Posts Tagged ‘Surveillance’

SOFT ROBOTS THAT can grasp delicate objects, computer algorithms designed to spot an “insider threat,” and artificial intelligence that will sift through large data sets — these are just a few of the technologies being pursued by companies with investment from In-Q-Tel, the CIA’s venture capital firm, according to a document obtained by The Intercept.

Yet among the 38 previously undisclosed companies receiving In-Q-Tel funding, the research focus that stands out is social media mining and surveillance; the portfolio document lists several tech companies pursuing work in this area, including Dataminr, Geofeedia, PATHAR, and TransVoyant.

Those four firms, which provide unique tools to mine data from platforms such as Twitter, presented at a February “CEO Summit” in San Jose sponsored by the fund, along with other In-Q-Tel portfolio companies.

Full Story @ [The Intercept]

WASHINGTON — In early 2003, F.B.I. agents hit a roadblock in a secret investigation, called Operation Trail Mix. For months, agents had been intercepting phone calls and emails belonging to members of an animal welfare group that was believed to be sabotaging operations of a company that was using animals to test drugs. But encryption software had made the emails unreadable.

So investigators tried something new. They persuaded a judge to let them remotely, and secretly, install software on the group’s computers to help get around the encryption.

That effort, revealed in newly declassified and released records, shows in new detail how F.B.I. hackers worked to defeat encryption more than a decade before the agency’s recent fight with Apple over access to a locked iPhone. The Trail Mix case was, in some ways, a precursor to the Apple dispute. In both cases, the agents could not decode the data themselves, but found a clever workaround.

Full Story @ [New York Times]

Union square 2

Protective Intelligence can be described as the process of gathering and assessing information about entities that may have the intention and capability of harming you, and utilizing this information to protect your assets.

As more and more individuals and corporations have begun to realize that early preventative measures are preferable to emergency reactive ones, many organizations over the last decade or so have begun to adopt a more proactive approach towards security. And once you start down the positive path of proactive prevention, you’re likely to reach some form or another of protective intelligence.

View original post 771 more words

8edb1-url

Researchers sifting through the confidential material stolen from spyware developer Hacking Team have already uncovered a weaponized exploit for a currently unpatched vulnerability in Adobe Flash, and they also may have uncovered attack code targeting Microsoft Windows and a hardened Linux module known as SELinux.

Hacking Team documentation accompanying the Flash exploit said it targeted “the most beautiful Flash bug for the last four years,” according to a blog post published Wednesday by researchers from antivirus provider Trend Micro. The use-after-free flaw resides in a Flash Bytearray object. Researchers at competing AV company Symantec have confirmed the existence of a Flash exploit that works against the latest version of Flash (18.0..194). They also have confirmed it works against people viewing content with Internet Explorer, and it’s presumed it will work against other browsers as well.

“Symantec has confirmed the existence of a new zero-day vulnerability in Adobe Flash which could allow attackers to remotely execute code on a targeted computer,” they wrote in a blog post published Tuesday. “Since details of the vulnerability are now publicly available, it is likely attackers will move quickly to exploit it before a patch is issued.”

Full Story @ [arstechnica]

nato-ground-surveillance

The evening proceeded quietly. The dark drama I experienced earlier was like a strong dose of caffeine that began to wear off. At around 11:30 that evening I went to bed hoping to capture some of the sleep stolen from me the night before. All was quiet . . . but not for long. At exactly 12:00 midnight I was rudely awakened by a sudden eruption of clamor from the apartment above! They’re back! The Scowler (or his henchmen) had returned!

This assault was a perfect replica of what I endured the night before. The noise, stomping, and loud profane voices bounced off my bedroom walls. I now faced a second night of stolen sleep and harassment. What should I do? If law enforcement agents are my antagonists, what would happen if I called the police to complain? I did not want a confrontation, just a good night’s sleep.

Forced to lay awake for the second night in a row by this assault, I began to analyze my situation. This scheme was not the improvised efforts of a ragtag group of local police officers. I sensed that it was a well-crafted, thoroughly rehearsed technique that reflected expertise in psychology and surveillance. The participants knew their roles well and stuck to a script.

Rather than beat me physically, they were seeking to beat me by attacking my emotions and injuring my pride. I had been rudely deprived of sleep for over 36 hours. Also, I was subject to a series of actions designed to humiliate me and provoke an angered response. They had also provided a target for my anger . . . the “Scowler.”

This gang-stalking methodology falls under a system of psychological operations being developed and tested on American citizens by covert quasi-military law enforcement agencies. The basic process described above has been taught by the CIA (Central Intelligence Agency) since the 1950’s. “The purpose of all coercive techniques is to induce psychological regression in the subject by bringing a superior outside force to bear on his will to resist. Regression is basically . . . a reversion to an earlier behavioral level. As the subject regresses, his learned personality traits fall away in reverse chronological order. He begins to lose the capacity to carry out the highest creative activities, to deal with complex situations, to cope with stressful interpersonal relationships, or to cope with repeated frustrations.” – CIA Human Resource Exploitation Manual

Full Story @ [youarenotmybigbrother]

The above article is actually taken from a now defunct website that was captured by the Way Back Machine.

nsa-spy-centers

One of the National Security Agency’s most powerful tools of mass surveillance makes tracking someone’s Internet usage as easy as entering an email address, and provides no built-in technology to prevent abuse. Today, The Intercept is publishing 48 top-secret and other classified documents about XKEYSCORE dated up to 2013, which shed new light on the breadth, depth and functionality of this critical spy system — one of the largest releases yet of documents provided by NSA whistleblower Edward Snowden.

