Slashdot Mirror

wired_parrot writes: Toronto police are reporting that 2 unconfirmed suicides have been linked to the data breach. This follows pleas from other users of the site for the hackers to not release the data before it was exposed- an anonymous gay Reddit user from Saudi Arabia, where homosexuality is illegal, pleaded for the data to be kept private: "I am about to be killed, tortured, or exiled," he wrote. "And I did nothing." And when The Intercept published a piece condemning the puritanical glee over the data dump, one user who commented on the article said she's been "a long term member" of the site because her spouse's medical condition has affected their intimate life. Her spouse knows she's engaged with other Ashley Madison members, she says, but now fears she will likely lose friends and have to find a new job now that her association with the site is out there. Ashley Madison has now offered a $380,000 reward for information that leads to the arrest and conviction of the hackers who leaked the data. Security researcher Troy Hunt has also posted about the kind of emails he's received from users after the data leak.

wired_parrot writes: Toronto police are reporting that 2 unconfirmed suicides have been linked to the data breach. This follows pleas from other users of the site for the hackers to not release the data before it was exposed- an anonymous gay Reddit user from Saudi Arabia, where homosexuality is illegal, pleaded for the data to be kept private: "I am about to be killed, tortured, or exiled," he wrote. "And I did nothing." And when The Intercept published a piece condemning the puritanical glee over the data dump, one user who commented on the article said she's been "a long term member" of the site because her spouse's medical condition has affected their intimate life. Her spouse knows she's engaged with other Ashley Madison members, she says, but now fears she will likely lose friends and have to find a new job now that her association with the site is out there. Ashley Madison has now offered a $380,000 reward for information that leads to the arrest and conviction of the hackers who leaked the data. Security researcher Troy Hunt has also posted about the kind of emails he's received from users after the data leak.

An anonymous reader writes: Presidential candidate Jeb Bush has called on tech companies to form a more "cooperative" arrangement with intelligence agencies. During a speech in South Carolina, Bush made clear his opinion on encryption: "If you create encryption, it makes it harder for the American government to do its job — while protecting civil liberties — to make sure that evildoers aren't in our midst." He also indicated he felt the recent scaling back of the Patriot Act went too far. Bush says he hasn't seen any indication the bulk collection of phone metadata violated anyone's civil liberties.

An anonymous reader writes: In 2012, the NSA decided it needed an in-house ethicist to write about the philosophy of surveillance. They searched within the organization for a candidate, finally giving the job to an analyst who had abandoned a writing career that hadn't worked out. The Intercept got its hands on some of his work: "The columns answer a sociological curiosity: How does working at an intelligence agency turn a privacy hawk into a prophet of eavesdropping?" At one point, the analyst wrote, "We probably all have something we know a lot about that is being handled at a higher level in a manner we're not entirely happy about. This can cause great cognitive dissonance for us, because we may feel our work is being used to help the government follow a policy we feel is bad." The article analyzes this man in detail, including his life history and his personal blog — it's a strange coupling of invasiveness and anonymization, for they take steps to avoid revealing his identity. The article's author correctly notes (while the NSA does not) that surveilling somebody doesn't mean you really know them.

Advocatus Diaboli writes: Email conversations posted on WikiLeaks reveal that Boeing and Hacking Team want drones to carry devices that inject spyware into target computers through WiFi networks. The Intercept reports: "The plan is described in internal emails from the Italian company Hacking Team, which makes off-the-shelf software that can remotely infect a suspect's computer or smartphone, accessing files and recording calls, chats, emails and more. A hacker attacked the Milan-based firm earlier this month and released hundreds of gigabytes of company information online. Among the emails is a recap of a meeting in June of this year, which gives a "roadmap" of projects that Hacking Team's engineers have underway. On the list: Develop a way to infect computers via drone. One engineer is assigned the task of developing a "mini" infection device, which could be "ruggedized" and "transportable by drone (!)" the write-up notes enthusiastically in Italian. The request appears to have originated with a query from the Washington-based Insitu, which makes a range of unmanned systems, including the small ScanEagle surveillance drone, which has long been used by the militaries of the U.S. and other countries. Insitu also markets its drones for law enforcement."

HughPickens.com writes: The Intercept reports that in the aftermath of the NSA's sweeping surveillance of three French presidents, French Justice Minister Christiane Taubira thinks National Security Agency whistleblower Edward Snowden and WikiLeaks founder Julian Assange might be allowed to settle in France. Taubira was asked about the NSA's surveillance of three French presidents, disclosed by WikiLeaks this week, and called it an "unspeakable practice." Taubira's comments echoed those in an editorial in France's leftist newspaper Libération that France should respond to the U.S.'s "contempt" for its allies by giving Edward Snowden asylum. France would send "a clear and useful message to Washington, by granting this bold whistleblower the asylum to which he is entitled," wrote editor Laurent Joffrin in an angry editorial titled "Un seul geste" — or "A single gesture." (google translate) If Paris offers Snowden asylum, it will be joining several other nations who have done so in the past, including Bolivia, Nicaragua and Venezuela. However, Snowden is still waiting in Moscow to hear from almost two dozen other countries where he has requested asylum.

HughPickens.com writes: The Intercept reports that in the aftermath of the NSA's sweeping surveillance of three French presidents, French Justice Minister Christiane Taubira thinks National Security Agency whistleblower Edward Snowden and WikiLeaks founder Julian Assange might be allowed to settle in France. Taubira was asked about the NSA's surveillance of three French presidents, disclosed by WikiLeaks this week, and called it an "unspeakable practice." Taubira's comments echoed those in an editorial in France's leftist newspaper Libération that France should respond to the U.S.'s "contempt" for its allies by giving Edward Snowden asylum. France would send "a clear and useful message to Washington, by granting this bold whistleblower the asylum to which he is entitled," wrote editor Laurent Joffrin in an angry editorial titled "Un seul geste" — or "A single gesture." (google translate) If Paris offers Snowden asylum, it will be joining several other nations who have done so in the past, including Bolivia, Nicaragua and Venezuela. However, Snowden is still waiting in Moscow to hear from almost two dozen other countries where he has requested asylum.

