Slashdot Mirror
Autocratic Governments Can Now 'Buy Their Own NSA' (wired.com)
Citizen Lab has been studying information controls since 2001, and this week their director -- a Toronto political science professor -- revealed how governments (including Ethiopia's) are using powerful commercial spyware. Slashdot reader mspohr shared their report:
We monitored the command and control servers used in the campaign and in doing so discovered a public log file that the operators mistakenly left open... We were also able to identify the IP addresses of those who were targeted and successfully infected: a group that includes journalists, a lawyer, activists, and academics... Many of the countries in which the targets live -- the United States, Canada, and Germany, among others -- have strict wiretapping laws that make it illegal to eavesdrop without a warrant... Our team reverse-engineered the malware used in this instance, and over time this allowed us to positively identify the company whose spyware was being employed by Ethiopia: Cyberbit Solutions, a subsidiary of the Israel-based homeland security company Elbit Systems. Notably, Cyberbit is the fourth company we have identified, alongside Hacking Team, Finfisher, and NSO Group, whose products and services have been abused by autocratic regimes to target dissidents, journalists, and others...
Remarkably, by analyzing the command and control servers of the cyber espionage campaign, we were also able to monitor Cyberbit employees as they traveled the world with infected laptops that checked in to those servers, apparently demonstrating Cyberbit's products to prospective clients. Those clients include the Royal Thai Army, Uzbekistan's National Security Service, Zambia's Financial Intelligence Centre, and the Philippine president's Malacañang Palace. Outlining the human rights abuses associated with those government entities would fill volumes.... Governments like Ethiopia no longer depend on their own in-country advanced computer science, engineering, and mathematical capacity in order to build a globe-spanning cyber espionage operation. They can simply buy it off the shelf from a company like Cyberbit. Thanks to companies like these, an autocrat whose country has poor national infrastructure but whose regime has billions of dollars, can order up their own NSA. To wit: Elbit Systems, the parent company of Cyberbit, says it has a backlog of orders valuing $7 billion.
Reached for comment, Cyberbit said they were not responsible with what others do with their software, arguing that "governmental authorities and law enforcement agencies are responsible to ensure that they are legally authorized to use the products in their jurisdictions."
Remarkably, by analyzing the command and control servers of the cyber espionage campaign, we were also able to monitor Cyberbit employees as they traveled the world with infected laptops that checked in to those servers, apparently demonstrating Cyberbit's products to prospective clients. Those clients include the Royal Thai Army, Uzbekistan's National Security Service, Zambia's Financial Intelligence Centre, and the Philippine president's Malacañang Palace. Outlining the human rights abuses associated with those government entities would fill volumes.... Governments like Ethiopia no longer depend on their own in-country advanced computer science, engineering, and mathematical capacity in order to build a globe-spanning cyber espionage operation. They can simply buy it off the shelf from a company like Cyberbit. Thanks to companies like these, an autocrat whose country has poor national infrastructure but whose regime has billions of dollars, can order up their own NSA. To wit: Elbit Systems, the parent company of Cyberbit, says it has a backlog of orders valuing $7 billion.
Reached for comment, Cyberbit said they were not responsible with what others do with their software, arguing that "governmental authorities and law enforcement agencies are responsible to ensure that they are legally authorized to use the products in their jurisdictions."
With Blackjack! And Hookers!
#DeleteChrome
All this spying prowess of NSA and CIA, all this money they can print, all this "world's greatest" military they possess, and they still get beaten by Putin's 100k worth of rubles he spent on Facebook/Twitter ads to swing the election.
HAHAHAHAHA
called intelligence sharing. They added a price on it. So what ?
How many more reasons are required to get rid of it.
My ism, it's full of beliefs.
-1 OFFTOPIC
In Capitalist West business sector malware collects on you.
In Capitalist East NGO puts sanctions on you.
Domestic spying is now "Benign Information Gathering"
Uh huh.
My hat has feathers and fruit and is fabulous.
You are welcome on my lawn.
Why do you bastards continue to censor my posts about banning bump stocks? Moderation IS censorship. We can't have real security if we don't ban bump stocks.
APK
P.S.=> The parent is a fake APK... apk
I think you mean that your hat has feathers and it helps everyone see that you're a fruit.
This story broke just a few days ago.
http://www.theblaze.com/news/2...
https://www.salon.com/2017/12/...
Autocrats gonna be autocrats.
You are welcome on my lawn.
The authors must be time travelers from the last century. It is rare to find this kind of true reporting today. Let's hope there are no accidents in their futures.
