rebels, ID, MD5, IDEA, garbage, market, beef, Stego, unclassified, utopia, orthodox, Alica, SHA, Global, gorilla, Bob, Pseudonyms, MITM, Gray Data, VLSI, mega, Leitrim, Yakima, Sugar Grove, Cowboy, Gist, 8182, Gatt, Platform, 1911, Geraldton, UKUSA, veggie, 3848, Morwenstow, Consul, Oratory, Pine Gap, Menwith, Mantis, DSD, BVD, 1984, Flintlock, cybercash, government, hate, speedbump, illuminati, president, freedom, cocaine, $, Roswell, ESN, COS, E.T., credit card, b9, fraud, assasinate, virus, anarchy, rogue, mailbomb, 888, Chelsea, 1997, Whitewater, MOD, York, plutonium, William Gates, clone, BATF, SGDN, Nike, Atlas, Delta, TWA, Kiwi, PGP 2.6.2., PGP 5.0i, PGP 5.1, siliconpimp, Lynch, 414, Face, Pixar, IRIDF, eternity server, Skytel, Yukon, Templeton, LUK, Cohiba, Soros, Standford, niche, 51, H&K, USP, ^, sardine, bank, EUB, USP, PCS, NRO, Red Cell, Glock 26, snuffle, Patel, package, ISI, INR, INS, IRS, GRU, RUOP, GSS, NSP, SRI, Ronco, Armani, BOSS, Chobetsu, FBIS, BND, SISDE, FSB, BfV, IB, froglegs, JITEM, SADF, advise, TUSA, HoHoCon, SISMI, FIS, MSW, Spyderco, UOP, SSCI, NIMA, MOIS, SVR, SIN, advisors, SAP, OAU, PFS, Aladdin, chameleon man, Hutsul, CESID, Bess, rail gun, Peering, 17, 312, NB, CBM, CTP, Sardine, SBIRS, SGDN, ADIU, DEADBEEF, IDP, IDF, Halibut, SONANGOL, Flu, &, Loin, PGP 5.53, EG&G, AIEWS, AMW, WORM, MP5K-SD, 1071, WINGS, cdi, DynCorp, UXO, Ti, THAAD, package, chosen, PRIME, SURVIAC

[Oct 08, 2016] Yahoo Email Scanner Was Installed by Government

Oct 07, 2016 | news.antiwar.com
Software Could've Given NSA Much More Access Than Just Emails
Former employees of Yahoo have corroborated this week's stories about the company scanning all emails coming into their servers on behalf of the NSA, saying that the "email scanner" software was not Yahoo-built, but actually made and installed by the US government .

The employees, including at least one on Yahoo's own internal security team, reported finding the software on the email server and believing they were begin hacked, before executives informed them the government had done it. They described the software as a broader "rootkit" that could give the NSA access to much more than just emails.

To make matters worse, the employees say the government's software was "buggy" and poorly-designed , meaning it could've given other hackers who discovered it the same access to the Yahoo server, adding to the danger it posed to customers' privacy.

Yahoo itself has been mostly mum on the matter, issuing a statement claiming the initial reports were "misleading" but not elaborating at all. The NSA denied the claim outright, though they have been repeatedly caught lying about similar programs in the past.

[Sep 28, 2016] Yahoo email capture FT Alphaville

Sep 28, 2016 | ftalphaville.ft.com

Izabella Kaminska joined FT Alphaville in October 2008. Before that she worked as a producer at CNBC, a natural gas reporter at Platts and an associate editor of BP's internal magazine.

If your email provider suffered a security breach would you:

a) prefer to be informed about it as soon as possible so as to take evasive action?

or

b) prefer not to be informed until years later, by which time any evasive actions may have become pointless?

On the basis you chose the first option and a security breach happened, would you:

a) appreciate the warning and the password reset nudge, dismiss the incident to a Smeg happens scenario and continue using the service provider because at least they're vigilant about security?

or

b) Recoil in disgust at the very idea your email provider's security systems were lax enough to allow this to happen and immediately defect to a rival provider?

On the basis you would have chosen the first option and then the first option again (and then a security breach happened), how would you then react if your email provider determined that a) it was better to keep you in the dark about it and b) this was because they anticipated you would defect?

To wit, here's a nice insight from Nicole Perlroth and Vindu Goel at the New York Times for the legacy loyal yahoo email users still out there (h/t @melaniehannah):

Mr. Stamos, who departed Yahoo for Facebook last year, declined to comment. But during his tenure, Ms. Mayer also rejected the most basic security measure of all: an automatic reset of all user passwords, a step security experts consider standard after a breach. Employees say the move was rejected by Ms. Mayer's team for fear that even something as simple as a password change would drive Yahoo's shrinking email users to other services.

Two points on the back of that.

As a yahoo email user, I can testify to the fact that being continuously told by friends and family that: "Hey there, I think your email may have been hacked" is incentive enough to defect to an alternative provider.

Second, when I tried to download our complete email history so as to shutter the account formally, we found that this was in fact impossible unless we had the time and temperament to forward up to 20 years worth of email individually to a new account.

To date I am yet to get a reply from the Yahoo service team with respect to how I might get my hands on my own data in a more practical manner.

Speaking of frictions, here's another relevant snippet from the article:

The "Paranoids," the internal name for Yahoo's security team, often clashed with other parts of the business over security costs. And their requests were often overridden because of concerns that the inconvenience of added protection would make people stop using the company's products.

All of which suggests the crux of Mayer's Yahoo strategy was focused on maximising the security/access paradox to her own benefit. Namely, maximising access to the detriment of user security if it helped to bolster Yahoo's user numbers, but minimising user access to their own data if it helped to maximise the security of yahoo's own stock valuation.

Nice. This entry was posted by Izabella Kaminska on Wednesday September 28th, 2016 17:02 . Tagged with cyber security , yahoo .

Terra_Desolata 5pts Featured 5 hours ago

The choice between security and ease of access is a difficult one, and shouldn't be trivialized. Password policies are a good example - overly loose, and hackers will be able to guess users' passwords; overly strict (e.g., requiring a password change every month), and users will resort to passwords on sticky notes stuck to their monitors. If you make things too difficult for users, they will find ways to ease the burden, and some of those ways will actually make security significantly worse.

That's not to say that Yahoo made the right decision, but it is to say that it isn't as easy as assuming that more security is always better.

Patience 5pts Featured 8 hours ago

I have managed to use the web for 20 years without ever visiting yahoo.com - by intention. I got the impression that they try to imprison their users rather than empower them.

I assume their e-mail service was 'free'. If so their users got exactly what they paid for.

In an ideal world each e-mail would cost the sender a cent. This would solve the problem of spam, and generate funds to develop and promote better web security.

Simple Simon 5pts Featured 8 hours ago

Oooh, you had a Yahoo email account? You've just lost a big chunk of credibility.

I mean I have a Yahoo account (as well as a Netscape account and a Hotmail, sorry, whatever they call it) plus one or two others. Every time a new email provider has popped up I check their tech credentials and migrate to the provider that seems to hire the best techies. They get the sensitive mail. I keep the old accounts and use them for spam-associated registrations and whatnot.

Presently Google and Proton are my principal providers. Anyone who carried on with Yahoo for sensitive mail has nobody to blame other than him/herself.

blocker 5pts Featured 5 hours ago

Settle down. Changing email accounts is a hassle, particularly for one's contacts.

OBA 5pts Featured 9 hours ago

@izabellakaminska - setup up your yahoo account and your new email account on an email client like mac mail or microsoft outlook- make sure they are both setup as an IMAP account. Wait for all the yahoo email to download and then simply select all messages and drag them across to your new account.

Steven in DC 5pts Featured
7 hours ago

@ OBA Better yet, just leave the digital past...proud achievements and baggage alike...and step into the future with a clean slate.

Terra_Desolata 5pts Featured 5 hours ago

@ OBA Thank you, this is a great suggestion. I've been trying to figure out how to backup my Yahoo! account - I only use it for signing up for things where I might get spam, but still wanted an easy way to back it up. I already used an e-mail client to get e-mails for one of my other accounts, I don't know why it never occurred to me to do the same for Yahoo!.

[Sep 28, 2016] Scan and go as surveillance tool

Notable quotes:
"... Another goal of course is to track even further every single purchase - what, and where, and when. And then sell the consumption data to the insurers perhaps… a packet of cigs per day? Or too many bottles of booze? ..."
Sep 26, 2016 | www.nakedcapitalism.com

temporal September 25, 2016 at 9:08 am

Scan and go.

Swapping standing in line at the check-out for the line at the exit. And when there is an issue then the greeter calls in the check-out police thereby pissing off the customer. Brilliant.

While Apple fanboys are willing to work for their iPhone's company for free by doing their own check-out I doubt that is likely for people going to Sam's Club. As well many customers, even if they have a smartphone, will not enjoy using up their data plan as they try to check and process the details online.

All these smartphone apps have one major goal, besides collecting credit fees. Reduce store overhead by getting customers to do more of the work while eliminating employees. The winners are not the customers or people looking for a way to make ends meet.

Pavel September 25, 2016 at 2:27 pm

Another goal of course is to track even further every single purchase - what, and where, and when. And then sell the consumption data to the insurers perhaps… a packet of cigs per day? Or too many bottles of booze?

Of course they are already doing that with the store "fidelity cards", but the mobile apps will be more precise and less optional.

[Sep 26, 2016] Probe of leaked U.S. NSA hacking tools examines operatives mistake

Notable quotes:
"... A U.S. investigation into a leak of hacking tools used by the National Security Agency is focusing on a theory that one of its operatives carelessly left them available on a remote computer ..."
"... The tools, which enable hackers to exploit software flaws in computer and communications systems from vendors such as Cisco Systems and Fortinet Inc, were dumped onto public websites last month by a group calling itself Shadow Brokers. ..."
"... But officials heading the FBI-led investigation now discount both of those scenarios, the people said in separate interviews. NSA officials have told investigators that an employee or contractor made the mistake about three years ago during an operation that used the tools, the people said. ..."
"... That person acknowledged the error shortly afterward, they said. But the NSA did not inform the companies of the danger when it first discovered the exposure of the tools, the sources said. Since the public release of the tools, the companies involved have issued patches in the systems to protect them. ..."
"... Because the sensors did not detect foreign spies or criminals using the tools on U.S. or allied targets, the NSA did not feel obligated to immediately warn the U.S. manufacturers, an official and one other person familiar with the matter said. ..."
Reuters
A U.S. investigation into a leak of hacking tools used by the National Security Agency is focusing on a theory that one of its operatives carelessly left them available on a remote computer and Russian hackers found them, four people with direct knowledge of the probe told Reuters.