An anonymous reader writes: French President Francois Hollande held an emergency meeting with top security officials to respond to WikiLeaks documents that say the NSA eavesdropped on French presidents. The documents published in Liberation and investigative website Mediapart include material that appeared to capture current president, François Hollande; the prime minister in 2012, Jean-Marc Ayrault; and former presidents Nicolas Sarkozy and Jacques Chirac, talking candidly about Greece's economy and relations with Germany. The Intercept reports: "Yet also today, the lower house of France's legislature, the National Assembly, passed a sweeping surveillance law. The law provides a new framework for the country's intelligence agencies to expand their surveillance activities. Opponents of the law were quick to mock the government for vigorously protesting being surveilled by one of the country's closest allies while passing a law that gives its own intelligence services vast powers with what its opponents regard as little oversight. But for those who support the new law, the new revelations of NSA spying showed the urgent need to update the tools available to France's spies."

New submitter Patricbranson writes: The NSA, along with its British counterpart Government Communications Headquarters (GCHQ), spent years reverse-engineering popular computer security software in order to spy on email and other electronic communications, according to the classified documents published by the online news site The Intercept. With various countries' spy agencies trying to make sure computers aren't secure (from their own intrusions, at least), it's no wonder that Kaspersky doesn't want to talk about who hacked them.

Advocatus Diaboli writes: Documents published by The Intercept on Monday reveal that a British spy unit purported by officials to be focused on foreign intelligence and counterterrorism, and notorious for using "controversial tactics, online propaganda and deceit,” focuses extensively on traditional law enforcement and domestic activities. The documents detail how the Joint Threat Research Intelligence Group (JTRIG) is involved in efforts against political groups it considers "extremist," Islamist activity in schools, the drug trade, online fraud, and financial scams. The story reads: "Though its existence was secret until last year, JTRIG quickly developed a distinctive profile in the public understanding, after documents from NSA whistleblower Edward Snowden revealed that the unit had engaged in 'dirty tricks' like deploying sexual 'honey traps' designed to discredit targets, launching denial-of-service attacks to shut down internet chat rooms, pushing veiled propaganda onto social networks, and generally warping discourse online."

Taco Cowboy writes: Nine privacy advocates involved in the Commerce Department process for developing a voluntary code of conduct for the use of facial recognition technology withdrew in protest over technology industry lobbyists' overwhelming influence on the process. "At a base minimum, people should be able to walk down a public street without fear that companies they've never heard of are tracking their every movement — and identifying them by name — using facial recognition technology," the privacy advocates wrote in a joint statement. "Unfortunately, we have been unable to obtain agreement even with that basic, specific premise." The Commerce Department, through its National Telecommunications and Information Administration, brought together "representatives from technology companies, trade groups, consumer groups, academic institutions and other organizations" early last year "to kick off an effort to craft privacy safeguards for the commercial use of facial recognition technology."

The goal was "to develop a voluntary, enforceable code of conduct that specifies how the Consumer Privacy Bill of Rights applies to facial recognition technology in the commercial context." But after a dozen meetings, the most recent of which was last week, all nine privacy advocates who have participated in the entire process concluded that they were thoroughly outgunned. "This should be a wake-up call to Americans: Industry lobbyists are choking off Washington's ability to protect consumer privacy," Alvaro Bedoya, executive director of the Center on Privacy & Technology at Georgetown Law, said in a statement. "People simply do not expect companies they've never heard of to secretly track them using this powerful technology. Despite all of this, industry associations have pushed for a world where companies can use facial recognition on you whenever they want — no matter what you say. This position is well outside the mainstream."

An anonymous reader writes: On Sunday, British newspaper The Sunday Times published an article citing anonymous UK government sources claiming that the cache of documents taken by Edward Snowden was successfully decrypted by the Russians and Chinese. Shortly thereafter, Glenn Greenwald at The Intercept published scathing criticism of the article. In Greenwald's article, he included a photograph of the newspaper's front page, where the story was featured. Yesterday, The Intercept received a DMCA takedown notice from News Corp alleging that the photograph infringed upon their copyright. The Intercept is refusing to comply with the takedown demand.

Glen Greenwald casts a scathing look at the claims (such as by the Sunday Times) that Edward Snowden's leaked information had been cracked by Russian and Chinese spy agencies. Greenwald compares Snowden to some other public figures against whom underhanded tactics were employed by the U.S. government. A slice: There’s an anonymously made claim that Russia and China “cracked the top-secret cache of files” from Snowden’s, but there is literally zero evidence for that claim. These hidden officials also claim that American and British agents were unmasked and had to be rescued, but not a single one is identified. There is speculation that Russia and China learned things from obtaining the Snowden files, but how could these officials possibly know that, particularly since other government officials are constantly accusing both countries of successfully hacking sensitive government databases?

HughPickens.com writes: Dennis Hastert is about the least sympathetic figure one can imagine. The former House Speaker got filthy rich as a lobbyist trading on contacts he gained in office, and his leadership coincided with Congress's abject failure to exercise oversight or protect civil liberties after the September 11 terrorist attacks. Now, Hastert stands accused of improper sexual contact with a boy he knew years ago while teaching high school and trying to hide that sordid history by paying the young man to keep quiet. If federal prosecutors could meet the legal thresholds for charging and convicting Hastert of a sex crime, they would be fully justified in aggressively pursuing the matter.

