Slashdot Mirror


User: AHuxley

AHuxley's activity in the archive.

Stories
0
Comments
11,974
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 11,974

  1. Re:What the hell happened to Slashdot? on Has WikiLeaks Morphed Into A Malware Hub? (backchannel.com) · · Score: 1

    Government propaganda is now legal in the US thanks to the lack of a Smith–Mundt Act https://en.wikipedia.org/wiki/...–Mundt_Act to ensure US government propaganda is for international use only.
    Other nations have vast teams of paid mil, gov staff, AC's and sock puppet accounts.
    British army creates team of Facebook warriors (31 Jan 2015)
    https://www.theguardian.com/uk...

  2. Re they will waste money
    Think of the contractors hardware, over time, undercover security teams of 6-10 people in shifts needed to follow up on every interesting person.
    Its win win win. From the software upgrades, networks needed to work on every frame, trying to get a face from the side, top.
    Sharing the faces with the wider EU, other nations.
    As a second and third generation grows up in a host nation they are undetectable as they are on all databases by default and will pass freely.
    If people are wondering around a nation without passing passport controls its not the best idea to try and make up for that total lack of passport control at that very local level.

  3. Yes West Germany had interesting laws to ensure no cult, far left or right political party could ever endanger democracy again put in place after ww2.
    That gave people democratic expression in to any West German mainstream political party that was gov approved.
    Anything political that was not allowed in the West was hunted down with ruthless efficiency as been a cult, fascist or communist.
    After the 1990's, East Germany was exposed for its vast databases, informants, total domestic and creative international spying.
    The West German laws got political free pass in Germany. Privacy friendly but are in place ready to be used as they have been for decades.

  4. Re:Updated detections? on The NSA Leak Is Real, Snowden Documents Confirm (theintercept.com) · · Score: 1

    Think of it as 3 stages.
    The detection of a users interest in a forum, as an ip, chat room, phrase, friends, friends of friends. That gets an automated push down of complex ads, random OS ready malware, tracking cookies that are set to be more persistent. Every aspect of their computer, provider, account, friends of friends is collected on.
    Been an every day part of the internet, thats expected by any user and is a great place for govs to start.
    That maps out a basic idea of who the user is, what they have installed. OS vendors, browsers are a great help with that as the ads always reach the users.
    The next step is to weaken all VPN hardware so if any one gets too smart and thinks another ip and some crypto will hide them, they are mistaken. Their real ip and content is revealed in real time. The network informs on the users, no matter their OS, AV, VPN.
    Finally the bespoke push down into a users computer, their next computer hardware upgrade if they have it posted. That will be a normal part of their OS to any AV product, hardware and be undetected by any high level consumer or commercial OS scan or AV.
    AV products just never see the bespoke code as its perfect for one mission for one users computer, network... before that stage the tasking is all on the "internet" side, always weak VPN servers or constant tracking.

  5. Re:To put this into 20th century context on The NSA Leak Is Real, Snowden Documents Confirm (theintercept.com) · · Score: 1

    The NSA and GCHQ expected the world to just keep using junk weak standards crypto every decade.
    The academics, corporate structure, staff, legal departments, political leaders seem indifferent, obvious or unable to to cope with their junk crypto product they promote as a standard..
    An expensive product sold as very secure VPN then becomes nothing more than the cheapest server that can be totally collected on.
    Crypto standards get set in a race to be the most easy to revert to tracking users and getting plain text back.

  6. Re:OK, so how did it happen? on The NSA Leak Is Real, Snowden Documents Confirm (theintercept.com) · · Score: 1

    The walk out of material in the US context is nothing new. Every decade sees people walk out material they feel the public should know.
    The press is protected. Public discussion on material thats published then gets issues fixed, legal teams can ask governments to stop collect it all spying domestically ect.
    The main issues is the flood of contractors and a lack of real vetting in the past few years. Too many people are needed to collect domestically and a rapid expansion ensured access could come from other agencies or even get supported by the past work. Contractors vouching for their own staff to get more gov clearances based on other agency work.
    Having staff walk the life story of an applicant would ensure something is understood about that person. Just looking up a few digital files and their past work record can allow interesting people to get work that then allows them to rapidly advance. Most governments learned that just trusting staff in the 1920-50's with the expanded need for German and Russian is not the best policy.

