Mercury Rising 鳯女

Politics, life, and other things that matter

Archive for the ‘NSA eavesdropping’ Category

Test for Heartbleed

Posted by Charles II on April 11, 2014

As you may know, a very basic vulnerability in the Internet has been discovered, one that may have permitted passwords to be stolen for up to two years. Kaspersky has recommended a test for servers here. The default is for Internet Exploder, but there is also a variant for Firefox and Chrome:

Luckily, there is a long list of popular websites that were checked against the vulnerability. Good news: PayPal and Google are unaffected. Bad news: Yahoo, Facebook, Flickr, Duckduckgo, LastPass, Redtube, OkCupid, 500px and many others was vulnerable. Get ready to act if you have an account on those vulnerable sites

Here’s a list of vulnerable sites.

Before you change passwords–which is what you need to do–make sure that the patch has been applied.

It would really help if the NSA would devote itself to fixing the Internet rather than spying on Americans. They’re the first ones to know about vulnerabilities, when they’re not creating them.

Via Ars Technica, an interview in the Sydney Morning Herald with the software developer who is responsible for Heartbleed:

Dr Seggelmann, of Münster in Germany, said the bug which introduced the flaw was “unfortunately” missed by him and a reviewer when it was introduced into the open source OpenSSL encryption protocol over two years ago.

“I was working on improving OpenSSL and submitted numerous bug fixes and added new features,” he said.

“In one of the new features, unfortunately, I missed validating a variable containing a length.”

After he submitted the code, a reviewer “apparently also didn’t notice the missing validation”, Dr Seggelmann said, “so the error made its way from the development branch into the released version.” Logs show that reviewer was Dr Stephen Henson.

Dr Seggelmann said the error he introduced was “quite trivial”, but acknowledged that its impact was “severe”.

Posted in computers and software, NSA eavesdropping | 1 Comment »

Suhprahz, suhprahz!

Posted by Charles II on March 21, 2014

Barton Gellman and Ashkan Soltani:

The voice interception program, called MYSTIC, began in 2009. …

In the initial deployment, collection systems are recording “every single” conversation nationwide, storing billions of them in a 30-day rolling buffer that clears the oldest calls as new ones arrive, according to a classified summary.

At the request of U.S. officials, The Washington Post is withholding details that could be used to identify the country where the system is being employed or other countries where its use was envisioned.

We are supposed to believe that the unnamed country is not the United States of America.

Posted in NSA eavesdropping | 3 Comments »

Welcome to East Germany

Posted by Charles II on February 26, 2014

First off, a little history from DemocracyNow, in which we learn that former FBI agents (among others) participated in the Mississippi Sovereignty Commission, which actively assisted white supremacists to harass, arrest, frame, and even kill people who were trying to achieve equal rights for African Americans. Here’s an example:

On December 6, 1958, [Army veteran Clyde] Kennard wrote a detailed letter to the local newspaper, the Hattiesburg American, in which he announced his intention to enroll at Mississippi Southern for the January quarter. In the letter, Kennard laid out his “creed,” which was based on the belief that all individuals should be judged by their ability rather than their skin color. Sovereignty Commission’s investigators, led by former FBI agent Zack J. VanLandingham, responded by trying to find “derogatory information” about Kennard to sabotage his application. They explored every possible aspect of the applicant’s life, including his financial history, his personal life, and his employment record. State leaders, including Governor James P. Coleman, soon realized that Kennard’s application was particularly problematic because there were no obvious grounds for refusing it.

VanLandingham hatched a scheme to short-circuit Kennard’s efforts by having conservative black educators “call on Clyde Kennard and persuade him that it was in the best interest of all concerned that he withdraw and desist from filing an application for admission to Mississippi Southern College.” Kennard, however, refused to change his mind.

Kennard’s efforts to attend Mississippi Southern ended on September 25, 1960, when the Forrest County Cooperative, which had foreclosed on his chicken farm, was burglarized. Five bags of chicken feed worth $25.00 were stolen. A young employee, Johnny Lee Roberts, admitted taking the feed but claimed that Kennard had planned the break-in. Kennard was arrested and charged with accessory to burglary, a felony under Mississippi law.

Glenn Greenwald:

Among the core self-identified purposes of JTRIG are two tactics: (1) to inject all sorts of false material onto the internet in order to destroy the reputation of its targets; and (2) to use social sciences and other techniques to manipulate online discourse and activism to generate outcomes it considers desirable. To see how extremist these programs are, just consider the tactics they boast of using to achieve those ends: “false flag operations” (posting material to the internet and falsely attributing it to someone else), fake victim blog posts (pretending to be a victim of the individual whose reputation they want to destroy), and posting “negative information” on various forums.

