Slashdot Mirror

Earlier today, WikiLeaks unleashed a cache of thousands of files it calls "Year Zero," which is part one of the release associated with "Vault 7." Since there are over 8,000 pages in this release, it will take some time for journalists to comb through the release. The Independent has highlighted six of the "biggest secrets and pieces of information yet to emerge from the huge dump" in their report. 1) The CIA has the ability to break into Android and iPhone handsets, and all kinds of computers. The U.S. intelligence agency has been involved in a concerted effort to write various kinds of malware to spy on just about every piece of electronic equipment that people use. That includes iPhones, Androids and computers running Windows, macOS and Linux.
2) Doing so would make apps like Signal, Telegram and WhatsApp entirely insecure. Encrypted messaging apps are only as secure as the devices they are used on -- if an operating system is compromised, then the messages can be read before they are encrypted and sent to the other user(s).
3) The CIA could use smart TVs to listen in on conversations that happened around them. One of the most eye-catching programs detailed in the documents is "Weeping Angel." That allows intelligence agencies to install special software that allows TVs to be turned into listening devices -- so that even when they appear to be switched off, they're actually on.
4) The agency explored hacking into cars and crashing them, allowing "nearly undetectable assassinations." Many of the documents reference tools that appear to have dangerous and unknown uses. One file, for instance, shows that the CIA was looking into ways of remotely controlling cars and vans by hacking into them.
5) The CIA hid vulnerabilities that could be used by hackers from other countries or governments. Such bugs were found in the biggest consumer electronics in the world, including phones and computers made Apple, Google and Microsoft. But those companies didn't get the chance to fix those exploits because the agency kept them secret in order to keep using them, the documents suggest.
6) More information is coming. The documents have still not been looked through entirely. There are 8,378 pages of files, some of which have already been analyzed but many of which haven't. And that's not to mention the other sets of documents that are coming. The "Year Zero" leaks are just the first in a series of "Vault 7" dumps, Julian Assange said. You can view the Vault 7 Part 1 'Year Zero' release here via WikiLeaks. The Intercept has an in-depth report focusing on how the "CIA Could Turn Smart TVs Into Listening Devices."

An anonymous reader quotes a report from The Intercept: In 2010, Thomas Drake, a former senior employee at the National Security Agency, was charged with espionage for speaking to a reporter from the Baltimore Sun about a bloated, dysfunctional intelligence program he believed would violate Americans' privacy. The case against him eventually fell apart, and he pled guilty to a single misdemeanor, but his career in the NSA was over. Though Drake was largely vindicated, the central question he raised about technology and privacy has never been resolved. Almost seven years have passed now, but Pat Eddington, a former CIA analyst, is still trying to prove that Drake was right. While working for Rep. Rush Holt, D-N.J., Eddington had the unique opportunity to comb through still-classified documents that outline the history of two competing NSA programs known as ThinThread and Trailblazer. He's seen an unredacted version of the Pentagon inspector general's 2004 audit of the NSA's failures during that time, and has filed Freedom of Information Act requests. In January, Eddington decided to take those efforts a step further by suing the Department of Defense to obtain the material, he tells The Intercept. "Those documents completely vindicate" those who advocated for ThinThread at personal risk, says Eddington.

schwit1 shares with us a report on a 11-part series led by The Intercept reporter Cora Currier: Secret FBI rules allow agents to obtain journalists' phone records with approval from two internal officials -- far less oversight than under normal judicial procedures. The classified rules dating from 2013, govern the FBI's use of national security letters, which allow the bureau to obtain information about journalists' calls without going to a judge or informing the news organization being targeted. They have previously been released only in heavily redacted form. Media advocates said the documents show that the FBI imposes few constraints on itself when it bypasses the requirement to go to court and obtain subpoenas or search warrants before accessing journalists' information. The rules stipulate that obtaining a journalist's records with a national security letter requires the signoff of the FBI's general counsel and the executive assistant director of the bureau's National Security Branch, in addition to the regular chain of approval. Generally speaking, there are a variety of FBI officials, including the agents in charge of field offices, who can sign off that an NSL is "relevant" to a national security investigation. There is an extra step under the rules if the NSL targets a journalist in order "to identify confidential news media sources." In that case, the general counsel and the executive assistant director must first consult with the assistant attorney general for the Justice Department's National Security Division. But if the NSL is trying to identify a leaker by targeting the records of the potential source, and not the journalist, the Justice Department doesn't need to be involved. The guidelines also specify that the extra oversight layers do not apply if the journalist is believed to be a spy or is part of a news organization "associated with a foreign intelligence service" or "otherwise acting on behalf of a foreign power." Unless, again, the purpose is to identify a leak, in which case the general counsel and executive assistant director must approve the request.

The encrypted email service once used by whistleblower Edward Snowden is relaunching today. Ladar Levison, the founder of the encrypted email service Lavabit, announced on Friday that he's relaunching the service with a new architecture that fixes the SSL problem and includes other privacy-enhancing features as well, such as one that obscures the metadata on emails to prevent government agencies like the NSA and FBI from being able to find out with whom Lavabit users communicate. In addition, he's also announcing plans to roll out end-to-end encryption later this year. The Intercept provides some backstory in its report: In 2013, [Levison] took the defiant step of shutting down the company's service rather than comply with a federal law enforcement request that could compromise its customers' communications. The FBI had sought access to the email account of one of Lavabit's most prominent users -- Edward Snowden. Levison had custody of his service's SSL encryption key that could help the government obtain Snowden's password. And though the feds insisted they were only after Snowden's account, the key would have helped them obtain the credentials for other users as well. Lavabit had 410,000 user accounts at the time. Rather than undermine the trust and privacy of his users, Levison ended the company's email service entirely, preventing the feds from getting access to emails stored on his servers. But the company's users lost access to their accounts as well. Levison, who became a hero of the privacy community for his tough stance, has spent the last three years trying to ensure he'll never have to help the feds break into customer accounts again. "The SSL key was our biggest threat," he says.

Reader Presto Vivace shares a report on The Intercept: IBM employees are taking a public stand following a personal pitch to Donald Trump from CEO Ginni Rometty and the company's initial refusal to rule out participating in the creation of a national Muslim registry. In November, Rometty wrote Trump directly, congratulating him on his electoral victory and detailing various services the company could sell his administration. The letter was published on an internal IBM blog along with a personal note from Rometty to her enormous global staff. "As IBMers, we believe that innovation improves the human condition. ... We support, tolerance, diversity, the development of expertise, and the open exchange of ideas," she wrote in the context of lending material support to a man who won the election by rejecting all of those values. Employee comments were a mix of support and horror. Now, some of those who were horrified are going public, denouncing Rometty's letter and asserting "our right to refuse participation in any U.S. government contracts that violate constitutionally protected civil liberties." The IBMPetition.org effort has been spearheaded in part by IBM cybersecurity engineer Daniel Hanley, who told The Intercept he started organizing with his coworkers after reading Rometty's letter. "I was shocked, of course," Hanley said, "because IBM has purported to espouse diversity and inclusion, and yet here's Ginni Rometty in an unqualified way reaching out to an admin whose electoral success was based on racist programs."

