Slashdot Mirror

waspleg writes: Executives of Al Jazeera America (AJAM) held a meeting at 2 p.m. Eastern Time to tell their employees that the company is terminating all news and digital operations in the U.S. as of April 2016, resulting in the loss of hundreds of jobs. AJAM has been losing staggering sums of money from the start. That has become increasingly untenable as the network's owner and funder, the government of Qatar, is now economically struggling due to low oil prices. The decision was made recently to terminate AJAM, which allows the network to terminate all of its cumbersome distribution contracts with cable companies, and re-launch its successful Al Jazeera English inside the U.S.

Advocatus Diaboli sends a report from Glenn Greenwald at The Intercept about the NSA's efforts to subvert encryption. Back in 2013, several major publications reported that the NSA was able to crack encryption surrounding commerce and banking systems. Their reports did not identify which specific technology was affected. The recent backdoor found in Juniper systems has caused the journalists involved to un-redact a particular passage from the Snowden documents indicating the NSA targeted the "two leading encryption chips" in their attempts to compromise encryption. Quoting: The reference to "the two leading encryption chips" provides some hints, but no definitive proof, as to which ones were successfully targeted. Matthew Green, a cryptography expert at Johns Hopkins, declined to speculate on which companies this might reference. But he said that "the damage has already been done. From what I've heard, many foreign purchasers have already begun to look at all U.S.-manufactured encryption technology with a much more skeptical eye as a result of what the NSA has done. That's too bad, because I suspect only a minority of products have been compromised this way."

Advocatus Diaboli sends this report from Glen Greenwald: The Wall Street Journal reported yesterday that the NSA under President Obama targeted Israeli Prime Minister Benjamin Netanyahu and his top aides for surveillance. In the process, the agency ended up eavesdropping on "the contents of some of their private conversations with U.S. lawmakers and American-Jewish groups" about how to sabotage the Iran Deal. All sorts of people who spent many years cheering for and defending the NSA and its programs of mass surveillance are suddenly indignant now that they know the eavesdropping included them and their American and Israeli friends rather than just ordinary people. The long-time GOP chairman of the House Intelligence Committee and unyielding NSA defender Pete Hoekstra last night was truly indignant to learn of this surveillance.

In January 2014, I [Greenwald] debated Rep. Hoekstra about NSA spying and he could not have been more mocking and dismissive of the privacy concerns I was invoking. "Spying is a matter of fact," he scoffed. As Andrew Krietz, the journalist who covered that debate, reported, Hoekstra "laughs at foreign governments who are shocked they've been spied on because they, too, gather information" — referring to anger from German and Brazilian leaders. As TechDirt noted, "Hoekstra attacked a bill called the RESTORE Act, that would have granted a tiny bit more oversight over situations where (you guessed it) the NSA was collecting information on Americans." But all that, of course, was before Hoekstra knew that he and his Israeli friends were swept up in the spying of which he was so fond.

An anonymous reader writes with this bit of news from the Intercept. If you login to Windows 10 using your Microsoft account, your computer automatically uploads a copy of your recovery key to a Microsoft servers. From the article: "The fact that new Windows devices require users to backup their recovery key on Microsoft's servers is remarkably similar to a key escrow system, but with an important difference. Users can choose to delete recovery keys from their Microsoft accounts – something that people never had the option to do with the Clipper chip system. But they can only delete it after they've already uploaded it to the cloud.....As soon as your recovery key leaves your computer, you have no way of knowing its fate. A hacker could have already hacked your Microsoft account and can make a copy of your recovery key before you have time to delete it. Or Microsoft itself could get hacked, or could have hired a rogue employee with access to user data. Or a law enforcement or spy agency could send Microsoft a request for all data in your account, which would legally compel them to hand over your recovery key, which they could do even if the first thing you do after setting up your computer is delete it. As Matthew Green, professor of cryptography at Johns Hopkins University puts it, 'Your computer is now only as secure as that database of keys held by Microsoft, which means it may be vulnerable to hackers, foreign governments, and people who can extort Microsoft employees.'"

Advocatus Diaboli sends word that The Intercept has obtained a secret catalog of surveillance gear used by the U.S. from a concerned intelligence official. They report: "The intercept has obtained a secret, internal U.S. government catalogue of dozens of cellphone surveillance devices used by the military and by intelligence agencies. The document, thick with previously undisclosed information, also offers rare insight into the spying capabilities of federal law enforcement and local police inside the United States. The catalogue includes details on the Stingray, a well-known brand of surveillance gear, as well as Boeing 'dirt boxes' and dozens of more obscure devices that can be mounted on vehicles, drones, and piloted aircraft. Some are designed to be used at static locations, while others can be discreetly carried by an individual. They have names like Cyberhawk, Yellowstone, Blackfin, Maximus, Cyclone, and Spartacus. Within the catalogue, the NSA is listed as the vendor of one device, while another was developed for use by the CIA, and another was developed for a special forces requirement. Nearly a third of the entries focus on equipment that seems to have never been described in public before."