The tools, which enable hackers to exploit software flaws in computer and communications systems from vendors such as Cisco Systems and Fortinet Inc, were dumped onto public websites last month by a group calling itself Shadow Brokers.

The public release of the tools coincided with U.S. officials saying they had concluded that Russia or its proxies were responsible for hacking political party organizations in the run-up to the Nov. 8 presidential election. On Thursday, lawmakers accused Russia of being responsible

... ... ...

But officials heading the FBI-led investigation now discount both of those scenarios, the people said in separate interviews. NSA officials have told investigators that an employee or contractor made the mistake about three years ago during an operation that used the tools, the people said.

That person acknowledged the error shortly afterward, they said. But the NSA did not inform the companies of the danger when it first discovered the exposure of the tools, the sources said. Since the public release of the tools, the companies involved have issued patches in the systems to protect them.

Investigators have not ruled out the possibility that the former NSA person, who has since departed the agency for other reasons, left the tools exposed deliberately. Another possibility, two of the sources said, is that more than one person at the headquarters or a remote location made similar mistakes or compounded each other's missteps.

Representatives of the NSA, the Federal Bureau of Investigation and the office of the Director of National Intelligence all declined to comment.

After the discovery, the NSA tuned its sensors to detect use of any of the tools by other parties, especially foreign adversaries with strong cyber espionage operations, such as China and Russia.

That could have helped identify rival powers' hacking targets, potentially leading them to be defended better. It might also have allowed U.S officials to see deeper into rival hacking operations while enabling the NSA itself to continue using the tools for its own operations.

Because the sensors did not detect foreign spies or criminals using the tools on U.S. or allied targets, the NSA did not feel obligated to immediately warn the U.S. manufacturers, an official and one other person familiar with the matter said.

In this case, as in more commonplace discoveries of security flaws, U.S. officials weigh what intelligence they could gather by keeping the flaws secret against the risk to U.S. companies and individuals if adversaries find the same flaws.

[Sep 18, 2016] Long-Secret Stingray Manuals Detail How Police Can Spy on Phones

Sep 18, 2016 | theintercept.com

Richard Tynan, a technologist with Privacy International, told The Intercept that the " manuals released today offer the most up-to-date view on the operation of" Stingrays and similar cellular surveillance devices, with powerful capabilities that threaten civil liberties, communications infrastructure, and potentially national security. He noted that the documents show the "Stingray II" device can impersonate four cellular communications towers at once, monitoring up to four cellular provider networks simultaneously, and with an add-on can operate on so-called 2G, 3G, and 4G networks simultaneously.

[Sep 16, 2016] Edward Snowdens New Revelations Are Truly Chilling

Notable quotes:
"... Submitted by Sophie McAdam via TrueActivist.com, ..."
"... He disclosed that government spies can legally hack into any citizen's phone to listen in to what's happening in the room, view files, messages and photos, pinpoint exactly where a person is (to a much more sophisticated level than a normal GPS system), and monitor a person's every move and every conversation, even when the phone is turned off. ..."
"... "Nosey Smurf": lets spies turn the microphone on and listen in on users, even if the phone itself is turned off ..."
"... Snowden says: "They want to own your phone instead of you." It sounds very much like he means we are being purposefully encouraged to buy our own tracking devices. That kinda saved the government some money, didn't it? ..."
"... It's one more reason to conclude that smartphones suck. And as much as we convince ourselves how cool they are, it's hard to deny their invention has resulted in a tendency for humans to behave like zombies , encouraged child labor, made us more lonely than ever, turned some of us into narcissistic selfie – addicts , and prevented us from communicating with those who really matter (the ones in the same room at the same time). Now, Snowden has given us yet another reason to believe that smartphones might be the dumbest thing we could have ever inflicted on ourselves. ..."
Oct 08, 2015 | Zero Hedge reprinted from TrueActivist.com

Submitted by Sophie McAdam via TrueActivist.com,

In an interview with the BBC's 'Panorama' which aired in Britain last week, Edward Snowden spoke in detail about the spying capabilities of the UK intelligence agency GCHQ. He disclosed that government spies can legally hack into any citizen's phone to listen in to what's happening in the room, view files, messages and photos, pinpoint exactly where a person is (to a much more sophisticated level than a normal GPS system), and monitor a person's every move and every conversation, even when the phone is turned off. These technologies are named after Smurfs, those little blue cartoon characters who had a recent Hollywood makeover. But despite the cute name, these technologies are very disturbing; each one is built to spy on you in a different way:

Snowden says: "They want to own your phone instead of you." It sounds very much like he means we are being purposefully encouraged to buy our own tracking devices. That kinda saved the government some money, didn't it?

His revelations should worry anyone who cares about human rights, especially in an era where the threat of terrorism is used to justify all sorts of governmental crimes against civil liberties. We have willingly given up our freedoms in the name of security; as a result we have neither. We seem to have forgotten that to live as a free person is a basic human right: we are essentially free beings. We are born naked and without certification; we do not belong to any government nor monarchy nor individual, we don't even belong to any nation or culture or religion- these are all social constructs. We belong only to the universe that created us, or whatever your equivalent belief. It is therefore a natural human right not to be not be under secret surveillance by your own government, those corruptible liars who are supposedly elected by and therefore accountable to the people.

The danger for law-abiding citizens who say they have nothing to fear because they are not terrorists, beware: many peaceful British protesters have been arrested under the Prevention Of Terrorism Act since its introduction in 2005. Edward Snowden's disclosure confirms just how far the attack on civil liberties has gone since 9/11 and the London bombings. Both events have allowed governments the legal right to essentially wage war on their own people, through the Patriot Act in the USA and the Prevention Of Terrorism Act in the UK. In Britain, as in the USA, terrorism and activism seem to have morphed into one entity, while nobody really knows who the real terrorists are any more. A sad but absolutely realistic fact of life in 2015: if you went to a peaceful protest at weekend and got detained, you're probably getting hacked right now.

It's one more reason to conclude that smartphones suck. And as much as we convince ourselves how cool they are, it's hard to deny their invention has resulted in a tendency for humans to behave like zombies, encouraged child labor, made us more lonely than ever, turned some of us into narcissistic selfieaddicts, and prevented us from communicating with those who really matter (the ones in the same room at the same time). Now, Snowden has given us yet another reason to believe that smartphones might be the dumbest thing we could have ever inflicted on ourselves.

[Sep 16, 2016] More Passwords, Please: 98 Million Leaked From 2012 Breach Of 'Russia's Yahoo'

Sep 16, 2016 | it.slashdot.org
(arstechnica.com) 23 Posted by manishs on Tuesday September 06, 2016 @02:00PM from the security-woes dept. Sean Gallagher, writing for ArsTechnica: Another major site breach from four years ago has resurfaced. Today, LeakedSource revealed that it had received a copy of a February 2012 dump of the user database of Rambler.ru , a Russian search, news, and e-mail portal site that closely mirrors the functionality of Yahoo. The dump included usernames, passwords, and ICQ instant messaging accounts for over 98 million users. And while previous breaches uncovered by LeakedSource this year had at least some encryption of passwords, the Rambler.ru database stored user passwords in plain text -- meaning that whoever breached the database instantly had access to the e-mail accounts of all of Rambler.ru's users. The breach is the latest in a series of "mega-breaches" that LeakedSource says it is processing for release. Rambler isn't the only Russian site that has been caught storing unencrpyted passwords by hackers. In June, a hacker offered for sale the entire user database of the Russian-language social networking site VK.com (formerly VKontakte) from a breach that took place in late 2012 or early 2013; that database also included unencrypted user passwords, as ZDNet's Zach Whittaker reported.

[Sep 16, 2016] Unredacted User Manuals Of Stingray Device Show How Accessible Surveillance Is

Sep 16, 2016 | yro.slashdot.org
(theintercept.com) 94 Posted by manishs on Monday September 12, 2016 @04:00PM from the truth-is-out-there dept. The Intercept has today published 200-page documents revealing details about Harris Corp's Stingray surveillance device , which has been one of the closely guarded secrets in law enforcement for more than 15 years. The firm, in collaboration with police clients across the U.S. have "fought" to keep information about the mobile phone-monitoring boxes from the public against which they are used. The publication reports that the surveillance equipment carries a price tag in the "low six figures." From the report: The San Bernardino Sheriff's Department alone has snooped via Stingray, sans warrant, over 300 times. Richard Tynan, a technologist with Privacy International, told The Intercept that the "manuals released today offer the most up-to-date view on the operation of " Stingrays and similar cellular surveillance devices, with powerful capabilities that threaten civil liberties, communications infrastructure, and potentially national security. He noted that the documents show the "Stingray II" device can impersonate four cellular communications towers at once, monitoring up to four cellular provider networks simultaneously, and with an add-on can operate on so-called 2G, 3G, and 4G networks simultaneously.

[Sep 03, 2016] There is interesting and expert commentary to NSO group software in the Hacker News forum

Sep 03, 2016 | www.nakedcapitalism.com
Pavel , September 3, 2016 at 8:11 am

I just found this via Hacker News… perhaps it was in yesterday's links and I missed it. Truly scary in the Orwellian sense and yet another reason not to use a smartphone. Chilling read.

SAN FRANCISCO - Want to invisibly spy on 10 iPhone owners without their knowledge? Gather their every keystroke, sound, message and location? That will cost you $650,000, plus a $500,000 setup fee with an Israeli outfit called the NSO Group. You can spy on more people if you would like - just check out the company's price list.

The NSO Group is one of a number of companies that sell surveillance tools that can capture all the activity on a smartphone, like a user's location and personal contacts. These tools can even turn the phone into a secret recording device.

Since its founding six years ago, the NSO Group has kept a low profile. But last month, security researchers caught its spyware trying to gain access to the iPhone of a human rights activist in the United Arab Emirates. They also discovered a second target, a Mexican journalist who wrote about corruption in the Mexican government.

Now, internal NSO Group emails, contracts and commercial proposals obtained by The New York Times offer insight into how companies in this secretive digital surveillance industry operate. The emails and documents were provided by two people who have had dealings with the NSO Group but would not be named for fear of reprisals.

–NY Times: How Spy Tech Firms Let Governments See Everything on a Smartphone

There is interesting and expert commentary in the Hacker News forum: https://news.ycombinator.com/item?id=12417938.

Pat , September 3, 2016 at 12:01 pm

I could be wrong, but the promos for Sixty Minutes on the local news make it seem they might be about this subject. Either way it is another scare you about what your cell phone can do story, possibly justified this time.

Jeotsu , September 3, 2016 at 2:15 pm

An anecdote which I cannot support with links or other evidence:

A friend of mine used to work for a (non USA) security intelligence service. I was bouncing ideas off him for a book I'm working on, specifically ideas about how monitoring/electronics/spying can be used to measure and manipulate societies. He was useful for telling if my ideas (for a Science Fiction novel) were plausible without ever getting into details. Always very careful to keep his replies in the "white" world of what any computer security person would know, without delving into anything classified.