An anonymous reader quotes a report from Reuters: American and British spies have since 2005 been working on intercepting phone calls and data transfers made from aircraft, France's Le Monde newspaper reported on Wednesday, citing documents from former U.S. spy agency contractor Edward Snowden. According to the report, also carried by the investigative website The Intercept, Air France was targeted early on in the projects undertaken by the U.S. National Security Agency (NSA) and its British counterpart, GCHQ, after the airline conducted a test of phone communication based on the second-generation GSM standard in 2007. That test was done before the ability to use phones aboard aircraft became widespread. "What do the President of Pakistan, a cigar smuggler, an arms dealer, a counterterrorism target, and a combatting proliferation target have in common? They all used their everyday GSM phone during a flight," the reports cited one NSA document from 2010 as saying. In a separate internal document from a year earlier, the NSA reported that 100,000 people had already used their mobile phones in flight as of February 2009, a doubling in the space of two months. According to Le Monde, the NSA attributed the increase to "more planes equipped with in-flight GSM capability, less fear that a plane will crash due to making/receiving a call, not as expensive as people thought." Le Monde and The Intercept also said that, in an internal presentation in 2012, GCHQ had disclosed a program called "Southwinds," which was used to gather all the cellular activity, voice communication, data, metadata and content of calls made on board commercial aircraft.

On the campaign trail last year, President-elect Donald Trump said he would consider requiring Muslim-Americans to register with a government database. While he has back-stepped on a number of campaign promises after being elected president, Trump and his transition team have recently resurfaced the idea to create a national Muslim registry. In response, The Intercept contacted nine of the "most prominent" technology companies in the United States "to ask if they would sell their services to help create a national Muslim registry." Twitter was the only company that responded with "No." The Intercept reports: Even on a purely hypothetical basis, such a project would provide American technology companies an easy line to draw in the sand -- pushing back against any effort to track individuals purely (or essentially) on the basis of their religious beliefs doesn't take much in the way of courage or conviction, even by the thin standards of corporate America. We'd also be remiss in assuming no company would ever tie itself to such a nakedly evil undertaking: IBM famously helped Nazi Germany computerize the Holocaust. (IBM has downplayed its logistical role in the Holocaust, claiming in a 2001 statement that "most [relevant] documents were destroyed or lost during the war.") With all this in mind, we contacted nine different American firms in the business of technology, broadly defined, with the following question: "Would [name of company], if solicited by the Trump administration, sell any goods, services, information, or consulting of any kind to help facilitate the creation of a national Muslim registry, a project which has been floated tentatively by the president-elect's transition team?" After two weeks of calls and emails, only three companies provided an answer, and only one said it would not participate in such a project. A complete tally is below.

Facebook: No answer. Twitter: "No," and a link to this blog post, which states as company policy a prohibition against the use, by outside developers, of "Twitter data for surveillance purposes. Period." Microsoft: "We're not going to talk about hypotheticals at this point," and a link to a company blog post that states that "we're committed to promoting not just diversity among all the men and women who work here, but [...] inclusive culture" and that "it will remain important for those in government and the tech sector to continue to work together to strike a balance that protects privacy and public safety in what remains a dangerous time." Google: No answer. Apple: No answer. IBM: No answer. Booz Allen Hamilton: Declined to comment. SRA International: No answer.

Russian digital forensics Elcomsoft says iPhones send near real-time logs to Apple servers even when iCloud backup is switched off. The firm adds that these logs are stored for up to four months. From a report on the Intercept:"You only need to have iCloud itself enabled" for the data to be sent, said Vladimir Katalov, CEO of Elcomsoft. The logs surreptitiously uploaded to Apple contain a list of all calls made and received on an iOS device, complete with phone numbers, dates and times, and duration. They also include missed and bypassed calls. Elcomsoft said Apple retains the data in a user's iCloud account for up to four months, providing a boon to law enforcement who may not be able to obtain the data either from the user's carrier, who may retain the data for only a short period, or from the user's device, if it's encrypted with an unbreakable passcode. "Absolutely this is an advantage [for law enforcement]," Robert Osgood, a former FBI supervisory agent who now directs a graduate program in computer forensics at George Mason University, said of Apple's call-history uploads. "Four months is a long time [to retain call logs]. It's generally 30 or 60 days for telecom providers, because they don't want to keep more [records] than they absolutely have to. So if Apple is holding data for four months, that could be a very interesting data repository and they may have data that the telecom provider might not."

An anonymous reader quotes a report from Motherboard: On March 19 of this year, Hillary Clinton's campaign chairman John Podesta received an alarming email that appeared to come from Google. The email, however, didn't come from the internet giant. It was actually an attempt to hack into his personal account. In fact, the message came from a group of hackers that security researchers, as well as the U.S. government, believe are spies working for the Russian government. At the time, however, Podesta didn't know any of this, and he clicked on the malicious link contained in the email, giving hackers access to his account. The data linking a group of Russian hackers -- known as Fancy Bear, APT28, or Sofacy -- to the hack on Podesta is also yet another piece in a growing heap of evidence pointing toward the Kremlin. And it also shows a clear thread between apparently separate and independent leaks that have appeared on a website called DC Leaks, such as that of Colin Powell's emails; and the Podesta leak, which was publicized on WikiLeaks. All these hacks were done using the same tool: malicious short URLs hidden in fake Gmail messages. And those URLs, according to a security firm that's tracked them for a year, were created with Bitly account linked to a domain under the control of Fancy Bear. The phishing email that Podesta received on March 19 contained a URL, created with the popular Bitly shortening service, pointing to a longer URL that, to an untrained eye, looked like a Google link. Inside that long URL, there's a 30-character string that looks like gibberish but is actually the encoded Gmail address of John Podesta. According to Bitly's own statistics, that link, which has never been published, was clicked two times in March. That's the link that opened Podesta's account to the hackers, a source close to the investigation into the hack confirmed to Motherboard. That link is only one of almost 9,000 links Fancy Bear used to target almost 4,000 individuals from October 2015 to May 2016. Each one of these URLs contained the email and name of the actual target. The hackers created them with with two Bitly accounts in their control, but forgot to set those accounts to private, according to SecureWorks, a security firm that's been tracking Fancy Bear for the last year. Bitly allowed "third parties to see their entire campaign including all their targets -- something you'd want to keep secret," Tom Finney, a researcher at SecureWorks, told Motherboard. Thomas Rid, a professor at King's College who studied the case extensively, wrote a new piece about it in Esquire.

An anonymous reader quotes a report from The Intercept: Google revealed Wednesday it had been released from an FBI gag order that came with a secret demand for its customers' personal information. The FBI secret subpoena, known as a national security letter, does not require a court approval. Investigators simply need to clear a low internal bar demonstrating that the information is "relevant to an authorized investigation to protect against international terrorism or clandestine intelligence activities." The national security letter issued to Google was mentioned without fanfare in Google's latest bi-annual transparency report, which includes information on government requests for data the company received from around the world in the first half of 2016. Google received the secret subpoena in first half of 2015, according to the report. An accompanying blog post titled "Building on Surveillance Reform," also identified new countries that made requests -- Algeria, Belarus, and Saudi Arabia among them -- and reveals that Google saw an increase in requests made under the Foreign Intelligence Surveillance Act. But Google in its short blog post did not publish the contents of the actual letter the way other companies, including Yahoo, have done in recent months. Asked about plans to release the national security letter, a Google spokesperson told The Intercept it will release it, though it wouldn't say when or in what form it will do so. Google hasn't previously published any national security letters, though it's possible gag orders for prior demands are still in place. It's also unclear why Google wouldn't immediately publish the document -- unless the gag is only partially lifted, or the company is involved in ongoing litigation to challenge the order, neither of which were cited as reasons for holding it back

Reuters reported on Tuesday that Yahoo last year secretly built a custom software program to search all of its customers' incoming emails for specific information provided by U.S. intelligence officials. When The Intercept reached out to Yahoo for an official comment and explanation, the company offered a non-denial response after 20 hours since Reuters's report, a report said. (If a report is inaccurate, the company says so explicitly. Non-denial is something you give when you are caught off guard and things reported are true.) From the report: From Yahoo's PR firm, "The article is misleading. We narrowly interpret every government request for user data to minimize disclosure. The mail scanning described in the article does not exist on our systems." This is an extremely carefully worded statement, arriving roughly 20 hours after the Reuters story first broke. That's a long time to craft 29 words. It's unclear as well why Yahoo wouldn't have put this statement out on Tuesday, rather than responding, cryptically, that they are "a law abiding company, [that] complies with the laws of the United States." But this day-after denial isn't even really a denial: The statement says only that the article is misleading, not false. It denies only that such an email scanning program "does not" exist -- perhaps it did exist at some point between its reported inception in 2015 and today. It also pins quite a bit on the word "described" -- perhaps the Reuters report was overall accurate, but missed a few details. And it would mean a lot more for this denial to come straight from the keyboard of a named executive at Yahoo -- perhaps Ron Bell, the company's general counsel -- rather than a "strategic communications firm."Reuters reported that Yahoo's decision has prompted questions in Europe whether EU citizens' data had been compromised, and this could result in derailing a new trans-Atlantic data sharing deal.