Add these to your custom hosts file as shown for blocking their communications, crippling them:
0.0.0.0 www.eastafro.net
0.0.0.0 eastafro.net
0.0.0.0 getadobeplayer.com
0.0.0.0 diretube.co.uk
0.0.0.0 meskereme.net
0.0.0.0 time-local.com
0.0.0.0 time-local.net
0.0.0.0 pssts1.nozonenet.com
0.0.0.0 nozonenet.com
0.0.0.0 cyberbit.com
0.0.0.0 cyberbit.net
0.0.0.0 pupki.co
0.0.0.0 signalschool.net
0.0.0.0 rdhotel.uz
0.0.0.0 fic.gov.zm
0.0.0.0 gov.zm
0.0.0.0 malacanang.gov.ph
0.0.0.0 gov.ph
0.0.0.0 kazimpex.kz
0.0.0.0 mcmr.kz
0.0.0.0 villepinte2017.dynu.net
0.0.0.0 dynu.net
0.0.0.0 pnv.vipnetwork.fr
0.0.0.0 ipnetwork.fr
0.0.0.0 flashpoint-ip.com
0.0.0.0 cd-media4u.com
0.0.0.0 thewhistleblowers.org
* Even IF You had them infecting you? They'd now be CRIPPLED unable to "talk back to mama"...
(... & that's the BEAUTY of hostsfiles, a NATIVE SOLUTION operating in kernelmode speed & efficiency using what you already have to do the job!)
APK
P.S.=> SOURCE -> https://citizenlab.ca/2017/12/champing-cyberbit-ethiopian-dissidents-targeted-commercial-spyware/ ... apk
The countries with real hackers are going to piggyback on your system and if need be, use it against you. However, there are some great DIY freedom oppression kits on the market.
Anons need not reply. Questions end with a question mark.
TFA says:
The emails were specifically designed to entice each individual to click a malicious link. Had the targets done so, their internet connections would have been hijacked and surreptitiously directed to servers laden with malware designed by a surveillance company in Israel
Invariably, these things are due to running javascript by default which exposes a HUGE, HUGE attack surface. That is the underlying vulnerability so close to 100% of these things as not to matter.
Anyone running javascript by default in 2017 is a fool. You NEED to shit it off to be secure on today's web. Not only from things like this, but simple commercial surveillance and random ad-injected malware.
Impersonating me again for the 10th time this week alone for Pete's sake? Stop. I post useful info. https://yro.slashdot.org/comments.pl?sid=11461559&cid=55708709/ to block THIS SPECIFIC set of threats from the source article & FAR MORE via my program (that gets blocking hosts file data vs. millions of MORE like this threat or worse) https://yro.slashdot.org/comments.pl?sid=11461559&cid=55708661/ - so WHY are you attempting to INTERFERE with that?
APK
P.S.=> Stop being a useless childish moron, ok? Thank-you... apk
Many of the countries in which the targets live -- the United States, Canada, and Germany, among others -- have strict wiretapping laws that make it illegal to eavesdrop without a warrant
Why would other countries care about United States, Canada, and Germany, among others -- strict wiretapping laws?
It's not like those countries are going to respect say Ethiopia's domestic laws when they hack into their country.
That was a typo, I meant "shut it off", but the perhaps "shit it off" is even better.
Point is you do not merely "get malware" by visiting a link. You get it by visiting a link and letting that site run javascript on your box by default, with no consideration at all to safety.
I and a few of those I know are some of few people who don't routinely make some of the poorest decisions when it comes to computing. I'm blown away by how lax and stupid the masses are. I'm far from perfect, but when you are installing *random* software on your computer willy nilly and all that and then draw in poor excuses like "well, I have to for work", when your a lawyer and the government says to interact with them you have to have this proprietary piece of software. No, no, no. Your literally handing over control of your devices to OTHER adversaries.
I'm just amazed. Or how about the hundreds if not thousands of people who have been scammed because of stupid choices they made about what software to install. You know the type. Ransomware.
Or the thousands of people who've been screwed over who have, utilize, or mine crypto currency.
How stupid do you get? I mean these people are installing random ass software to make money which ultimately turn out to be scams (not all, but some). I'm reminded of a friend who today made a wise decision a few weeks back to move away from Microsoft Windows. Well, today he was trying to install this "One Click" app for mining some crypto currency. All I was thinking was yikes- bad idea while *pounding my head* and thinking how do you get across the point that its not wise to install every crypto currency tool under the sun. And I'm not anti-crypto. I take Bitcoin and have Dash and Bitcoin. I'm much more weary though and don't have any large amounts on my phone. I also run the core software and a full node on my desktop which is encrypted and all that and the security updates are all applied and up to date.