One day we were way out in the back blocks, and I laid out one scenario for him to see if it would be plausible. All he did was small cryptically, and point at a cell phone lying on a table 10 meters away. He wouldn't say a word on the subject.

It wasn't his cellphone, and we were in a relatively remote region with no cell phone coverage.

It told me that my book idea was far too plausible. It also told me that every cellphone is likely recording everything all the time, for later upload when back in signal range. (Or at least there was the inescapable possibility that the cell phones were doing so, and that he had to assume foreign (or domestic?) agencies could be following him through monitoring of cell phones of friends and neighbors.)

It was a clarifying moment for me.

Every cellphone has a monumental amount of storage space (especially for audio files). Almost every cellphone only has a software "switch" for turning it off, not a hardware interlock where you can be sure off is off. So how can you ever really be sure it is "off"? Answer- you can't

Sobering thought. Especially when you consider the Bluffdale facility in the USA.

[Sep 03, 2016] How Spy Tech Firms Let Governments See Everything on a Smartphone

Sep 03, 2016 | www.nytimes.com

The New York Times

There are dozens of digital spying companies that can track everything a target does on a smartphone. Credit Spencer Platt/Getty Images

SAN FRANCISCO - Want to invisibly spy on 10 iPhone owners without their knowledge? Gather their every keystroke, sound, message and location? That will cost you $650,000, plus a $500,000 setup fee with an Israeli outfit called the NSO Group. You can spy on more people if you would like - just check out the company's price list.

The NSO Group is one of a number of companies that sell surveillance tools that can capture all the activity on a smartphone, like a user's location and personal contacts. These tools can even turn the phone into a secret recording device.

Since its founding six years ago, the NSO Group has kept a low profile. But last month, security researchers caught its spyware trying to gain access to the iPhone of a human rights activist in the United Arab Emirates. They also discovered a second target, a Mexican journalist who wrote about corruption in the Mexican government.

Now, internal NSO Group emails, contracts and commercial proposals obtained by The New York Times offer insight into how companies in this secretive digital surveillance industry operate. The emails and documents were provided by two people who have had dealings with the NSO Group but would not be named for fear of reprisals.

The company is one of dozens of digital spying outfits that track everything a target does on a smartphone. They aggressively market their services to governments and law enforcement agencies around the world. The industry argues that this spying is necessary to track terrorists, kidnappers and drug lords. The NSO Group's corporate mission statement is "Make the world a safe place."

Ten people familiar with the company's sales, who refused to be identified, said that the NSO Group has a strict internal vetting process to determine who it will sell to. An ethics committee made up of employees and external counsel vets potential customers based on human rights rankings set by the World Bank and other global bodies. And to date, these people all said, NSO has yet to be denied an export license.

But critics note that the company's spyware has also been used to track journalists and human rights activists.

"There's no check on this," said Bill Marczak, a senior fellow at the Citizen Lab at the University of Toronto's Munk School of Global Affairs. "Once NSO's systems are sold, governments can essentially use them however they want. NSO can say they're trying to make the world a safer place, but they are also making the world a more surveilled place."

The NSO Group's capabilities are in higher demand now that companies like Apple, Facebook and Google are using stronger encryption to protect data in their systems, in the process making it harder for government agencies to track suspects.

The NSO Group's spyware finds ways around encryption by baiting targets to click unwittingly on texts containing malicious links or by exploiting previously undiscovered software flaws. It was taking advantage of three such flaws in Apple software - since fixed - when it was discovered by researchers last month.

The cyberarms industry typified by the NSO Group operates in a legal gray area, and it is often left to the companies to decide how far they are willing to dig into a target's personal life and what governments they will do business with. Israel has strict export controls for digital weaponry, but the country has never barred the sale of NSO Group technology.

Since it is privately held, not much is known about the NSO Group's finances, but its business is clearly growing. Two years ago, the NSO Group sold a controlling stake in its business to Francisco Partners, a private equity firm based in San Francisco, for $120 million. Nearly a year later, Francisco Partners was exploring a sale of the company for 10 times that amount, according to two people approached by the firm but forbidden to speak about the discussions.

The company's internal documents detail pitches to countries throughout Europe and multimillion-dollar contracts with Mexico, which paid the NSO Group more than $15 million for three projects over three years, according to internal NSO Group emails dated in 2013.

"Our intelligence systems are subject to Mexico's relevant legislation and have legal authorization," Ricardo Alday, a spokesman for the Mexican embassy in Washington, said in an emailed statement. "They are not used against journalists or activists. All contracts with the federal government are done in accordance with the law."

Zamir Dahbash, an NSO Group spokesman, said that the sale of its spyware was restricted to authorized governments and that it was used solely for criminal and terrorist investigations. He declined to comment on whether the company would cease selling to the U.A.E. and Mexico after last week's disclosures.

For the last six years, the NSO Group's main product, a tracking system called Pegasus, has been used by a growing number of government agencies to target a range of smartphones - including iPhones, Androids, and BlackBerry and Symbian systems - without leaving a trace.

Among the Pegasus system's capabilities, NSO Group contracts assert, are the abilities to extract text messages, contact lists, calendar records, emails, instant messages and GPS locations. One capability that the NSO Group calls "room tap" can gather sounds in and around the room, using the phone's own microphone.

Pegasus can use the camera to take snapshots or screen grabs. It can deny the phone access to certain websites and applications, and it can grab search histories or anything viewed with the phone's web browser. And all of the data can be sent back to the agency's server in real time.

In its commercial proposals, the NSO Group asserts that its tracking software and hardware can install itself in any number of ways, including "over the air stealth installation," tailored text messages and emails, through public Wi-Fi hot spots rigged to secretly install NSO Group software, or the old-fashioned way, by spies in person.

Much like a traditional software company, the NSO Group prices its surveillance tools by the number of targets, starting with a flat $500,000 installation fee. To spy on 10 iPhone users, NSO charges government agencies $650,000; $650,000 for 10 Android users; $500,000 for five BlackBerry users; or $300,000 for five Symbian users - on top of the setup fee, according to one commercial proposal.

You can pay for more targets. One hundred additional targets will cost $800,000, 50 extra targets cost $500,000, 20 extra will cost $250,000 and 10 extra costs $150,000, according to an NSO Group commercial proposal. There is an annual system maintenance fee of 17 percent of the total price every year thereafter.

What that gets you, NSO Group documents say, is "unlimited access to a target's mobile devices." In short, the company says: You can "remotely and covertly collect information about your target's relationships, location, phone calls, plans and activities - whenever and wherever they are."

And, its proposal adds, "It leaves no traces whatsoever."

[Aug 29, 2016] Transfere of technology with the help of three letter agencies

Notable quotes:
"... Some "American" companies and public research institutions are surely victims of espionage, but for the most part private industry has brought this on itself by building offshore offices and *actively* directing their workers to transfer the knowledge and "train their replacements", so that they can do the work instead of US workers who are let go (or not again hired) because their skills are now "irrelevant". ..."
"... In "defense" or "national interest" related work, for the most part citizens of or even people originating from countries that are considered military or geopolitical adversaries are excluded from participation. This makes it much harder to infiltrate people in the US, as long as it is not offshored. But then the US govt and its contractors will pay higher rates for the product/service than US consumers who will have to do "more with less" (money). ..."
"... Oh, China (public and private entities) surely engages in those things it is accused of, but this is by far outweighed by US business captains shoving the "free" know-how and innovation down their throats to enable the short term "cost savings" (which will in short order be compensated for by declining aggregate demand when the formerly well paid local staff can only buy the cheapest stuff, and retail adjusts and mostly orders the cheapest). ..."
"... Likewise most "everybody else" also. I have a good number of colleagues from China and other Asian countries. Many of them take pride in coming up with their own solutions instead of copying stuff, like people everywhere. ..."
"... A German language article where this and other cases are mentioned: http://www.zeit.de/1998/28/199828.spionage.neu_.xml Nobody is squeaky clean in this game. ..."
"... At the time I was working in a tech company there, and new security protocols were instituted, like not sending certain confidential information by email or fax. There was even an anecdote (unverified) of how a foreign service (not US in that case) was allegedly intercepting business documents/negotiations that were conducted by fax, and making the information available to "their" own companies bidding for the same project. Whether true or not, that's what the management was concerned about. ..."
Aug 29, 2016 | economistsview.typepad.com

EMichael : August 28, 2016 at 11:14 AM

"Transfer" has more than one meaning.

" If spying is the world's second oldest profession, the government of China has given it a new, modern-day twist, enlisting an army of spies not to steal military secrets but the trade secrets and intellectual property of American companies. It's being called "the great brain robbery of America."


The Justice Department says that the scale of China's corporate espionage is so vast it constitutes a national security emergency, with China targeting virtually every sector of the U.S. economy, and costing American companies hundreds of billions of dollars in losses -- and more than two million jobs.

John Carlin: They're targeting our private companies. And it's not a fair fight. A private company can't compete against the resources of the second largest economy in the world."


John Carlin: This is a serious threat to our national security. I mean, our economy depends on the ability to innovate. And if there's a dedicated nation state who's using its intelligence apparatus to steal day in and day out what we're trying to develop, that poses a serious threat to our country.

Lesley Stahl: What is their ultimate goal, the Chinese government's ultimate goal?

John Carlin: They want to develop certain segments of industry and instead of trying to out-innovate, out-research, out-develop, they're choosing to do it through theft.

All you have to do, he says, is look at the economic plans published periodically by the Chinese Politburo. They are, according to this recent report by the technology research firm INVNT/IP, in effect, blueprints of what industries and what companies will be targeted for theft."

http://www.cbsnews.com/news/60-minutes-great-brain-robbery-china-cyber-espionage/

cm -> EMichael, August 28, 2016 at 12:38 PM

Some "American" companies and public research institutions are surely victims of espionage, but for the most part private industry has brought this on itself by building offshore offices and *actively* directing their workers to transfer the knowledge and "train their replacements", so that they can do the work instead of US workers who are let go (or not again hired) because their skills are now "irrelevant".

Likewise if a manufacturer outsources to an offshore supplier, they have to divulge some of their secret sauce and technical skill to their "partner" if they want the product to meet specs and quality metrics.

In "defense" or "national interest" related work, for the most part citizens of or even people originating from countries that are considered military or geopolitical adversaries are excluded from participation. This makes it much harder to infiltrate people in the US, as long as it is not offshored. But then the US govt and its contractors will pay higher rates for the product/service than US consumers who will have to do "more with less" (money).