Apple, Google and Microsoft -- three of the largest technology companies in the U.S. -- have each said they don't scan all incoming messages for the U.S. government, which is exactly what Yahoo does. According to Reuters, Yahoo secretly built a custom software program last year to search all of its customers' incoming emails for specific information provided by U.S. intelligence officials. The company complied with a classified U.S. government directive, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI. Vocativ reports: In a statement, a Microsoft spokesperson told Vocativ that "We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo." While Apple declined to give a statement on the record, a representative for the company did, in response to Vocativ's question, refer to CEO Tim Cook's official letter on consumer privacy, which reads in part: "I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will." The fact that both the companies declined further statement means it's not yet known if the NSA or FBI approached them to request they build a program like Yahoo's. Meanwhile, a spokesperson from Alphabet's Google issued a statement to CNBC: "We've never received such a request, but if we did, our response would be simple: 'no way.'" [The spokesperson later clarified that the company has not received a "directive" or "order" to that effect, either, according to The Intercept.] But the question is whether or not you believe them. With Yahoo's case, only a handful of employees knew about the program. The same could be true with Apple, Google, Microsoft or any other large tech company. Edward Snowden tweeted not too long after Reuters' report surfaced: "Heads up: Any major email service not clearly, categorically denying this tomorrow -- without careful phrasing -- is as guilty as Yahoo."

The Intercept is reporting that despite what Apple claims, it does keep a log of people you are receiving messages from and shares this and other potentially sensitive metadata with law enforcement when compelled by court order. Apple insists that iMessage conversations are safe and out of reach from anyone other than you and your friends. From the report:This log also includes the date and time when you entered a number, along with your IP address -- which could, contrary to a 2013 Apple claim that "we do not store data related to customers' location," identify a customer's location. Apple is compelled to turn over such information via court orders for systems known as "pen registers" or "tap and trace devices," orders that are not particularly onerous to obtain, requiring only that government lawyers represent they are "likely" to obtain information whose "use is relevant to an ongoing criminal investigation." Apple confirmed to The Intercept that it only retains these logs for a period of 30 days, though court orders of this kind can typically be extended in additional 30-day periods, meaning a series of monthlong log snapshots from Apple could be strung together by police to create a longer list of whose numbers someone has been entering.

An anonymous reader quotes a report from ABC News: The Israeli government and Facebook agreed to work together to determine how to tackle incitement on the social media network, a senior Israeli Cabinet minister said Monday. The announcement came after two government ministers met top Facebook officials to discuss the matter. The Facebook delegation is in Israel as the government pushes ahead with legislative steps meant to force social networks to rein in content that Israel says incites violence. Israel has argued that a wave of violence with the Palestinians over the past year has been fueled by incitement, much of it spread on social media sites. It has repeatedly said that Facebook should do more to monitor and control the content, raising a host of legal and ethical issues over whether the company is responsible for material posted by its users. Both Public Security Minister Gilad Erdan and Justice Minister Ayelet Shaked, two key figures in Israel's battle against the alleged online provocations, participated in Monday's meeting. Erdan's office said they agreed with Facebook representatives to create teams that would figure out how best to monitor and remove inflammatory content, but did not elaborate further. Erdan and Shaked have proposed legislation that seeks to force social networks to remove content that Israel considers to be incitement. An opposition lawmaker has also proposed a bill seeking to force social networks to self-monitor or face a fine. Facebook said in a statement "online extremism can only be tackled with a strong partnership between policymakers, civil society, academia and companies, and this is true in Israel and around the world." The company did also say that its community standards "make it clear there is non place for terrorists or content that promotes terrorism on Facebook." ABC News reports that "over the past four months Israel submitted 158 requests to Facebook to remove inciting content and another 13 requests to YouTube," according to Shaked. "She said Facebook granted some 95 percent of the requests and YouTube granted 80 percent." All of this adds to the censorship controversy that is currently surrounding Facebook. Last week, Norway's largest newspaper accused Mark Zuckerberg of abusing power after his company decided to censor a historic photograph of the Vietnamese "Napalm Girl," claiming it violated the company's ban on "child nudity."

The Intercept has today published 200-page documents revealing details about Harris Corp's Stingray surveillance device, which has been one of the closely guarded secrets in law enforcement for more than 15 years. The firm, in collaboration with police clients across the U.S. have "fought" to keep information about the mobile phone-monitoring boxes from the public against which they are used. The publication reports that the surveillance equipment carries a price tag in the "low six figures." From the report:The San Bernardino Sheriff's Department alone has snooped via Stingray, sans warrant, over 300 times. Richard Tynan, a technologist with Privacy International, told The Intercept that the "manuals released today offer the most up-to-date view on the operation of" Stingrays and similar cellular surveillance devices, with powerful capabilities that threaten civil liberties, communications infrastructure, and potentially national security. He noted that the documents show the "Stingray II" device can impersonate four cellular communications towers at once, monitoring up to four cellular provider networks simultaneously, and with an add-on can operate on so-called 2G, 3G, and 4G networks simultaneously.

The Intercept has today published 200-page documents revealing details about Harris Corp's Stingray surveillance device, which has been one of the closely guarded secrets in law enforcement for more than 15 years. The firm, in collaboration with police clients across the U.S. have "fought" to keep information about the mobile phone-monitoring boxes from the public against which they are used. The publication reports that the surveillance equipment carries a price tag in the "low six figures." From the report:The San Bernardino Sheriff's Department alone has snooped via Stingray, sans warrant, over 300 times. Richard Tynan, a technologist with Privacy International, told The Intercept that the "manuals released today offer the most up-to-date view on the operation of" Stingrays and similar cellular surveillance devices, with powerful capabilities that threaten civil liberties, communications infrastructure, and potentially national security. He noted that the documents show the "Stingray II" device can impersonate four cellular communications towers at once, monitoring up to four cellular provider networks simultaneously, and with an add-on can operate on so-called 2G, 3G, and 4G networks simultaneously.

theodp writes: Every fall," writes The Intercept's Sam Biddle, "internet and its resident tech mumblers congregate for The Apple Event, a quasi-pagan streaming-video rite in which Tim Cook boasts of just how much money his company is making (a lot) and just how much good it's introducing to the world (this typically involves a new iPhone). This is merely annoying most years; but in 2016, when Apple is loudly, publicly denying its tax obligations around the world, it's just gross." Biddle finds Apple's use of the word 'courage' to describe the corporate ethos that pushed the company to remove the headphone plug from the newest iPhone while offering a new pair of $160 jack-free earbuds particularly irksome: "Removing a headphone jack or adding 20 headphone jacks does not require courage; engineers are very smart, but their job does not typically require much bravery. Courage is more often found in, say, running into a burning school to rescue the students and class rodent. Or, maybe, you could call courageous the act of paying the many billions you owe around the world into the system that ensures those students have all of the resources they need in order to learn and grow. Just a hint: Collaborative spreadsheet software doesn't count [introducing new real-time collaboration features, Cook called iWork a "very important tool in education"].

