Slashdot Mirror
Is 'Promis' Software Spying On Canadian Spies?
Legolas-Greenleaf writes: "The Royal Canadian Mounted Police are currently conducting an investigation into a software package called 'Promis,' used by the government, that allegedly contains a backdoor. According to Inslaw Inc. (original makers of Promis), the American and Israeli intelligence services pirated this software package, and resold a hacked version allowing them access. This software is possibly running in some of the RCMP's databases. The Canadian newspaper The Globe and Mail has a story on it here, and CNN has a story on it here." The whole thing reads a bit like a Monty Python sketch: a months-long investigation based on sketchy allegations from 1993, claiming some very interesting just-among-pals bureaucratic copyright violations. Hmmm. A handful of Canadian quarters says it's not an open-source product.
Back when Wired was an interesting magazine (or at least had the potential to be one :) they reported on this in their very first issue....
http://www.wired.com/wired/arch ive/1.01/inslaw.html
deus does not exist but if he does
America... Spying...
NO!!!
That'd NEVER happen!
I mean they tried to stop high bit encryption BECAUSE THEY COULD NOT CRACK IT!!
What if the Canadians had evil terrorists that were planning...
ooo, Aren't you glad that America was watching??
This would not surprise me (in light of recent happenings) and really, I think it's a great invasion of privacy...
But then again, I'll wait for it to be proven.
- There is no work, there is no work...
- Damn, it worked for Neo!
-
Source code for some major business applications is available, but of course for a scheme like this an attacker would choose one for which source code was not available, or for which it was not easily available (such as having a large additional fee). Or the tampered binary might be distributed and would only be effective until a recompile was done -- assuming an uncontaminated compiler.
Then there's the problem of how this rumored information would be leaked outside a site without being detected by network staff.
In an partially related note, the amusing Canadian-invasion silliness Canadian Bacon is on the Comedy Central cable channel today.
Very true.
Assuming that the Carnivore code itself has been examined for security holes, how do we know that it hasn't been linked to a hacked library.
Also, I imaging that you could modifiy gcc or any other compiler or interpreter to add certain back-doors to code as it is interpreted or compiled.
Come test your mettle in the world of Alter Aeon!
This story sounds very fishy. There are just too many oddities:
Come on...
Don't they have firewalls and/or IDS at the RCMP?
:)
No matter where you get your software, be it open source or not, you should take basic security measures (even in Cananda
And, of course, they wanted access to their internal data to make sure that what was released in accordance with agreements actually matched what they knew.
I can understand why countries do this to their allies, there are entire cadres of spies from their allies that every country tolerates because they understand everybody needs to doublecheck these sorts of things. The list of countries that have died from the double dealings of their allies is long and goes back to the dawn of time.
DB
This reminds me of a quote I saw somewhere: "Peace - In international politics, a period of lying and cheating between periods of fighting"
Here's CSIS' mandate:
http://www.csis-scrs.gc.ca/eng/ backgrnd/back1e.html
the reason why the USA and Isreal would be interested in it is because the CSIS database would contain info about the possible whereabouts of US Criminals in Canada, etc., etc.
They would also have access to extradition hearings and things of the sort, which I believe (IANAL) is a violation of Internation Law.
Here's another story on the topic that should be interesting for all you conspiracy theorists.
Canada will soon take over the world!!!
"On the Internet, everyone is an equal until they prove themselves to be a moron." - Emmanuel Goldstein
I object to that statement. Although there are many similarities between Canada and the U.S., Canada is NOT an extension of the U.S.. We are quite a seperate nation. We maintain good terms, trading deals and such but we are not just another state in all but name.
With that off of my chest. One question, how come it's alright for governments to pirate software but not individuals?? I really need my own government.
--- I used to moderate, then I read the -1 articles and decided having to filter through them was not worth it.
according to the various news stories, CSIS did an audit of their systems years ago, and found they were not running said product in question.