Yet, as Conor Friedersdorf writes in The Atlantic, the Hastert indictment doesn't charge him for, or even accuse him of, sexual misconduct. Rather, as Glenn Greenwald notes, "Hastert was indicted for two alleged felonies: 1) withdrawing cash from his bank accounts in amounts and patterns designed to hide the payments; and 2) lying to the FBI about the purpose of those withdrawals once they detected them and then inquired with him." It isn't illegal to withdraw money from the bank, nor to compensate someone in recognition of past harms, nor to be the victim of a blackmail scheme. So why should it be a crime to hide those actions from the U.S. government? The current charges could be motivated by a desire to prosecute Hastert for sex crimes. But that dodges the issue. "In order to punish him for that crime, the government should charge him with it, then prosecute him with due process and convict him in front of a jury of his peers," says Greenwald. "What over-criminalization does is allow the government to turn anyone it wants into a felon, and thus punish them without having to overcome those vital burdens. Regardless of one's views of Hastert or his alleged misconduct here, it should take little effort to see why nobody should want that."

blando writes: A trove of emails provided to The Intercept detail Russian schemes to obtain a crucial component for military thermal-imaging systems. Though emails about the thermal imaging systems date back as far as 2006, the plans to acquire them began in earnest much more recently, in 2013. To try to hide Russian involvement, a company called Cyclone established a new company in the Republic of Cyprus. They did so with the help of a company called Rayfast, which was owned by three other companies itself. After obfuscating the new company's ownership and military ties, they reached out to several Western companies who worked with the technology.

Advocatus Diaboli writes: A newly released top secret document reveals that the NSA planned to hijack Google and Samsung app stores to plant spying software on smartphones. The report on the surveillance project, dubbed "IRRITANT HORN," shows the U.S. and its "Five Eyes" alliance: Canada, the United Kingdom, New Zealand and Australia, were looking at ways to hack smartphones and spy on users. According to The Intercept: "The top-secret document, obtained from NSA whistleblower Edward Snowden, was published Wednesday by CBC News in collaboration with The Intercept. The document outlines a series of tactics that the NSA and its counterparts in the Five Eyes were working on during workshops held in Australia and Canada between November 2011 and February 2012."

Presto Vivace writes: Dan Froomkin reports at The Intercept: "Though perfect transcription of natural conversation apparently remains the Intelligence Community's 'holy grail,' the Snowden documents describe extensive use of keyword searching as well as computer programs designed to analyze and 'extract' the content of voice conversations, and even use sophisticated algorithms to flag conversations of interest." I am torn between admiration of the technical brilliance of building software like this and horror as to how it is being used. It can't just be my brother and me who like to salt all phone conversations with interesting keywords.

New submitter SecState writes: Hundreds of full-time, well-paid trolls operate thousands of fake accounts to fill social media sites and comments threads with pro-Kremlin propaganda. A St. Petersburg blogger spent two months working 12-hour shifts in a "troll factory," targeting forums of Russian municipal websites. In an interview, he describes how he worked in teams with two other trolls to create false "debates" about Russian and international politics, with pro-Putin views always scoring the winning point. Of course, with the U.S. government invoking "state secrets" to dismiss a defamation case against the supposedly independent advocacy group United Against a Nuclear Iran, Americans also need to be asking how far is too far when it comes to masked government propaganda.

HughPickens.com writes Micah Lee writes at The Intercept that coming up with a good passphrase by just thinking of one is incredibly hard, and if your adversary really is capable of one trillion guesses per second, you'll probably do a bad job of it. It turns out humans are a species of patterns, and they are incapable of doing anything in a truly random fashion. But there is a method for generating passphrases that are both impossible for even the most powerful attackers to guess, yet very possible for humans to memorize. First, grab a copy of the Diceware word list, which contains 7,776 English words — 37 pages for those of you printing at home. You'll notice that next to each word is a five-digit number, with each digit being between 1 and 6. Now grab some six-sided dice (yes, actual real physical dice), and roll them several times, writing down the numbers that you get. You'll need a total of five dice rolls to come up with each word in your passphrase. Using Diceware, you end up with passphrases that look like "cap liz donna demon self", "bang vivo thread duct knob train", and "brig alert rope welsh foss rang orb". If you want a stronger passphrase you can use more words; if a weaker passphrase is ok for your purpose you can use less words. If you choose two words for your passphrase, there are 60,466,176 different potential passphrases. A five-word passphrase would be cracked in just under six months and a six-word passphrase would take 3,505 years, on average, at a trillion guesses a second.

After you've generated your passphrase, the next step is to commit it to memory.You should write your new passphrase down on a piece of paper and carry it with you for as long as you need. Each time you need to type it, try typing it from memory first, but look at the paper if you need to. Assuming you type it a couple times a day, it shouldn't take more than two or three days before you no longer need the paper, at which point you should destroy it. "Simple, random passphrases, in other words, are just as good at protecting the next whistleblowing spy as they are at securing your laptop," concludes Lee. "It's a shame that we live in a world where ordinary citizens need that level of protection, but as long as we do, the Diceware system makes it possible to get CIA-level protection without going through black ops training."

siddesu sends this report from The Intercept: German Vice Chancellor Sigmar Gabriel said this week in Homburg that the U.S. government threatened to cease sharing intelligence with Germany if Berlin offered asylum to NSA whistleblower Edward Snowden or otherwise arranged for him to travel to that country. 'They told us they would stop notifying us of plots and other intelligence matters,' Gabriel said.

Nicola Hahn writes Yet another news report has emerged detailing how the CIA is actively subverting low-level encryption features in mainstream hi-tech products. Responding to the story, an unnamed intelligence official essentially shrugged his shoulders and commented that "there's a whole world of devices out there, and that's what we're going to do." Perhaps this sort of cavalier dismissal isn't surprising given that leaked classified documents indicate that government intelligence officers view iPhone users as 'Zombies' who pay for their own surveillance.