An anonymous reader quotes a report from The Verge: Newly published documents from Edward Snowden have shed more light on American surveillance operations in the UK. The Intercept details how the NSA and GCHQ used information gathered by Menwith Hill Station, a massive but tightly sealed facility that intercepts satellite data transmissions worldwide. Among other things, the files appear to include evidence that links UK-based surveillance to American anti-terrorism campaigns outside official combat zones. While many surveillance efforts focus on the internet's connective "backbone" cables, Menwith Hill intercepts wireless signals, using an array of antennae and U.S. government satellites to capture up to 335 million pieces of metadata in a 12-hour period. Previous reports -- including an earlier Snowden leak -- have already revealed some of its capabilities. But The Intercept includes more details, particularly about the UK's involvement in "capture-kill" operations against suspected terrorists. It describes how the GHOSTHUNTER program traced the location of targets "when they log onto the internet," often in internet cafes. A different program called GHOSTWOLF, which let the NSA and GCHQ monitor traffic from Yemeni internet cafes, is part of a plan to "capture or eliminate key nodes in terrorist networks" by tracking their locations. This leak fuels existing suspicions that the UK's role in American covert drone strikes is greater than it admits -- potentially implicating it in the civilian deaths that have resulted. GCHQ told The Intercept that all its work "is carried out in accordance with a strict legal and policy framework," and "is entirely compatible with the European Convention on Human Rights."

Sam Biddle, reporting for The Intercept: On Monday, A hacking group calling itself the "ShadowBrokers" announced an auction for what it claimed were "cyber weapons" made by the NSA. Based on never-before-published documents provided by the whistleblower Edward Snowden, The Intercept can confirm that the arsenal contains authentic NSA software, part of a powerful constellation of tools used to covertly infect computers worldwide. The provenance of the code has been a matter of heated debate this week among cybersecurity experts, and while it remains unclear how the software leaked, one thing is now beyond speculation: The malware is covered with the NSA's virtual fingerprints and clearly originates from the agency. The evidence that ties the ShadowBrokers dump to the NSA comes in an agency manual for implanting malware, classified top secret, provided by Snowden, and not previously available to the public. The draft manual instructs NSA operators to track their use of one malware program using a specific 16-character string, "ace02468bdf13579." That exact same string appears throughout the ShadowBrokers leak in code associated with the same program, SECONDDATE. SECONDDATE plays a specialized role inside a complex global system built by the U.S. government to infect and monitor what one document estimated to be millions of computers around the world. Its release by ShadowBrokers, alongside dozens of other malicious tools, marks the first time any full copies of the NSA's offensive software have been available to the public, providing a glimpse at how an elaborate system outlined in the Snowden documents looks when deployed in the real world, as well as concrete evidence that NSA hackers don't always have the last word when it comes to computer exploitation.

A new report by Television New Zealand in collaboration with The Intercept, based on leaks of former U.S. National Security Agency worker Edward Snowden has for the first time named a target of the NSA's controversial Prism program. The target was a middle-aged civil servant and pro-democracy activist named Tony Fullman. Fullman, who is originally from Fiji but has lived in New Zealand for decades, is an advocate for democracy in Fiji and a critic of Fijian prime minister Frank Bainimarama, who took power in a 2006 coup. From a Fortune report: According to The Intercept, the NSA in 2012 monitored Fullman's communications through the Prism program and passed on information to the New Zealand intelligence services. Around the same time, the New Zealand authorities raided Fullman's home and revoked his passport. The New Zealand intelligence services were not themselves allowed to spy on Fullman, who was a New Zealand citizen. However, as Snowden has repeatedly described, the agencies of many Anglophone countries spy on each other's behalf, in order to bypass their national legal restrictions. Fullman suggested in the article that people in the group may well have said violent things about Bainimarama, but this was just venting, not a plot. According to the report, they never suspected someone was listening into their communications. The NSA was said to be helping by analyzing Fullman's Facebook and Gmail activities. The 190 pages of intercepted documentation seen by The Intercept apparently didn't reveal evidence of a plot.

An anonymous reader writes: What do spies use to chat online? A terribly ugly Windows programme. At least, that's what the Five Eyes intelligence alliance (made up of the US, UK, Australia, New Zealand and Canada) was using back in 2003, according to a newly released Snowden document. "The Five-Eyes SIGINT [signals intelligence] Directors will soon be using a new tool to enhance their collaboration on subjects ranging from current intelligence objectives to future collection planning," reads an issue of SID Today, the NSA's internal newsletter, dating from September 2003. InfoWorkSpace (IWS), as the tool is called, allowed text chat, audio conferencing, shared screen views, and virtual whiteboards, the newsletter explains. It adds that, at the time, some 4,000 NSA and Five Eyes employees were already using IWS to work on a number of topics, such as international terrorism, real-time collection coordination, and Operation Enduring Freedom, the term given to operations in Afghanistan from 2001 to 2014. The newsletter announcement refers to SIGINT Directors gaining access to the tool. Another Snowden document published by The Intercept notes that senior officials held their first virtual meeting with IWS around December 2003, but that "GCHQ was unable to attend due to a computer failure."

An anonymous reader writes: What do spies use to chat online? A terribly ugly Windows programme. At least, that's what the Five Eyes intelligence alliance (made up of the US, UK, Australia, New Zealand and Canada) was using back in 2003, according to a newly released Snowden document. "The Five-Eyes SIGINT [signals intelligence] Directors will soon be using a new tool to enhance their collaboration on subjects ranging from current intelligence objectives to future collection planning," reads an issue of SID Today, the NSA's internal newsletter, dating from September 2003. InfoWorkSpace (IWS), as the tool is called, allowed text chat, audio conferencing, shared screen views, and virtual whiteboards, the newsletter explains. It adds that, at the time, some 4,000 NSA and Five Eyes employees were already using IWS to work on a number of topics, such as international terrorism, real-time collection coordination, and Operation Enduring Freedom, the term given to operations in Afghanistan from 2001 to 2014. The newsletter announcement refers to SIGINT Directors gaining access to the tool. Another Snowden document published by The Intercept notes that senior officials held their first virtual meeting with IWS around December 2003, but that "GCHQ was unable to attend due to a computer failure."

schwit1 quotes a report from Motherboard: By itself, the ability to instantly identify anyone just by seeing their face already creates massive power imbalances, with serious implications for free speech and political protest. But more recently, researchers have demonstrated that even when faces are blurred or otherwise obscured, algorithms can be trained to identify people by matching previously-observed patterns around their head and body. In a new paper uploaded to the ArXiv pre-print server, researchers at the Max Planck Institute in Saarbrucken, Germany demonstrate a method of identifying individuals even when most of their photos are un-tagged or obscured. The researchers' system, which they call the "Faceless Recognition System," trains a neural network on a set of photos containing both obscured and visible faces, then uses that knowledge to predict the identity of obscured faces by looking for similarities in the area around a person's head and body. As for the accuracy of the system, "even when there are only 1.25 instances of the individual's fully-visible face, the system can identify an obscured face with 69.6 percent accuracy; if there are 10 instances of an individual's face, it increases to as high as 91.5 percent."