-legolas
i've looked at love from both sides now. from win and lose, and still somehow...
-legolas
i've looked at love from both sides now. from win and lose, and still somehow...
http:// www.uk.emb.gov.au/BRITISH_GOVERNMENT/biographies/p rescott_detail.htm
and this, but I don't think it's related:
http://www.ukacts.com/act/z/john-prescott.h tm
Anyway it sounds like this Rt Hon John Prescott is an MP and involved with transportation and is probably a right honorable fuckup, if he's like any politician in God's Own Land.
"The Canadian Security Intelligence Service said outsiders were particularly interested in aerospace, biotechnology,chemicals, communications, information technology, mining and metallurgy, nuclear energy, oil and gas, and the environment." -- They're not interested in hockey? Then what are we afraid of?
-- Sig? Filthy habit.
Regardless of what you might think, every country has it's secrets.
Sure, the US likes to show it's power.. but there are LOTS of things the US military (and government) is up to that NOBODY knows about.
And the same can be said for Canada. We're smaller, so we have to be smarter.
I know I'm just being paranoid (hey North Dakota could invade and win) and I know Open Source et al. with many eyes are supposed to spot problems but with this and PGP just how safe are our repositories of programs?
Hey don't get any funny ideas you Bisons... Oh Canada ah something something er was that in french?
Si vis pacem, para bellum! For evil to succeed good men need only do nothing!
(The irony of this joke is that until rather recently the RCMP had an active program to root out closeted homosexuals in their ranks. They used a "Fruit Machine" that measured skin galvanic response to gay porn images! I kid you not.)
Freedom: "I won't!"
Ok, this story seems quite bogus, but still it would not surprise me at all to see huge flaws in CSIS. They are The World's Least Competent Spy Agency. Seriously, you could probably steal their secrets by hanging around Ottawa and looking for dropped documents bearing their name. No computer espionage necessary. On the other hand, using software without source available for very sensitive purposes sounds rather stupid. If I was running a security agency (paid to paranoid), I'd want my own team to review everything. I'd use either software developed in house, or only the most proven secure solutions available (OpenBSD comes to mind, and nothing else, although I wouldn't be terribly surprised if big three letter agencies have roto-rooters that can roll over it just as quickly as they can over a Linux or NT box). But there goes CSIS. Blecch. They are an embarassment to Canada. I bet they exchange data by anonymous ftp. Oh well. It does beat living in certain other countries that have secret services that take themselves way too seriously.
If you are modding me down because you disagree with me, use the "Flamebait" category, not the "Troll" one.
A Dick and a Bush .. You know somebody's gonna get screwed.
War is necrophilia.
What about other software? Say the operating system market, what if a particular (closed source) operating system that many large and small businesses use had a back door in it? What if company A wanted trade secrets from company B and company B uses this product with a back door, but the back door is unknown until company A pays big bucks to a very rich software company to reveal the secret. Company A could even be the government for that matter.
I'm not suggesting that these back doors exist, but who knows, we already have found one back door that Microsoft has created. Who's to say they haven't created others? The same applies to all other software vendors too.
I would hope that software that will be used to store sensitive data would release the source for review by the perspective buyer. If they refused then would you really want to use the product anyways? What does the software company have to hide? Just as the subject says, "Trust us...we're the government!"
We spy on you. You spy on us. "They" spy on both of us. More importantly we also share a huge amount of information. China wants nuclear secrets. Who says the US has to be the only one using the so-called backdoor?
Of course, its the RCMP. Nuff said.
Yes, they could have just asked for it. :-P
Keep in mind that this is a government whose agents smash in unlocked doors when conducting a raid. Asking for and getting a tape with the stuff for free would be no fun whatsoever. It also doesn't employ the dozens or hundreds of people that doing it the hard way does.
"If I have seen further than other men, it is by stepping on their glasses." - Michael Swaine
Yeh, fishy, yet why is it showing up now anyway, huh? Moreover, what how much credibility do these functionaries have?