The past year or so of revelations paints a pretty damning portrait of the NSA and CIA. But if you read the Intercept's coverage of the CIA's subversion projects carefully you'll notice mention of Lockheed Martin. And this raises a question that hasn't received much attention: what role does corporate America play in all of this? Are American companies simply hapless pawns of a runaway national security state? Ed Snowden has stated that mass surveillance is "about economic spying, social control, and diplomatic manipulation. They're about power." A sentiment which has been echoed by others. Who, then, stands to gain from mass surveillance?

Nicola Hahn writes Yet another news report has emerged detailing how the CIA is actively subverting low-level encryption features in mainstream hi-tech products. Responding to the story, an unnamed intelligence official essentially shrugged his shoulders and commented that "there's a whole world of devices out there, and that's what we're going to do." Perhaps this sort of cavalier dismissal isn't surprising given that leaked classified documents indicate that government intelligence officers view iPhone users as 'Zombies' who pay for their own surveillance.

The past year or so of revelations paints a pretty damning portrait of the NSA and CIA. But if you read the Intercept's coverage of the CIA's subversion projects carefully you'll notice mention of Lockheed Martin. And this raises a question that hasn't received much attention: what role does corporate America play in all of this? Are American companies simply hapless pawns of a runaway national security state? Ed Snowden has stated that mass surveillance is "about economic spying, social control, and diplomatic manipulation. They're about power." A sentiment which has been echoed by others. Who, then, stands to gain from mass surveillance?

Nicola Hahn writes In light of a classified document regarding state-sponsored cyber ops, the editorial board at the New York Times has suggested that the most constructive approach to reducing the spread of cyber threats would be to "accelerate international efforts to negotiate limits on the cyberarms race, akin to the arms-control treaties of the Cold War."

While such advice is by all means well-intentioned there are significant differences between nuclear weapons and malware that would make treaty verification problematic. Not to mention that the history of the Cold War itself illustrates that certain countries viewed arms control treaties as an opportunity to secretly race ahead with their own covert weapons programs. Rather than take on the Sisyphean task of trying to limit the development of offensive cyber technology, why not shift national priorities towards creating robust, fault-tolerant, systems that render offensive tools ineffective?

Nicola Hahn writes: "In the wake of the Snowden revelations strong encryption has been promoted by organizations like The Intercept and Freedom of the Press Foundation as a solution for safeguarding privacy against the encroachment of Big Brother. Even President Obama acknowledges that "there's no scenario in which we don't want really strong encryption."

Yet the public record shows that over the years the NSA has honed its ability to steal encryption keys. Recent reports about the compromise of Gemalto's network and sophisticated firmware manipulation programs by the Office of Tailored Access Operations underscore this reality.

The inconvenient truth is that the current cyber self-defense formulas being presented are conspicuously incomplete. Security tools can and will fail. And when they do, what then? It's called Operational Security (OPSEC), a topic that hasn't received much coverage — but it should.

First time accepted submitter BlacKSacrificE writes Australian carriers are bracing for a mass recall after it was revealed that a Dutch SIM card manufacturer Gemalto was penetrated by the GCHQ and the NSA in an alleged theft of encryption keys, allowing unfettered access to voice and text communications. The incident is suspected to have happened in 2010 and 2011 and seems to be a result of social engineering against employees, and was revealed by yet another Snowden document. Telstra, Vodafone and Optus have all stated they are waiting for further information from Gemalto before deciding a course of action. Gemalto said in a press release that they "cannot at this early stage verify the findings of the publication" and are continuing internal investigations, but considering Gemalto provides around 2 billion SIM cards to some 450 carriers across the globe (all of which use the same GSM encryption standard) the impact and fallout for Gemalto, and the affected carriers, could be huge.

Advocatus Diaboli writes with this excerpt from The Intercept's explanation of just how it is the NSA weaseled its way into one important part of our communications: AMERICAN AND BRITISH spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden. The hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ. The breach, detailed in a secret 2010 GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world's cellular communications, including both voice and data.

itwbennett writes As reported Wednesday by the news website The Intercept, the U.S. National Security Agency and its intelligence partners are sifting through data stolen by state-sponsored and freelance hackers on a regular basis in search of valuable information. A page from an internal wiki used by the intelligence agencies of the U.S., Canada and the U.K, which was last modified in 2012 and was among the files leaked by Edward Snowden reads: "Hackers are stealing the emails of some of our targets... by collecting the hackers' 'take' we 1) get access to the emails ourselves and 2) get insights into who's being hacked."

Advocatus Diaboli writes Canada's electronic spy agency sifts through millions of videos and documents downloaded online every day by people around the world, as part of a sweeping bid to find extremist plots and suspects, CBC News has learned. Details of the Communications Security Establishment project dubbed 'Levitation' are revealed in a document obtained by U.S. whistleblower Edward Snowden and recently released to CBC News. Under Levitation, analysts with the electronic eavesdropping service can access information on about 10 to 15 million uploads and downloads of files from free websites each day, the document says.

FarnsworthG writes: A multi-billion-dollar Army project will soon be able to track nearly everything within 340 miles when an 80-yard-long blimp is hoisted into the air over Maryland. Way to be subtle, guys. From the article: "Technically considered aerostats, since they are tethered to mooring stations, these lighter-than-air vehicles will hover at a height of 10,000 feet just off Interstate 95, about 45 miles northeast of Washington, D.C., and about 20 miles from Baltimore. That means they can watch what’s happening from North Carolina to Boston, or an area the size of Texas."