These servers store “full-take data” at the collection sites — meaning that they captured all of the traffic collected — and, as of 2009, stored content for 3 to 5 days and metadata for 30 to 45 days. NSA documents indicate that tens of billions of records are stored in its database. “It is a fully distributed processing and query system that runs on machines around the world,” an NSA briefing on XKEYSCORE says. “At field sites, XKEYSCORE can run on multiple computers that gives it the ability to scale in both processing power and storage.”

Beyond enabling the collection, categorization, and querying of metadata and content, XKEYSCORE has also been used to monitor the surveillance and hacking actions of foreign nation states and to gather the fruits of their hacking. The Intercept previously reported that NSA and its allies spy on hackers in order to collect what they collect.

Once the hacking tools and techniques of a foreign entity (for instance, South Korea) are identified, analysts can then extract the country’s espionage targets from XKEYSCORE, and gather information that the foreign power has managed to steal.

Monitoring of foreign state hackers could allow the NSA to gather techniques and tools used by foreign actors, including knowledge of zero-day exploits—software bugs that allow attackers to hack into systems, and that not even the software vendor knows about—and implants. Additionally, by monitoring vulnerability reports sent to vendors such as Kaspersky, the agency could learn when exploits they were actively using need to be retired because they’ve been discovered by a third party.

(more…)

uncle-sam-phone-booth

In the last few months, several government officials, led by the FBI’s Director James Comey, have been complaining that the rise of encryption technologies would lead to a “very dark place” where cops and feds can’t fight and stop criminals.

But new numbers released by the US government seem to contradict this doomsday scenario.

In 2014, encryption thwarted four wiretaps out of 3,554, according to an annual report published on Wednesday by the US agency that oversees federal courts.

The report reveals that state law enforcement agencies encountered encryption in 22 wiretaps last year. Out of those, cops were foiled on only two occasions. As for the feds, they encountered encryption in just three wiretaps, and could not decipher the intercepted communications in two of them.

“They’re blowing it out of proportion,” Hanni Fahkoury, an attorney at the digital rights group Electronic Frontier Foundation (EFF), told Motherboard. “[Encryption] was only a problem in five cases of the more than 3,500 wiretaps they had up. Second, the presence of encryption was down by almost 50 percent from the previous year.

“So this is on a downward trend, not upward,” he wrote in an email.

In fact, cops found less encryption last year than in the year prior. In 2013, state authorities encountered encryption in 41 cases, versus 22 in 2014. At the federal level, there were three cases of encryption in 2014, against none in 2013. (The report also refers to five federal wiretaps conducted in “previous years” but only reported in 2014. Of those, the feds were able to crack the communications in four of the five.)

Full Story @ [Motherboard]

Michael German spent 16 years in the FBI, going undercover with neo-Nazi and white supremacist groups. He talks to NPR’s Eric Westervelt about law enforcement’s counterterrorism strategy.

Source: [NPR]

The Inner-workings of the FBI

On Reality Asserts Itself, Robert Scheer talks about democracy, journalism and his new book, “They Know Everything About You: How Data-Collecting Corporations and Snooping Government Agencies Are Destroying Democracy”

circuit-board-layout

Any system that is connected to the Internet is always subject to threats, no matter how well it is protected. This assumption is well known to any teenager today. No software barriers can fully prevent human errors in a program code or user behavior.

That’s why devices that have functions of special importance, or that contain top-secret information, are usually not connected to the Internet. It is always better to accept inconvenience than face unpleasant consequences. This is how, for example, control systems for large industrial objects or some bank computers are protected.

It may seem that going offline completely will keep any secret safe: if there is no Internet, then there is no data leakage. However, that is not the case. Remote data transfer techniques adopted by secret services long time ago become more accessible each year to ‘commercial’ users. Quite a few spy gadgets at James Bond’s disposal are becoming commonplace today.

Electromagnetic spying

Any operational device that is connected to a power line generates electromagnetic radiation that can be intercepted by proven technologies. Almost half a century ago, state security services of the U.S. and the USSR were concerned with such leakages, and the information that has been obtained since those days is massive. Some parts of the American activity are known under the TEMPEST abbreviation, and some declassified archives reads as good as detective novels.

Despite the long history, new methods of ‘surfing’ electromagnetic waves appear regularly as the electrical equipment evolves. In the past, the weakest links were CRT monitors and unshielded VGA cables that produced electromagnetic noise. Keyboards have become favorite toys for data security researchers over the past few years. The research in this area has been steadily productive. These are just a few examples.

Keystrokes can be remotely tracked with high accuracy at the 67-feet (20-meter) distance by using a homemade device that analyzes the radio spectrum and costs around $5,000. It is interesting to note that the attack is equally effective against common cheap USB keyboards, expensive wireless keyboards with a signal encryption, and built-in notebook keyboards.

All of the devices work on the same principle and generate electromagnetic noise. The difference is stipulated by the signal power, which depends upon the length of the data transmission wire (it is the shortest for notebooks).
(more…)