New submitter h33t l4x0r writes: Presidential candidate Marco Rubio recently "fired off a letter (PDF) to the Federal Communications Commission asking the agency to allow states to block municipal broadband services." The municipal services offer cheaper, faster broadband alternatives to the large telecoms. Rubio's campaign has taken large donations from AT&T, and the article notes that other providers, "fearing competition, have used their influence in state government to make an end-run around local municipalities. Through surrogates like the American Legislative Exchange Council, the industry gets states to pass laws that ban municipal broadband networks, despite the obvious benefits to both the municipalities and their residents."

An anonymous reader writes with this lead from Help Net Security's story on a topic we've touched on here many times: the broad powers arrogated by the Federal government in the form of National Security Letters: On Monday, after winning an eleven-year legal battle, Nicholas Merrill can finally tell the public how the FBI has secretly construed its authority to issue National Security Letters (NSLs) to permit collection of vast amounts of private information on US citizens without a search warrant or any showing of probable cause. The PATRIOT Act vastly expanded the domestic reach of the NSL program, which allows the FBI to compel disclosure of information from online companies and forbid recipients from disclosing they have received an NSL. The FBI has refused to detail publicly the kinds of private data it believes it can obtain with an NSL. A key sentence from the same story: "Merrill is now able to reveal that the FBI believes it can force online companies to turn over the following information simply by sending an NSL demanding it: an individual’s complete web browsing history; the IP addresses of everyone a person has corresponded with; and records of all online purchases." Reader Advocatus Diaboli adds this, from The Intercept: One of the most striking revelations, Merrill said during a press teleconference, was that the FBI was requesting detailed cell site location information — cellphone tracking records — under the heading of "radius log" information. Traditionally, radius log refers to a user's attempts to connect to a server or a DSL line — a sort of anachronism given the progress of technology. "The notion that the government can collect cellphone location information — to turn your cellphone into a tracking device, just by signing a letter — is extremely troubling," Merrill said.

theodp writes: The Intercept's Michael Massing takes a look at "How the Gates Foundation Reflects the Good and the Bad of 'Hacker Philanthropy." He writes, "Despite its impact, few book-length assessments of the foundation's work have appeared. Now Linsey McGoey, a sociologist at the University of Essex, is seeking to fill the gap. 'Just how efficient is Gates's philanthropic spending?' she asks in No Such Thing as a Free Gift. 'Are the billions he has spent on U.S. primary and secondary schools improving education outcomes? Are global health grants directed at the largest health killers? Is the Gates Foundation improving access to affordable medicines, or are patent rights taking priority over human rights?' As the title of her book suggests, McGoey answers all of these questions in the negative. The good the foundation has done, she believes, is far outweighed by the harm." Massing adds, "Bill and Melinda Gates answer to no electorate, board, or shareholders; they are accountable mainly to themselves. What's more, the many millions of dollars the foundation has bestowed on nonprofits and news organizations has led to a natural reluctance on their part to criticize it. There's even a name for it: the 'Bill Chill' effect."

HughPickens.com writes: Murtaza Hussain writes at The Intercept that although it remains in use at sensitive security areas throughout the world, the ADE 651 is a complete fraud and the ADE-651's manufacturer sold it with the full knowledge that it was useless at detecting explosives. There are no batteries in the unit and it consists of a swivelling aerial mounted to a hinge on a hand-grip. The device contains nothing but the type of anti-theft tag used to prevent stealing in high street stores and critics have likened it to a glorified dowsing rod.

The story of how the ADE 651 came into use involves the 2003 U.S. invasion of Iraq. At the height of the conflict, as the new Iraqi government battled a wave of deadly car bombings, it purchased more than 7,000 ADE 651 units worth tens of millions of dollars in a desperate effort to stop the attacks. Not only did the units not help, the device actually heightened the bloodshed by creating "a false sense of security" that contributed to the deaths of hundreds of Iraqi civilians. A BBC investigation led to a subsequent export ban on the devices.

The device is once again back in the news as it was reportedly used for security screening at hotels in the Egyptian resort city of Sharm el-Sheikh where a Russian airliner that took off from that city's airport was recently destroyed in a likely bombing attack by the militant Islamic State group. Speaking to The Independent about the hotel screening, the U.K. Foreign Office stated it would "continue to raise concerns" over the use of the ADE 651. James McCormick, the man responsible for the manufacture and sale of the ADE 651, received a 10-year prison sentence for his part in manufacture of the devices, sold to Iraq for $40,000 each. An employee of McCormick who later became a whistleblower said that after becoming concerned and questioning McCormick about the device, McCormick told him the ADE 651 "does exactly what it's designed to. It makes money."