Paine -> cm... , Sunday, August 28, 2016 at 02:02 PM
Important

We have a serious industry in dis info about china

cm -> Paine... , Sunday, August 28, 2016 at 03:47 PM
Oh, China (public and private entities) surely engages in those things it is accused of, but this is by far outweighed by US business captains shoving the "free" know-how and innovation down their throats to enable the short term "cost savings" (which will in short order be compensated for by declining aggregate demand when the formerly well paid local staff can only buy the cheapest stuff, and retail adjusts and mostly orders the cheapest).
cm -> Paine... , Sunday, August 28, 2016 at 03:54 PM
Likewise most "everybody else" also. I have a good number of colleagues from China and other Asian countries. Many of them take pride in coming up with their own solutions instead of copying stuff, like people everywhere.

"Stealing" of ideas is practiced everywhere. I know an anecdote from a "Western" company where a high level engineering manager suggested inviting another academic/research group on the pretext of exploring a collaboration, only to get enough of an idea of their approach, and then dump them. Several of the present staff balked at this and it didn't go anywhere. But it was instructive.

Paine -> cm... , Sunday, August 28, 2016 at 05:05 PM
I'd suggest stolen " recipes " to use Paul Romers term
Only encourage the parallel Han project
You can't really build something significantly novel
Simply out of specs
Paine -> Paine... , Sunday, August 28, 2016 at 05:05 PM
Classic case
The soviet a bomb project
cm -> Paine... , Sunday, August 28, 2016 at 05:43 PM
There are two aspects of "stealing ideas":

(1) How is it done (because we don't know)
(2) Which approach has been proven to work (out of many that we would have to try)

The focus in discussing the topic is often on (1), and it is certainly an important aspect, perhaps the most important one if the adversary is in bootstrapping mode.

However once you are at a certain level, (2) becomes more important - the solution space is simply too large, and knowing what has already worked elsewhere can cut through a lot of failed experiments (including finding a better solution of course).

(2) also relates somewhat to "best practices" - don't try to innovate and create yet another proprietary thing that only the people who created it understand, do what everybody else is doing, then you can hire more people who "already know it", or if "others" improve or build on the existing solution, that immediately applies to your version as well.

The downside is that your solution is not "differentiated". But if it is cheaper it doesn't have to.

ilsm -> Paine... , Sunday, August 28, 2016 at 04:20 PM
To sell F-35 the US gives everything needed to manufacture parts of the aircraft to the buying country...

To do that or any other kind of manufacturing the processes with all drawings and accurate parts lists are in the plant.........

If you can keep that stuff 'under wraps' you spend a lot, fill the plant with US personnel , endure inefficiencies, create bottlenecks....

cm -> EMichael... , Sunday, August 28, 2016 at 01:05 PM
Then there was a story about this:

https://en.wikipedia.org/wiki/Enercon#Patent_dispute

where US electronic surveillance was allegedly involved in a business dispute. In this case there is no explicit claim about technology theft, but two companies were accusing each other of patent violations, and espionage techniques were used to "obtain evidence".

cm -> cm... , Sunday, August 28, 2016 at 01:07 PM
A German language article where this and other cases are mentioned: http://www.zeit.de/1998/28/199828.spionage.neu_.xml Nobody is squeaky clean in this game.
cm -> cm... , Sunday, August 28, 2016 at 04:12 PM
BTW note the date - this kind of stuff was going on in the 90's. It is not a recent invention. BTW this here was mentioned, you may have heard of it, in any case it was a big deal in Germany where the US had several operational bases:

https://en.wikipedia.org/wiki/ECHELON

At the time I was working in a tech company there, and new security protocols were instituted, like not sending certain confidential information by email or fax. There was even an anecdote (unverified) of how a foreign service (not US in that case) was allegedly intercepting business documents/negotiations that were conducted by fax, and making the information available to "their" own companies bidding for the same project. Whether true or not, that's what the management was concerned about.

Paine -> EMichael... , Sunday, August 28, 2016 at 02:00 PM
Pure propaganda

You have a embark able tolerance for manipulation

Paine -> EMichael... , Sunday, August 28, 2016 at 02:04 PM
Trump talk modulated by the manhattan elites

The same pokes that play the other end of the stick
That de industrialized the rust belt

[Aug 21, 2016] The NSA Leak Is Real, Snowden Documents Confirm

Notable quotes:
"... The evidence that ties the ShadowBrokers dump to the NSA comes in an agency manual for implanting malware, classified top secret, provided by Snowden, and not previously available to the public. The draft manual instructs NSA operators to track their use of one malware program using a specific 16-character string, "ace02468bdf13579." That exact same string appears throughout the ShadowBrokers leak in code associated with the same program, SECONDDATE. ..."
Aug 19, 2016 | theintercept.com
On Monday, a hacking group calling itself the "ShadowBrokers" announced an auction for what it claimed were "cyber weapons" made by the NSA. Based on never-before-published documents provided by the whistleblower Edward Snowden, The Intercept can confirm that the arsenal contains authentic NSA software, part of a powerful constellation of tools used to covertly infect computers worldwide.

The provenance of the code has been a matter of heated debate this week among cybersecurity experts, and while it remains unclear how the software leaked, one thing is now beyond speculation: The malware is covered with the NSA's virtual fingerprints and clearly originates from the agency.

The evidence that ties the ShadowBrokers dump to the NSA comes in an agency manual for implanting malware, classified top secret, provided by Snowden, and not previously available to the public. The draft manual instructs NSA operators to track their use of one malware program using a specific 16-character string, "ace02468bdf13579." That exact same string appears throughout the ShadowBrokers leak in code associated with the same program, SECONDDATE.

SECONDDATE plays a specialized role inside a complex global system built by the U.S. government to infect and monitor what one document estimated to be millions of computers around the world. Its release by ShadowBrokers, alongside dozens of other malicious tools, marks the first time any full copies of the NSA's offensive software have been available to the public, providing a glimpse at how an elaborate system outlined in the Snowden documents looks when deployed in the real world, as well as concrete evidence that NSA hackers don't always have the last word when it comes to computer exploitation.

But malicious software of this sophistication doesn't just pose a threat to foreign governments, Johns Hopkins University cryptographer Matthew Green told The Intercept:

The danger of these exploits is that they can be used to target anyone who is using a vulnerable router. This is the equivalent of leaving lockpicking tools lying around a high school cafeteria. It's worse, in fact, because many of these exploits are not available through any other means, so they're just now coming to the attention of the firewall and router manufacturers that need to fix them, as well as the customers that are vulnerable.

So the risk is twofold: first, that the person or persons who stole this information might have used them against us. If this is indeed Russia, then one assumes that they probably have their own exploits, but there's no need to give them any more. And now that the exploits have been released, we run the risk that ordinary criminals will use them against corporate targets.

The NSA did not respond to questions concerning ShadowBrokers, the Snowden documents, or its malware.

A Memorable SECONDDATE

The offensive tools released by ShadowBrokers are organized under a litany of code names such as POLARSNEEZE and ELIGIBLE BOMBSHELL, and their exact purpose is still being assessed. But we do know more about one of the weapons: SECONDDATE.

SECONDDATE is a tool designed to intercept web requests and redirect browsers on target computers to an NSA web server. That server, in turn, is designed to infect them with malware. SECONDDATE's existence was first reported by The Intercept in 2014, as part of a look at a global computer exploitation effort code-named TURBINE. The malware server, known as FOXACID, has also been described in previously released Snowden documents.

Other documents released by The Intercept today not only tie SECONDDATE to the ShadowBrokers leak but also provide new detail on how it fits into the NSA's broader surveillance and infection network. They also show how SECONDDATE has been used, including to spy on Pakistan and a computer system in Lebanon.

The top-secret manual that authenticates the SECONDDATE found in the wild as the same one used within the NSA is a 31-page document titled "FOXACID SOP for Operational Management" and marked as a draft. It dates to no earlier than 2010. A section within the manual describes administrative tools for tracking how victims are funneled into FOXACID, including a set of tags used to catalogue servers. When such a tag is created in relation to a SECONDDATE-related infection, the document says, a certain distinctive identifier must be used:

The same SECONDDATE MSGID string appears in 14 different files throughout the ShadowBrokers leak, including in a file titled SecondDate-3021.exe. Viewed through a code-editing program (screenshot below), the NSA's secret number can be found hiding in plain sight:

All told, throughout many of the folders contained in the ShadowBrokers' package (screenshot below), there are 47 files with SECONDDATE-related names, including different versions of the raw code required to execute a SECONDDATE attack, instructions for how to use it, and other related files.

.

After viewing the code, Green told The Intercept the MSGID string's occurrence in both an NSA training document and this week's leak is "unlikely to be a coincidence." Computer security researcher Matt Suiche, founder of UAE-based cybersecurity startup Comae Technologies, who has been particularly vocal in his analysis of the ShadowBrokers this week, told The Intercept "there is no way" the MSGID string's appearance in both places is a coincidence.

Where SECONDDATE Fits In

This overview jibes with previously unpublished classified files provided by Snowden that illustrate how SECONDDATE is a component of BADDECISION, a broader NSA infiltration tool. SECONDDATE helps the NSA pull off a "man in the middle" attack against users on a wireless network, tricking them into thinking they're talking to a safe website when in reality they've been sent a malicious payload from an NSA server.

According to one December 2010 PowerPoint presentation titled "Introduction to BADDECISION," that tool is also designed to send users of a wireless network, sometimes referred to as an 802.11 network, to FOXACID malware servers. Or, as the presentation puts it, BADDECISION is an "802.11 CNE [computer network exploitation] tool that uses a true man-in-the-middle attack and a frame injection technique to redirect a target client to a FOXACID server." As another top-secret slide puts it, the attack homes in on "the greatest vulnerability to your computer: your web browser."

One slide points out that the attack works on users with an encrypted wireless connection to the internet.

That trick, it seems, often involves BADDECISION and SECONDDATE, with the latter described as a "component" for the former. A series of diagrams in the "Introduction to BADDECISION" presentation show how an NSA operator "uses SECONDDATE to inject a redirection payload at [a] Target Client," invisibly hijacking a user's web browser as the user attempts to visit a benign website (in the example given, it's CNN.com). Executed correctly, the file explains, a "Target Client continues normal webpage browsing, completely unaware," lands on a malware-filled NSA server, and becomes infected with as much of that malware as possible - or as the presentation puts it, the user will be left "WHACKED!" In the other top-secret presentations, it's put plainly: "How do we redirect the target to the FOXACID server without being noticed"? Simple: "Use NIGHTSTAND or BADDECISION."