The Canadian account: A U.S. government independent counsel in 1993 found no credible evidence to support Inslaw's allegations. The counsel, retired judge Nicholas Bua, said the company relied on witnesses who had credibility problems, including a former computer expert who is serving a sentence on drug charges and an Israeli who changed his story. (CNN omits this.)
Yeh, this is one of those cases where a lot folks wound-up sleeping with the fishes and surprise, a lot of other folks decided to change their story (so as to not sleep with the fishs? Nah..)
A site quoted earlier with extensive details on the case has a veneer of credibility, until it starts to fold in the CIA, contras, Jimmy Hoffa, murders of native Americans, ex-green berets, etc. Pins the wack-o-meter.
But in what way does mentioning "CIA, contras, Jimmy Hoffa, murders of native Americans, ex-green berets..." discredit them? Three or four of these conspiracies were documented by the mainstream media. Oliver North copped to a bunch and Hoffa hasn't been found. Does a simple interest in documented conspiracies prove someone has no credibility?
Moreover, there are a lot conspiracy theories out there, yes? Some folks collect all, some folks collect the most credible. None of this really say much about the actual credibility of the events. This "guilt by association" has the quality of fog discrediting without slightest need for facts or arguments.
Most everything seems to stem from statements by one guy, a Michael J.Riconoscuito (the one with drug charges). If you think he's a nut, as the independent counsel did, then we can all move along.
No, he's just the only survivor. And guess who what authority prosecuted him for the "drug charges"?
Complex software shouldn't be that easy to pirate and ..
Well who knows, in sense it's nice to get daylight on the topic since credible evidence seems to show numerous folks lost their lives or were ruined over this. Spy Magazine and Covert Action Quarterly were the most credible sources supporting the general allegacions.
Since it's a "spooky" affair, exactly what-all happened is going to be hidden, duh. Just remember, the world of government mainframes moves much, MUCH more slowly than the PC world. It took social security ten years to fix their Y2K problems.
Jeez! Did you go out of your way to mispell "Canadiennes". Even francophones don't spell Canadians like that.
shut the fuck up. you're talking like OSS will save the world.
This story was very interesting. Actually a book in french called "L'Oeil de Washington" was written about this. Ouffff!!! after reading this book, Echelon seems to be a pussycat against PROMIS ;-))). Something really interesting, it seems the Lockerbie jet case is beginning now, and it seems that some US and Israeli spy agents involved in the PROMIS affair were inside the plane... strange no ?
Also, as said in the book, Robert Maxwell was involved in the affair. Officially, it disapeard somewhere in the ocean...But actually, it seems it was murdered because he knew the truth about PROMIS.
For some of them who ask why CANADIANS ? well first why not ? and second not only canada was the victim of PROMIS, but Also Nicaragua, URSS, ... well a lot of countries.
If you are french, read the book, I don't know if there is an english version.
Also for more information do a search on altavista with the key word inslaw
Didn't KPMG (Peat Marwick) market Promis once upon a time?
If your children ever found out how lame you are, they'd murder you in your sleep
Before 1996 two german journalists who specialized in security and espionage news and investigative journalism wrote a book on PROMIS. After reading it I believe the story. The journalists also did a book on the Clifford Stoll case, viewed from a german perspective.
Book details: Egmont R. Koch, Jochen Sperber: Die Datenmafia. Computerspionage und neue Informationskartelle. Rowohl TB 1996. ISBN 3449602474. DM 16,90.
Canada has long been known a harbour to some of the most infamous nazi's from wwii.. the RCMP has gathered more than enough info on many of them, yet the gears aren't turning.. maybe Isreal can use this info, to what extent I could only speculate.
That's easy it is all going to Shawinigin (sp?) Quebec!!
For those out of the know Shawinigin is where the Prime Minister is from. So far he has moved where our tax forms go there, spent $20M on a conference center, built a golf course etc etc.
