Slashdot Mirror


User: AHuxley

AHuxley's activity in the archive.

Stories
0
Comments
11,974
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 11,974

  1. Re:I would love to meet the product developers... on Unredacted User Manuals Of Stingray Device Show How Accessible Surveillance Is (theintercept.com) · · Score: 1

    They repeat the cover story that its all for working with "subscriber" data internally and know not to ask anymore questions.

  2. Re "Are the mobile carriers working with law enforcement to enable these devices, or just indifferent to it?"
    If you want to be a telco you have to ensure your network is wiretap friendly in the gov fine print.
    A network that keeps the users, the press out but allows the NSA, GCHQ, state, city police to collect it all is the telco set standard.
    The equipment between nations could also support encryption but its all kept in plain text so the security services can collect it all.
    City police forces to the NSA's collect it all domestic gathering need junk or no crypto to ensure their installed generational hardware keeps working and collecting.
    US and UK set standards and global sales of telco hardware interoperability ensure collection just keeps working.
    Recall the "Inside Menwith Hill" (Sep. 6 2016)
    “The commercial satellite communication business is alive and well and bursting at the seams with increasingly sophisticated bulk DNI (Digital Network Intelligence) traffic that is largely unencrypted...
    Also note the huge weakness left in all consumer WIFI for OVERHEAD to collect from 24/7.
    The local IMSI-catcher is just the state and city police side of global collect it all.

  3. Sold on protections of the US 1st Amendment on Facebook Is Collaborating With The Israeli Government To Determine What Should Be Censored (go.com) · · Score: 1

    Then sell the platform to the world with freedom of speech, freedom of the press as been very easy to redefine globally.

  4. Re:Biggest effect will be on nearby Best Buys on Amazon Will Open 100 Retail Stores (businessinsider.com) · · Score: 1

    Any book on demand printing :)

  5. Re:Sure would be nice if we had a TLA to protect u on US Goverment Employees Targetted By New 'GovRAT' Malware (computerworld.com) · · Score: 1

    The NSA, GCHQ, CIA want to see who is looking for what on wide open, junk private sector contractor supported US gov networks.
    The huge hope is that someone interesting will look for a project or name on a gov network and expose the real origins of such hidden information.
    What really happened is the plain text US networks are left so wide open that anyone can log in and look around, save all data found in bulk, plain text or test malware on a huge scale. Why risk a live search and real time detection, just save it all.
    For a honey pot to work the lid has to be kept off.
    That exposed entire US gov sectors and all their contractors to some risk.
    Other agencies see that gov bait as a wonderful tracking tool while fully protecting their own networks.
    The other aspect is budgets, for US gov cyber budgets to grow, issues like this have to make it to the press and be fully reported on.
    More cash for private sector contractors to track and fix the issues any US gov worker could as part of their job.
    Spies and the private sector are enjoying the work load, over time, profits and results. All other US gov workers are just left to float around on open junk networks.
    So the NSA is looking at everything, just not looking to protect anything.

  6. Re:What Could Possibly Go Wrong on Senator Urges Colleagues to Prevent Expansion of Government Hacking (onthewire.io) · · Score: 1

    Security researchers globally start to really notice the per user malware govs and mil push down?
    Gov and mil malware staging servers get blogged about by security researchers in real time as malware when more ever users get tasked at a state and federal level?
    Users start to upload checksums about every aspect of changes to their OS, outgoing software firewalls get ever more lower into the consumer OS.
    Can a NSL can stop international brands offering real, good quality security software to US users? The US brand can be "asked" for a gov backdoor or get whitelisted.. Long term international reputations will be built on finding malware not been decades too late and full of US gov requested backdoors/trapdoors/junk encryption.
    Fooling a junk standard US consumer OS that the gov malware is OS safe, user installed and OS signed will no longer be the enough.
    Over time contractor created, well hidden signed code deep in a junk consumer OS sending back data to a gov or mil will get more noticed even down at the per user level.
    Its a race to keep big US brands gov back door friendly and that gov malware OS signed vs seeing the gov collected data flow out.