Nicola Hahn writes Over the course of the Snowden revelations there have been a number of high profile figures who've praised the merits of encryption as a remedy to the quandary of mass interception. Companies like Google and Apple have been quick to publicize their adoption of cryptographic countermeasures in an effort to maintain quarterly earnings. This marketing campaign has even convinced less credulous onlookers like Glenn Greenwald. For example, in a recent Intercept piece, Greenwald claimed:

"It is well-established that, prior to the Snowden reporting, Silicon Valley companies were secret, eager and vital participants in the growing Surveillance State. Once their role was revealed, and they perceived those disclosures threatening to their future profit-making, they instantly adopted a PR tactic of presenting themselves as Guardians of Privacy. Much of that is simply self-serving re-branding, but some of it, as I described last week, are genuine improvements in the technological means of protecting user privacy, such as the encryption products now being offered by Apple and Google, motivated by the belief that, post-Snowden, parading around as privacy protectors is necessary to stay competitive."

So, while he concedes the role of public relations in the ongoing cyber security push, Greenwald concurrently believes encryption is a "genuine" countermeasure. In other words, what we're seeing is mostly marketing hype... except for the part about strong encryption.

With regard to the promise of encryption as a privacy cure-all, history tells a markedly different story. Guarantees of security through encryption have often proven illusory, a magic act. Seeking refuge in a technical quick fix can be hazardous for a number of reasons.

The Intercept has published today a story detailing documents that "reveal how the NSA plans to secretly introduce new flaws into communication systems so that they can be tapped into—a controversial tactic that security experts say could be exposing the general population to criminal hackers." The documents also describe a years-long effort, aimed at hostile and friendly regimes, from the point of view of the U.S. government, to break the security of various countries' communications networks. "Codenamed AURORAGOLD, the covert operation has monitored the content of messages sent and received by more than 1,200 email accounts associated with major cellphone network operators, intercepting confidential company planning papers that help the NSA hack into phone networks."

Advocatus Diaboli writes The Regin malware, whose existence was first reported by the security firm Symantec on Sunday, is among the most sophisticated ever discovered by researchers. Symantec compared Regin to Stuxnet, a state-sponsored malware program developed by the U.S. and Israel to sabotage computers at an Iranian nuclear facility. Sources familiar with internal investigations at Belgacom and the European Union have confirmed to The Intercept that the Regin malware was found on their systems after they were compromised, linking the spy tool to the secret GCHQ and NSA operations.

Nicola Hahn writes In his latest Intercept piece Glenn Greenwald considers the recent defeat of the Senate's USA Freedom Act. He remarks that governments "don't walk around trying to figure out how to limit their own power." Instead of appealing to an allegedly irrelevant Congress Greenwald advocates utilizing the power of consumer demand to address the failings of cyber security. Specifically he argues that companies care about their bottom line and that the trend of customers refusing to tolerate insecure products will force companies to protect user privacy, implement encryption, etc. All told Greenwald's argument is very telling: that society can rely on corporate interests for protection. Is it true that representative government is a lost cause and that lawmakers would never knowingly yield authority? There are people who think that advising citizens to devolve into consumers is a dubious proposition.

Advocatus Diaboli writes British spies have been granted the authority to secretly eavesdrop on legally privileged attorney-client communications, according to newly released documents. On Thursday, a series of previously classified policies confirmed for the first time that the U.K.'s top surveillance agency Government Communications Headquarters has advised its employees: "You may in principle target the communications of lawyers." The country's other major security and intelligence agencies—MI5 and MI6—have adopted similar policies, the documents show. The guidelines also appear to permit surveillance of journalists and others deemed to work in "sensitive professions."

Advocatus Diaboli writes with a selection from The Intercept describing instructions for commercial spyware sold by Italian security firm Hacking Team. The manuals describe Hacking Team's software for government technicians and analysts, showing how it can activate cameras, exfiltrate emails, record Skype calls, log typing, and collect passwords on targeted devices. They also catalog a range of pre-bottled techniques for infecting those devices using wifi networks, USB sticks, streaming video, and email attachments to deliver viral installers. With a few clicks of a mouse, even a lightly trained technician can build a software agent that can infect and monitor a device, then upload captured data at unobtrusive times using a stealthy network of proxy servers, all without leaving a trace. That, at least, is what Hacking Team's manuals claim as the company tries to distinguish its offerings in the global marketplace for government hacking software. (Here are the manuals themselves.)

Advocatus Diaboli writes with a selection from The Intercept describing instructions for commercial spyware sold by Italian security firm Hacking Team. The manuals describe Hacking Team's software for government technicians and analysts, showing how it can activate cameras, exfiltrate emails, record Skype calls, log typing, and collect passwords on targeted devices. They also catalog a range of pre-bottled techniques for infecting those devices using wifi networks, USB sticks, streaming video, and email attachments to deliver viral installers. With a few clicks of a mouse, even a lightly trained technician can build a software agent that can infect and monitor a device, then upload captured data at unobtrusive times using a stealthy network of proxy servers, all without leaving a trace. That, at least, is what Hacking Team's manuals claim as the company tries to distinguish its offerings in the global marketplace for government hacking software. (Here are the manuals themselves.)

Advocatus Diaboli writes with this snippet from The Intercept: The National Security Agency has had agents in China, Germany, and South Korea working on programs that use "physical subversion" to infiltrate and compromise networks and devices, according to documents obtained by The Intercept. The documents, leaked by NSA whistleblower Edward Snowden, also indicate that the agency has used under cover operatives to gain access to sensitive data and systems in the global communications industry, and that these secret agents may have even dealt with American firms. The documents describe a range of clandestine field activities that are among the agency's "core secrets" when it comes to computer network attacks, details of which are apparently shared with only a small number of officials outside the NSA.

maynard writes: Investigative Journalist James Bamford knows a thing or two more than most about the National Security Agency. Across his more than three-decade long career digging muck out of exactly those places U.S. government intelligence agencies preferred he wouldn't tread, he's published five books and over eighty press reports. At times, this made for some tense confrontations with intelligence officials from an organization once so secret even few members of Congress knew of its existence.