As long as they don't bomb the Baldwins, I think we're ok.
- I'm full of tinier men!
Translation: Even in-house homebrew should ALWAYS!!! be checked by several pairs of trusted and trustable eyeballs... and it should be OPEN SOURCE!!
;^}
If the drek ain't open to a government agency which DEPENDS on security.. what kind of MORONS run the joint?
Us geeks and hackers.. At least the ones WITHOUT criminal records should talk to various national security orgs and get cushy Unix admin jobs. (And maybe a peek at who killed JFK...?
Or at least code.
I used to be someone else. Now I'm someone better.
Real life is underrated.
You would have thought that for this type of system, the government could have demanded the software as source. They aren't exactly going to break an NDA. Proprietry isn't a problem. Its the black box nature that is.
If you dont believe in binaries, the how the hell are you posting?
unless you're running some interpreted version of lynx off of a basic that you toggled in by hand onto your altair, you're USING binaries.
First of all, I give Timothy credit for mentioning that these claims are a bit iffy, but I think he understates how shaky this story is. Maybe there are more facts available than are offered in these stories (links, anyone?) but what's here doesn't look too compelling.
From the Globe and Mail:
The allegations are not new. They were investigated and dismissed nine years ago by the Canadian Security Intelligence Service..
and
A U.S. government independent counsel in 1993 found no credible evidence to support Inslaw's allegations. The counsel, retired judge Nicholas Bua, said the company relied on witnesses who had credibility problems, including a former computer expert who is serving a sentence on drug charges and an Israeli who changed his story.
And neither article mentions any shred of evidence that the allegation is true. And, at least as the stories present it, it doesn't even make sense. US and Israeli agencies sell this to other intelligence agencies. Accomplishing what? Or is the idea that governments were unknowingly buying the modified version?
-----------
What I'm listening to now on Pandora...
you don't seriously mean to suggest that the US might be spying on it's neighbors do you?
i'm not surprised the US is doing it...i'm surprised they appear to have gotten caught. Remember, in political circles...spying is just considered a cost of friendship. We're spying on all our allies, and they're all spying on us.
FluX
After 16 years, MTV has finally completed its deevolution into the shiny things network
"It is seldom that liberty of any kind is lost all at once." -David Hume
I suppose that in a way we are responsible, having invented the computer in the first place.
Agreed that they should have had the source - indeed I'd say they were incompetent in not getting it, to check for things just like this.
But, if you mean Open-Source as in available for _anyone_ then I'm not convinced that would be a good idea at all, for the simple reason that not many people (other than other governments) would be interested in it. Any flaws found would not be reported (and fixed) simply because the people that found the flaws would take advantage of them for spying purposes. In this case Open-Source would be a liability, not an aid.
This case isn't so much about the benefits of OS (sorry to all the zealots) as it is about the perils of incompetence and corruption.
As a proud american, I would say that bombing the Baldwins would work the american people up into a collective . . [sigh].
This Toronto Star article from today reveals a bit more about the whole thing.
It turns out that the US government might have actually just pirated the code from a guy down there, and added the backdoors before selling it to the CSIS.. does this surprize ANY of you?
Oh, come on. The Canadian dollar may have gotten dinged a bit arround the edges, but each Canadian quarter would have reliably given its 0.02 cents wort 1250 times, at least in Canada.
Catch me on the street and I'd give you a US paper doller for a looney, somehow I haven't seen one yet.
And I do know how to spell ferrite. Just not reliably.
Sure open source works, there's probably a lot more working open source software out there then you realize. And it sounds to me like this isn't really open source, or not intended to be open source. There's also a lot of "closed source" programs that don't work like they should. *cough cough* Micro *cough cough* soft *cough cough*.. Hmm.. seems that I'm allergic to something.
--- I used to moderate, then I read the -1 articles and decided having to filter through them was not worth it.
I'm posting this under the guise of actually believing the story (I actually think it's a load of hooey).