  7. Re:No, why? Let them go nuts on Senator Urges Colleagues to Prevent Expansion of Government Hacking (onthewire.io) · · Score: 1

    People will just build up totally fake online fiction and have computer files that fully supports that discovered reality.
    Expensive contractor, mil, federal or state malware injected down into a users networked computer will just feed back more of was expected to be found from daily ISP logs.
    Buy books with a credit card, use Google, Microsoft and Apple to search with, make gov/mil tracking as easy as possible from that fully exposed networked computer.

  8. Re:Missing the point on Arrests Made After Group Hacks CIA Director's AOL Account (washingtonpost.com) · · Score: 1

    Re 'Massive incompetence in the CIA is the only possible explanation."
    Kept it safe from the NSA, GCHQ, MI6, other parts of the CIA or other agencies... or just decades of later FOIA requests.
    The point is not to have anything thats interesting to your own staff, rogue staff, long term spies, 5 eye nations, the NSA, ex staff, former staff who might be looking or have sold/given/been of the same faith/cult and liked to give details to other govs, mils...
    The selection of a mainstream US brand is so unexpected it almost feels like a limited hangout to see who is looking.. that might have kept other US agency staff guessing about the real role of just such an account. Bait, limited hangout, a long term trap, a totally created account as part of an ongoing FBI domestic cyber trap.. something for the NSA to wonder about. Was the CIA setting a spy trap and not sharing domestically ? A trap to induce diplomatic/other gov staff to contact their deep cover staff at any level of the US gov to see it was really real.. Any search for a unique term mentioned would have been perfect.
    Thats another aspect of the US cyber teams foreign and domestic overlap that now has so much agency duplication and international help. Was it FBI, MI6, CIA joint long term bait? Did the NSA know, at what level and when?
    Recall the massive lost of US gov workers, contractors data that was kept in plain text on open servers ..
    Parts of the US gov knew people had access and hoped they would look for names online. The data walked in bulk and was totally lost ..
    But for a while all that other agency and new digital security clearance data was left and kept wide open as a huge open honeypot.
    Missed Opportunities Detailed Ahead of Personnel Agency Hack (Sep 7, 2016)
    http://abcnews.go.com/Technolo...
    ..."others to monitor the hacker to better understand his movements. "
    "Over the next several months, the hacker moved unchecked through the system and stole sensitive security clearance background investigation files, personnel files and, ultimately, fingerprint data."

  9. Re:Funny how Slashdot users are okay with criminal on Malware Infects 70% of Seagate Central NAS Drives, Earns $86,400 (softpedia.com) · · Score: 1

    From the NSA on a HD under EquationDrug or GrayFish https://www.wired.com/2015/02/... (02.22.15) to other strange software getting in...
    If we had better encryption, networking tool, smarter academics in the private sector, computer experts working on networking issues like this then we could all sit back, buy with confidence from any big brand.
    With better standards the internet community can restore storage options to been useful again and not an open door for any gov or malware attempt.

  10. Re assess whether you've stopped it from working.
    How much time and how fast? In a line of say 10-20 people before the suits and uniforms ask for an inspection, drive clone and look for traces of any encrypted data?
    Have a 10's of seconds to a few mins to wipe the small drive and load and new OS, a few apps, work data with a pre set pass word?
    Keep the media size very small, fast pre loading OS install fully scripted?
    Press a panic key combination and in a short time a new working OS is loaded with the very limited amount of media given a quick 1 and 0 wipe pass.
    When asked for a password, one can be given and the OS, data with correct creation and modification dates, applications can all be seen as functional with correct date, time. A bit different from the average huge consumer OS :)

  11. re The omission of a trailing zero digit in the manual entry of longitude during system initialisation caused serious autopilot/navigation problems that were not resolved by automated cross-checks that should've caught it.
    Recalls Varig Flight 254 https://en.wikipedia.org/wiki/...
    "This misinterpretation changed the general direction north (27) to west (270)."