For the last several years public focus on the NSA has been on Bush and Obama era reports of illicit domestic spying. From allegations of warrantless wiretapping reported by James Risen in 2005 to secret documents released to journalists at The Guardian by Edward Snowden a year ago. And smack in the middle, Bamford's 2012 revelation of the existence of a huge, exabyte-capable data storage facility then under construction in Bluffdale, Utah.

Given all this attention on recent events, it might come as a surprise to some that almost forty years ago Senator Frank Church convened a congressional committee to investigate reports of unlawful activities by U.S. intelligence agencies, including illegal domestic wiretapping by the NSA. At the time, Church brought an oversight magnifying glass over what was then half-jokingly referred to as "No Such Agency." And then, like today, James Bamford was in the thick of it, with a Snowden-like cloak-and-dagger game of spy-vs-journalist. It all began by giving testimony before the Church Committee. Writing yesterday in The Intercept, Bamford tells his firsthand historical account of what led him to testify as a direct witness to NSA's wiretapping of domestic communications decades ago and then details the events that led to the publication of his first book The Puzzle Palace back in 1982. Read on for more. Bamford writes:

...during the summer of 1975, as reports began leaking out from the Church Committee, I was surprised to learn that the NSA was claiming that it had shut down all of its questionable operations a year and a half earlier. Surprised because I knew the eavesdropping on Americans had continued at least into the prior fall, and may have still been going on. After thinking for a day or so about the potential consequences of blowing the whistle on the NSA—I was still in the Naval Reserve, still attending drills one weekend a month, and still sworn to secrecy with an active NSA clearance—I nevertheless decided to call the Church Committee.

But he didn't stop at the witness stand. Afterward, he continued researching the matter for a book. And the further he dug, the more waves he made. Until someone slipped him a then recently declassified copy of a 1976 Justice Department memo [PDF] detailing a criminal investigation into illicit domestic spying by the NSA. But when agency officials discovered he had that document they took extraordinary measures attempting to get it back. They threatened to prosecute under the 1917 Espionage Act and retroactively reclassified the memo to squelch its contents.

Fearing someone might break into his home and steal the manuscript, Bamford arranged to transport and secure a copy outside of U.S. jurisdiction with a colleague at the Sunday Times of London. It was only upon the 1982 publication of Puzzle Palace that the agency dropped their pursuit of Bamford and his document as a lost cause. That's at least one stark difference between then and today when it comes to whistleblowers — back then, they merely threatened espionage charges.

Yogi Berra famously once said, "It's like Deja Vu all over again." And though the Yankees' star wasn't speaking of illicit domestic wiretaps by the national security state, given a comparison of recent revelations to those detailed by Bamford decades earlier the quote certainly fits. In telling his story of how he published details about the last NSA Merry-Go-Round with warrantless wiretapping, Bamford shows us that our recent troubles of lawless surveillance aren't so unique. It's deja-vu all over again. But if deja vu is like a waking dream, this seems more a recurring nightmare for a body-politic lured to snoring slumber by a siren-song of political passivity.

That old Justice Department memo isn't likely to wake the public from their slumber. But within its pages is a stark warning we all should have heeded. As Bamford notes in that Intercept story, the report's conclusion that NSA lawlessness stems straight from the birth of the agency suggests a constitutional conflict systemic and intentional.

...the NSA's top-secret "charter" issued by the Executive Branch, exempts the agency from legal restraints placed on the rest of the government. "Orders, directives, policies, or recommendations of any authority of the Executive branch relating to the collection ... of intelligence," the charter reads, "shall not be applicable to Communications Intelligence activities, unless specifically so stated." This so-called "birth certificate," the Justice Department report concluded, meant the NSA did not have to follow any restrictions placed on electronic surveillance "unless it was expressly directed to do so." In short, the report asked, how can you prosecute an agency that is above the law?

Here's the "Prosecutive Summary" (PDF).

maynard writes: Investigative Journalist James Bamford knows a thing or two more than most about the National Security Agency. Across his more than three-decade long career digging muck out of exactly those places U.S. government intelligence agencies preferred he wouldn't tread, he's published five books and over eighty press reports. At times, this made for some tense confrontations with intelligence officials from an organization once so secret even few members of Congress knew of its existence.

For the last several years public focus on the NSA has been on Bush and Obama era reports of illicit domestic spying. From allegations of warrantless wiretapping reported by James Risen in 2005 to secret documents released to journalists at The Guardian by Edward Snowden a year ago. And smack in the middle, Bamford's 2012 revelation of the existence of a huge, exabyte-capable data storage facility then under construction in Bluffdale, Utah.

Given all this attention on recent events, it might come as a surprise to some that almost forty years ago Senator Frank Church convened a congressional committee to investigate reports of unlawful activities by U.S. intelligence agencies, including illegal domestic wiretapping by the NSA. At the time, Church brought an oversight magnifying glass over what was then half-jokingly referred to as "No Such Agency." And then, like today, James Bamford was in the thick of it, with a Snowden-like cloak-and-dagger game of spy-vs-journalist. It all began by giving testimony before the Church Committee. Writing yesterday in The Intercept, Bamford tells his firsthand historical account of what led him to testify as a direct witness to NSA's wiretapping of domestic communications decades ago and then details the events that led to the publication of his first book The Puzzle Palace back in 1982. Read on for more. Bamford writes:

...during the summer of 1975, as reports began leaking out from the Church Committee, I was surprised to learn that the NSA was claiming that it had shut down all of its questionable operations a year and a half earlier. Surprised because I knew the eavesdropping on Americans had continued at least into the prior fall, and may have still been going on. After thinking for a day or so about the potential consequences of blowing the whistle on the NSA—I was still in the Naval Reserve, still attending drills one weekend a month, and still sworn to secrecy with an active NSA clearance—I nevertheless decided to call the Church Committee.