Peiter "Mudge" Zatko and his wife, Sarah, a former NSA mathematician, have started a nonprofit in the basement of their home "for testing and scoring the security of software... He says vendors are going to hate it." Slashdot reader mspohr shares an article from The Intercept: "Things like address space layout randomization [ASLR] and having a nonexecutable stack and heap and stuff like that, those are all determined by how you compiled [the source code]," says Sarah. "Those are the technologies that are really the equivalent of airbags or anti-lock brakes [in cars]..." The lab's initial research has found that Microsoft's Office suite for OS X, for example, is missing fundamental security settings because the company is using a decade-old development environment to build it, despite using a modern and secure one to build its own operating system, Mudge says. Industrial control system software, used in critical infrastructure environments like power plants and water treatment facilities, is also primarily compiled on "ancient compilers" that either don't have modern protective measures or don't have them turned on by default...

The process they use to evaluate software allows them to easily compare and contrast similar programs. Looking at three browsers, for example -- Chrome, Safari, and Firefox -- Chrome came out on top, with Firefox on the bottom. Google's Chrome developers not only used a modern build environment and enabled all the default security settings they could, Mudge says, they went "above and beyond in making things even more robust." Firefox, by contrast, "had turned off [ASLR], one of the fundamental safety features in their compilation."
The nonprofit was funded with $600,000 in funding from DARPA, the Ford Foundation, and Consumers Union, and also looks at the number of external libraries called, the number of branches in a program and the presence of high-complexity algorithms.

Smartphones become indispensable tools for journalists, human right workers, and activists in war-torn regions. But at the same time, as Intercept points out, they become especially potent tracking devices that can put users in mortal danger by leaking their location. To address the problem, NSA whistleblower Edward Snowden and hardware hacker Andrew "Bunnie" Huang have been developing a way for potentially imperiled smartphone users to monitor whether their devices are making any potentially compromising radio transmissions. "We have to ensure that journalists can investigate and find the truth, even in areas where governments prefer they don't," Snowden told Intercept. "It's basically to make the phone work for you, how you want it, when you want it, but only when." Snowden and Huang presented their findings in a talk at MIT Media Lab's Forbidden Research event Thursday, and published a detailed paper. From the Intercept article: Snowden and Huang have been researching if it's possible to use a smartphone in such an offline manner without leaking its location, starting with the assumption that "a phone can and will be compromised." [...] The research is necessary in part because most common way to try and silence a phone's radio -- turning on airplane mode -- can't be relied on to squelch your phone's radio traffic. Fortunately, a smartphone can be made to lie about the state of its radios. The article adds: According to their post, the goal is to "provide field-ready tools that enable a reporter to observe and investigate the status of the phone's radios directly and independently of the phone's native hardware." In other words, they want to build an entirely separate tiny computer that users can attach to a smartphone to alert them if it's being dishonest about its radio emissions. Snowden and Haung are calling this device an "introspection engine" because it will inspect the inner-workings of the phone. The device will be contained inside a battery case, looking similar to a smartphone with an extra bulky battery, except with its own screen to update the user on the status of the radios. Plans are for the device to also be able to sound an audible alarm and possibly to also come equipped with a "kill switch" that can shut off power to the phone if any radio signals are detected.Wired has a detailed report on this, too.

The Intercept published a 4,000 word article based on a journalist's three-hour interview with an "NSA hacker" who recently left the agency for a career in cybersecurity. Offering a portrait of life within the U.S. intelligence agency, "Lamb" says he worked on "ridiculously cool projects that I'll never forget... Technically challenging things are just inherently interesting to me."

He's the author of some of the memos leaked by Edward Snowden about how the NSA tries to identify Tor users or break into sys-admin accounts. ("One of his memos outlined the ways the NSA reroutes (or "shapes") the internet traffic of entire countries, and another memo was titled "I Hunt Sysadmins.") "If you tell me, 'This can't be done,' I'm going to try and find a way to do it."
It's interesting that he ended one memo with "Current mood: devious" and wrote in another that Tor "generally makes for sad analysts". But in his interview, he warns that "There is no real safe, sacred ground on the internet. Whatever you do on the internet is an attack surface of some sort and is just something that you live with."

The Intercept published a 4,000 word article based on a journalist's three-hour interview with an "NSA hacker" who recently left the agency for a career in cybersecurity. Offering a portrait of life within the U.S. intelligence agency, "Lamb" says he worked on "ridiculously cool projects that I'll never forget... Technically challenging things are just inherently interesting to me."

He's the author of some of the memos leaked by Edward Snowden about how the NSA tries to identify Tor users or break into sys-admin accounts. ("One of his memos outlined the ways the NSA reroutes (or "shapes") the internet traffic of entire countries, and another memo was titled "I Hunt Sysadmins.") "If you tell me, 'This can't be done,' I'm going to try and find a way to do it."
It's interesting that he ended one memo with "Current mood: devious" and wrote in another that Tor "generally makes for sad analysts". But in his interview, he warns that "There is no real safe, sacred ground on the internet. Whatever you do on the internet is an attack surface of some sort and is just something that you live with."

There is no shortage of messaging apps out there, so which one should you be using? If you care about your privacy, you would want your messaging client to be end-to-end encrypted. This narrows down the list to WhatsApp, Signal, and Allo. The Intercept has evaluated the apps to find which among the three is the best from the privacy standpoint. The publication says that while all the three aforementioned apps use the same secure messaging protocol (Open Whisper System's), they differ on exactly what information is encrypted, what metadata is collected, and what, precisely, is stored in the cloud.
WhatsApp:It's important to keep in mind that, even with the Signal protocol in place, WhatsApp's servers can still see messages that users send through the service. They can't see what's inside the messages, but they can see who is sending a message to whom and when.In addition, WhatsApp also retains your contact list -- provided you have shared it with the service. If government requests access to this data, WhatsApp could hand it over.
Allo:The first thing to understand about Google's forthcoming Allo app is that, by default, Google will be able to read all of your Allo messages. If you want end-to-end encryption via the Signal protocol, you need to switch to an "incognito mode" within the app, which will be secure but include fewer features. [...] Allo's machine learning features prevent Google from turning on end-to-end encryption for all messages, since Google needs to be able to ingest the content of messages for the machine learning to work, a Google spokesperson confirmed. Signal:The first thing that sets Signal apart from WhatsApp and Allo is that it is open source. The app's code is freely available for experts to inspect for flaws or back doors in its security. Another thing that makes Signal unique is its business model: There is none. In stark contrast to Facebook and Google, which make their money selling ads, Open Whisper Systems is entirely supported by grants and donations. With no advertising to target, the company intentionally stores as little user data as possible. Signal's privacy policy is short and concise. Unlike WhatsApp, Signal doesn't store any message metadata. [...] If you back up your phone to your Google or iCloud account, Signal doesn't include any of your messages in this backup.But what about Telegram, you ask? A Gizmodo report, also published on Wednesday, says that Telegram's default settings store your message on its unencrypted servers. "This is pretty much one of the worst things you could imagine when trying to send secure messages."