The sheer number of interlocking tools available to crack a computer is dizzying. In the FOXACID manual, government hackers are told an NSA hacker ought to be familiar with using SECONDDATE along with similar man-in-the-middle wi-fi attacks code-named MAGIC SQUIRREL and MAGICBEAN. A top-secret presentation on FOXACID lists further ways to redirect targets to the malware server system.

To position themselves within range of a vulnerable wireless network, NSA operators can use a mobile antenna system running software code-named BLINDDATE, depicted in the field in what appears to be Kabul. The software can even be attached to a drone. BLINDDATE in turn can run BADDECISION, which allows for a SECONDDATE attack:

Elsewhere in these files, there are at least two documented cases of SECONDDATE being used to successfully infect computers overseas: An April 2013 presentation boasts of successful attacks against computer systems in both Pakistan and Lebanon. In the first, NSA hackers used SECONDDATE to breach "targets in Pakistan's National Telecommunications Corporation's (NTC) VIP Division," which contained documents pertaining to "the backbone of Pakistan's Green Line communications network" used by "civilian and military leadership."

In the latter, the NSA used SECONDDATE to pull off a man-in-the-middle attack in Lebanon "for the first time ever," infecting a Lebanese ISP to extract "100+ MB of Hizballah Unit 1800 data," a special subset of the terrorist group dedicated to aiding Palestinian militants.

SECONDDATE is just one method that the NSA uses to get its target's browser pointed at a FOXACID server. Other methods include sending spam that attempts to exploit bugs in popular web-based email providers or entices targets to click on malicious links that lead to a FOXACID server. One document, a newsletter for the NSA's Special Source Operations division, describes how NSA software other than SECONDDATE was used to repeatedly direct targets in Pakistan to FOXACID malware web servers, eventually infecting the targets' computers.

A Potentially Mundane Hack

Snowden, who worked for NSA contractors Dell and Booz Allen Hamilton, has offered some context and a relatively mundane possible explanation for the leak: that the NSA headquarters was not hacked, but rather one of the computers the agency uses to plan and execute attacks was compromised. In a series of tweets, he pointed out that the NSA often lurks on systems that are supposed to be controlled by others, and it's possible someone at the agency took control of a server and failed to clean up after themselves. A regime, hacker group, or intelligence agency could have seized the files and the opportunity to embarrass the agency.

Documents

Documents published with this story:

[Aug 07, 2016] Commentary The worlds best cyber army doesn't belong to Russia

Notable quotes:
"... The NSA identified Peña's cellphone and those of his associates using advanced software that can filter out specific phones from the swarm around the candidate. These lines were then targeted. The technology, one NSA analyst noted, "might find a needle in a haystack." The analyst described it as "a repeatable and efficient" process. ..."
"... Another NSA operation, begun in May 2010 and codenamed FLATLIQUID, targeted Pena's predecessor, President Felipe Calderon. The NSA, the documents revealed, was able "to gain first-ever access to President Felipe Calderon's public email account." ..."
"... At the same time, members of a highly secret joint NSA/CIA organization, called the Special Collection Service, are based in the U.S. embassy in Mexico City and other U.S. embassies around the world. It targets local government communications, as well as foreign embassies nearby. For Mexico, additional eavesdropping, and much of the analysis, is conducted by NSA Texas, a large listening post in San Antonio that focuses on the Caribbean, Central America and South America. ..."
"... Unlike the Defense Department's Pentagon, the headquarters of the cyberspies fills an entire secret city. Located in Fort Meade, Maryland, halfway between Washington and Baltimore, Maryland, NSA's headquarters consists of scores of heavily guarded buildings. The site even boasts its own police force and post office. ..."
"... One top-secret operation, code-named TreasureMap, is designed to have a "capability for building a near real-time interactive map of the global Internet. … Any device, anywhere, all the time." Another operation, codenamed Turbine, involves secretly placing "millions of implants" - malware - in computer systems worldwide for either spying or cyberattacks. ..."
"... Yet there can never be a useful discussion on the topic if the Obama administration continues to point fingers at other countries without admitting that Washington is engaged heavily in cyberspying and cyberwarfare. ..."
"... The Shadow Factory: The Ultra-Secret NSA From 9/11 to the Eavesdropping on America ..."
Aug 4, 2016 | Reuters
National attention is focused on Russian eavesdroppers' possible targeting of U.S. presidential candidates and the Democratic Congressional Campaign Committee. Yet, leaked top-secret National Security Agency documents show that the Obama administration has long been involved in major bugging operations against the election campaigns -- and the presidents -- of even its closest allies.

The United States is, by far, the world's most aggressive nation when it comes to cyberspying and cyberwarfare. The National Security Agency has been eavesdropping on foreign cities, politicians, elections and entire countries since it first turned on its receivers in 1952. Just as other countries, including Russia, attempt to do to the United States. What is new is a country leaking the intercepts back to the public of the target nation through a middleperson.

There is a strange irony in this. Russia, if it is actually involved in the hacking of the computers of the Democratic National Committee, could be attempting to influence a U.S. election by leaking to the American public the falsehoods of its leaders. This is a tactic Washington used against the Soviet Union and other countries during the Cold War.

In the 1950s, for example, President Harry S Truman created the Campaign of Truth to reveal to the Russian people the "Big Lies" of their government. Washington had often discovered these lies through eavesdropping and other espionage.

Today, the United States has morphed from a Cold War, and in some cases a hot war, into a cyberwar, with computer coding replacing bullets and bombs. Yet the American public manages to be "shocked, shocked" that a foreign country would attempt to conduct cyberespionage on the United States.

NSA operations have, for example, recently delved into elections in Mexico, targeting its last presidential campaign. According to a top-secret PowerPoint presentation leaked by former NSA contract employee Edward Snowden, the operation involved a "surge effort against one of Mexico's leading presidential candidates, Enrique Peña Nieto, and nine of his close associates." Peña won that election and is now Mexico's president.

The NSA identified Peña's cellphone and those of his associates using advanced software that can filter out specific phones from the swarm around the candidate. These lines were then targeted. The technology, one NSA analyst noted, "might find a needle in a haystack." The analyst described it as "a repeatable and efficient" process.

The eavesdroppers also succeeded in intercepting 85,489 text messages, a Der Spiegel article noted.

Another NSA operation, begun in May 2010 and codenamed FLATLIQUID, targeted Pena's predecessor, President Felipe Calderon. The NSA, the documents revealed, was able "to gain first-ever access to President Felipe Calderon's public email account."

At the same time, members of a highly secret joint NSA/CIA organization, called the Special Collection Service, are based in the U.S. embassy in Mexico City and other U.S. embassies around the world. It targets local government communications, as well as foreign embassies nearby. For Mexico, additional eavesdropping, and much of the analysis, is conducted by NSA Texas, a large listening post in San Antonio that focuses on the Caribbean, Central America and South America.

Unlike the Defense Department's Pentagon, the headquarters of the cyberspies fills an entire secret city. Located in Fort Meade, Maryland, halfway between Washington and Baltimore, Maryland, NSA's headquarters consists of scores of heavily guarded buildings. The site even boasts its own police force and post office.

And it is about to grow considerably bigger, now that the NSA cyberspies have merged with the cyberwarriors of U.S. Cyber Command, which controls its own Cyber Army, Cyber Navy, Cyber Air Force and Cyber Marine Corps, all armed with state-of-the-art cyberweapons. In charge of it all is a four-star admiral, Michael S. Rogers.

Now under construction inside NSA's secret city, Cyber Command's new $3.2- billion headquarters is to include 14 buildings, 11 parking garages and an enormous cyberbrain - a 600,000-square-foot, $896.5-million supercomputer facility that will eat up an enormous amount of power, about 60 megawatts. This is enough electricity to power a city of more than 40,000 homes.

In 2014, for a cover story in Wired and a PBS documentary, I spent three days in Moscow with Snowden, whose last NSA job was as a contract cyberwarrior. I was also granted rare access to his archive of documents. "Cyber Command itself has always been branded in a sort of misleading way from its very inception," Snowden told me. "It's an attack agency. … It's all about computer-network attack and computer-network exploitation at Cyber Command."

The idea is to turn the Internet from a worldwide web of information into a global battlefield for war. "The next major conflict will start in cyberspace," says one of the secret NSA documents. One key phrase within Cyber Command documents is "Information Dominance."

The Cyber Navy, for example, calls itself the Information Dominance Corps. The Cyber Army is providing frontline troops with the option of requesting "cyberfire support" from Cyber Command, in much the same way it requests air and artillery support. And the Cyber Air Force is pledged to "dominate cyberspace" just as "today we dominate air and space."

Among the tools at their disposal is one called Passionatepolka, designed to "remotely brick network cards." "Bricking" a computer means destroying it – turning it into a brick.

One such situation took place in war-torn Syria in 2012, according to Snowden, when the NSA attempted to remotely and secretly install an "exploit," or bug, into the computer system of a major Internet provider. This was expected to provide access to email and other Internet traffic across much of Syria. But something went wrong. Instead, the computers were bricked. It took down the Internet across the country for a period of time.

While Cyber Command executes attacks, the National Security Agency seems more interested in tracking virtually everyone connected to the Internet, according to the documents.

One top-secret operation, code-named TreasureMap, is designed to have a "capability for building a near real-time interactive map of the global Internet. … Any device, anywhere, all the time." Another operation, codenamed Turbine, involves secretly placing "millions of implants" - malware - in computer systems worldwide for either spying or cyberattacks.

Yet, even as the U.S. government continues building robust eavesdropping and attack systems, it looks like there has been far less focus on security at home. One benefit of the cyber-theft of the Democratic National Committee emails might be that it helps open a public dialogue about the dangerous potential of cyberwarfare. This is long overdue. The possible security problems for the U.S. presidential election in November are already being discussed.

Yet there can never be a useful discussion on the topic if the Obama administration continues to point fingers at other countries without admitting that Washington is engaged heavily in cyberspying and cyberwarfare.

In fact, the United States is the only country ever to launch an actual cyberwar -- when the Obama administration used a cyberattack to destroy thousands of centrifuges, used for nuclear enrichment, in Iran. This was an illegal act of war, according to the Defense Department's own definition.

Given the news reports that many more DNC emails are waiting to be leaked as the presidential election draws closer, there will likely be many more reminders of the need for a public dialogue on cybersecurity and cyberwarfare before November.

(James Bamford is the author of The Shadow Factory: The Ultra-Secret NSA From 9/11 to the Eavesdropping on America. He is a columnist for Foreign Policy magazine.)

[Aug 07, 2016] Edward Snowden Tweets Cryptic Code Was it a Dead Man's Switch

sputniknews.com
© Photo: Screenshot: Council of Europe News 21:57 06.08.2016 (updated 04:45 07.08.2016) Get short URL 31 62487 109 20

After posting a 64 character hex code that is believed to be an encryption key, the internet worries that the famed whistleblower may have been killed or captured resulting in the triggering of a dead man's switch and potentially the release of many more US national secrets.