  7. Another walkout on How The US Will Likely Respond To Shadow Brokers Leak (dailydot.com) · · Score: 1

    That fits with the way people in large bureaucracy act when they feel they can only talk to the press. Given the US press is still constitutionally protected at least the wider public can have the "collect it all" domestic spying conversation that an internal bureaucracy never will.
    The NSA will try and counter any more walk outs with more automation of the product lines to other agencies. Wider issues of more human security is then the final customers responsibility not with collection.
    More of the buddy system (two workers at any site or for any task) insuring more contractors will be needed for the same amount of work.
    Logging and tracking of all workers at work and in the community at all levels. Proactive collection on all US journalists by default rather than after publication.
    i.e. an expansion of FIRSTFRUIT. "The Most Intriguing Spy Stories From 166 Internal NSA Reports" (May 17 2016)
    https://theintercept.com/2016/...
    Less of the artisan thinking to add value to the raw product line and more of a direct production line with a classic time and motion study on every worker all day, every day.
    The GCHQ ideas shared with the US in the 1960-80's to ensure good working conditions for all staff could be fully reversed in the US.
    How much more access to ongoing education, good wages, great conditions can cover for the domestic collection issue?
    Give collection to the FBI and their experts can buy in more hardware, hire contractors, get upgrades. Compliment collection with skilled local staff to finally fully expand on all domestic investigations.
    The interesting aspect is that other agencies could task directly to the CIA, FBI and over time the CIA and FBI could take up all the international and domestic work in house.
    That could then see a change in flow of future budgets back to more productive traditional methods and make skilled staff very happy. Better control over budgets and a clear focus on all domestic or international collection missions. Staff get the new tools they need locally and depth of ongoing support in house.
    A camaraderie, esprit de corps sets in given new cash, experts and missions not needing to slow down to try and seek constant outside agency support.

  8. Re:Many on Slashdot can say, "I told you so" on Cisco Patches 'ExtraBacon' Zero-day Exploit Leaked By NSA Hackers (dailydot.com) · · Score: 1

    It all worked so well for the US and UK from the 1920's until the 1990's. Tame telco networks happy to share all the data, the ability to tap into global communications was easy given total access to all phone connections. Collect it all was cheap and the budgets just flowed in every year for new partnerships with the private sectors.
    Junk consumer crypto, a lack of hardware and software saw the global product flow to waiting the US intelligence customers.
    In the past decade or so the skill set of any budget challenged nation or group of smart people with fast internet has changed.
    Projects to map the internet in real time was within reach of very smart teams. Given the phone home nature of many of the US collection methods, something got noticed.
    The expected cover of bots, ads, a service password, malware, bespoke methods, strange ip ranges did not hold. Or more walk out problems...
    The question for the US is now who has the skill set to track their once secure data collection fronts in the wild, for how long has that ability existed and what junk disinformation has been pushed up to waiting US intelligence customers. For how long has well crafted disinformation over some time been acted on by the US without been noticed...
    Can the wider US intelligence community fully trust raw data gathered by the NSA? Could massive budgets sway back to the CIA, FBI for a more secure approach or a massive expansion of other global signals collection efforts be considered? A shift in decades of post Vietnam political patronage..
    Will all past product have to be reevaluated? Will other US agencies suggest they can do better and request their own new collection budgets?
    New talent and a massive duplication of needed support will be an epic win for contractors all over the USA :)

  9. Re:NSA is complicit in damaging US Companies on Cisco Patches 'ExtraBacon' Zero-day Exploit Leaked By NSA Hackers (dailydot.com) · · Score: 1

    AC Re you "Other than that nothing Snowden released resulted in any changes being made by the NSA operations."
    NSA aims to plug holes that sprang Snowden leaks (9/19/2013)
    http://arstechnica.com/securit...
    The new costs are in new teams of two contractors walking around with each other at any NSA site globally.
    Twice the cost or half the projects with the same budgets....
    The other change was to "remove anonymity from the network". Thats two huge and very expensive changes needing a vast number of new cleared staff.
    The mind set of the staff has also changed, they are now been logged.
    Think of the performance based reports logging can generate. Are they taking too many breaks, not working long hours? Not sharing time and insights internally or with other 5 nations at an average rate as their co workers are...
    New logging systems have to be created, data collected, secured and tracked. Thats more contractors and rented software solutions.