There is no shortage of messaging apps out there, so which one should you be using? If you care about your privacy, you would want your messaging client to be end-to-end encrypted. This narrows down the list to WhatsApp, Signal, and Allo. The Intercept has evaluated the apps to find which among the three is the best from the privacy standpoint. The publication says that while all the three aforementioned apps use the same secure messaging protocol (Open Whisper System's), they differ on exactly what information is encrypted, what metadata is collected, and what, precisely, is stored in the cloud.
WhatsApp:It's important to keep in mind that, even with the Signal protocol in place, WhatsApp's servers can still see messages that users send through the service. They can't see what's inside the messages, but they can see who is sending a message to whom and when.In addition, WhatsApp also retains your contact list -- provided you have shared it with the service. If government requests access to this data, WhatsApp could hand it over.
Allo:The first thing to understand about Google's forthcoming Allo app is that, by default, Google will be able to read all of your Allo messages. If you want end-to-end encryption via the Signal protocol, you need to switch to an "incognito mode" within the app, which will be secure but include fewer features. [...] Allo's machine learning features prevent Google from turning on end-to-end encryption for all messages, since Google needs to be able to ingest the content of messages for the machine learning to work, a Google spokesperson confirmed. Signal:The first thing that sets Signal apart from WhatsApp and Allo is that it is open source. The app's code is freely available for experts to inspect for flaws or back doors in its security. Another thing that makes Signal unique is its business model: There is none. In stark contrast to Facebook and Google, which make their money selling ads, Open Whisper Systems is entirely supported by grants and donations. With no advertising to target, the company intentionally stores as little user data as possible. Signal's privacy policy is short and concise. Unlike WhatsApp, Signal doesn't store any message metadata. [...] If you back up your phone to your Google or iCloud account, Signal doesn't include any of your messages in this backup.But what about Telegram, you ask? A Gizmodo report, also published on Wednesday, says that Telegram's default settings store your message on its unencrypted servers. "This is pretty much one of the worst things you could imagine when trying to send secure messages."

The FBI did turn to NSA when it was trying to hack into the San Bernardino shooter's iPhone, according to an NSA official. But to many's surprise, one of the world's most powerful intelligence agencies couldn't hack into that particular iPhone 5c model. "We don't do every phone, every variation of phone," said Richard Ledgett, the NSA's deputy director. "If we don't have a bad guy who's using it, we don't do that." According to Ledgett, apparently the agency has to prioritize its resources and thus it doesn't know how to get into every popular gadget. According to the report, the agency is now looking to exploit Internet of Things, including biomedical devices. The Intercept reports: Biomedical devices could be a new source of information for the NSA's data hoards -- "maybe a niche kind of thing ... a tool in the toolbox," he said, though he added that there are easier ways to keep track of overseas terrorists and foreign intelligence agents. When asked if the entire scope of the Internet of Things -- billions of interconnected devices -- would be "a security nightmare or a signals intelligence bonanza," he replied, "Both."

The FBI did turn to NSA when it was trying to hack into the San Bernardino shooter's iPhone, according to an NSA official. But to many's surprise, one of the world's most powerful intelligence agencies couldn't hack into that particular iPhone 5c model. "We don't do every phone, every variation of phone," said Richard Ledgett, the NSA's deputy director. "If we don't have a bad guy who's using it, we don't do that." According to Ledgett, apparently the agency has to prioritize its resources and thus it doesn't know how to get into every popular gadget. According to the report, the agency is now looking to exploit Internet of Things, including biomedical devices. The Intercept reports: Biomedical devices could be a new source of information for the NSA's data hoards -- "maybe a niche kind of thing ... a tool in the toolbox," he said, though he added that there are easier ways to keep track of overseas terrorists and foreign intelligence agents. When asked if the entire scope of the Internet of Things -- billions of interconnected devices -- would be "a security nightmare or a signals intelligence bonanza," he replied, "Both."

An anonymous reader writes: The secret government requests for customer information Yahoo made public Wednesday reveal that the FBI is still demanding email records from companies without a warrant, despite being told by Justice Department lawyers in 2008 that it doesn't have the lawful authority to do so.

That comes as a particular surprise given that FBI Director James Comey has said that one of his top legislative priorities this year is to get the right to acquire precisely such records with those warrantless secret requests, called national security letters, or NSLs. 'We need it very much,' Comey told Sen. Tom Cotton, R-Ark., during a congressional hearing in February.

mi quotes a report from The Intercept: A provision snuck into the still-secret text of the Senate's annual intelligence authorization would give the FBI the ability to demand individuals' email data and possibly web-surfing history from their service providers using those beloved 'National Security Letters' -- without a warrant and in complete secrecy. [The spy bill passed the Senate Intelligence Committee on Tuesday, with the provision in it. The lone no vote came from Sen. Ron Wyden, D-Ore., who wrote in a statement that one of the bill's provisions "would allow any FBI field office to demand email records without a court order, a major expansion of federal surveillance powers." If passed, the change would expand the reach of the FBI's already highly controversial national security letters. The FBI is currently allowed to get certain types of information with NSLs -- most commonly, information about the name, address, and call data associated with a phone number or details about a bank account. The FBI's power to issue NSLs is actually derived from the Electronic Communications Privacy Act -- a 1986 law that Congress is currently working to update to incorporate more protections for electronic communications -- not fewer. The House unanimously passed the Email Privacy Act in late April, while the Senate is due to vote on its version this week. "NSLs have a sordid history. They've been abused in a number of ways, including targeting of journalists and use to collect an essentially unbounded amount of information," Andrew Crocker, staff attorney for the Electronic Frontier Foundation, wrote. One thing that makes them particularly easy to abuse is that recipients of NSLs are subject to a gag order that forbids them from revealing the letters' existence to anyone, much less the public.]

executioner quotes a report from The Intercept: The Intercept's first SIDtoday release comprises 166 articles, including all articles published between March 31, 2003, when SIDtoday began, and June 30, 2003, plus installments of all article series begun during this period through the end of the year. Major topics include the National Security Agency's role in interrogations, the Iraq War, the war on terror, new leadership in the Signals Intelligence Directorate, and new, popular uses of the internet and of mobile computing devices. You can download this batch directly here, or download the documents via Github.

An anonymous reader cites an article on The Intercept (edited and condensed): The Supreme Court on Thursday approved changes that would make it easier for the FBI to hack into computers, many of them belonging to victims of cybercrime. The changes, which will take immediate effect in December unless Congress adopts competing legislation, would allow the FBI go hunting for anyone browsing the Internet anonymously in the U.S. with a single warrant. Previously, under the federal rules on criminal procedures, a magistrate judge couldn't approve a warrant request to search a computer remotely if the investigator didn't know where the computer was -- because it might be outside his or her jurisdiction. The rule change would allow a magistrate judge to issue a warrant to search or seize an electronic device if the target is using anonymity software like Tor."Unbelievable," said Edward Snowden. "FBI sneaks radical expansion of power through courts, avoiding public debate." Ahmed Ghappour, a visiting professor at University of California Hastings Law School, has described it as "possibly the broadest expansion of extraterritorial surveillance power since the FBI's inception."

An anonymous reader cites an article on The Intercept: The director of national intelligence on Monday blamed NSA whistleblower Edward Snowden for advancing the development of user-friendly, widely available strong encryption. "As a result of the Snowden revelations, the onset of commercial encryption has accelerated by seven years," James Clapper said. The shortened timeline has had "a profound effect on our ability to collect, particularly against terrorists," he said. When pressed by The Intercept to explain his figure, Clapper said it came from the National Security Agency. "The projected growth maturation and installation of commercially available encryption -- what they had forecasted for seven years ahead, three years ago, was accelerated to now, because of the revelation of the leaks." Asked if that was a good thing, leading to better protection for American consumers from the arms race of hackers constantly trying to penetrate software worldwide, Clapper answered no. "From our standpoint, it's not ⦠it's not a good thing," he said."Of all the things I've been accused of," Snowden said, "this is the one of which I am most proud."