Edward Snowden talks with Jane Mayer via satellite at the 15th Annual New Yorker Festival on Saturday, Oct. 11, 2014 in New York © AP Photo/ Christopher Lane Edward Snowden Not Dead: 'He's Fine' Says Glenn Greenwald After Mysterious Tweet On Friday night, famed NSA whistleblower Edward Snowden tweeted out a 64 character code before quickly deleting the message along with a mysterious warning earlier this week that "It's Time" which had called on colleagues of the former contractor to contact him leaving the internet to speculate that the characters could be an encryption key for a major document leak, it may be a "dead man's switch" set to go in effect if the whistleblower were killed or captured, or potentially both.

A dead man's switch is a message set up to be automatically sent if the holder of an account does not perform a regular check-in. The whistleblower has acknowledged that he has distributed encrypted files to journalists and associates that have not yet been released so in Snowden's case, the dead man's switch could be an encryption key for those files.

As of this time, Edward Snowden's Twitter account has gone silent for over 24 hours which is far from unprecedented for the whistleblower but is curious at a time when public concern has been raised over his well-being. The 64 hex characters in the code do appear to rule out the initial theory that Edward Snowden, like so many of us, simply butt dialed his phone, but instead is a clearly a secure hash algorithm that can serve as a signature for a data file or as a password.

The timing shortly after the "It's Time" tweet also have caused concern for some Reddit theorists such as a user named stordoff who believes that the nascent Twitter post "was intended to set something in motion." The user postulates that it is an encrypted message, a signal, or a password.

Snowden's initial data release in 2013 exposed what many had feared about the NSA for years, that the agency had gone rogue and undertaken a massive scheme of domestic surveillance. However, it is also known that the information released was only part of the document cache he had acquired from government servers.

A chair is pictured on stage as former US National Security Agency contractor Edward Snowden. © REUTERS/ Svein Ove Ekornesvaag/NTB Scanpix 'It's Time': Whistleblower Edward Snowden Tweets Mysterious Warning

It has been reported that additional government data was distributed in encrypted files to trusted journalists who were told to not release the information unless they received a signal urging them to – information that the whistleblower determined was too sensitive for release at the time.

The possibility also exists that Snowden has decided that after three years in hiding that additional information needed to be released to the public independent of some physical harm to himself, but the whistleblower's fans and privacy advocates across the world will continue to sit on the edge of their seats in worry until and unless he tweets to confirm that he is safe.

[Aug 02, 2016] NSA Architect: Agency Has ALL of Clinton's Deleted Emails

A very important, informative interview. Outlines complexity of challenges of modern society and the real power of "alphabet agencies" in the modern societies (not only in the USA) pretty vividly. You need to listen to it several times to understand better the current environment.
Very sloppy security was the immanent feature both of Hillary "bathroom" server and DNC emails hacks. So there probably were multiple parties that has access to those data not a single one (anti Russian hysteria presumes that the only party are Russian and that's silly; what about China, Iran and Israel?). Russian government would not use a "known attack" as they would immediately be traced back.
Anything, any communications that goes over the network are totally. 100% exposed to NSA data collection infrastructure. Clinton email messages are not exception. NSA does have information on them, including all envelopes (the body of the message might be encrypted and that's slightly complicate the matter, but there is no signs that Clinton of DNC used encryption of them)
NSA has the technical capabilities to trace the data back and they most probably have most if not all of deleted mail. The "total surveillance", the total data mailing used by NSA definitely includes the mail envelopes which makes possible to enumerate all the missing mails.
Notable quotes:
"... The National Security Agency (NSA) has "all" of Hillary Clinton's deleted emails and the FBI could gain access to them if they so desired, William Binney, a former highly placed NSA official, declared in a radio interview broadcast on Sunday. ..."
"... Binney referenced testimony before the Senate Judiciary Committee in March 2011 by then-FBI Director Robert S. Mueller in which Meuller spoke of the FBI's ability to access various secretive databases "to track down known and suspected terrorists." ..."
"... "Now what he (Mueller) is talking about is going into the NSA database, which is shown of course in the (Edward) Snowden material released, which shows a direct access into the NSA database by the FBI and the CIA. Which there is no oversight of by the way. So that means that NSA and a number of agencies in the U.S. government also have those emails." ..."
"... Listen to the full interview here: ... ..."
"... And the other point is that Hillary, according to an article published by the Observer ..."
www.breitbart.com
The National Security Agency (NSA) has "all" of Hillary Clinton's deleted emails and the FBI could gain access to them if they so desired, William Binney, a former highly placed NSA official, declared in a radio interview broadcast on Sunday.

Speaking as an analyst, Binney raised the possibility that the hack of the Democratic National Committee's server was done not by Russia but by a disgruntled U.S. intelligence worker concerned about Clinton's compromise of national security secrets via her personal email use.

Binney was an architect of the NSA's surveillance program. He became a famed whistleblower when he resigned on October 31, 2001, after spending more than 30 years with the agency.

He was speaking on this reporter's Sunday radio program, "Aaron Klein Investigative Radio," broadcast on New York's AM 970 The Answer and Philadelphia's NewsTalk 990 AM.

Binney referenced testimony before the Senate Judiciary Committee in March 2011 by then-FBI Director Robert S. Mueller in which Meuller spoke of the FBI's ability to access various secretive databases "to track down known and suspected terrorists."

Stated Binney:

"Now what he (Mueller) is talking about is going into the NSA database, which is shown of course in the (Edward) Snowden material released, which shows a direct access into the NSA database by the FBI and the CIA. Which there is no oversight of by the way. So that means that NSA and a number of agencies in the U.S. government also have those emails."

"So if the FBI really wanted them they can go into that database and get them right now," he stated of Clinton's emails as well as DNC emails.

Asked point blank if he believed the NSA has copies of "all" of Clinton's emails, including the deleted correspondence, Binney replied in the affirmative.

"Yes," he responded. "That would be my point. They have them all and the FBI can get them right there."

Listen to the full interview here: ...

Binney surmised that the hack of the DNC could have been coordinated by someone inside the U.S. intelligence community angry over Clinton's compromise of national security data with her email use.

And the other point is that Hillary, according to an article published by the Observer in March of this year, has a problem with NSA because she compromised Gamma material. Now that is the most sensitive material at NSA. And so there were a number of NSA officials complaining to the press or to the people who wrote the article that she did that. She lifted the material that was in her emails directly out of Gamma reporting. That is a direct compromise of the most sensitive material at the NSA. So she's got a real problem there. So there are many people who have problems with what she has done in the past. So I don't necessarily look at the Russians as the only one(s) who got into those emails.

The Observer defined the GAMMA classification:

GAMMA compartment, which is an NSA handling caveat that is applied to extraordinarily sensitive information (for instance, decrypted conversations between top foreign leadership, as this was).

Aaron Klein is Breitbart's Jerusalem bureau chief and senior investigative reporter. He is a New York Times bestselling author and hosts the popular weekend talk radio program, "Aaron Klein Investigative Radio." Follow him on Twitter @AaronKleinShow. Follow him on Facebook.

[Jun 06, 2016] Got privacy If you use Twitter or a smartphone, maybe not so much

www.pcworld.com
May 18, 2016

PCWorld

You're probably giving away more than you think

The location stamps on just a handful of Twitter posts can help even low-tech stalkers find you, researchers found.

The notion of online privacy has been greatly diminished in recent years, and just this week two new studies confirm what to many minds is already a dismal picture.

First, a study reported on Monday by Stanford University found that smartphone metadata-information about calls and text messages, such as time and length-can reveal a surprising amount of personal detail.

To investigate their topic, the researchers built an Android app and used it to retrieve the metadata about previous calls and text messages-the numbers, times, and lengths of communications-from more than 800 volunteers' smartphone logs. In total, participants provided records of more than 250,000 calls and 1.2 million texts.

The researchers then used a combination of automated and manual processes to understand just what's being revealed. What they found was that it's possible to infer a lot more than you might think.

A person who places multiple calls to a cardiologist, a local drug store, and a cardiac arrhythmia monitoring device hotline likely suffers from cardiac arrhythmia, for example. Based on frequent calls to a local firearms dealer that prominently advertises AR semiautomatic rifles and to the customer support hotline of a major manufacturer that produces them, it's logical to conclude that another likely owns such a weapon.

The researchers set out to fill what they consider knowledge gaps within the National Security Agency's current phone metadata program. Currently, U.S. law gives more privacy protections to call content and makes it easier for government agencies to obtain metadata, in part because policymakers assume that it shouldn't be possible to infer specific sensitive details about people based on metadata alone.

This study, reported in the Proceedings of the National Academy of Sciences, suggests otherwise. Preliminary versions of the work have already played a role in federal surveillance policy debates and have been cited in litigation filings and letters to legislators in both the U.S. and abroad.

It takes as few as eight tweets to locate someone

Researchers at MIT and Oxford University, meanwhile, have shown that the location stamps on just a handful of Twitter posts can be enough to let even a low-tech snooper find out where you live and work.

Though Twitter's location-reporting service is off by default, many Twitter users choose to activate it. Now, it looks like even as few as eight tweets over the course of a single day can give stalkers what they need to track you down.

The researchers used real tweets from Twitter users in the Boston area; users consented to the use of their data and also confirmed their home and work addresses, their commuting routes, and the locations of various leisure destinations from which they had tweeted.

The time and location data associated with the tweets were then presented to a group of 45 study participants, who were asked to try to deduce whether the tweets had originated at the Twitter users' homes, workplaces, leisure destinations or commute locations.

Bottom line: They had little trouble figuring it out. Equipped with map-based representations, participants correctly identified Twitter users' homes roughly 65 percent of the time and their workplaces at closer to 70 percent.

Part of a more general project at MIT's Internet Policy Research Initiative, the paper was presented last week at the Association for Computing Machinery's Conference on Human Factors in Computing Systems.

"Many people have this idea that only machine-learning techniques can discover interesting patterns in location data, and they feel secure that not everyone has the technical knowledge to do that," said Ilaria Liccardi, a research scientist at MIT's Internet Policy Research Initiative and first author on the paper. "What we wanted to show is that when you send location data as a secondary piece of information, it is extremely simple for people with very little technical knowledge to find out where you work or live."

Twitter said it does not comment on third-party research, but directed users to online information about its optional location feature.