  10. Re:I bet it was due to a zero-day NSA wouldn't pat on NSA Worried About Implications of Leaked Toolkits (businessinsider.com) · · Score: 1

    OPSEC was great for keeping East Germany and its decades of well placed next generation of graduate spies out.
    The US gov has now been sold on the "cloud" at a city, state and federal level. Every agency has to share more contracts with the private sector, upgrade and share with friendly nations.
    A lot of the more useful software is now created by contractors, rented back to the US gov, shared with other nations (5 eye and well beyond)
    Lots of private sector and telco staff now have full access to and are working on that "rented server at a colo" to try and keep collection projects working 24/7 for years.
    If too much is kept hidden from contractors, they go to political leaders and tell of how much the free market has to offer and that they want their great products considered too.
    More outside experts are invited in, contractors get their products sold and everyone is happy. Cold war OPSEC hurts profits and is seen as talking points protecting old private sector monopolies. The gov has to be more open to the needs of new innovative, private sector consultants. Why should just a few no bid contracts be given out under the cover of decades of old OPSEC to the same few US brands? Lots of people with new security clearances have bight ideas to suggest... think of all the new well paying local jobs..

  11. Re:Still not conviced on NSA Worried About Implications of Leaked Toolkits (businessinsider.com) · · Score: 1

    Thats an interesting aspect. The issue with that is its a one time digital trick most nations really want to save up for use on a person, site, group, cult, faith, journalist before they can ever think to tell or even know what to share with the worlds computer experts or their lawyers.
    Bespoke code fragments for each mission get lost in logs, as apps, ads, malware, random bots.
    Risking MI6, SAS, Australian, Canadian, CIA teams globally to track down users and clean up after downloaded files could invoke comments from lawyers, the press, discovery of more tools in the open, outside experts finding more. Or other governments wondering just why so many new "teams" are wondering around their cities.
    Most nations would secure any study to trusted academics. Once its out every anti virus company, search engine, blog will be sharing and repeating the same findings over and over.
    Tell the world too much and the trail is flooded with the chatter of millions of smart users in hours, bait a trap with less than a perfect story and very few interesting people bother to take the files.

  12. Perhaps the tool set comes a package as an app the code as part the bespoke contractor tool set sold/rented to the NSA?
    So a server found in the wild would have both a binary, exploits, debugging and code it in some folder for use or better obfuscation or alteration in the field..
    i.e. binaries with help, options settings.. versions to cover updates or unexpected changes days or months later, without needing a secure connection back to the mil/gov to fix things in the wild. The code could be altered as needed by the front company. i.e. mid mission the site is the end point for all communications..
    This could have been a team of contractors, work left over with another nation..ex staff, former staff, dual citizens walked out and tried it for their other country.. and it went a bit wrong.
    i.e. someone saw something and tracked back the stream of data exiting a system under US or UK watch.
    Some other options:
    Someone induced US automated gov malware to react, infect a network and tracked the NSA interest in their computer back to a US gov/mil commercial fronted site.
    The new buddy system failed epically and some mil/gov site used for some collection project was left wide open, tools exposed to the wild for a short time..
    An insider walked out and needs to keep the upgraded counter surveillance teams guessing.