"Makes you wonder what kind of "back-doors" may have been build into Carnivore, and who in our government has access to them. "
Also makes you wonder what OTHER governments might have access to Carnivore. Having such monitoring devices doesn't just put people at risk from mean people in our Gov, but also mean people in other Govs who might manage to access the equipment too.
But let's just forget the fact that the US has more tanks in ONE military base than we have full-time military personel :)
--- I used to moderate, then I read the -1 articles and decided having to filter through them was not worth it.
The loonie isn't too spectacular, the twonie ($2) is pretty cool though. We'll have $5 coins coming out pretty soon too from what I hear.
For everyday people I would note that is a hard thing to do, I doubt there's anyone out there who's read all the source of all the software they've run.
Having said that. I still agree. Especially when your an intelligence service. It doesn't necessarily have to be open source, but if they're buying software that will use sensitive data and such I would defiantly ask for the source and have a good look at it. Even more so if I'm buying it from a company in another country.
Examination of the Promis source code reveals:
seineew era seitnuom naidanaC
Really? All the ones around here do. The only things that don't are payphones and meters, and I don't really want to stick a $2 into either of those anyhow...
Intolerant people should be shot.
If the conspiracy buffs want to have fun then ask the better question of access. Does the US or Israel have a mole within the RCMP with physical access to the classified computer? My name is Joe and I got root! I don't know what kind of network crypto is used in Canada. Is it American or Israeli technology? If so, then this might mean that there is a back-door in the crypto-boxes. This would be more "interesting" than a back-door in some data-base package. Then again it wouldn't be too hard to intercept and break Canadian secure transmissions since all their sentences end with the word, "eh".
Sorry for the cheap shot.:-) Canadians are okay. I still remember that Canadian diplomats risked their own safety to get some American diplomats out of Iran twenty years ago.
A security guard, who linked the CIA with the execution style murder of one Indian and two other men who objected to the tribe's manufacturing of weapons, chemical and biological warfare devices and the conversion of INSLAW''s sensitive software, fled to Sonoma and Lake counties right after the murders. The security guard's secret hiding places were sanctioned by the Riverside County District Attorney's Office and the state Department of Justice. The security guard testified in a video-taped interview about the murders and named names. The video-taping was taken by the Riverside County District Attorney's Office after a Cabazon Indian and his two companions were found slain. The security guard's testimony to the DA's Office revealed that he was the bag man who carried $10,000 from the Indian Reservation in Indio to the top of an aerial tram in Palm Springs. The $10,000 was "hit" money. According to the testimony, several ex-Green Berets, then employed as firemen in the City of Chicago, executed the three Indians.
(Anyone else ever been to the Cabazon reservation? That chemical and biological weapons facility must either be in the basement of the outlet mall or hidden behind a Joshua tree.)
Nichols, who has been linked to Jimmy Hoffa and assassination attempts of Fidel Castro and Salvador AllendZ, has strong Mafia ties. He has been convicted of soliciting murder.
Riconoscuito told the Grand Jury that with the equipment he could produce information about various operations which developed extremely sensitive military applications from highly advanced technology, such as:
-----------
What I'm listening to now on Pandora...
-legolas
i've looked at love from both sides now. from win and lose, and still somehow...
Yeah, the US and Israel are stealing Canadian military secrets.
Soon, American tanks will be replaced by 50-ton armored horses with laser eyes and the ability to break the sound barrier...
Israel will fill their already-strong air force with autonomous Pegasi, equipped with heavy machine guns and manure bombs...
The Palestinians better not mess with themanymore.
Fsck this hard drive! Although it probably won't work...
foo = bar/*myPtr;
Check out Project Upper/Mute, an all-around awesome compiler fra
It's obvious, isn't it? The US is gathering intelligence on Canada's planned invasion. Blame Canada
Searching for "Promis" yields US Congress Report on INSLAW Case
The mentioned article on Apple's FTP site doesn't appear to be there anymore, but doing an FTP search on lycos revealed that there's a lot of INSLAW stuff at the Electronic Frontier Foundation. You can repeat the search yourself with this link.