  12. Re:I am not a network engineer. Can someone explai on Who Is Getting Left Behind In the Internet Revolution? (sciencemag.org) · · Score: 1

    re "i think it's a matter of information gaps, not necessarily that the information isn't there but that it's not in a handy ready to transmit form and it hasn't all been collated into one spot outside of some NSA operation."
    State and federal police globally are thinking of the same NSA level tasking per ip, or interesting person they find.
    Police spy on web, phone usage with no warrants (Feb 18 2012)
    http://www.smh.com.au/technolo...
    "Access is authorised by senior police officers or officials rather than by judicial warrant."
    Mapping the internet is easy if every provider has to help via logs or a per provider real time server for police access able to reverse any ip in use to an account national.

  13. Last gen DSLR camera users on Who Is Getting Left Behind In the Internet Revolution? (sciencemag.org) · · Score: 1

    Who have to remove a camera memory card, get to a "computer" and upload their images.
    Or use some wifi or bluetooth network to try and send the images to a "computer" to then upload.
    Buy into some brand and then locked into some branded software that tries to network with the camera and some parts of social media.

  14. Re:Precedent? on Linking Without Permission Violates Copyright, Rules EU Court (reuters.com) · · Score: 1

    All we can do now is post a random selection of words, names, dates as a list, with the hint to put them into a search engine and the .com brand that should be in the 10 ten results to find the same "news".
    No more links to the EU? No more quotes... from any EU site? The US and soon the UK will still be ok :)
    Maybe multinational search engines should shop listing all EU sites as legal protection for their users by default?
    With the option to risk EU search results sites as a preference setting with a clear legal warning next to each result...
    Maybe AV brands can offer a "copied a link from an EU site" as a kind of new legal pop up warning at the OS level? Treat all EU web sites as legally high risk to even access, read or find?

  15. Re:Items of importance on White House Names Retired Air Force General As First Cyber Security Chief (reuters.com) · · Score: 1

    Job #3 Use gov workers and contractors files as plain text bait as a live experiment on wide open, unencrypted gov networks.
    Missed Opportunities Detailed Ahead of Personnel Agency Hack (Sep 7, 2016)
    http://abcnews.go.com/Technolo...
    "For the next few months, the personnel office worked with the FBI, National Security Agency and others to monitor the hacker to better understand his movements"
    "Over the next several months, the hacker moved unchecked through the system and stole sensitive security clearance background investigation files, personnel files and, ultimately, fingerprint data."

    One part of the US gov needs the contractors, another part just sees the gov/mil files as massive online bait.
    So expect to see a lot more easy honey pots, limited hangouts as policy. The real smart agency workers files are never allowed online, but a vast pool of contractors, low end staff or staff with new plastic digital clearances will be left out in the wild for anyone to read up on. Just in the hope direct searches are done online rather than just downloading it all...
    Remember the technology was selected to be plain text, wide open, network ready and was left like that as policy.

  16. Re:Info on how access is obtained? on Leaked Demo Video Shows How Government Spyware Infects a Computer (vice.com) · · Score: 1

    The smarter version that gets all people using that site would attract too much attention.
    All kinds of heuristic and behaviour tests are sold by different AV brands globally. So its best to just attempt to look like random expected malware and go after one silly click happy user.
    If the AV detects the intrusion, its just random malware. No other AV detection is escalated, nobody starts looking as the AV brands know.
    Often the users must be ready to click or it would not be offered as is?
    Re 'sneak into the target's house and plant the malware directly?"
    Thats getting hard in Western nations as the traditional closed communities that need that kind of 24/7 watch are very inward looking and would see a strange van, car, people at a door, down the side of a home or entering a home. The contractor or ex mil people with the skills are kind of stand out in most nations vs a closed society that is on watch for just such gov intrusions.
    Sneak and peak works well if a lot of people are making deliveries, working on a renovation, selling, renting, new renters next door...
    Most people would recall the first fake and second real arrival of a tradesperson over a few hours walking around their home.
    That can be hard to arrange or induce for the security services given staffing and skill sets needed to blend into a community packed with very well protected interesting people.
    So contractors sell govs on renting malware and remote server grade solutions.