AmiMoJo writes: In a long interview about reclaiming your privacy online, ex-NSA whistleblower Edward Snowden states that it's not just a good idea to use ad blocking software, it's your duty: "Everybody should be running adblock software, if only from a safety perspective. We've seen internet providers like Comcast, AT&T, or whoever it is, insert their own ads into your plaintext http connections. As long as service providers are serving ads with active content that require the use of JavaScript to display, that have some kind of active content like Flash embedded in it, anything that can be a vector for attack in your web browser — you should be actively trying to block these. Because if the service provider is not working to protect the sanctity of the relationship between reader and publisher, you have not just a right but a duty to take every effort to protect yourself in response." Other recommendations include encrypting your hard drive and using Tor to keep your internet use private.

Advocatus Diaboli writes with this excerpt from The Intercept: An enormous cache of phone records obtained by The Intercept reveals a major breach of security at Securus Technologies, a leading provider of phone services inside the nation's prisons and jails. The materials — leaked via SecureDrop by an anonymous hacker who believes that Securus is violating the constitutional rights of inmates — comprise over 70 million records of phone calls, placed by prisoners to at least 37 states, in addition to links to downloadable recordings of the calls. The calls span a nearly two-and-a-half year period, beginning in December 2011 and ending in the spring of 2014."

"Particularly notable within the vast trove of phone records are what appear to be at least 14,000 recorded conversations between inmates and attorneys, a strong indication that at least some of the recordings are likely confidential and privileged legal communications — calls that never should have been recorded in the first place. The recording of legally protected attorney-client communications — and the storage of those recordings — potentially offends constitutional protections, including the right to effective assistance of counsel and of access to the courts.

An anonymous reader writes: Avast, a security and antivirus company based in Prague, says they refuse to share their source code, and that the U.S. government hasn't even asked them. This is not necessarily the case for the rest of the industry. Over the summer we learned from a report at The Intercept that GCHQ and the NSA had a project to subvert security software so they could use vulnerabilities and exploits to their own advantage. Antivirus firms McAfee and Symantec were notably absent from the list of targets, and Symantec later confirmed over email that they "permitted source code review in controlled environments to meet government requirements." In addition to raising questions about whether a security product can be trusted under such circumstances, it also causes political problems: "Giving assurances to one country, and receiving government certification, can harm a security company in another. China, a known cyber-adversary of the US, accused Symantec last year of including backdoors that could allow outside access -- though it did not specifically say how -- and banned the product from the country."

An anonymous reader writes: A little over two years ago, Edward Snowden leaked a giant batch of NSA documents. Chelsea Manning handed Wikileaks a pile of government secrets in 2010, and now another source has leaked an equally impressive cache of papers focusing on Obama's drone program. The Intercept published the documents covering the U.S.'s use of drones to kill targets. Perhaps most eye-opening is the disclosure that as much as 90% of attacks over a five-month period hit the wrong targets. According to The Intercept: "When the Obama administration has discussed drone strikes publicly, it has offered assurances that such operations are a more precise alternative to boots on the ground and are authorized only when an 'imminent' threat is present and there is 'near certainty' that the intended target will be eliminated. Those terms, however, appear to have been bluntly redefined to bear almost no resemblance to their commonly understood meanings."

Advocatus Diaboli writes with this story at The Intercept about how little encryption slows down law enforcement despite claims to the contrary. To hear FBI Director James Comey tell it, strong encryption stops law enforcement dead in its tracks by letting terrorists, kidnappers and rapists communicate in complete secrecy. But that's just not true. In the rare cases in which an investigation may initially appear to be blocked by encryption — and so far, the FBI has yet to identify a single one — the government has a Plan B: it's called hacking.

Hacking — just like kicking down a door and looking through someone's stuff — is a perfectly legal tactic for law enforcement officers, provided they have a warrant. And law enforcement officials have, over the years, learned many ways to install viruses, Trojan horses, and other forms of malicious code onto suspects' devices. Doing so gives them the same access the suspects have to communications — before they've been encrypted, or after they've been unencrypted.

An anonymous reader writes with Ars Technica's story on the relevations reported today by The Intercept that the UK's GCHQ has been tracking World Wide Web users since 2007, with an operation called "Karma Police" -- "a program that tracked Web browsing habits of people around the globe in what the agency itself billed as the 'world's biggest' Internet data-mining operation, intended to eventually track 'every visible user on the Internet.'"