  13. China knows it is totally surrounded by US, UK listening stations and has been for decades. The NSA, GCHQ used mil and civilian ships, sat, manned and unmanned over flights https://en.wikipedia.org/wiki/..., regional bases to try and collect everything. Tai Mo Shan, Little Sai Wan sites could not be hidden...
    China really had a different policy against such expensive and total collection methods. Flood the local gov and mil with random electronic chatter about big projects, massive support needs that might or might not have ever existed. Any real work would be done on site with no outside chatter.
    The West got everything e.g. what followed Canyon (satellite) like systems https://en.wikipedia.org/wiki/... but it was all useless. The exact mil/gov communications from an East Germany or Soviet Union who only used their very expensive new communications networks for very official work everyday was great...
    China flooded its networks with junk mil/gov grade messages and the West had to just collect it and try and work out it was all fake...
    Creativity and imagination fooled the most advanced and expensive US and UK collection systems ever created for decades.
    China even managed to get its own cleared local workers into UK collection sites in the region. Onsite chatting up low paid UK experts on their first international posting. The stress of a very low wage, top skills but not getting promoted, away from the UK, nice to just have a chat..
    Spy networks in and around all US and UK regional bases was extensive. The US and UK ability to protect against such cleared staff contact was often very lacking.
    The West got so unhappy with the total lack of any useful any product it had to resort to risky collection methods from within China's embassies. Video and voice was recorded. (8 Nov 2013) "The Chinese Embassy bugging controversy" http://www.abc.net.au/news/201...

    So the next step is key distribution:
    An endless one time pad for any length of message needed in real time globally. No embassy will ever run out of the ability to communicate back to China given any local event or vast data set. The US/UK will know an embassy sent a message but like with a classic one time pad, contents could be anything.

  14. Re:Business as usual on DNC Creates 'Cybersecurity Board' Without Any Cybersecurity Experts (techdirt.com) · · Score: 1

    AC does the US look for the very best top diplomats who speak a useful language and know something of the nation they are to be sent to?
    Often they are politically connected and the top position is a thank you for years of party political support not any useful real world skill set a top diploma would be expected to have.
    Why would "computer" related gov work be any different?

  15. Re:Just another excuse... on Metropolitan Police To Target Online Hate Crime and Abuse (bbc.com) · · Score: 1

    Think of the contractors, overtime, new systems needed, rented work on big new databases. Telcos and internet providers upgrading to collect all ip usage to all messages posted in searchable form.
    The new staff hired to sit around and read messages online, the staff to keep their computer skills upto date. The contractors hired to expand the storage of huge datasets.
    Any local gov, charity, gov, mil, ex staff, former staff can then sit around and report anyone for commenting on any gov policy in real time.

    The ability of any gov worker to find a message online, get the ip and be shown a users full telco account in real time just by selecting suspected "thought crime" from a gov gui... .
    Self-signed warrants from the gui.
    Give that power to any gov connected charity, NGO, public private partnership worker. Law firms trying to find the origins of liable comments about tax payers money been used to fund junkets..

  16. Re:Why Do These Things Even Work? on FCC Complaint: Baltimore Police Breaking Law With Use of Stingray Phone Trackers (baltimoresun.com) · · Score: 2

    The days of a big spike in signal bars, a drop to an older standard was often talked about online and apps built to map such network strangeness.
    This machine catches stingrays: Pwnie Express demos cellular threat detector (4/21/2015)
    http://arstechnica.com/informa...
    The new devices offered to police will try and harmonise to any signal strength in the local area and stay with any modern telco networks detected. The hand over would now be more seamless, to try and mimic just another new tower or smaller tower like telco service.

  17. Re:Why Do These Things Even Work? on FCC Complaint: Baltimore Police Breaking Law With Use of Stingray Phone Trackers (baltimoresun.com) · · Score: 1

    Its from the early days of towers and moving a cell phone around, the handoff between towers has to be very, very cheap, easy to bill, be totally scalable and telco trusted.
    All a telco device expected was lots of cell towers to select from. The users voice was consumer encrypted to a weak early standard so that part was secure from consumer recording in the wild.
    That is where the early mil systems got in. The tower hand over was a telco weakness and allowed the take over of a users phone.
    Years later the tool set is so cheap that any US city, state, parish, state task force with federal funding can afford to collect all and sort later at the cost of a domestic police investigation. The ability for voice prints, mapping, chats, text, data extraction, software upgrade, desktop PC connected to cell phone access all got sold in layers of upgrades to police all over the USA by contractors. The ability to push police software down into a phone was another neat option for long term tracking. To infect any connected computer.
    Certificates would have cost battery time from a telco branding perspective, be an expensive retro fit to towers and block easy police, mil, gov tracking, blocking and recording.
    So everything was left wide open and all cell phones are trackable, voice prints can be collected and databases built on even the low end of local police budgets.
    Junk or no crypto is left in place to ensure a few more years of easy city, gov, mil, law enforcement access to any phone on any network.
    Then its time for the next contractor visit to up sell the next gen tracking, capture, voice print, gui mapping system totally hidden from any digital or walk in FOIA requests. Bonus if the local gov can be required to rent a full contractor support package for years :)