Look in the mirror. It's a struggle for me to survive. What's your excuse?
That's because they've passed so many stupid laws everyone is guilty of something and just want things to end one way or another already.
The Trump administration will put a stop to this! The party of pedophiles is known to be against any sort of wiretapping, even made up fantasy wire tapping!
God is voting for Roy Moore! So must you! Save the babies -- Roy Moore needs them in about 14 years!
Autocratic governments?
I'm trying real hard to think of a government that would NOT do such things. Maybe Norway? Is there any country where government officials are not far more wealthy than the citizens? Any country where government officials are not exempt from the laws that apply to citizens? Any country where government officials don't receive a lifetime income for their short term in power?
...omphaloskepsis often...
Blackjack and Hookers sold separately.
No, instead? I do it "MIB-STYLE":
"You're a rumor, recognizable only as deja vu and dismissed just as quickly. You don't exist. You were never even born. Anonymity is your name, silence your native tongue. You're no longer part of the System. You are above the System. Over it. Beyond it. We're "them". We're "they". We are the Men in Black"
(Agent K, so-to-speak!)
I don't operate inside the typical boundaries most do ("The Road Not Taken" & it HAS made ALL the difference per Frost (iirc)).
I also don't want to be like you "dreamchaser" by using a FAKE NAME for a FAKE LIFE is all - & I don't supply my "troll fanclub" w/ an easy means to TRACK ME (they do enough of that as is, but I swat them down w/ facts they can't overcome so it's actually something that works out in my favor).
* In fact, I call YOUR KIND "Registered 'LUSERS'", RoTfLmAo!
APK
P.S.=> Lastly - I'm no coward & I'm certainly no troll + NO WAY am I some "fake" (but you are, lol)... apk
"I'm going to continue using the Host File Engine. Your software is well written, functional. The Host File Engine performs exactly as promised" - by mmell on Thursday February 16, 2017
"I've never tried to belittle (APK's work), I've flat out said it's good" - by BronsCon on Thursday February 11, 2016
"his hosts program is actually pretty good" - by xenotransplant on Monday August 10, 2015
"his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources" by alexgieg on Friday September 25, 2015
"I like your host file system." - by Karmashock on Wednesday September 09, 2015 (#50489401)
"I do use APK's host file on all my systems at home" by OrangeTide on Friday December 01, 2017
"I personally use a HOSTS file blocker produced from a genius called APK. Ever heard of him?" by 110010001000 on Friday October 27, 2017
APK
P.S.=> "The road not taken" works for me (not you)... apk
For an NSA you will need a list of nations that can support your staging servers and collection sites.
Start with a 5 eyes and grow it to NATO size.
Make sure the nations are globally located to ensure world wide collect it all. Hide them for decades under UK/US names like Langeleben, Masirah Island, Mutlah Ridge, Silvermine, Two Boats, Windmill, Daniels Head. The media will never believe a whistleblower with names like that over the decades.
Collect it all globally and when interesting people are found 4 hops from other interesting people use the power of the
ANT catalog https://en.wikipedia.org/wiki/...
Shop for some COTTONMOUTH, DROPOUTJEEP. Go full quantum insert.
Problems with your global NSA style network.
People notice the UK/US base building and expansion. Water use, cooling , power, Room 641A https://en.wikipedia.org/wiki/....
Having private sector security guards run out and question people with a camera on public land in the area also draws internet attention to a sensitive site.
Ex mil who take up the first amendment audit hobby know who your contractors are and will tell the world about communications front companies.
Having to use the other domestic law enfacement "agencies" to provide domestic color of law when spying within the USA.
Too many people have to know and support global collect it all. Courts, telcos, contractors, lawyers, big brands, junk OS developers, tame AV brands, mil, federal investigators and police. Ex and former staff then tell their faith, cult, new boss, criminal groups, other governments for cash.
Problems like SISMI-Telecom scandal https://en.wikipedia.org/wiki/... , Greek wiretapping case 2004–05 https://en.wikipedia.org/wiki/...–05 start to happen as too many people have the trapdoor, back door to junk encryption.
The global collection network gets too big and is then discovered, access is sold to criminals, shared with faith groups.
People who really map and understand the "internet" start to find the security services once hidden staging servers and copy out all the gov/mil grade malware.
Too many contractors trying to keep too many secrets that still have to give full access to the US gov and mil in real time.
Having to tell political leaders success stories to get next years budget. Political leaders then tell the media of winning. Secrets get told and the media spreads the best collection methods to anyone who can follow the news.
Low pay for gov and mil workers. Contractors getting more pay. Criminals, cults and other nations walk in and help with cash payments and an understanding converstaion. Too many internal spies are created as too many people know too much and cant cover their living costs.
How to make a GCHQ.
Follow the US idea of global collection but put a lot more effort into the actual interesting people.
Dont tell your contractors, lawyers, courts, police, media of the results, methods, tools.
Pay your mil and select contractors really well. Dont let trusted staff talk to the media, human rights lawyers, courts.
No need to mention car, van, helicopter, aircraft tracking for any reason to anyone. The results of pushing malware into any cell phone.
Just pass the results onto a select few trusted mil and police units. Set up something within your own police like the Royal Ulster Constabulary Special Branch. Get them to work with the mil and social forces. Stay away from all other police, lawyers, courts. Act on results using the special forces and very select loyal police units only.
Such secrecy is now needed as telcos, courts, police, some in mil, gov, political parties, NGO, human rights groups are now flooded with people who have never had background investigations.
Domestic spying is now "Benign Information Gathering"
With security as lax as it is, the same people who might sell Lower Elbonia intel services in all likelihood, would be happy to sell the same info to Latveria. Even if they are honest, there is a good chance that the info scraped up can be stolen and resold to someone else. If the country is pro-US, the info gets handed to Wikileaks (where they only post stuff against US anyway, but will turn away anything from China, Russia, or countries with not so hot human rights records.)
Adobe Flash is mentioned about 10 times as an attack vector. Try reading the article.
My ism, it's full of beliefs.
Then I don't want to hear about how hungry they are. Let them starve.
Litlle passage in the Constitution about being secure in our persons and papers. The government needing a warrant, etc.
Little Mockingbird, the truth is false flag attacks are proposed when you are your own worst enemy. The successful ones are still secret.
You should study the history of Pearl Harbour to see how old this practice is and how long it has been used by the US.
It is illegal to tell someone, even a member of family, why someone has been arrested by a secret service. Strict liability applies and the sentence is 5 year jail. That's why there is no evidence and thats the reason why your statement is ignorantly idiotic.
... doesn't live in a full democracy? Or is it because 85% of humanity doesn't live in a full democracy that these systems are being sold?
http://www.atlantic-community....
See subject: I got threats on /. if I release my code they'd malicious EFast Google Chrome doppleganger it so no dice.
* Be cake too via Delphi X (does Linux & all majors) https://www.embarcadero.com/products/delphi/
All it would be @ THIS point (as Winsock2 vs. std. *NIX socket work is resolved ALREADY) is drive letters vs. mounted devices + Win32/64 API calls translated into Linux ones (or MacOS X) & path change to hosts too (all ez).
Results of its exported hosts file = excellent for more speed, security, reliability & anonymity online (even China imitated me http://www.theregister.co.uk/2017/04/26/boffins_supercharge_the_hosts_file_to_save_users_plagued_by_dns_outages/
HOWEVER: My program's EXPORTED hosts file DATA does work anywhere though!
APK
P.S.=> I could also use FreePascal & it's LAZARUS IDE (almost exact clone of earlier Delphi like around Delphi 2 iirc) & code compatibility is DAMN NEAR PERFECT w/ Delphi's Object Pascal too! apk
Said the crack dealer behind the middle school.
Of course the fake APKs are all virgins.
I'm afraid of the aristocracy. Those are different things. And while the aristocracy has better tools to keep the working class down so too has the working class gained it's own tools. Knowledge mostly. As people learn more and become more grounded in reason and a belief in science and cause/effect it becomes harder to manipulate them. China's experiencing this with a growing middle class. America is seeing it with a general mellowing out of our religious zealots. It'll continue to spread making it harder and harder for the aristocracy to use their old standbys for controlling the rabble (wedge issues and racism).
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Adobe has not said what they have done.
They COULD build a check routine outing any previously non-genuine version.
The AV vendors COULD write some extra checks. So far only google is getting tough with CA's who are not. As usual forged certificates figure big This is a reason to worry - if you use windows to manage your bitcoins.
Does any AV program have a slow scan for suspect signed certificates?
It's a free market. Don't like it, move somewhere else.
As many as Trump says he lost? Vs the actual number, zero.