[Jun 02, 2016] Gaius Publius Bernstein – The White House Is Terrified the Clinton Campaign Is in Freefall

Notable quotes:
"... But the panic is also a clear indication, and perhaps as important, another message, not just to Clinton but to Team Dem, that the Administration can't, or won't but is making it seem like can't, do what it takes to save Hillary's bacon. ..."
"... The fact that there is an independent effort, completely outside the Administration's control, pursuing the server mess, also makes it riskier for the DoJ to do nothing if Judicial Watch exposes damning documents. ..."
"... The Democrats don't have any dirt on Trump the Republicans didn't have. Trump is a referendum on the establishment. The establishment can't attack him, and any attacks too similar to the very publicized establishment attacks will be dismissed. ..."
"... Maybe not Mittens and Bill Kristol at this point, the GOP elites will show loyalty because anything less will risk their own position. The base will remove GOP elites over certain sins. The Teabaggers cleaned the GOP caucus of TARP voters. ..."
"... "Trump is a referendum on the establishment." ..."
"... That's the best one-sentence explanation for his success that I've seen. ..."
"... That is certainly the narrative Trump wants. What I find the height of black, despairing comedy is that anyone believes it. In addition to being completely untrustworthy and self-centered, Trump has little to gain by overthrowing the status quo, and has given many signs that he will continue business as usual, only with a slightly different crew of low-rent elites in charge at the top. ..."
"... No matter what he says, Trump is not leading some sort of revolution to abolish the Empire and replace it with something else, much less something better. He just wants a shortcut to being Emperor. ..."
"... I'm under the impression that if not for the Benghazi investigation, the home server would not have been discovered. However, maybe someone else can confirm that I'm correct. Which, if you think about it, does not actually make sense. The NSA should have known all along. Why on earth she supposed that she could get around the NSA is simply… words fail me. ..."
"... My tin foil hat has always told me Clintonistas may not have worked overly hard for Kerry in 2004, even offering bad advice. Every Winner and Loser column from after the election listed on clear winner, the front runner for the 2008 Democratic nomination, Hillary Clinton. Clinton Inc was operating out of crummy digs in Harlem because they couldn't raise money, but the money poured in after the Kerry loss. ..."
"... My only fear re: how Clinton could win in November would be if she and Bill had the juice to help throw 2000 and 2004 to keep the path clear for her. Unless she can steal in the General, she isn't going to be President. That would also explain Obama's focus on caucuses in 2008 - he went after her soft, less stealable underbelly. (I realize there are also less CT explanations for this.) ..."
"... "Maintaining a homebrew server could be written off as a policy violation, rather than a criminal matter. " ..."
"... Given the last 15 years of brutal, if selective, prosecutions for mishandling materials less sensitive than some of the material on Clinton's servers, I don't think many people will buy that. ..."
"... The elephant in the room is not the private server per se, but the use of it to circumvent any exposure to FOIA requests. The pay-for-play activities of the Secretary with regard to the Foundation can certainly be inferred, and if proven are grounds for an indictment leading to prosecution for treason, and the incarceration (if not the death penalty) for the entire Clinton family. The tons of circumstantial evidence regarding the timing of payments and the goodies granted, would be sufficient for a Grand Jury indictment; the "smell' test is overwhelming. ..."
"... People seem to forget that Clinton served on the Committee on Armed Services from 2003 to 2009 and on the Subcommittee on Emerging Threats and Capabilities … you know, the Subcommittee that has jurisdiction over Department of Defense policies and programs to counter emerging threats, information warfare and special operations programs. ..."
"... I too would want to keep my PRIVATE and PERSONAL emails and other communications private … if she'd been above board and simply had a private email for non-official communications and kept the official State Dept stuff on the official account, there would be nothing here. ..."
"... Sanders will lose his clout and things go back to normal. ..."
"... private server ..."
"... a personal email account was allowed ..."
"... It seems that Mills claimed that HRC's use of the private email was not kept secret and lots of Admin officials knew about it. (Note that people had to make a special request to be able to use her email.) But Obama claimed he only learned of it "like the rest of you, in the news reports". So Obama and Hillary never emailed each other while she was SoS? ..."
"... They never were chummy esp. after all the heat of the campaign: "You're likeable enough, Hillary". ..."
"... It was reported last January that there were eighteen emails between Clinton and Obama that State was not going to release for security reasons. So yes, they did email each other. It would be interesting to know what security instructions Obama received regarding using his email. Did anyone ever caution him to check the sender's email address as a caution against phishing? Her email address was clintonemail dot com. Even a technical neophyte has to know that means either she or some other entity was hosting the site; and, if a separate entity, did that entity have security clearance for handling those emails? Obama knew darn well that she was using an unsecure system. He is equally guilty of enabling her risk-taking. ..."
"... Now that Elizabeth Warren is being a good girl and playing footsie with Schumer, I can see them thinking putting her in as VP would work well enough. I don't think so (in my neck of the progressive woods, there seems to be a general understanding that she sold out), but more importantly, I can't imagine Hillary stepping away only to see Liz moved in. ..."
"... Their smartest real play would be to let Bernie have the nom and bide their time, hoping they can work in the background with Republicans to taint and undermine him. But I suspect that they're exactly smart enough to know that probably wouldn't work. ..."
"... my rich friends (lifetime republicans included) will vote for hillary, my poor friends won't. ..."
"... Clinton voters are the small amount type. She has only "won," even in the states she did did "win," by massively suppressing the vote. She hasn't even held onto her own voters from 2008, even in conservative states. Her "big wins" in the South were with much smaller numbers of votes cast. There are people who genuinely want to vote for her. They were not enough to win the Democratic primary without massive suppression AND theft. ..."
"... The problem for Hillary is there is no indication the email scandal narrative will ever improve to the point of improving her untrustworthy numbers. The best she can hope for is the FBI stating it will not recommend an indictment which will merely confirm the public's correct perception that the power elite are treated better than the rank and file. Hillary cannot unring the Inspector General's conclusion she circumvented FOIA and federal record keeping laws. She cannot undue the fact she maintained thousands of classified records, along with 22 top secret documents on the private server. She cannot change the fact she hid her use of the private server from the public and only disclosed it when caught by the Senate Committee investigating Benghazi. Everyone who pays attention to the facts is disgusted by her misconduct in this matter. ..."
"... I think her problem is that, in routing official traffic through a private mail server, she's tried to avoid records of her work (as a public official!) ever becoming available to the public. It looks, at the very least, like she's trying to hide something and it's a demonstration of breathtaking contempt for the very people whose votes she's now asking for. ..."
"... If he shagged under the legal age limit girls, traveled on a jet which was used in slave trade of underage girls, etc; then it isn't just his business, it's a criminal matter. If Mrs. Clinton enabled, and/or aided and abetted, then she could be facing criminal charges. ..."
"... The interesting thing is Jeffery Epstein has hidden cameras on both his plane and all over the US Virgin Island private pedophile reserve he ran for politicians and high level government officials. The overseas press is reporting he blackmailed his way out of Federal Charges. Was Bill part of that blackmail? ..."
"... Bill is a sexual predator. His affair with Jennifer Flower was consensual. But starting from when he was Governor, there is a long list of credible allegations of him engaging in sexual harassment (extremely aggressive come-ons with women he had just met, often women who were state employees or Dem consultatnts), including a rape allegation by Juanita Brodderick. We've even had a reader in comments say that when Bill Clinton visited a friend, he asked their college aged daughter when he was alone with her if she wanted to ride in his car and give him a blow job. DC contacts confirm the city is rife with stories like that. ..."
"... If there were an equal ..."
"... As strange a thing as this is to say, I find myself wishing that more journalists had experience in IT security. I do have such experience, and from what I can see most people really don't appreciate just how totally, ludicrously irresponsible it is for that server to exist. Talk of it having been "secured" by some lone IT contractor is ridiculous on its face. I wouldn't run a homebrew email server, and I am basically not worth hacking – very much unlike the US Secretary of State. ..."
"... Seriously, think about it. The Secretary of State had a private email server which seems to have been widely known about within the State Department and other people in government who had dealings with Hillary Clinton. There's really no question as to if that thing was hacked – you can absolutely bet your ass ..."
"... That's what's really galling to me – even by Hillary's own stated standards, what she did with her email is orders of magnitude worse than what Snowden did. But it's Hillary Clinton, so it gets handwaved by the Democrats' long practice at assuming a Clinton scandal is overblown nonsense. ..."
"... That's why people like Chelsea Manning, Edward Snowden, Thomas Drake, Jeffrey Sterling, John Kiriakou, Joe Wilson, and so forth are persecuted by the government while people like Clinton (and Petraeus, Novack, Libby, Bush, Cheney, Obama, Biden, etc.) are protected. It has nothing whatsoever to do with the merits of events. Just as one example, here's the 'ole Gray Lady serving as dutiful stenographer for Nancy Pelosi herself, the Democratic Speaker from San Francisco, supposedly one of the most liberal parts of the entire country, explaining that the law doesn't apply to people in power. ..."
"... I've worked in IT and software development for years and agree that her provision of that server doesn't meet the most basic requirements for security. Also, I work for a rather large company with a sizable federal contract and, if you haven't contracted with the government, you can only imagine the levels of security they impose upon their vendors. Two-factor authentication, encryption at rest, kernel hardening and on and on. Not only do you HAVE to do these things if you want to do business with the government, they bring in teams of their IT people to audit you. And it is not perfunctory in any way. They take InfoSec very, very seriously. ..."
"... Yesterday in the WSJ was this op-ed which made many of the same points that were made here, as well as discusses the fallout if Clinton loses the California primary. I also think that the Dems are not only just worried about the nomination now. The IG's report clears a path for hearings by the Republicans against Clinton after the election. ..."
"... I agree. Sanders has nothing to gain and a lot to lose by "making nice" with the Dem establishment. Why make nice with them? They are the problem, not the solution. That's a mainstay of Sanders' campaign. ..."
"... The Clinton fanaticism isn't about Sanders. They believe they need Clinton. An active DoJ might be a threat. A few have backwards ideas about politics. Some simply did the believe Sanders when he said Hillary was weak, but with a Gabbard in play, many Democrats can kiss their ambitions good bye if Sanders wins. ..."
"... I've said it elsewhere: Sanders is unacceptable to the DNC because a Sanders win would render the DNC networks, influence and fundraising abilities irrelevant overnight. The DNC would no longer be gatekeepers. You can win without them. Thus, Team D does not fear a Sanders defeat, and they can live with President Trump. In fact, that would represent an unprecedented fundraising opportunity. But from the Team D perspective, a Sanders victory must be prevented at all costs. ..."
"... How the hell could Sanders "make friends" with members of the Democratic Party elite? He is blowing up their revolving-door-greasing funding model. Running as effectively as he has with almost no lobbyist money? No major corporate donors to speak of? What can he offer them, except unpleasant changes that negatively impact their careers? ..."
"... "The implications of all of this are that Hillary Clinton did not want her emails subjected to the Freedom of Information Act or subpoenas from Congress. And that's why she set up a home-brew server" ..."
"... But this is definitely putting a lot of spin on the ball, because the other half of the story is the reason WHY she wanted to avoid FOIA and Congressional scrutiny. The answer is: so that between her and Bill she could sell her office to the highest bidders, which the FBI is quite prepared to prove, or if denied that chance, to "leak like crazy" ..."
"... Caution: this course of action carries a high risk of nominating Bernie ..."
"... And that bring up another point for all you "feminist" Clintonistas. Wasn't the whole point of the "first woman in the White House" thing to show that women can do it alone? That they don't need men carrying them around all the time to be successful? Well what's up with your candidate? I have never (in my 65 years) ever seen anyone (woman or man) need more help from other people (mostly men) to gain the success they seek. At every single turn in this campaign we have Ms. Clinton needing someone else, someone MORE, falling on their sword for her. Because left on her own, against a freaking socialist, for Christ's sakes, all she has been able to do is F@ck up. A FIFTY POINT LEAD, gone. Wasted. Nothing to show. And this is what you want as feminism's representative in the White House? Shame on you. ..."
"... Most of the DLC establishment could find it easy enough to "live" with a Trump Presidency. Just like Lil Marco Rubio, they'll easily bend their knees to kiss Trump's heiney and make deals with him. What's it to them, after all? ..."
"... In that scenario Hillary wins the nomination and loses the election, Obama pardons her to head off (in his telling) partisan persecution and looks noble (to the credulous) standing up for her, clearing the way to elbow in on the Clinton network for the-haven't you heard?-Obama Foundation. And the grift goes on. ..."
"... stopped ..."
"... Because the email thing, and the speeches thing, and the neo-liberalism thing, whatever. Bernstein's "leaking" makes clear that as far back as February Obama's guys in the trenches said – hey, we just saw the Bear funds blow up, and this thing is going to end badly one way or the other. We don't know exactly how bad, but bad. Which is bad for us… ..."
"... Yves – Time hss proved you wise. Japanafication is exactly what has been unfolding. And according to Forbes and the Fed, 48% of the population having less than a grand in savings means the US is near third world. One can buy Pop Tarts in third world countries also. ..."
"... The real danger is geopolitics. And this bitch that thinks she is queen has no issues literally seeing 1/3 of the global population dying to escape her crimes. Think of what a rapist does to a rape victim many times. Strangle that woman so she doesnt indict you. Yeah, it is that bad. But there are some form of tech that will end any world war quickly. Stuff of science fiction. America's competitors should think twice, or such may dissapear. Literally. ..."
"... However – and this must have been Clinton's worst nightmare x 10 - unbeknownest to CESC and Platte River, the backup server accidentally synced with another off-site server belonging to Datto for two years before anyone realized it. ..."
"... wasn't ..."
"... to the cloud was taking place ..."
"... So one Democratically connected organization signed onto this separate justice system for the politically connected. Possibly the concern Obama has for his unfunded $1Billion Presidential Library will force him to burnish his legacy by NOT rescuing HRC with some dubious legal maneuver. It is somewhat ironic that Nixon was brought down by a private electronic system (his tape recording system) while Clinton may be brought down by her own private electronic email system. ..."
"... Regardless my experience with talking to Hillary supporters is that no amount of scandal of outright criminal lawbreaking affects their views about Hillary. They revert to "she's been scrutinized and tested for decades by her enemies and she's survived." They are people on the margins who will be affected. How many are the Dem establishment? It's going to take a whopper to get them to tank Hillary IMO. ..."
"... There is a detail that is being universally missed both in the MSM and alternative press: it is a virtual certainty that the NSA has a copy of every email sent or received by that server. ..."
"... Don't forget the mayhem when the FSB (who else) posted Nuland's little chat with Pyatt over an insecure line. Let no one forget that HRC is strongly connected to the neocon project to undermine Russia's return to strength. ..."
"... Just ask yourself: What would Vladimir Putin do? ..."
"... $1 Billion Library ..."
"... I too think bernie will pull it out, the other choices are terrible. I'm looking for aspirational latinos to flock to bernie in california and it'll be a rout that can't be ignored. I hope that's what happens. ..."
"... Clintonsomething – "The Campaign Years" ..."
"... I'm not sure the media's current focus on Hillary's email server is warranted. There are definitely indications that she violated email policies, but there don't seem to be specifics about what these actions were trying to hide. I think her very questionable family ties to corporate money are a more meaningful topic in determining her suitability for the U.S. presidency ..."
"... The Clinton Machine (in other words the political operation of the Bill and Hillary, and potentially Chelsea) has always operated on the basis the money and connections will fix everything. It has, after all, gotten them this far. However, as a core operational mode, it also accumulates cynicism and tends to value loyalty over performance, leading to degradation over time. ..."
"... Seems to me that except in a relatively few corners and local settings, and now very frankly via our mostly collective embrace of the Neo geist, "America" has always and only been about "screwing the other guy." ..."
"... I don't believe "foaming one more runway" (read: having your DOJ, FBI appear helpless) wouldn't bother this administration. A Loyalist are those unengaged (or too engaged) whom choose willingly to believe the disastrous economic and political experiment, that attempted to organize human behavior around the dictates of the global marketplace, has been a splendid success…or worse, blindly, my tribal leader is in accordance with all that is good. ..."
"... Haiti. Look at film of the Clintons in Haiti to see how they work. & Haiti is one place where also the elites own the deeds. Haiti Is America, only sooner. ..."
"... For what it's worth, Jonathan Turley suggests Hillary still has friends in high places in his discussion of former Clinton IT advisor, Bryan Pagliano, who is taking the fifth amendment in deposition on email scandal, ..."
"... Those e-mails don't alarm me anywhere near as much as the $200,000 plus speaking fees from Wall St. NO speech by anyone is worth anywhere near such an amount. These were clearly bribes, there's simply no other way of looking at it. I have no interest in seeing the transcripts of those speeches because the money counts far more than the content, and speaks for itself. No way would I vote for someone so clearly in the pocket of the oligarchy. ..."
naked capitalism