  17. Re "What it *is* ideal for is domestic surveillance (and blackmail) of journalists, activists, ideological/political opponents/candidates, parallel-construction, and planting evidence (at least, as long as they still bother with things like trials and evidence)."
    FIRSTFRUIT tracked the press daily :)
    https://theintercept.com/2016/... (May 17 2016)

  18. Re "It might work, but why try?"
    A gov would work out it's all one way, on one device rather quickly. Think of it more as desensitisation to the words, terms, movements, talks. Fictional work by an author is not a very interesting person needing a team of 6-12 gov agents tasked on them or even the cost of long term digital tracking.
    Thats really the fault with the domestic modern collect it all vision the NSA has totally sold its 5 eye supporters on over decades.
    Humans tasked with looking at an entire nations population are going to have to make some quick selections to find interesting people given the teams needed to cover so, so many other interesting people wondering around.
    One consumer grade account been totally overloaded with digital fiction could allow a member of the press to focus on their real work. 150 complex fictional stories are waiting to be sorted or the account set as having been investigated and found to be fictional.
    A hint of a small amount of data found and the gov is very interested, just the right amount and the gov stays interested, a dump of fiction that clogs up the neat tracking database and a few contractors (buddy system now) have to fix things..
    Vast domestic spying networks have to be able to take fictional errors into account, so why not induce that finding :)
    Get that account listed in with the wider confederation of basement-dwelling loners.. i.e. well away from the interesting people lists.

  19. Re "I never install apps unless absolutely necessary. never do anything 'important' on phones and treat them as if each one is perma-keylogging me. that's the only way to work with them - to assume they are thru-and-thru compromised."

    Thats what makes it all so fun now, everyone knows the US branded product lines are all crypto junk and seem very gov friendly as sold over every generation.
    So a journalist or activist can now have some real fun. Create vast investigations on one device and look up government document's, hint at meetings with a few gov informants or contractors who reached out to pass on paper files. Read up on whistleblower protections and the private sector, the private sector with gov contracts. Seek out law firms with security cleared staff who can take on such issues. Create huge lists of contacts that are only hinted at on that device. Hints about other agencies, funding... documents.
    Pack lots of fiction in and make the junk crypto become a chore to any intelligence service or contractor who actually has to extract and read it all :)
    A real human has to wade into all that effortlessly collected data, so make the haul impressive and add some fictional depth.
    Get a voice actor with an older voice who can invoke doubt about their decades in gov, mil to create the other party to conversations every so often too so the mic malware gets some use. Wonder around the right parts of a city to make a meeting with a gov worker or contractor seem possible to any mapping or tracking software.

  20. Re:Tor and VPN weakness is packet size. on Whither Tor? Building the Next Generation of Anonymity Tools (arstechnica.com) · · Score: 1

    The NSA and GCHQ seem to have 3 ways of breaking down anonymity and privacy on any emerging platform.
    Junk encryption standards allows a message to be collected even if anonymity can be assured.
    If privacy can be assumed then the anonymity is weakened to allow end to end tracking. Low quality server hardware and networks sold globally.
    If all that per application effort fails, just go for https://en.wikipedia.org/wiki/... and match up the start and end point.
    Once an interesting persons computer network is discovered, then the expected gov malware like efforts can collect on every keystroke. All efforts at strong encryption is then much harder.
    The real tell is the level of interest in getting a product banned at a national talking point political level or a push for export controls at an international level.
    If the security services are happy to see a service in use and the police can gain an ip with a per case federal budget that anonymity and privacy test is not passed.
    VPN is still sold globally even during national privacy, gov logs, digital rights, geo blocking conversations.
    Onion routing networks are still running in Western nations with NSA and NATO not really too unhappy about limitations on discovering the origin or end point of any user's data flow.
    The security services have set weak standards over generations at the OS level, wider telco network hardware level and within crypto developer communities. Even national police forces can get the original ip's and bring the result before open courts.