But he didn't stop at the witness stand. Afterward, he continued researching the matter for a book. And the further he dug, the more waves he made. Until someone slipped him a then recently declassified copy of a 1976 Justice Department memo [PDF] detailing a criminal investigation into illicit domestic spying by the NSA. But when agency officials discovered he had that document they took extraordinary measures attempting to get it back. They threatened to prosecute under the 1917 Espionage Act and retroactively reclassified the memo to squelch its contents.

Fearing someone might break into his home and steal the manuscript, Bamford arranged to transport and secure a copy outside of U.S. jurisdiction with a colleague at the Sunday Times of London. It was only upon the 1982 publication of Puzzle Palace that the agency dropped their pursuit of Bamford and his document as a lost cause. That's at least one stark difference between then and today when it comes to whistleblowers — back then, they merely threatened espionage charges.

Yogi Berra famously once said, "It's like Deja Vu all over again." And though the Yankees' star wasn't speaking of illicit domestic wiretaps by the national security state, given a comparison of recent revelations to those detailed by Bamford decades earlier the quote certainly fits. In telling his story of how he published details about the last NSA Merry-Go-Round with warrantless wiretapping, Bamford shows us that our recent troubles of lawless surveillance aren't so unique. It's deja-vu all over again. But if deja vu is like a waking dream, this seems more a recurring nightmare for a body-politic lured to snoring slumber by a siren-song of political passivity.

That old Justice Department memo isn't likely to wake the public from their slumber. But within its pages is a stark warning we all should have heeded. As Bamford notes in that Intercept story, the report's conclusion that NSA lawlessness stems straight from the birth of the agency suggests a constitutional conflict systemic and intentional.

...the NSA's top-secret "charter" issued by the Executive Branch, exempts the agency from legal restraints placed on the rest of the government. "Orders, directives, policies, or recommendations of any authority of the Executive branch relating to the collection ... of intelligence," the charter reads, "shall not be applicable to Communications Intelligence activities, unless specifically so stated." This so-called "birth certificate," the Justice Department report concluded, meant the NSA did not have to follow any restrictions placed on electronic surveillance "unless it was expressly directed to do so." In short, the report asked, how can you prosecute an agency that is above the law?

Here's the "Prosecutive Summary" (PDF).

HughPickens.com writes The Intercept reports that contrary to lurid claims made by U.S. officials, a new independent analysis of Edward Snowden's revelations on NSA surveillance that examined the frequency of releases and updates of encryption software by jihadi groups has found no correlation in either measure to Snowden's leaks about the NSA's surveillance techniques. According to the report "well prior to Edward Snowden, online jihadists were already aware that law enforcement and intelligence agencies were attempting to monitor them (PDF)." In fact, concerns about terrorists' use of sophisticated encryption technology predates even 9/11.

Earlier this month former NSA head Michael Hayden stated, "The changed communications practices and patterns of terrorist groups following the Snowden revelations have impacted our ability to track and monitor these groups", while Matthew Olsen of the National Counterterrorism Center would add "Following the disclosure of the stolen NSA documents, terrorists are changing how they communicate to avoid surveillance." Snowden's critics have previously accused his actions of contributing from everything from the rise of ISIS to Russia's invasion of the Ukraine. "This most recent study is the most comprehensive repudiation of these charges to date," says Murtaza Hussain. "Contrary to lurid claims to the contrary, the facts demonstrate that terrorist organizations have not benefited from the NSA revelations, nor have they substantially altered their behavior in response to them."

New submitter Prune (557140) writes with a link to a story at The Intercept which might influence the way you look at media coverage of the kind of government activity that deserves rigorous press scrutiny. According to the story, "Email exchanges between CIA public affairs officers and Ken Dilanian, now an Associated Press intelligence reporter who previously covered the CIA for the Times, show that Dilanian enjoyed a closely collaborative relationship with the agency, explicitly promising positive news coverage and sometimes sending the press office entire story drafts for review prior to publication. In at least one instance, the CIA’s reaction appears to have led to significant changes in the story that was eventually published in the Times." Another telling excerpt: On Friday April 27, 2012, he emailed the press office a draft story that he and a colleague, David Cloud, were preparing. The subject line was “this is where we are headed,” and he asked if “you guys want to push back on any of this.” It appears the agency did push back. On May 2, 2012, he emailed the CIA a new opening to the story with a subject line that asked, “does this look better?” The piece ran on May 16, and while it bore similarities to the earlier versions, it had been significantly softened.

onproton (3434437) writes The Intercept reported today on classified documents revealing that the NSA has built its own "Google-like" search engine to provide over 850 billion collected records directly to law enforcement agencies, including the FBI and the DEA. Reporter Ryan Gallagher explains, "The documents provide the first definitive evidence that the NSA has for years made massive amounts of surveillance data directly accessible to domestic law enforcement agencies." The search engine, called ICREACH, allows analysts to search an array of databases, some of which contain metadata collected on innocent American citizens, for the purposes of "foreign intelligence." However, questions have been raised over its potential for abuse in what is known as "parallel construction," a process in which agencies use surveillance resources in domestic investigations, and then later cover it up by creating a different evidence trail to use in court.

New submitter onproton writes: Citizen Lab released new research today on a targeted exploitation technique used by state actors involving "network injection appliances" installed at ISPs. These devices can target and intercept unencrypted YouTube traffic and replace it with malicious code that gives the operator control over the system or installs a surveillance backdoor. One of the researchers writes, "many otherwise well-informed people think they have to do something wrong, or stupid, or insecure to get hacked—like clicking on the wrong attachments, or browsing malicious websites...many of these commonly held beliefs are not necessarily true." This technique is largely designed for targeted attacks, so it's likely most of us will be safe for now — but just one more reminder to use https.