Harvard Law Professor Cass Sunstein, a close Obama adviser and the White House’s former head of the Office of Information and Regulatory Affairs, wrote a controversial paper in 2008 proposing that the US government employ teams of covert agents and pseudo-”independent” advocates to “cognitively infiltrate” online groups and websites, as well as other activist groups.

Sunstein also proposed sending covert agents into “chat rooms, online social networks, or even real-space groups” which spread what he views as false and damaging “conspiracy theories” about the government. Ironically, the very same Sunstein was recently named by Obama to serve as a member of the NSA review panel created by the White House….

Wonder if that’s grounds for firing a tenured professor. Probably not.

DemocracyNow
:

AMY GOODMAN: …The man everyone knew as “John Jacob” was in fact John Towery, a member of the Force Protection Service at Fort Lewis. He also spied on the Industrial Workers of the World and Iraq Veterans Against the War. The antiwar activist Brendan Maslauskas Dunn helped expose John Towery’s true identity as a military spy. In 2009, Dunn spoke on Democracy Now!

BRENDAN MASLAUSKAS DUNN: …

when I met him, he admitted to several things. He admitted that, yes, he did in fact spy on us. He did in fact infiltrate us. He admitted that he did pass on information to an intelligence network, which, as you mentioned earlier, was composed of dozens of law enforcement agencies, ranging from municipal to county to state to regional, and several federal agencies, including Immigration Customs Enforcement, Joint Terrorism Task Force, FBI, Homeland Security, the Army in Fort Lewis.

So he admitted to other things, too. He admitted that the police had placed a camera, surveillance camera, across the street from a community center in Tacoma that anarchists ran called the Pitch Pipe Infoshop….

AMY GOODMAN: …

Since 2009, there have been numerous developments in the case. A newly made public email written by Towery reveals the Army informant was building a multi-agency spying apparatus. The email was sent by Towery using his military account. It was sent to the FBI as well as the police departments in Los Angeles, in Portland, Eugene, Everett and Spokane, Washington. He wrote, quote, “I thought it would be a good idea to develop a leftist/anarchist mini-group for intel sharing and distro [distribution].”…

LARRY HILDES: I think they crossed the line. They claim they’re allowed to do some level of investigative work to protect military activities, military shipments. But entrapping people—attempting to entrap people into conspiracies where they can get charged with major felonies they had no intention of committing, dealing with law enforcement agencies around the country to keep tabs on activists, following them to protests in Denver and St. Paul that have absolutely nothing to do with military shipments, they crossed the line into law enforcement, into civilian law enforcement.

And they did so quite knowingly and deliberately, and created this cover story that Towery was working for the fusion center, reporting to the sheriff’s office, not doing this during his work time, because they were well aware—in fact, he got paid overtime for attending the RNC, DNC conference at Evergreen, by the Army. So the Army was expressly paying him to monitor, disrupt and destroy these folks’ activism and their lives. I mean, we had—at one point, Brendan Dunn had four cases at the same time in four counties, because they kept stopping him. Seven times he got arrested or cited; Jeff Berryhill several times; Glenn Crespo. People would get busted over and over and over. Towery was attending their personal parties, their birthday parties, their going-away parties, and taking these vicious notes and passing them on about how to undermine these folks, how to undermine their activities, how to destroy their lives. This is way into Posse Comitatus. This is way beyond any legitimate military role.

So, the U.S. Army is paying people to infiltrate, harass, falsely arrest, and frame peaceful protesters. This happened to protesters at the RNC and DNC conventions.

There is no difference between what law enforcement has been doing to peaceful protesters and what the white supremacists did to Clyde Kennard, who just wanted to go to college in a state that wanted to keep him down.

Posted in astroturf, civil rights, FBI, NSA eavesdropping | 4 Comments »

Stolen cookies

Posted by Charles II on February 17, 2014

Ashkan Soltani, Andrea Peterson, and Barton Gellman of the WaPo, in the Sydney Morning Herald:

According to the documents, the NSA and its British counterpart, GCHQ, are using the small tracking files called cookies that advertising networks place on computers to identify people browsing the internet. The intelligence agencies have made particular use of the “PREFID”, part of Google-specific tracking software known as the “PREF” cookie.

Separately, the NSA is using commercially gathered information to help it locate mobile devices around the world, the documents show. Many smartphone apps running on iPhones and Android devices, and the Apple and Google operating systems themselves, track the location of each device, often without a clear warning to the phone’s owner. This information is more specific than the broader location data the government is collecting from mobile phone networks.