An anonymous reader cites an article on The Intercept: The director of national intelligence on Monday blamed NSA whistleblower Edward Snowden for advancing the development of user-friendly, widely available strong encryption. "As a result of the Snowden revelations, the onset of commercial encryption has accelerated by seven years," James Clapper said. The shortened timeline has had "a profound effect on our ability to collect, particularly against terrorists," he said. When pressed by The Intercept to explain his figure, Clapper said it came from the National Security Agency. "The projected growth maturation and installation of commercially available encryption -- what they had forecasted for seven years ahead, three years ago, was accelerated to now, because of the revelation of the leaks." Asked if that was a good thing, leading to better protection for American consumers from the arms race of hackers constantly trying to penetrate software worldwide, Clapper answered no. "From our standpoint, it's not ⦠it's not a good thing," he said."Of all the things I've been accused of," Snowden said, "this is the one of which I am most proud."

theodp writes: The Intercept takes a look at Google's remarkably close relationship with the Obama White House, driving home its point with charts of When Google Visited the White House and how individuals have moved Back and Forth Between Google and Government. "Much of this collaboration could be considered public-minded," writes David Dayen. "It's hard to argue with the idea that the government should seek outside technical help when it requires it. And there's no evidence of a quid pro quo. But this arrangement doesn't have to result in outright corruption to be troubling. The obvious question that arises is: Can government do its job with respect to regulating Google in the public interest if it owes the company such a debt of gratitude?"

One interesting meeting The Intercept missed was a 2014 sit-down of Google and Microsoft execs with the head of the National Science Foundation and educators following a White House Hour of Code event, at which President Obama was 'taught to code' by Google-backed Code.org with Google-exec-turned-US-CTO Megan Smith looking on. Asked about the event in an interview, the President suggested the school system was to blame for his daughters not taking to coding the way he'd like. "I think they got started a little bit late," the President explained. "Part of what you want to do is introduce this with the ABCs and the colors." Less than a year later, the President sought to redress things with his Computer Science for All K-12 Initiative, citing Google-provided factoids ("Nine out of ten parents want it taught at their children's schools") to explain the need for the $4B budget request for the program.

Lee Fang, reporting for The Intercept, lists more than three-dozen companies that have received funding from CIA. In-Q-Tel, the CIA's venture capital firm, the publication claims, has invested in 38 companies that research on "social media mining and surveillance." The unpublicized In-Q-Tel companies are: Aquifi, Beartooth, CliQr, CloudPassage, Databricks, Dataminr, Docker, Echodyne, Epiq Solutions, Geofeedia, goTenna, Headspin, Interset, Keyssa, Kymeta, Lookout, Mapbox, Mesosphere, Nervana, Orbital Insight, Orion Labs, Parallel Wireless, PATHAR, Pneubotics, PsiKick, Rocket Lab, Skincential Sciences, Soft Robotics, Sonatype, Spaceflight Industries, Threatstream, Timbr.io, Transient Electronics, TransVoyant, TRX Systems, Voltaiq, and Zoomdata. From the report: Bruce Lund, a senior member of In-Q-Tel's technical staff, noted in a 2012 paper that "monitoring social media" is increasingly essential for government agencies (PDF) seeking to keep track of "erupting political movements, crises, epidemics, and disasters, not to mention general global trends."CIA also recently funded Clearista, a skin care product company that collects DNA.

sittingnut writes: The Intercept reports that Skincential Sciences, whose main product line is Clearista, has attracted media coverage because its "innovative line of cosmetic products marketed as a way to erase blemishes and soften skin" are funded by In-Q-Tel, a venture capital arm of the CIA. According to Russ Lebovitz, the chief executive of Skincential Sciences, the CIA fund told him they share an interest in looking at DNA extraction from "normal skin" using the method pioneered by his company. Lebovitz said he was unsure of the intent of the CIA's use of the technology, but the fund was "specifically interested in the diagnostics, detecting DNA from normal skin." He added, "There's no better identifier than DNA, and we know we can pull out DNA." Perhaps law enforcement could use the biomarker extraction technique for crime scene identification or could conduct drug tests, Lebovitz suggested.

Burz writes: Invisible Things Labs has released Qubes OS 3.1. Some of the features recently introduced into this secure concept, single-user desktop OS are Salt management, the Odyssey abstraction layer, and UEFI boot support. The 3.x series also lays the groundwork for distributed verifiable builds, Whonix VMs for Tor isolation, split-GPG key management, USB sandboxing, and a host of others. Qubes has recently gained a following among privacy advocates, notable among them journalist J.M. Porup, Micah Lee at The Intercept and Edward Snowden. Embodying a shift away from complex kernel-based security and towards bare metal hypervisors and IOMMUs for strict isolation of hardware components, Qubes seals off the usual channels for 'VM breakout' and DMA attacks. It isolates NICs and USB hardware within unprivileged VMs which are themselves are a re-working of the usual concept, each booting from read-only OS 'templates' which can be shared. Graphics are also virtualized behind a simple, hardened interface. Some of the more interesting attacks mitigated by Qubes are Evil Maid, BadBIOS, BadUSB and Mousejack.

An anonymous reader writes: The Maryland Court of Special Appeals on Wednesday upheld a historic decision by a state trial court that the warrantless use of cell-site simulators, or Stingrays, violates the Fourth Amendment. The trial had suppressed evidence obtained by the warrantless use of a Stingray -- the first time any court in the nation had done so. Last April, a Baltimore police detective testified that the department has used Stingrays 4,300 times since 2007, usually without notifying judges or defendants. Stingrays mimic cellphone towers, tricking nearby phones into connecting and revealing users' locations. Stingrays sweep up data on every phone nearby -- collecting information on dozens or potentially hundreds of people. The ruling has the potential to set a strong precedent about warrantless location tracking.

iceco2 links to The Intercept's report that the U.S. and UK intelligence forces have been (or at least were) intercepting positional data as well as imagery from Israeli drones and fighters, through a joint program dubbed "Anarchist," based on the island of Cyprus. Among the captured images that the Intercept has published, based on data provided by Edward Snowden, are ones that appear to show weaponized drones, something that the U.S. military is well-known for using, but that the IDF does not publicly acknowledge as part of its own arsenal. Notes iceco2: U.S. spying on allies is nothing new. It is surprising to see the ease with which encrypted Israeli communications were intercepted. As always, it wasn't the crypto which was broken -- just the lousy method it was applied. Ars Technica explains that open-source software, including ImageMagick was central to the analysis of the captured data.

iceco2 links to The Intercept's report that the U.S. and UK intelligence forces have been (or at least were) intercepting positional data as well as imagery from Israeli drones and fighters, through a joint program dubbed "Anarchist," based on the island of Cyprus. Among the captured images that the Intercept has published, based on data provided by Edward Snowden, are ones that appear to show weaponized drones, something that the U.S. military is well-known for using, but that the IDF does not publicly acknowledge as part of its own arsenal. Notes iceco2: U.S. spying on allies is nothing new. It is surprising to see the ease with which encrypted Israeli communications were intercepted. As always, it wasn't the crypto which was broken -- just the lousy method it was applied. Ars Technica explains that open-source software, including ImageMagick was central to the analysis of the captured data.

An anonymous reader writes: On Thursday, NSA director Mike Rogers said, "encryption is foundational to the future." He added that it was a waste of time to argue that encryption is bad or that we ought to do away with it. Rogers is taking a stance in opposition to many other government officials, like FBI director James Comey. Rogers further said that neither security nor privacy should be the imperative that drives everything else. He said, "We've got to meet these two imperatives. We've got some challenging times ahead of us, folks."

An anonymous reader writes: On Thursday, NSA director Mike Rogers said, "encryption is foundational to the future." He added that it was a waste of time to argue that encryption is bad or that we ought to do away with it. Rogers is taking a stance in opposition to many other government officials, like FBI director James Comey. Rogers further said that neither security nor privacy should be the imperative that drives everything else. He said, "We've got to meet these two imperatives. We've got some challenging times ahead of us, folks."