  21. Look at NSA, NRO and other agencies on US Would Be 28th In 'Hacking Olympics', China Would Take The Gold (infoworld.com) · · Score: 1

    The world got a look at what the NRO, NSA and GCHQ worked on together over the decades.
    The contractors, universities, private sector all soaked up that US talent for decades to keep admin control over domestic and international telcos and networks.
    What a China and Russia lacks is global NSA, GCHQ like access to safe staging servers that can reach international and domestic networks and limited telco hubs.
    A few 1980's spy ship's is not the best for that anymore ;) Tapping some telco cable in the ocean is not a perfect solution for interesting regional networks.
    Long range hacking and data movement will get noticed.
    Whats a "talented developer" worth if they are limited to fully imported, altered US phone home hardware and software to code on?
    i.e. that best code runs on what the Equation Group kept well hidden and allow a winning nation to import. https://en.wikipedia.org/wiki/...

  22. Re:log on Police Seize Two 'Perfect Privacy' VPN Servers (torrentfreak.com) · · Score: 1

    Governments, police often allow forums, accounts, databases, services to keep running for months, years in the hope that the same activity is repeated after some initial event.

  23. Re:First Amendment in the way? on Feds Spend Nearly $500K To 'Combat Online Trolling' (freebeacon.com) · · Score: 1

    Delisting or deep listing from search sites seems the new tool for govs and their NGO political activists.
    The use of gov mil assets directly seems to be a new idea too.
    The removal of US gov limits on spreading domestic propaganda [https://en.wikipedia.org/wiki/Smith–Mundt_Act]
    Revealed: US spy operation that manipulates social media (18 March 2011)
    https://www.theguardian.com/te...
    ""online persona management service" that will allow one US serviceman or woman to control up to 10 separate identities based all over the world."
    and the new ""Countering Foreign Propaganda and Disinformation Act" with a "Center for Information Analysis and Response" (March 17, 2016)
    "award grants and contracts to non-government and civil society organisations, research centers, private sector companies, media organisations and other experts outside the U.S. government that have experience in identifying and analysing disinformation methods used by foreign governments."
    http://www.voanews.com/a/us-se...
    So expect two areas of new US and UK funding, one to flood the net with fake good news and another to ensure all the comments left are just as happy and supportive of US/UK big gov/mil/bureaucracies.
    British army creates team of Facebook warriors (Saturday 31 January 2015)
    https://www.theguardian.com/uk...

  24. Once new portals become very boring on Twitter Is Working On Anti-Harassment Keyword Filtering Tool, Says Report (bloomberg.com) · · Score: 1

    all the fun people go to other social media for their fun.
    If every creative word gets instant corrected or another new word suggested are you really free anymore?
    When even using the basic text input interface of a site gets dragged into a mess of guidelines policy, why stay?
    Under new rules censorship flourishes...

  25. Re:Strange question... on 'Social Media ID, Please?' Proposed US Law Greeted With Anger (computerworld.com) · · Score: 1

    Parallel construction, a slight hope to find account sharing, draft emails that two people log into to read but are never sent. Users chatting but not added to friend or buddy lists. i.e. a long chat history exists but the friend or buddy was never added.
    All that is given to state, federal and public private charities to filter. Has any aspect of the past account use ever shown up, do the people mentioned have any friends in common or any normal reason to even be chatting. How did they meet and what do they chat about... Friends of friends of friends...?
    The hope is that the users computers logs are still intact for some reason and a clone, inspection to find any past crypto use, history, file names, MAC or other unique numbers will be useful.
    The past hope was for a person to bring their own laptop with them full of history, logs, filenames, accounts.... Now its all the online accounts too.
    Even the account name, password or pass phrase used can be telling.
    i.e. the laptop was not new was the past and full of details, now the account question was so totally unexpected and the person gives over gave their real ISP or social media accounts as they had to give something.

    re the Communist Party, 'Have you ever participated in persecutions directed by the Nazi government or Germany" question :
    The question about been a member of some banned group is to induce a lie on an application or under oath that can then be used to deport without any extra legal protections.
    If you say yes, your not allowed in, if no and your discovered later, instant deportation. The Communist Party? Given how many had to stayed in the party ;) or Party....