Google assigns a unique PREF cookie any time someone’s browser makes a connection to any of the company’s web properties or services. This can occur when consumers directly use Google services such as Search or Maps, or when they visit websites that contain embedded widgets for the company’s social media platform Google+. That cookie contains a code that allows Google to uniquely track users in order to “personalise ads” and measure how they use other Google products.

Given the widespread use of Google services and widgets, most web users are likely to have a Google PREF cookie on their computers even if they’ve never visited a Google property directly.

The PREF cookie is specifically mentioned in an internal NSA slide that refers to the NSA using PREFID, its shorthand for the unique numeric identifier contained within Google’s PREF cookie.

Special Source Operations (SSO) is an NSA division that works with private companies to scoop up data as it flows over the internet’s backbone and from technology companies’ own systems. The slide indicates that SSO was sharing information containing “logins, cookies, and GooglePREFID” with another NSA division called Tailored Access Operations, which engages in offensive hacking operations. SSO also shares the information with the British intelligence agency GCHQ.

Posted in NSA eavesdropping | 2 Comments »

Today is the day we fight back (against NSA surveillance)

Posted by Charles II on February 11, 2014

February 11th was the day to call your congressman/Senator and tell them to stop NSA spying.

What we can do

Congress is considering two major bills.

The USA Freedom Act curtails NSA surveillance abuses.
The FISA Improvements Act attempts to legalize bulk data collection of phone records.

We need to tell Congress to pass the USA Freedom Act and amend it to make it even stronger.

See here.

So is February 12th. 13th. 14th. And so on.

Posted in NSA eavesdropping | 2 Comments »

Yes, the NSA is spying on Americans. And Marcy Wheeler is still the best.

Posted by Charles II on February 5, 2014

I realize this is not news. But, as with the Watergate scandal, nothing happens politically until key facts become undeniable. At that point, the media realize that they can sell advertising wrapped around the scandal, and Congressmen start imagining attack ads based on what they are saying, so things start to happen.

Via a DK post by Bob Swern, Michigan’s own Marcy Wheeler posts the following exchange of congressional testimony:

[Director of National Intelligence James] Clapper: That’s also difficult. I can just say that the vast vast majority of what has been potentially compromised — as I indicated in my oral statement — goes way way beyond the revelations about domestic surveillance which I was given to understand that was his primary concern. What he potentially — what he accessed, what he scraped, what he potentially made off with is, uh, transcends that. So it’s quite serious.

[Congressman James] Langevin: Can you say–

Clapper: It’s hard pressed to ascribe a number.

Langevin: Can you give a, is it 10% or,

Clapper: I would say that probably less than 10% has to do with domestic surveillance.

OK, so of what Snowden took, Clapper claims less than 10% has to do with domestic surveillance. But there’s that, what, 7%, 9%? And we don’t know how that relates to the volume of NSA intercepts. Is that 1%, 7%, 10%, 50%? But Clapper has admitted that the NSA is engaged in domestic surveillance.

It’s on the record. You might want to tell your congressman.

Marcy was recognized by Newsweek for her work.

Experts on domestic surveillance admire Wheeler’s ability to connect current revelations to past mysteries. “You’ll read through these dense documents, and it’s about one thing; but she’ll find a clue in there to something we’ve all wondered about on something else entirely, and the last citing of that issue was five years ago, and somehow she still remembered,” said Barton Gellman, a Pulitzer Prize-winning reporter late of The Washington Post who has worked with Snowden to break stories on the NSA this summer. “She’s indispensable now with the NSA story, which is endlessly complex.”

A shame that Newsweek didn’t hire her. It might still be a magazine that people read.

Posted in NSA eavesdropping | 3 Comments »

Tech giants tell NSA to limit bulk spying

Posted by Charles II on December 9, 2013

I blogged this over at DK.

The Guardian has a version here.
The NYT has a version here.

Posted in NSA eavesdropping, wiretapping | Comments Off on Tech giants tell NSA to limit bulk spying

Hersh: Obama lied about Syrian sarin

Posted by Charles II on December 9, 2013

Via DemocracyNow, Sy Hersh in the 8/12/13 London Review of Books:

Barack Obama did not tell the whole story this autumn when he tried to make the case that Bashar al-Assad was responsible for the chemical weapons attack near Damascus on 21 August. In some instances, he omitted important intelligence, and in others he presented assumptions as facts. Most significant, he failed to acknowledge something known to the US intelligence community: that the Syrian army is not the only party in the country’s civil war with access to sarin, the nerve agent that a UN study concluded – without assessing responsibility – had been used in the rocket attack.