While you're there, why don't you stop in and Join the EFF? It will only take you a few minutes, cost a few bucks (you can give what you're comfortable with) and it will help with the DVD case as well as bringing justice to bear on the folks that stole and hacked the Promis code.
-- Could you use my software consulting serv
According to that article, there were no "just among us pals" copyright violations in the sense of sharing copyrighted works. The allegation is that the trojan-horsed version was "pedalled", by which I think they mean "sold"... otherwise, if the Canadiennes were downloading warez... what do they expect?
I've been hearing this story for 10 years. Parts of it have never made sense. But it doesn't go away. But then again, the Area 51 story is complete hooey and it doesn't go away, either.
Bruce
Bruce Perens.
Maybe the US trying to steal secrets like the Weapons-X project. The US could then build a whole army of Wolverines.
Yes yes, I know I have seen X-men one too many times.
They won the orginal case, and an appeal, but the case was later thrown out because of a technicality.
LOTS of details on the case:
http://www.sonic.net/sentinel/gvcon7.html
- Isaac =)
Yes, we do.
However, if you permit your government to do secret things, then by their nature, those very things must be kept secret from you as well. IT's a catch 22.
We could always rule that the government is forbidden from having anything that's 'top secret', and that any citizen is allowed to know anything the government is doing.. but would that really work?
Check what you're running, top secret intelligent dudes.
Just a lesson to be learned.
(With credit and apolgies to the /.'er who I stole the title from.)
Hmmm...
Our government writes a software package with a built-in security flaw and sees that it is deployed within the Canadian government. In spite of this, we should trust them when they want to deploy a software package within our borders?
Makes you wonder what kind of "back-doors" may have been build into Carnivore, and who in our government has access to them.
Come test your mettle in the world of Alter Aeon!
Wasn't M$ recently accused of co-operating with Echelon by putting back-doors in their software? Oh - sorry - Echelon doesn't exist. That was just a bad dream...
A handful of Canadian quarters says it's not an open-source product.
Were these Canadian quarters a reliable source?
AirSupply: go ahead, cut me off.
This seems a little much just to get data from RCMP databases.
:-P
They could have saved themselves a lot of time and effort had they realized that the RCMP provides this information on request.
Yes, they could have just asked for it.
---
Where can the word be found, where can the word resound? Not here, there is not enough silence.
"Where shall the word be found, where will the word resound? Not here, there is not enough silence." -T.S. Eliot
If it looks like a duck, and quacks like a duck...
Seriously - if this software was pirated, altered and deployed at strategic sites, was it orchestrated by the US Justice Department, or are we staring Echelon in the face?
They might find out Canadian military secrets, like how our submarines can go underwater!
----
Oh my god, Bear is driving! How can this be?
ADVENTURERS! - ANTIHERO FOR HIRE - CARDMASTER CONFLICT
To be perfectly honest it really surprises me that any organisation that needs to be 100% sure of security would use proprietry software. I realise defense budgets are stretched, but surely shouldn't they have a team of people either coding their own systems or evaluating free ones?
This should provide a good rebutal to the silly 'I wouldn't want to run an operating system where just anyone can edit the source!' comment that was made last week.
Blaming GW Bush for the Iraq war is like blaming Ronald McDonald for the poor quality of food.
Why are Isreal and the US so interested in Canada?
Is Canada planning on invading Isreal?
Does Canada pose a threat to the US of A?
Will this affect the supply of Canada Dry in the US?
- I'm full of tinier men!
Seeing Inslaw mentioned sends shivers up my spine and reminds me of my conspiracy buff days. Inslaw a part of The Octopus and tied up with all manner of cloak and dagger stuff.
come for the naked robots, stay for the zombies