Statistically, the TSA i posed delays have stolen more man hour's worth of life than the terrorists did.
However, per your troll bs? Sometimes?? I wish I was still a virgin (life would've been much less complex for me as a younger guy).
* NOT joking on that last part either...
(Signing off for tonite & checking out MIB I/II/III for the hell of it per https://yro.slashdot.org/comments.pl?sid=11461559&cid=55708831/ & my 'p.s.' below + nostalgia's sake (always liked this series, even in comics & I was there when it came out reading it too & it amazes me in a way the things I read as a boy are now & have been HUGE hit films))
APK
P.S.=> Per "Anonymity is your name. You're no longer part of the System. You are above the System. Over it. Beyond it. We're 'them'. We're 'they'. We are the 'Men in Black'" (Agent K)... apk
I didn't hear you complaining last night.
You are welcome on my lawn.
Our surveillance videos reveal that he had his mouth full most of the time.
Elbit employees probably believe that this is normal and routine, given the spying Israel does on the Palestinians. Elbit employees will be routinely involved in helping to target, blackmail and implicate Palestinians regularly. Why should they believe that does this is not normal, and therefore why would they oppose the sale to any authoritarian government, regardless of what they do with it?
Work like no one is watching. Dance like you've never been hurt. Make love like you don't need the money.
Should I meet one of you, and should I have the occassion, I'll break your neck. Snap.
You get malware by purchasing a computing device. Backdoored from the factory, game over.
Hillary, your blame game has become stale.
In Erdoganistan ?
Ethopia contracted a jewish company do perform the snooping of Europeans and Americans.
That means the affair will be swept under the carpet and no mainstream media will report.
Instead you will hear about "evil rooskies hacking for the 187th time". And "evil persians".
Israel does the best part of Intel CPU R&D.
Easy to slip in a backdoor for jewish needs.
Should I meet one of you, and should I have the occassion, I'll break your neck. Snap.
Jewish intel services enjoy almost free access to all the sheeple of NATO. They even know how to slip in and out arab countries and Iran for the purpose of assassination.
I guggest you simply stop listening to their propaganda out of Hollywoord. Thats a realistic goal.
Countries have been broken by bright and ruthless CS students.
They're cave men.
I've poster a dozen times how ourbown government, wanting backdoors into everything, was instantiating 1984 for billions worldwide as dictatorships used it for its real purpose, to keep their political opponents down.
Yey, we catch a few crooks. For every notch in the fed's belt, envision 100,000,000 or more with a boot on their neck...forever.
It's also not in accordance with the design principles of the US government, where the Constitution is concerned with forbidding the tools of tyrrany to begin with.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Your email isnâ(TM)t on paper, and it isnâ(TM)t on your person. Fair game.
When you make law you find it apples most broadly to the citizenry, and least broadly to the aristocracy. In this case the law was made concrete by the constitution but the government sits above aristocracy...they are sovereign. The law does not apply there. The law only exists to keep you silent.
You Trump supporters and your general attitude can piss off.
This blocks 'em: NEW APK Hosts File Engine 10++ 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/
Ads/script/malware rob speed/security/privacy/bandwidth.
Hosts add speed (via hardcodes/adblocks), security (vs. bad sites/malware/poisoned dns), reliability (vs. dns down), & anonymity (vs. dns requestlogs/trackers).
Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity & faster vs. addons/routers/remote dns!
Avoids DNSChangers in routers/IP settings & dns redirect (99++% of ISP DNS != patched vs. it) + DNS tracking & lighten DNS load & resolve faster via local RAM!
* Via what u NATIVELY have in a FASTER kernelmode IP stack (does more w/ less).
APK
P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/ (self check vs. infection built-in)
Everyone dies, delusions or otherwise. Your childish tantrums are as useless as shouting at the sun.
1/10
Poor, uninspired, low effort trolling attempt. Zero fucks generated by anyone. Has a slight air of 'edgy 15 year old child from Livejournal' circa early 2000s, with a hint of practically any failed forum rush of similar vintage. Completely unremarkable.
Your email isn't on paper, and it isn't on your person. Fair game.
The Constitution was written before email and electronic documents could even be imagined as you certainly know. The thing is that with the Constitution we also got a Supreme Court to help us interpret it. The court has held that it doesn't have to be on paper to be considered to be as if it were. Police still need a warrant. If you don't like that the Constitution also provided that you could get an amendment passed that would override the court's rulings. Oh, BTW, being secure in our person doesn't have anything to do with documents or items in our pockets. It is a protection from arbitrary arrest.