  18. It really depends on what was lost. It could have just been a set tools used via some US advertising front or bespoke computer entry tools that evade detection left on a computer system in the wild during random US gov/mil surveillance.
    The US set up a home, front company and bought in a series of computers with a prosumer or commercial optical link to the outside world.
    For that surveillance task, that site was going to be their collection point. All gov documents would show is a rented home or a dot com advertising or new economy engineering start up.
    Someone notice the command and control and ip, looked in and walked away with tool set.
    Police forces use the same methods everyday to cover their total control of chatroom, forums, sites. Any ip will be traced back to an expected home, small business, rented site on a business estate.
    This time the other agency surveillance team found in the wild was a bit more interesting...
    Would the direct use now be trackable by the NSA, GCHQ, other 5 eye nations? Yes

  19. Re:Do Americans actually realize what just happene on Snowden Speculates Leak of NSA Spying Tools Is Tied To Russian DNC Hack (arstechnica.com) · · Score: 2, Insightful

    The material walked out with a real human. It was then given to the press. More of a US Watergate informant talking to the press about their day job than any real hacking.
    The US cover story sold to the press is that super smart nations got into the US political party computers, stayed in over some time totally undetected, got the data out in bulk and just left a huge amount of logs showing their tool sets and real ip ranges.
    Smart enough to get in, stay but no skills in covering their origins or method.... methods that got presented to the waiting US press in full.
    The covering up of another cleared, trusted person walking out the press with material had to be covered up.
    Blame another nation, roll out their methods to friendly US press to sell the spy plot globally. Hope to sell the hacking fantasy to the tech sector.

    The second story is some NSA tool set got found in use online and master keys to many US brands of OS, telco equipment. More people will be able to go totally undetected or create their own bespoke malware per OS just as security experts warned thanks to junk crypto standards. Lots of ex staff, former staff, nations that worked with the US have had access to the same skills, tools.
    Given to them by the US or borrowed by dual citizen staff, methods kept after projects together. With so many tools floating around, in use, it was only a matter of time until someone tracked the tool sets back and got a copy in the wild...

  20. Desensitization vs been very unique on Can We Avoid Government Surveillance By Leaving The Grid? (counterpunch.org) · · Score: 1

    The problem with going more off grid is sooner or later private CCTV or federal agency will have facial recognition of a new person walking around in the wrong place, past a protected building, in a car, as a passenger, at a bus station, waiting for a train, shopping and a lot of connected databases will be lacking details. A random chat down will then be requested to get photo ID no matter the local stop and identify laws. Locals seen often may not induce such scrutiny.
    If the federal gov and its private sector contractors want details, provide them with everyday normality.
    Gov/mil digital entry into any computer system is now more legal domestically in many nations, so ensure a lot of keywords can be found and get used often :)
    If your a journalist fill your computer with stories about political leaders at a state, city, federal level and start "creating" whistleblowing shorthand and hints of meetings to hand over details. Read up on impressive past political issues and recreate with emerging local leadership.
    Go for bulk creativity and ensure a new supply of sensational new material every few weeks. Sooner or later the average security contractor, gov bureaucrat will work out its all just a random work of keyword fiction that halted their complex search.
    Make long calls that mention party political matters a lot as background to a new story. Keep adding story details to your always online, cloud supported computer.
    Drive around with several phones on, be sure to be seen by CCTV on the way to meet private sector or federal sources.
    Maybe the informant could not make the meeting, but a journalist was seen for a few hours, just waiting. Electronic diary made a clear mention of that meeting...
    If your a photographer or blogger, get a second hand DSLR with a long zoom and big lens hood. Be seen a lot in a city with different cameras and that fully extended zoom.
    Desensitize private sector CCTV operators to be seen with a camera. Its just that journalist, their hobby, another first amendment audit on public land.....
    Get real work done without a phone or free consumer computer that backs up the cloud or shares all keyword searches with a brand that enjoy collecting for the gov/mil.