HughPickens.com writes: Reuters reports that the Pentagon is quietly building up a small airstrip in a remote region of east Africa that is a complex microcosm of how Washington runs military operations overseas — and how America's way of war will probably look for the foreseeable future. Chabelley Airfield is less than 10 miles from the capital of the small African nation of Djibouti but the small airport is the hub for America's drone operations in the nearby hotspots of Somalia and Yemen as part of its war against Islamic militants. "The U.S. military is being pressured into considering the adoption of more of a lily pad basing model in the wake of so much turbulence and warfare across the region," says Dr. Geoffrey Gresh. "Djibouti is a small, relatively safe ally that enables the U.S. special operators to carry out missions effectively across the continent." In September 2013, the Pentagon announced it was moving the pilotless aircraft from its main base at Camp Lemonnier to Chabelley with almost no fanfare. Africom and the Pentagon jealously guard information about their outposts in Africa, making it impossible to ascertain even basic facts — like a simple count — let alone just how many are integral to JSOC operations, drone strikes, and other secret activities. However a map in a Pentagon report indicates that there were 10 MQ-1 Predator drones and four larger, more far-ranging MQ-9 Reapers based at Camp Lemonnier in June 2012 before the move to Chabelley.

The Pentagon does not list Chabelley in its annual Base Structure Report, the only official compendium of American military facilities around the world. "The Chebelley base [is] a reflection of the growing presence of the U.S. military in Africa," says Dr. David Vine, author of 'Base Nation: How U.S. Military Bases Abroad Harm America and the World". "The [U.S.] military has gone to great lengths to disguise and downplay its growing presence in Africa generally in the hopes of avoiding negative attention and protests both in the U.S. and in African countries wary of the colonial-esque presence of foreign troops." American drones fly regular missions from Chabelley, an airstrip the French run with the approval of the Djiboutian government. Washington pays Djibouti for access to Paris' outpost. Part of the reason for this circuitous chain of responsibility could be the fact that the Pentagon's drone missions are often controversial. Critics contend targeted strikes against militants are illegal under American and international law and tantamount to assassination. "The military is easily capable of adapting to change, but they don't like to stop anything they feel is making their lives easier, or is to their benefit. And this certainly is, in their eyes, a very quick, clean way of doing things. It's a very slick, efficient way to conduct the war, without having to have the massive ground invasion mistakes of Iraq and Afghanistan."

HughPickens.com writes: Reuters reports that the Pentagon is quietly building up a small airstrip in a remote region of east Africa that is a complex microcosm of how Washington runs military operations overseas — and how America's way of war will probably look for the foreseeable future. Chabelley Airfield is less than 10 miles from the capital of the small African nation of Djibouti but the small airport is the hub for America's drone operations in the nearby hotspots of Somalia and Yemen as part of its war against Islamic militants. "The U.S. military is being pressured into considering the adoption of more of a lily pad basing model in the wake of so much turbulence and warfare across the region," says Dr. Geoffrey Gresh. "Djibouti is a small, relatively safe ally that enables the U.S. special operators to carry out missions effectively across the continent." In September 2013, the Pentagon announced it was moving the pilotless aircraft from its main base at Camp Lemonnier to Chabelley with almost no fanfare. Africom and the Pentagon jealously guard information about their outposts in Africa, making it impossible to ascertain even basic facts — like a simple count — let alone just how many are integral to JSOC operations, drone strikes, and other secret activities. However a map in a Pentagon report indicates that there were 10 MQ-1 Predator drones and four larger, more far-ranging MQ-9 Reapers based at Camp Lemonnier in June 2012 before the move to Chabelley.

The Pentagon does not list Chabelley in its annual Base Structure Report, the only official compendium of American military facilities around the world. "The Chebelley base [is] a reflection of the growing presence of the U.S. military in Africa," says Dr. David Vine, author of 'Base Nation: How U.S. Military Bases Abroad Harm America and the World". "The [U.S.] military has gone to great lengths to disguise and downplay its growing presence in Africa generally in the hopes of avoiding negative attention and protests both in the U.S. and in African countries wary of the colonial-esque presence of foreign troops." American drones fly regular missions from Chabelley, an airstrip the French run with the approval of the Djiboutian government. Washington pays Djibouti for access to Paris' outpost. Part of the reason for this circuitous chain of responsibility could be the fact that the Pentagon's drone missions are often controversial. Critics contend targeted strikes against militants are illegal under American and international law and tantamount to assassination. "The military is easily capable of adapting to change, but they don't like to stop anything they feel is making their lives easier, or is to their benefit. And this certainly is, in their eyes, a very quick, clean way of doing things. It's a very slick, efficient way to conduct the war, without having to have the massive ground invasion mistakes of Iraq and Afghanistan."

HughPickens.com writes: Reuters reports that the Pentagon is quietly building up a small airstrip in a remote region of east Africa that is a complex microcosm of how Washington runs military operations overseas — and how America's way of war will probably look for the foreseeable future. Chabelley Airfield is less than 10 miles from the capital of the small African nation of Djibouti but the small airport is the hub for America's drone operations in the nearby hotspots of Somalia and Yemen as part of its war against Islamic militants. "The U.S. military is being pressured into considering the adoption of more of a lily pad basing model in the wake of so much turbulence and warfare across the region," says Dr. Geoffrey Gresh. "Djibouti is a small, relatively safe ally that enables the U.S. special operators to carry out missions effectively across the continent." In September 2013, the Pentagon announced it was moving the pilotless aircraft from its main base at Camp Lemonnier to Chabelley with almost no fanfare. Africom and the Pentagon jealously guard information about their outposts in Africa, making it impossible to ascertain even basic facts — like a simple count — let alone just how many are integral to JSOC operations, drone strikes, and other secret activities. However a map in a Pentagon report indicates that there were 10 MQ-1 Predator drones and four larger, more far-ranging MQ-9 Reapers based at Camp Lemonnier in June 2012 before the move to Chabelley.

The Pentagon does not list Chabelley in its annual Base Structure Report, the only official compendium of American military facilities around the world. "The Chebelley base [is] a reflection of the growing presence of the U.S. military in Africa," says Dr. David Vine, author of 'Base Nation: How U.S. Military Bases Abroad Harm America and the World". "The [U.S.] military has gone to great lengths to disguise and downplay its growing presence in Africa generally in the hopes of avoiding negative attention and protests both in the U.S. and in African countries wary of the colonial-esque presence of foreign troops." American drones fly regular missions from Chabelley, an airstrip the French run with the approval of the Djiboutian government. Washington pays Djibouti for access to Paris' outpost. Part of the reason for this circuitous chain of responsibility could be the fact that the Pentagon's drone missions are often controversial. Critics contend targeted strikes against militants are illegal under American and international law and tantamount to assassination. "The military is easily capable of adapting to change, but they don't like to stop anything they feel is making their lives easier, or is to their benefit. And this certainly is, in their eyes, a very quick, clean way of doing things. It's a very slick, efficient way to conduct the war, without having to have the massive ground invasion mistakes of Iraq and Afghanistan."

An anonymous reader writes: At the Democratic presidential debate last night, Marques Brownlee asked the candidates a pointed question about whether the government should require tech companies to implement backdoors in their encryption, and how we should balance privacy with security. The responses were not ideal for those who recognize the problems with backdoors. Martin O'Malley said the government should have to get a warrant, but skirted the rest of the issue. Bernie Sanders said government must "have Silicon Valley help us" to discover information transmitted across the internet by ISIS and other terrorist organizations. He thinks we can do that without violating privacy, but didn't say how. But the most interesting comment came from Hillary Clinton. After mentioning that Obama Administration officials had "started the conversation" with tech companies on the encryption issue, one of the moderators noted that the government "got nowhere" with its requests. Clinton replied, "That is not what I've heard. Let me leave it at that." The implications of that small comment are troubling.