Advocatus Diaboli (1627651) writes with the chilling, but not really surprising, news that the U.S. government is aware that many names in its terrorist suspect database are not linked to terrorism in any way. From the article: Nearly half of the people on the U.S. government's widely shared database of terrorist suspects are not connected to any known terrorist group, according to classified government documents obtained by The Intercept. Of the 680,000 people caught up in the government's Terrorist Screening Database — a watchlist of "known or suspected terrorists" that is shared with local law enforcement agencies, private contractors, and foreign governments — more than 40 percent are described by the government as having "no recognized terrorist group affiliation." That category — 280,000 people — dwarfs the number of watchlisted people suspected of ties to al Qaeda, Hamas, and Hezbollah combined.

Advocatus Diaboli (1627651) writes with the chilling, but not really surprising, news that the U.S. government is aware that many names in its terrorist suspect database are not linked to terrorism in any way. From the article: Nearly half of the people on the U.S. government's widely shared database of terrorist suspects are not connected to any known terrorist group, according to classified government documents obtained by The Intercept. Of the 680,000 people caught up in the government's Terrorist Screening Database — a watchlist of "known or suspected terrorists" that is shared with local law enforcement agencies, private contractors, and foreign governments — more than 40 percent are described by the government as having "no recognized terrorist group affiliation." That category — 280,000 people — dwarfs the number of watchlisted people suspected of ties to al Qaeda, Hamas, and Hezbollah combined.

Advocatus Diaboli sends this news from The Intercept: The National Security Agency last year significantly expanded its cooperative relationship with the Saudi Ministry of Interior, one of the world's most repressive and abusive government agencies. An April 2013 top secret memo provided by NSA whistleblower Edward Snowden details the agency's plans "to provide direct analytic and technical support" to the Saudis on "internal security" matters. The Saudi Ministry of Interior—referred to in the document as MOI— has been condemned for years as one of the most brutal human rights violators in the world. In 2013, the U.S. State Department reported that "Ministry of Interior officials sometimes subjected prisoners and detainees to torture and other physical abuse," specifically mentioning a 2011 episode in which MOI agents allegedly "poured an antiseptic cleaning liquid down [the] throat" of one human rights activist. The report also notes the MOI's use of invasive surveillance targeted at political and religious dissidents.

Advocatus Diaboli sends this report: The Obama administration has quietly approved a substantial expansion of the terrorist watchlist system, authorizing a secret process that requires neither "concrete facts" nor "irrefutable evidence" to designate an American or foreigner as a terrorist, according to a key government document obtained by The Intercept. ...The heart of the document revolves around the rules for placing individuals on a watchlist. "All executive departments and agencies," the document says, are responsible for collecting and sharing information on terrorist suspects with the National Counterterrorism Center. It sets a low standard—"reasonable suspicion"—for placing names on the watchlists, and offers a multitude of vague, confusing, or contradictory instructions for gauging it. In the chapter on "Minimum Substantive Derogatory Criteria"—even the title is hard to digest—the key sentence on reasonable suspicion offers little clarity.

Advocatus Diaboli writes The secretive British spy agency GCHQ has developed covert tools to seed the internet with false information, including the ability to manipulate the results of online polls, artificially inflate pageview counts on web sites, "amplif[y]" sanctioned messages on YouTube, and censor video content judged to be "extremist." The capabilities, detailed in documents provided by NSA whistleblower Edward Snowden, even include an old standby for pre-adolescent prank callers everywhere: A way to connect two unsuspecting phone users together in a call. The tools were created by GCHQ's Joint Threat Research Intelligence Group (JTRIG), and constitute some of the most startling methods of propaganda and internet deception contained within the Snowden archive. Previously disclosed documents have detailed JTRIG's use of "fake victim blog posts," "false flag operations," "honey traps" and psychological manipulation to target online activists, monitor visitors to WikiLeaks, and spy on YouTube and Facebook users.

Advocatus Diaboli (1627651) writes The National Security Agency and FBI have covertly monitored the emails of prominent Muslim-Americans — including a political candidate and several civil rights activists, academics, and lawyers — under secretive procedures intended to target terrorists and foreign spies. From the article: "The individuals appear on an NSA spreadsheet in the Snowden archives called 'FISA recap.' Under that law, the Justice Department must convince a judge with the top-secret Foreign Intelligence Surveillance Court that there is probable cause to believe that American targets are not only agents of an international terrorist organization or other foreign power, but also 'are or may be' engaged in or abetting espionage, sabotage, or terrorism. The authorizations must be renewed by the court, usually every 90 days for U.S. citizens. ... The five Americans whose email accounts were monitored by the NSA and FBI have all led highly public, outwardly exemplary lives. All five vehemently deny any involvement in terrorism or espionage, and none advocates violent jihad or is known to have been implicated in any crime, despite years of intense scrutiny by the government and the press. Some have even climbed the ranks of the U.S. national security and foreign policy establishments."

Advocatus Diaboli (1627651) writes It has already been widely reported that the NSA works closely with eavesdropping agencies in the United Kingdom, Canada, New Zealand, and Australia as part of the so-called Five Eyes surveillance alliance. But the latest Snowden documents show that a number of other countries, described by the NSA as "third-party partners," are playing an increasingly important role – by secretly allowing the NSA to install surveillance equipment on their fiber-optic cables. The NSA documents state that under RAMPART-A, foreign partners "provide access to cables and host U.S. equipment." This allows the agency to covertly tap into "congestion points around the world" where it says it can intercept the content of phone calls, faxes, e-mails, internet chats, data from virtual private networks, and calls made using Voice over IP software like Skype.