  21. Re:We've been using only "feature phones". on Can We Avoid Government Surveillance By Leaving The Grid? (counterpunch.org) · · Score: 1

    The NSA is just one of many domestic collection teams, federal and federally funded state task forces can now afford to do bulk phone connection in any part of a city long term for any reason.
    Re The cross-country part is getting interesting with random internal boarder checkpoint questions about citizenship far from any international boarder.
    Face, passengers face, plates get captured on approach for long term storage by a few different agencies. New CCTV networks at a city, town level will do the same.
    Just moving around risks a random encounter with local police looking for "cash" or "compartments" in a car during a chat down.
    Banking now faces structuring requests and chat downs on any kind of account activity. Renting a car now induces an itinerary conversation.
    The overtime, funding, tracking and public/private partnerships surrounding domestic surveillance is getting very difficult to avoid.

  22. Re:a lot of good thats going to do when on Tor Promises Not To Build Backdoors Into Its Services (engadget.com) · · Score: 1

    The cost of getting any ip out of onion routing is now well within the budget of getting an average US federal case to court.
    Collect it all is now a tool for any state task force with federal funding.

  23. Re:Yet another example of treason on This Is What the World's Spies Used Instead of MSN Messenger (vice.com) · · Score: 1

    Re 'We all have the same right to protected communications."
    If the workers and contractors in 5 eye nations, a few trusted helper nations can do this at work ...
    When they move to the private sector as ex staff or former staff the skill sets and methods go with them.
    Easy crypto access is then for sale to anyone or any nation with a shared faith, cash or friendships...
    The US gov has allowed backdoors over generations of products to stay in place.
    Once crypto like this is allowed over generations, all adversaries get a look in for free.

  24. Re:USE OLD TAILS LIKE ED SNOWDEN DID. on This Is What the World's Spies Used Instead of MSN Messenger (vice.com) · · Score: 1

    Lets hope some of us had HTTPS Everywhere https://www.eff.org/https-ever... working at the time :)

  25. Re:Complete with golden key? on France Says Fight Against Messaging Encryption Needs Worldwide Initiative (reuters.com) · · Score: 1

    The US and UK interest in upgrading French crypto was that if the NSA and GCHQ had total access to all French secure material, so might the Soviet Union, so long term it was better to help France upgrade, finally be more secure and be able to track its own network usage.
    France has the key to its entire telco network, since about the 1970's when it got a deal from the UK to finally upgrade its collection ability. Past US and UK access to all the French mil/gov networks was to be history and France got UK help with its very own total network collection ability.
    For that network gift France had to totally share with the US and UK. From the 1980's French networks posed no issue and France was able to fully track the origin and destination of all and any communications on any French network.
    Early success with such nation wide upgrades can be seen in the ability to track use of the Minite networks spreading protest location in real time in the 1980's.
    https://en.wikipedia.org/wiki/... "... in 1986, French university students coordinated a national strike using Minitel, demonstrating an early use of digital communication devices for participatory technopolitical ends."
    Later upgrades and a fully funded budget ensured France would always have fully mastery over its own emerging telco, computer, internet networks.
    So France is keeping its long term deal with the US and UK to only share with them. Lower French courts, police and other investigative bureaucracies would be kept totally out of any such bulk collection. Trusting courts, telco staff, the police is now a huge security risk in any nation given lax and very inclusive hiring policies over the past decades. French police will not get raw collection material to fully protect decades of bulk collection methods that can only be shared with the USA and UK.
    The easy solution is to degrade network, app, OS security and try and buy off the shelf bulk collection devices from the private sector for police use. Everyone found using any advanced communications methods would stand out for further investigation. IMSI-catchers, OS, AV vendor, web site downloads and requested cooperation from telcos would soon map users and locations.
    Such methods would also be court friendly as logging usage is common. All Francophone web portals been tracked for all software/app crypto search results would be a very easy start.
    The problem with that is the method becomes very public very quickly and courts soon leak details to staff, officials, lawyers... data soon exists about every ip, cell number, person been investigated.