Slashdot Mirror


User: AHuxley

AHuxley's activity in the archive.

Stories
0
Comments
11,974
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 11,974

  1. Re:The real space shuttle on Secretive X-37B Military Space Plane Could Land On Tuesday · · Score: 1

    Re "It's not a weapons platform."
    Just for surveillance.... all the complex space related international treaties are still in play.

  2. Standardize one-time pads on Snowden's Tough Advice For Guarding Privacy · · Score: 1

    The problem is text is decrypted back to plain text looking for advertising on the free email services after they offer their free new https all the way.
    The message is then seen as classic random numbers and is then flagged at some stage as using encryption and further sorting by gov/mil.
    The gov/mil does not care what is in your message but the slightest hint that any person is using crpyto like numbers or letters in bulk would ensure any ip, user, isp is noted.
    That message glows.
    Expect 3-4 level of hops to all other communications to be looked at retroactively and users listed for future tracking. Friends of friends going back. "Collect it all" gets it all and can then be given a sorting task.
    The good news is the one time pad works. The fun part is getting the format to look very normal and be machine readable for advertizing.
    The bad news is random numbers stand out, the path of the message stands out and will ensure a lot of interest from gov/mil with global reach and years of storage.

  3. Re:No Google on Snowden's Tough Advice For Guarding Privacy · · Score: 1

    FBI quietly forms secretive Net-surveillance unit (May 22, 2012)
    http://www.cnet.com/news/fbi-q...
    Somewhere between a tame telco, tame hardware, tame software and the "Communications Assistance for Law Enforcement Act" https://en.wikipedia.org/wiki/...
    an average users gps, voice, text, images, voice print and all other cell related data will be as easy to get as always.
    An average user might be sold on the idea that some user data is protected from wider outside network man in the middle efforts but that will not help with CALEA and a tame brand having to sell compliant telco products in the USA over generations.
    Staff often then move into the private sector and then contract methods and skill sets back at a city and state level. Thats a lot of people with the keys to consumer grade telco standards.

  4. Re:our american friends on Core Secrets: NSA Saboteurs In China and Germany · · Score: 1

    re 'It is difficult to compromise open source crypto."
    If the crypto is quality and correctly used every time, just follow the use down the tame network to the tame operating system or charm, make friends with the users.
    Over time the message entry and decryption side reverts to plain text, thanks to understood OS, tame network, turned staff, users with new friends, new staff, malware or physical access.

  5. Re:our american friends on Core Secrets: NSA Saboteurs In China and Germany · · Score: 1

    There is not much any nation can do anymore. All the top staff gov or mil crypto staff are of the same mind set going back to the 1950's. Thats generations that got cleared by the US and where educated into UK and US methods in West Germany. They then ensured like minded West German staff where selected to replace them years later.
    They all know how to keep the optical sites running data to the US and UK. They know how to pass crypto that is just good enough for German use but is open to the US and UK as used and is kept degraded over decades.
    Crypto at an international and US domestic level seems to be favoured front companies, tame staff, turned staff or have staff trained to a mid or top level over years.
    Products sold or pushed on a US domestic or for international standards would seem to be safe from man in the middle efforts but very open to the US, UK, cleared staff, ex staff, former staff.
    Germany would need to find staff not tainted, trained, cleared or selected by the US and UK with the skills to create new German crypto.
    Word would get around within the German academic community and the US and UK would ensure any such effort was tamed or defunded.
    Back to face to face meetings or one time pads.

  6. Re:DOJ Oaths on National Security Letter Issuance Likely Headed To Supreme Court · · Score: 3, Interesting

    It really depends on the quality of parallel construction needed and what has to be presented in an open US court.
    "Feds reviewing DEA policy of counterfeiting Facebook profiles" (Oct 9 2014)
    http://arstechnica.com/tech-po...
    "Twitter says gag on surveillance scope is illegal “prior restraint”" (Oct 8 2014)
    http://arstechnica.com/tech-po...
    US says it can hack into foreign-based servers without warrants (Oct 8 2014)
    http://arstechnica.com/tech-po...
    It seems the NSL aspect is just one aspect a very complex, hidden way of getting and using data for later use in the US legal system.
    In the past other surveillance programs like FAIRVIEW, OAKSTAR, RAMPART-A and WINDSTOP could bring in the data locally, globally via friendly nations and tame trusted big brands.
    The NSL seems to just fit in between a global sorting and direct use in the US legal system.
    It really depends how this plays out. Will the classic GCHQ view of not going to court so people feel like nothing telco related is going on?
    Or the new US idea that surveillance is now of such a global reach and low cost that US courts can know and and will have to just understand "collect it all"?
    The keys to a server and all users over time are now in play even if its just for legally finding one user for one case.
    Once your servers are part of a case, who can legally say that case has stopped? Weeks, months, years of no crypto and all logs. All very legal now? Soon?

  7. RE 'US doesn't even trust the other Five Eyes nations' spy agencies to be able to do this?*"
    Some data is kept private for 5 Eye political leaders and policy formation over decades or longer.
    Some information needs to be laundered in public in the short term to ensure good public relations spin, good news for sock puppets on social media or new public funding for gov/mil.
    The press finds a new story.

  8. One specific problem on The Executive Order That Redefines Data Collection · · Score: 1

    The Fourth Amendment is clear on traditional, reasonable safeguards for 100% of the cases.
    Bulk collection is not legal and permits things that would not be legal.

  9. Half life of data? on The Executive Order That Redefines Data Collection · · Score: 1

    Storage is now cheaper than sorting. Thats why the "all the phone records into a lockbox" over the life of a user is now the storage baseline. From that a gov can build hops as communication adds up over a life time.

  10. who is doing the spying? on Hundreds of Police Agencies Distributing Spyware and Keylogger · · Score: 1

    Depends on the city, state or federal funding. In the past 10 or so years huge amounts of funding, contractors and quickly cleared staff having been moving around all over the USA.
    Products have been sold, technical support and maintenance is in place for years covering federal and state needs.
    Now its up to the locals to find something to do with the cell phone data, maps, voice prints, credit card usage, cctv, gunshot location systems and keystroke-capturing.
    The information sorting is done by local or federal staff and then presented to local or federal officials to then put in for more funding or to buy in more private sector systems once new local patterns are found.
    The only trick is to keep people buying cell phones and enjoying social media in near real time over decades.
    The tracking systems are now in place down to the town, city and state level. The public just has to keep on having tame telco products on them at all times.

  11. FBI hidden agenda on Leaked Docs Reveal List of 30 Countries Hacked On Orders of FBI Informant Sabu · · Score: 1

    Follow the press and PR. The US was finding and stopping computer issues around the world in public.
    The US was finding out about computer networks around the world.
    Information was flowing back to the US using consumer grade networks and tools found in the wild using the pubic as cover.
    Recall Operation CHAOS (or Operation MHCHAOS) https://en.wikipedia.org/wiki/... and COINTELPRO https://en.wikipedia.org/wiki/...
    Just like now domestic groups where needed with liaison services.

  12. Re:Malware infection vector? on FBI Plans To Open Up Malware Analysis Tool To Outside Researchers · · Score: 1

    A person at a cafe, gym gets near a person who has clearance, a file worked on at home is infected, a well crafted email that is opened on an internal network.
    With wireless, huge internal networks and new staff been security cleared for very sensitive positions over the past decade... it more connecting a project to staff to a location and working the needed code in.
    Internal networks are well understood as they are the same product sold around the world, trusted or been expanded with security to be upgraded when done.
    Ideas around cloud, sharing data, regional and national searching is also a new aspect to what was one air gapped. Contractors are also happy to suggest wider networking, upsell their network security and onging network support.

  13. Re:if they give it away....... on FBI Plans To Open Up Malware Analysis Tool To Outside Researchers · · Score: 1

    State-sponsored malware seems to be crafted per person or project so it can get past most of the existing behavioral analysis.
    Or a gov just goes to hardware logging or social engineering after a sneak and peek visit.
    Suspect files will just be the the same real time consumer system's behavior AV finds in the wild everyday :)

  14. Re:I can't quite decide on How the NSA Profits Off of Its Surveillance Technology · · Score: 1

    re "But I can't actually decide if making useful security tools available is somehow against our citizens' interests."
    The tools offered will protect against distant man, expected in the wild man in the middle efforts.
    The tools, tame crypto, tame academics, tame OS, tame source code will not protect against modern version or equivalents of TEMPEST like ideas.
    The plain text, voice, call, gps, voice print or other network details will always be in the clear for gov tracking and parallel construction.
    Just good enough for international work, always easy enough for realtime domestic decryption.

  15. Re:Tails - The amnesic, incognito, live system on Australian Senate Introduces Laws To Allow Total Internet Surveillance · · Score: 1

    A nation with so few international optical landing sites a Tempora option would allow the finding of most messages in and out. https://en.wikipedia.org/wiki/...

  16. Re:Someone explain please on Australian Senate Introduces Laws To Allow Total Internet Surveillance · · Score: 1

    Re But why? It can't be just the lobbyist money.
    To the political class it becomes addictive. Reading embassy communications in the 1920's, WW2 Enigma. Australian staff became aware of a huge effort to listen to the world and wanted in after WW2.
    Australia was warned by some of it's top military people not to sell out to the US and UK given Australia's role in WW2 (full exploitation of crypto in Australia, troops under the control of the UK) but the political leaders joined the 5 eyes.
    The rest is history, from Soviet traffic in the late 1940's to the early role of ASIO, the Defence Signals Branch work on China in the 1950's, then Indonesia, Vietnam (Australian special forces with real time sigint support).
    US Ryolite satellites got Australia into more ground station work with sites like Pine Gap and local support. DSD Geraldton took over from UK sites lost in Hong Kong.
    After that its USA all the way. Generations of Australian staff know nothing but supporting roles.
    What the USA and UK do not put into law, Australia may to have to to secure legally safe convictions. Parallel construction would not work so mass collection and self signed warrants are made legal.

  17. Re:What could possibly go wrong on Putin To Discuss Plans For Disconnecting Russia From the Internet · · Score: 1

    Re: "Sure it'd be noticeable and some stuff would stop working, but it is certainly feasable."
    Russia knows most of its spending on Western tech was useful but the reality of phone home or back doors, trap doors, poor quality crypto or other access cannot be totally understood network wide.
    The ability to turn the net off to bulk external chatter would be a safe option for Russia to have fully explored over time. Russia can then just let its air gapped internal networks function and Russians would understand the reason why.
    Academic, science and other larger institutions would be fine on wide national local networks. Domestic phones would work. Russian language sites would show when connecting to any local isp.
    The US could think of it in terms of the quality built into the older POTS networks from the 1950-1980's per building, city, regional site, workers kept on site and expensive voice and data redundancy.
    Chinese backed credit card products will also help.

  18. fortress on foundations of sand. on Apple's "Warrant Canary" Has Died · · Score: 1

    Thats why govs use number stations and one time pads. The data around any encryption use found is just so useful.
    Every product sold that can be connected and used with a telco has to conform tech thats wide open to "Communications Assistance for Law Enforcement Act"
    https://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act

  19. Re:There is no on Apple's "Warrant Canary" Has Died · · Score: 1

    With a gov/mil buying spy software thats ready for average consumer phone products?
    The running process and modules are looked at to ensure different drop/inject methods will get around any antivirus products found.
    With your average consumer OS and devices, seconds after you enter your pw :)
    Its like the 1950's and been given Western encryption hardware. The code works and the message will not be broken as sent.
    Its just that using TEMPEST every plaintext keystroke in and print out is readable near the hardware.
    That same fun idea has never left signals intelligence, get the world fixated on encryption, company branding, while a input layer just offers up all plaintext.

  20. Re:The act of detecting changes your results on London's Crime Hot Spots Predicted Using Mobile Phone Data · · Score: 1

    The GCHQ was very aware of this in the 1960's on and did all it could to ensure people saw radomes and satellite dishes as been for tracking Soviet movements deep into Eastern Europe.
    ie not a gov ground station getting domestic calls.
    UK law enforcement and political parties where more interested in phone calls, later cell phone tracking, rapid decryption of consumer grade computer encryption and getting legally safe convictions in closed courts.
    Government Technical Assistance Centre (GCHQ Technical Assistance Centre), National Technical Assistance Centre and other units where set up to try and hide the GCHQ role in tracking and helping with crime from courts.
    The problem the GCHQ had was that such details about such efforts would make it to the press, lawyers, the public and the people been tracked or court cases been worked on.
    Smart people in the press, legal system and police forces quickly saw the new tasks and the interesting people changed methods away from easy signals intelligence just as the GCHQ had always predicted. All the UK police could do is try and find out who leaked but details about that leak hunt went public too.
    Contrast with the US views around keeping all domestic call data and using it in court as a talking point.
    The easy days of voice prints, "catch them in the act" or at least catch them quicker "after the fact" dont last if people dont need the the phone or computer.
    The other option is to place or turn an informant but that has always been more interesting.

  21. Re:Old NSA jokes on Snowden's Leaks Didn't Help Terrorists · · Score: 1

    The depth of public private partnerships, the numbers of new staff cleared, the size and speed of long term data storage for all domestic and international data is now understood. The lack of any domestic legal protections, the understanding of parallel construction and state or city level cell and call tracking, long term call databases for domestic use. Private sector help with consumer phones, the tame OS brands, tame telcos, tame international staff willing to help, tame crypto staff willing to give their political leaders calls to other nations for free. Tame govs willing to give all their nations telco data, banking and other trade data to a list of other nations.
    Tame academics teach the same old crypto, tame developers offer software and networking solutions at great cost from the same tame teams.
    The press understands that they are been watched and how. People have a better understanding of terms like VPN, the origins of and funding for onion routing, XKeyscore, Five Eyes databases, collecting wholesale information and the limited powers local political leaders have to protect their own citizens once fully committed to global collection networks.
    Signals intelligence has become the big project, with political access and budgets. Its like ENIGMA 2.0 but that still needs all communications to go via ENIGMA or related radio systems.
    The amount of data gathered gets difficult, the ability to not use digital networks or load up on long term disinformation becomes interesting too :)

  22. Re:Biggest joke a hundred years later on Snowden's Leaks Didn't Help Terrorists · · Score: 1

    Its kind of hard considering how others facing US courts tried to get the press and lawyers to take note. After that using the US legal system showed no "debate" was possible.
    http://cryptome.org/2013-info/... Lots of people tried to stay in the US court system with lawyers and still got no traction with the US press.

  23. Re:Assuming .... on Apple Will No Longer Unlock Most iPhones, iPads For Police · · Score: 1

    As people have mentioned Communications Assistance for Law Enforcement Act (CALEA) helps.
    https://en.wikipedia.org/wiki/...
    Beyond that is a vast selection of private sector options for law enforcement to help with any consumer device.
    Software that will seek out any version of consumer antivirus and just install its way around it.
    The software will be unique to your device so their will be no in the wild antivirus help and the install has already hidden from your chosen antivirus product.
    Your phone or web 2.0 software layer is turned into a beacon, camera, live microphone and key logger for as long as is needed and setting power off wont help.

  24. Re:They are pretending that they do not know on NSA Director Says Agency Is Still Trying To Figure Out Cyber Operations · · Score: 1

    No need to think about http://www.freedomwatchusa.org... (December 16, 2013).

  25. trapped in nomenclature on NSA Director Says Agency Is Still Trying To Figure Out Cyber Operations · · Score: 1

    The other fun part is what where "nuclear plans" doing on the web to be found?
    On average they might have been kind of expected to be found? The press getting whispers to stoke public outrage to show that they where very real?
    A nation goes to try and build from altered plans that wastes a decade and makes import supply lines and requests show up?
    The domestic press feeds a perfect operation to ensure plans are seen as real but nobody told the rest of the cleared political or signals intelligence teams not to worry.
    For that to work the internet has to be fully connected to all kinds of interesting mil sites just waiting to be found, downloaded from and then discovered to have been accessed from around the world.
    The only trick is to keep the term honeypot away from the tech press. Or not have the press recall the same trick been done with altered paper plans sold in old Europe.
    Thats the problem with massive signals intelligence teams and other massive intelligence moving agencies all having their own hidden missions.
    In the past signals intelligence teams could be kept as support only and intelligence agencies could roam the world tricking other nations for decades while keeping political leaders in the loop.
    Now active signals intelligence teams, contractors and the press with political contacts are reporting on active projects by intelligence agencies as if they where fact vs just fun cover stories.
    Protect the super new plans from been downloaded for free from wide open sites every year, get good press... more political interest and a bump in next years budget.
    Act of luck or just net activity looking for wide open sites every year and finding decades of complex 'plans' waiting?