But the panic is also a clear indication, and perhaps as important, another message, not just to Clinton but to Team Dem, that the Administration can't, or won't but is making it seem like can't, do what it takes to save Hillary's bacon.

And I suspect it really is "can't". The FBI has enough autonomy that if they find real dirt on the Clintons, they will leak like crazy if the DoJ does not pursue the case in a serious way. That would make the Administration complicit, and Obama does not want his final months in office tainted by his Administration touching the Clinton tar baby any more than it has to. In addition, the Judicial Watch cases are proceeding, and the judge, having had the Clinton side deal with him repeatedly in bad faith, is not going to cut it any slack. The fact that there is an independent effort, completely outside the Administration's control, pursuing the server mess, also makes it riskier for the DoJ to do nothing if Judicial Watch exposes damning documents.

By Gaius Publius , a professional writer living on the West Coast of the United States and frequent contributor to DownWithTyranny, digby, Truthout, and Naked Capitalism. Follow him on Twitter @Gaius_Publius , Tumblr and Facebook . Originally published at at Down With Tyranny . GP article here.

The last time I featured former Watergate reporter Carl Bernstein on these pages, it was to showcase his delivery of messages he received from the White House , to the effect that the "White House" thought Clinton was blowing it with her Wall Street speeches stance, and because of that, the "White House" was freaking out (to put it colloquially) - at least as Bernstein tells it.

Here's part of what Bernstein - a Clinton supporter - said last February (my transcript and emphasis; video at the link):

Bernstein: There is a huge story going on. I've spent part of this weekend talking to people in the White House. They are horrified at how Hillary Clinton is blowing up her own campaign .

And they're worried that the Democrats could blow - they are horrified that the whole business of the transcripts, accepting the money - that she could blow the Democrats' chance for White House. They want her to win. Obama wants her to win.

But Sanders has shown how vulnerable she is. These ethical lapses have tied the White House up in knots. They don't know what to do. They're beside themselves. And now, you've got a situation with these transcripts a little like Richard Nixon and his tapes that he stonewalled on and didn't release.

... ... ...

In that context , listen to the current "White House" message about the Clinton campaign via Bernstein and video at the top (my italics):

Bernstein: The implications of all of this [the email server issue] are that Hillary Clinton did not want her emails subjected to the Freedom of Information Act or subpoenas from Congress. And that's why she set up a home-brew server.

I think we all know that. People around her will tell you that in private if you really get them behind a closed door.

I was in Washington this week, I spoke to a number of top Democratic officials and they're terrified, including people at the White House, that her campaign is in free fall because of this distrust factor. Indeed, Trump has a similar problem, but she's the one whose numbers are going south.

And the great hope in the White House, as well as the Democratic leadership and people who support her, is that she can just get to this convention, get the nomination - which they're no longer 100% sure of - and get President Obama out there to help her, he's got a lot of credibility, it's an election that's partly about his legacy .

But she needs all the help she can get because right now her campaign is in huge trouble…

... ... ...

Two takeaways - one is that top Democrats know how precarious Clinton's position is . They're not fooled any more than you are. That's worth noticing. And second, the White House and Bernstein are not blaming Sanders . Whoever crafted this message for us is blaming the Clinton campaign only, and by extension, Clinton herself.

fajensen , June 1, 2016 at 8:35 am

Hmm. Does make one wonder.
If "they" are so worried about Hillary flubbing her "inevitable" nomination as presidential candidate, and "they" are apparently not so worried about Hillary loosing to Trump in the run for president later, one does wonder about the possibility of "they" having some good quality dirt on Trump (or a backdoor to the voting machines).

Really Good Quality Dirt!

It is a *big* issue to mishandle classified information – normal people will be prosecuted and may go to jail even by coincidence; like a selfie in front of equipment they didn't know was classified and which was not labelled as such. Then on top of that comes the sleaze-factor with avoiding the FOIA requirements, destruction of evidence (which means that certainly Hillary was up to *something* crooked, because why else bother with all the work? it's very *easy* to hand over a verified duplicate of a hard disk compared to everything Hillary tried to not do this!) and of course the blatant incompetence + arrogance shown by Hillary by running a private business, a crooked one at that, from work?!

A street level dope dealer can manage to compartmentalize their real business from the one they report to the IRS. But not Hillary.

NotTimothyGeithner , June 1, 2016 at 10:47 am

The Democrats don't have any dirt on Trump the Republicans didn't have. Trump is a referendum on the establishment. The establishment can't attack him, and any attacks too similar to the very publicized establishment attacks will be dismissed.

The simple problem is Republican voters selected him over the GOP establishment. All the Republicans will line up because Trump is now their rightful leader. Maybe not Mittens and Bill Kristol at this point, the GOP elites will show loyalty because anything less will risk their own position. The base will remove GOP elites over cert