That lede makes it sound as if it were more of a fudge than a lie. But when one digs into the details, the real lede is buried.

But in recent interviews with intelligence and military officers and consultants past and present, I found intense concern, and on occasion anger, over what was repeatedly seen as the deliberate manipulation of intelligence. One high-level intelligence officer, in an email to a colleague, called the administration’s assurances of Assad’s responsibility a ‘ruse’. The attack ‘was not the result of the current regime’, he wrote. A former senior intelligence official told me that the Obama administration had altered the available information – in terms of its timing and sequence – to enable the president and his advisers to make intelligence retrieved days after the attack look as if it had been picked up and analysed in real time, as the attack was happening.

The complaints focus on what Washington did not have: any advance warning from the assumed source of the attack.

The absence of immediate alarm inside the American intelligence community demonstrates that there was no intelligence about Syrian intentions in the days before the attack. And there are at least two ways the US could have known about it in advance: both were touched on in one of the top secret American intelligence documents that have been made public in recent months by Edward Snowden, the former NSA contractor.

What the US did not have was reaction from sensors that it has placed near Syrian chemical weapons facilities. If the Syrian army had planned the attack, they would have mixed the binary system, and it would have been picked up by sensors. It also had a gap in wiretapping of Bashar al-Assad.

The sensors had worked in the past, as the Syrian leadership knew all too well. Last December the sensor system picked up signs of what seemed to be sarin production at a chemical weapons depot. It was not immediately clear whether the Syrian army was simulating sarin production as part of an exercise (all militaries constantly carry out such exercises) or actually preparing an attack.

The US continued to lie about the more likely source of the attack, an extremist Islamist group called al-Nusra.

In both its public and private briefings after 21 August, the administration disregarded the available intelligence about al-Nusra’s potential access to sarin and continued to claim that the Assad government was in sole possession of chemical weapons. This was the message conveyed in the various secret briefings that members of Congress received in the days after the attack, when Obama was seeking support for his planned missile offensive against Syrian military installations. One legislator with more than two decades of experience in military affairs told me that he came away from one such briefing persuaded that ‘only the Assad government had sarin and the rebels did not.’ Similarly, following the release of the UN report on 16 September confirming that sarin was used on 21 August, Samantha Power, the US ambassador to the UN, told a press conference: ‘It’s very important to note that only the [Assad] regime possesses sarin, and we have no evidence that the opposition possesses sarin.’

Posted in NSA eavesdropping, Obama Administration, Syria | Comments Off on Hersh: Obama lied about Syrian sarin

Snowden Legal Defense Fund Launches

Posted by Charles II on October 29, 2013

Via Joanna Leon at DK, the Snowden Legal Defense Fund website is up.

BTW, Joanna does a great roundup of left news and pretty pictures. One tidbit today: Alterman bashing Max Blumenthal; Jeremy Scahill counterbashes.

Posted in NSA eavesdropping | 1 Comment »

NSA databases clogged with spam. Also: why Yahoo address books are so often hacked.

Posted by Charles II on October 14, 2013

The NSA has been harvesting address books from Americans’ e-mail. This is done semi-legally. That is, the NSA intercepts e-mail at points where it transits international boundaries, as in Google using a foreign server to handle e-mail. This brings in lots of American communications. The NSA also makes presumptions about the “foreignness” of e-mail that they know are, or are likely to be wrong. For example, an American writing to his home office from Europe would automatically be labeled as foreign correspondence, even though the recipient and the sender are American.

Barton Gellman and Ashkan Soltani:

Spam has proven to be a significant problem for NSA — clogging databases with data that holds no foreign intelligence value. The majority of all e-mails, one NSA document says, “are SPAM from ‘fake’ addresses and never ‘delivered’ to targets.”

In fall 2011, according to an NSA presentation, the Yahoo account of an Iranian target was “hacked by an unknown actor,” who used it to send spam. The Iranian had “a number of Yahoo groups in his/her contact list, some with many hundreds or thousands of members.”

The cascading effects of repeated spam messages, compounded by the automatic addition of the Iranian’s contacts to other people’s address books, led to a massive spike in the volume of traffic collected by the Australian intelligence service on the NSA’s behalf.

After nine days of data-bombing, the Iranian’s contact book and contact books for several people within it were “emergency detasked.”

In this report, we learn that “Yahoo, unlike other service providers, has left connections to its users unencrypted by default.” This explains why spammers target Yahoo so often for address books.

Posted in eedjits, NSA eavesdropping, wiretapping | Comments Off on NSA databases clogged with spam. Also: why Yahoo address books are so often hacked.

 
%d bloggers like this: