Archives 2014

The Rafael Hui Case Amplifies Flaws in Hong Kong's Background Checks & Vetting System

Photo above: Rafael Hui (right) and Donald Tsang (left)

My last post of the year below and also in AsiaSentinel.

RafaelHui

Photo above: Rafael Hui

Why Didn’t the HK Vetting System Find Raphael Hui?

Former chief secretary, on his way to jail for 7-1/2 years, should have been spotted by background checks

Written by Vanson Soo
WED,24 DECEMBER 2014

The Hong Kong High Court delivered a landmark ruling Tuesday that brought an end to a chapter of one of the highest-level corruption trials in the city’s history with the conviction of former Chief Secretary Raphael Hui for bribery, along with the two executives who bribed him. But one serious question lingers.

Hui was handpicked by then Hong Kong chief executive Donald Tsang to return to the civil service as chief secretary. Why didn’t the background checks turn up what was obviously a grotesquely opulent lifestyle?

The 131-day high-profile trial involving Hui, effectively the number two in the Hong Kong government hierarchy, and two tycoons of Sun Hung Kai, the world’s second-most valuable real estate company according to Bloomberg, drew effective closure with Hui receiving seven and a half years behind bars for five charges including taking HK$8.5 million (US$1.1 million) in bribes from Sun Hung Kai co-chairman Thomas Kwok, who was given a five-year sentence and fined HK$500,000 for conspiring to corrupt the former chief secretary.

But who would have dared to oppose Hui’s appointment during the vetting process if Tsang wanted him? Apparently nobody. And shouldn’t Tsang be held responsible for overlooking Hui’s (known) vices? Shouldn’t the system have counted on the chief executive as the last line of defense to be absolutely clean?

If pre-employment background checks found a lavish opulent lifestyle and a high-spending propensity that were well known among Hui’s peers, who cast aside the potential red flag as merely a private and personal matter? Wasn’t it a colossal mistake that nobody asked the very simple question, if he was spending well beyond his means, where was he getting the money? Who then should be responsible for the gross oversight?

Details of Hui’s high life, including the showering of expensive gifts on his high-maintenance young mistress, came to light during the trial but it also emerged that his tilt towards the material world was no secret among his associates.

In light of Hui’s case, the government has defended its system of background checks, insisting there were adequate checks in place prior to slotting civil servants into their appointments. That defense highlights one gross, systematic problem, such as pre-employment background checks, in both the civil and commercial sectors alike: a check-the-box mentality instead of a serious investigation.

Pre-employment background checks are an exercise to ensure someone is properly, thoroughly and systematically vetted before an official undertaking, such as employment or appointment, to the extent that the person doesn’t become a potential liability and cause embarrassment sometime down the way.

These checks have both quantitative and qualitative elements. On the quantitative side, the checks include paper trials to confirm (thus the tag “check-the-box”) personal details, educational background, career history and highlight any potential conflicts and red flags found – for example, any record of bankruptcy, insolvency, sanctions, political affiliations, criminal history, etc.

In the civil service, all those checks extend to the subject’s next-of-kin. In commercial background checks (for example, banks in some jurisdictions are required to conduct these checks on all new hires), any personal stake and interest in other companies would also be material information.

The qualitative checks refer to efforts to find, as the wording suggests, any non-quantitative (i.e. non-documented) facts that could potentially cause trouble. In some commercial checks I have done for my clients, for example, someone found to have a high gambling propensity, or another with a history of sexual harassment in the workplace, were duly noted and accounted for in the process. In the political sphere, for example, anyone found to have employed undocumented immigrants would be promptly flagged in the United States and has been, ending the careers of several high-level appointees.

The check-the-box exercise underscores the very bureaucracy of the civil service as these background checks are designed to be “on the safe side,” documenting only those facts that are “traceable and reliable,” according to a source, a former senior Hong Kong government official familiar with the background checks and vetting processes within the civil service.

Beyond these quantifiable facts, the source told me any adverse comments – such as reports of one’s character, much like Hui’s high life – would rarely be passed on in the reports because they would be easily challenged. In several instances, troubles emerged later precisely because these omitted qualitative red flags came back to haunt both the employers and the newly employed.

The point then is, so what if Hui is known to have those vices? The government can boast all they want about their rigorous system of checks, including having two referees to evaluate the candidate but what use is it when the referees were appointed by the candidates themselves?

In Hui’s case, he was handpicked by Tsang to return to the civil service as chief secretary. But it has been widely reported that Tsang himself could face criminal prosecution on charges of improper conduct in office although the city’s anti-graft body – the Independent Commission Against Corruption (ICAC) – only says its investigation is still underway.

So, was it not a colossal mistake by the civil service to assume poor Hui and companies wouldn’t be singing Christmas carols behind bars, this and several more Christmas ahead?

Shhh… The WikiLeaks' CIA Travel Guide

I like to share with you the latest WikiLeaks release, “CIA Travel Advice to Operatives”. Its press release is pasted below (click here for the full report).

And I find it appropriate to highlight an earlier column, Spies and the Airport Screening Machine.

Enjoy!

CIA Travel Advice to Operatives – Press Release

Today, 21 December 2014, WikiLeaks releases two classified documents by a previously undisclosed CIA office detailing how to maintain cover while travelling through airports using false ID – including during operations to infiltrate the European Union and the Schengen passport control system. This is the second release within WikiLeaks’ CIA Series, which will continue in the new year.

The two classified documents aim to assist CIA undercover officials to circumvent these systems around the world. They detail border-crossing and visa regulations, the scope and content of electronic systems, border guard protocols and procedures for secondary screenings. The documents show that the CIA has developed an extreme concern over how biometric databases will put CIA clandestine operations at risk – databases other parts of the US government made prevalent post-9/11.

How to Survive Secondary Screening without Blowing your CIA Cover

The CIA manual “Surviving Secondary”, dated 21 September 2011, details what happens in an airport secondary screening in different airports around the world and how to pass as a CIA undercover operative while preserving one’s cover. Among the reasons for why secondary screening would occur are: if the traveller is on a watchlist (noting that watchlists can often contain details of intelligence officials); or is found with contraband; or “because the inspector suspects that something about the traveler is not right”.

The highlighted box titled “The Importance of Maintaining Cover––No Matter What” at the end of the document provides an example of an occasion when a CIA officer was selected for secondary screening at an EU airport. During the screening his baggage was swiped and traces of explosives found. The officer “gave the cover story” to explain the explosives; that he had been in counterterrorism training in Washington, DC. Although he was eventually allowed to continue, this example begs the question: if the training that supposedly explained the explosives was only a cover story, what was a CIA officer really doing passing through an EU airport with traces of explosives on him, and why was he allowed to continue?

The CIA identifies secondary screening as a threat in maintaining cover due to the breadth and depth of the searches, including detailed questioning, searches of personal belongings and electronic databases and collection of biometrics “all of which focus significant scrutiny on an operational traveler”.

The manual provides advice on how best to prepare for and pass such a process: having a “consistent, well-rehearsed, and plausible cover”. It also explains the benefits of preparing an online persona (for example, Linked-In and Twitter) that aligns with the cover identity, and the importance of carrying no electronic devices with accounts that are not for the cover identity, as well as being mentally prepared.

CIA Overview of EU Schengen Border Control

The second document in this release, “Schengen Overview”, is dated January 2012 and details guidelines for border officials in the EU’s Schengen zone and the threats their procedures might pose in exposing the “alias identities of tradecraft-conscious operational travelers”, the CIA terminology for US spies travelling with false ID during a clandestine operation. It outlines how various electronic systems within Schengen work and the risks they pose to clandestine US operatives, including the Schengen Information System (SIS), the European fingerprint database EURODAC (European Dactyloscopie) and FRONTEX (Frontières extérieures) – the EU agency responsible for easing travel between member states while maintaining security.

While Schengen currently does not use a biometric system for people travelling with US documents, if it did this “would increase the identity threat level” and, the report warns, this is likely to come into place in 2015 with the EU’s Entry/Exit System (EES). Currently, the Visa Information System (VIS), operated by a number of Schengen states in certain foreign consular posts, provides the most concern to the CIA as it includes an electronic fingerprint database that aims to expose travellers who are attempting to use multiple and false identities. As use of the VIS system grows it will increase the “identity threat for non-US-documented travelers”, which would narrow the possible false national identities the CIA could issue for undercover operatives.

WikiLeaks’ Editor-in-Chief Julian Assange said: “The CIA has carried out kidnappings from European Union states, including Italy and Sweden, during the Bush administration. These manuals show that under the Obama administration the CIA is still intent on infiltrating European Union borders and conducting clandestine operations in EU member states.”

Both documents are classified and marked NOFORN (preventing allied intelligence liaison officers from reading it). The document detailing advice on maintaining cover through secondary screening also carries the classification ORCON (originator controlled) and specifically allows distribution to Executive Branch Departments/Agencies of the US government with the appropriate clearance, facilitating clandestine operations by the other 16 known US government spy agencies. Both documents were produced by a previously unknown office of the CIA: CHECKPOINT, situated in the Identity Intelligence Center (i2c) within the Directorate of Science and Technology. CHECKPOINT specifically focuses on “providing tailored identity and travel intelligence” including by creating documents such as those published today designed specifically to advise CIA personnel on protecting their identities while travelling undercover.

Shhh… A Feasible Strategy Despite Severe Innate Phone Security (Eavesdropping) Flaws Like SS7

The Washington Post article below once again highlights one approach to mobile phone usage: have many spares, apart from your regular smartphone(s), like good old cellulars and disposable low-value SIM cards. Dispose the SIM card after each use and always switch amongst those cellulars.

It can’t stop eavesdropping but at least the hackers and spies cannot trace you so easily. The approach may sound extreme to most people, so for all practical reasons, it’s best recommended only for those important and confidential conversations.

SpareSimsPhones2

German researchers discover a flaw that could let anyone listen to your cell calls.
By Craig Timberg December 18

German researchers have discovered security flaws that could let hackers, spies and criminals listen to private phone calls and intercept text messages on a potentially massive scale – even when cellular networks are using the most advanced encryption now available.

The flaws, to be reported at a hacker conference in Hamburg this month, are the latest evidence of widespread insecurity on SS7, the global network that allows the world’s cellular carriers to route calls, texts and other services to each other. Experts say it’s increasingly clear that SS7, first designed in the 1980s, is riddled with serious vulnerabilities that undermine the privacy of the world’s billions of cellular customers.

The flaws discovered by the German researchers are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network.

Those skilled at the myriad functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption. There also is potential to defraud users and cellular carriers by using SS7 functions, the researchers say.

These vulnerabilities continue to exist even as cellular carriers invest billions of dollars to upgrade to advanced 3G technology aimed, in part, at securing communications against unauthorized eavesdropping. But even as individual carriers harden their systems, they still must communicate with each other over SS7, leaving them open to any of thousands of companies worldwide with access to the network. That means that a single carrier in Congo or Kazakhstan, for example, could be used to hack into cellular networks in the United States, Europe or anywhere else.

“It’s like you secure the front door of the house, but the back door is wide open,” said Tobias Engel, one of the German researchers.

Engel, founder of Sternraute, and Karsten Nohl, chief scientist for Security Research Labs, separately discovered these security weaknesses as they studied SS7 networks in recent months, after The Washington Post reported the widespread marketing of surveillance systems that use SS7 networks to locate callers anywhere in the world. The Post reported that dozens of nations had bought such systems to track surveillance targets and that skilled hackers or criminals could do the same using functions built into SS7. (The term is short for Signaling System 7 and replaced previous networks called SS6, SS5, etc.)

The researchers did not find evidence that their latest discoveries, which allow for the interception of calls and texts, have been marketed to governments on a widespread basis. But vulnerabilities publicly reported by security researchers often turn out to be tools long used by secretive intelligence services, such as the National Security Agency or Britain’s GCHQ, but not revealed to the public.

“Many of the big intelligence agencies probably have teams that do nothing but SS7 research and exploitation,” said Christopher Soghoian, principal technologist for the ACLU and an expert on surveillance technology. “They’ve likely sat on these things and quietly exploited them.”

The GSMA, a global cellular industry group based in London, did not respond to queries seeking comment about the vulnerabilities that Nohl and Engel have found. For the Post’s article in August on location tracking systems that use SS7, GSMA officials acknowledged problems with the network and said it was due to be replaced over the next decade because of a growing list of security and technical issues.

The German researchers found two distinct ways to eavesdrop on calls using SS7 technology. In the first, commands sent over SS7 could be used to hijack a cell phone’s “forwarding” function — a service offered by many carriers. Hackers would redirect calls to themselves, for listening or recording, and then onward to the intended recipient of a call. Once that system was in place, the hackers could eavesdrop on all incoming and outgoing calls indefinitely, from anywhere in the world.

The second technique requires physical proximity but could be deployed on a much wider scale. Hackers would use radio antennas to collect all the calls and texts passing through the airwaves in an area. For calls or texts transmitted using strong encryption, such as is commonly used for advanced 3G connections, hackers could request through SS7 that each caller’s carrier release a temporary encryption key to unlock the communication after it has been recorded.

Nohl on Wednesday demonstrated the ability to collect and decrypt a text message using the phone of a German senator, who cooperated in the experiment. But Nohl said the process could be automated to allow massive decryption of calls and texts collected across an entire city or a large section of a country, using multiple antennas.

“It’s all automated, at the push of a button,” Nohl said. “It would strike me as a perfect spying capability, to record and decrypt pretty much any network… Any network we have tested, it works.”

Those tests have included more than 20 networks worldwide, including T-Mobile in the United States. The other major U.S. carriers have not been tested, though Nohl and Engel said it’s likely at least some of them have similar vulnerabilities. (Several smartphone-based text messaging systems, such as Apple’s iMessage and Whatsapp, use end-to-end encryption methods that sidestep traditional cellular text systems and likely would defeat the technique described by Nohl and Engel.)

In a statement, T-Mobile said: “T-Mobile remains vigilant in our work with other mobile operators, vendors and standards bodies to promote measures that can detect and prevent these attacks.”

The issue of cell phone interception is particularly sensitive in Germany because of news reports last year, based on documents provided by former NSA contractor Edward Snowden, that a phone belonging to Chancellor Angela Merkel was the subject of NSA surveillance. The techniques of that surveillance have not become public, though Nohl said that the SS7 hacking method that he and Engel discovered is one of several possibilities.

U.S. embassies and consulates in dozens of foreign cities, including Berlin, are outfitted with antennas for collecting cellular signals, according to reports by German magazine Der Spiegel, based on documents released by Snowden. Many cell phone conversations worldwide happen with either no encryption or weak encryption.

The move to 3G networks offers far better encryption and the prospect of private communications, but the hacking techniques revealed by Nohl and Engel undermine that possibility. Carriers can potentially guard their networks against efforts by hackers to collect encryption keys, but it’s unclear how many have done so. One network that operates in Germany, Vodafone, recently began blocking such requests after Nohl reported the problem to the company two weeks ago.

Nohl and Engel also have discovered new ways to track the locations of cell phone users through SS7. The Post story, in August, reported that several companies were offering governments worldwide the ability to find virtually any cell phone user, virtually anywhere in the world, by learning the location of their cell phones through an SS7 function called an “Any Time Interrogation” query.

Some carriers block such requests, and several began doing so after the Post’s report. But the researchers in recent months have found several other techniques that hackers could use to find the locations of callers by using different SS7 queries. All networks must track their customers in order to route calls to the nearest cellular towers, but they are not required to share that information with other networks or foreign governments.

Carriers everywhere must turn over location information and allow eavesdropping of calls when ordered to by government officials in whatever country they are operating in. But the techniques discovered by Nohl and Engel offer the possibility of much broader collection of caller locations and conversations, by anyone with access to SS7 and the required technical skills to send the appropriate queries.

“I doubt we are the first ones in the world who realize how open the SS7 network is,” Engel said.

Secretly eavesdropping on calls and texts would violate laws in many countries, including the United States, except when done with explicit court or other government authorization. Such restrictions likely do little to deter criminals or foreign spies, say surveillance experts, who say that embassies based in Washington likely collect cellular signals.

The researchers also found that it was possible to use SS7 to learn the phone numbers of people whose cellular signals are collected using surveillance devices. The calls transmit a temporary identification number which, by sending SS7 queries, can lead to the discovery of the phone number. That allows location tracking within a certain area, such as near government buildings.

The German senator who cooperated in Nohl’s demonstration of the technology, Thomas Jarzombek of Merkel’s Christian Democratic Union party, said that while many in that nation have been deeply angered by revelations about NSA spying, few are surprised that such intrusions are possible.

“After all the NSA and Snowden things we’ve heard, I guess nobody believes it’s possible to have a truly private conversation on a mobile phone,” he said. “When I really need a confidential conversation, I use a fixed-line” phone.

Are You Unique – How to Check Your Browser Fingerprints & Online Privacy?

Think you have taken all measures to remain anonymous and untraceable online? Or are you still (unknowingly) leaving browser fingerprints that can be traced to you and your devices?

The good news is, there’s a way to check and confirm if you are unique in cyberspace.

A browser fingerprint, or device fingerprint, is the systematic collection of information about a remote device for identification purposes, even when cookies are turned off.

There’s a web site “Am I Unique” which you can visit and check by clicking “View my browser fingerprint” as shown below:

Fingerprinting-Browser

That should give much food for thoughts for the Christmas holidays?

According to a recent international survey on 23,376 Internet users in 24 countries, carried out between October 7, 2014 and November 12, 2014, which found some 64 percent confessed they’re more concerned today about online privacy than they were a year ago.

Privacy-survey

That’s one way to gauge the post-Snowden effects. And if you still wonder why privacy matters, I highly recommend the Glenn Greenwald’s TEDTalk on “Why Privacy Matters“.

Shhh… US Federal Court: Warrantless Surveillance Footage in Public Areas is an Invasion of Privacy

Guess one would easily assume privacy does not apply in public areas – just look at the proliferation of CCTV cameras in the streets.

Well, that’s probably not necessarily the case judging by one recent court ruling in Washington. It may be good news for the general public and bad news for law enforcement.

Now first, many would probably associate the following 2 photos with typical covert surveillance operations, whereby operatives waited patiently to snap photos (and video) evidence of their subjects.

Surveillance-Detectives

Surveillance-Detectives2

But in this case involving the Washington police and Leonel Vargas (an “undocumented” immigrant suspected of drug trafficking), the authorities had a better idea.

The police planted a video camera, without a warrant, on a nearby utility pole 100 yards from Vargas’ rural Washington state house and shot 6 weeks worth of footage of his front yard whereby they eventually captured convincing evidence.

Vargas challenged the case on the grounds of violation of his privacy, which the government argued was not valid as his front yard is a public space and thus privacy does not apply.

The evidence put forward by the authorities was subsequently thrown out of the court by US District Judge Edward Shea, whose ruling is well summed up as such:

Law enforcement’s warrantless and constant covert video surveillance of Defendant’s rural front yard is contrary to the public’s reasonable expectation of privacy and violates Defendant’s Fourth Amendment right to be free from unreasonable search. The video evidence and fruit of the video evidence are suppressed.

Find out more about this case from here and there.

Shhh… The FBI Unmasking of TOR Users with Metasploit

I like to share this WIRED updates on the use of TOR.

The FBI Used the Web’s Favorite Hacking Tool to Unmask Tor Users
By Kevin Poulsen 12.16.14 | 7:00 am

For more than a decade, a powerful app called Metasploit has been the most important tool in the hacking world: An open-source Swiss Army knife of hacks that puts the latest exploits in the hands of anyone who’s interested, from random criminals to the thousands of security professionals who rely on the app to scour client networks for holes.

Now Metasploit has a new and surprising fan: the FBI. WIRED has learned that FBI agents relied on Flash code from an abandoned Metasploit side project called the “Decloaking Engine” to stage its first known effort to successfully identify a multitude of suspects hiding behind the Tor anonymity network.

That attack, “Operation Torpedo,” was a 2012 sting operation targeting users of three Dark Net child porn sites. Now an attorney for one of the defendants ensnared by the code is challenging the reliability of the hackerware, arguing it may not meet Supreme Court standards for the admission of scientific evidence. “The judge decided that I would be entitled to retain an expert,” says Omaha defense attorney Joseph Gross. “That’s where I am on this—getting a programming expert involved to examine what the government has characterized as a Flash application attack of the Tor network.”

A hearing on the matter is set for February 23.

Tor, a free, open-source project originally funded by the US Navy, is sophisticated anonymity software that protects users by routing traffic through a labyrinthine delta of encrypted connections. Like any encryption or privacy system, Tor is popular with criminals. But it also is used by human rights workers, activists, journalists and whistleblowers worldwide. Indeed, much of the funding for Tor comes from grants issued by federal agencies like the State Department that have a vested interest in supporting safe, anonymous speech for dissidents living under oppressive regimes.

With so many legitimate users depending upon the system, any successful attack on Tor raises alarm and prompts questions, even when the attacker is a law enforcement agency operating under a court order. Did the FBI develop its own attack code, or outsource it to a contractor? Was the NSA involved? Were any innocent users ensnared?

Now, some of those questions have been answered: Metasploit’s role in Operation Torpedo reveals the FBI’s Tor-busting efforts as somewhat improvisational, at least at first, using open-source code available to anyone.

Created in 2003 by white hat hacker HD Moore, Metasploit is best known as a sophisticated open-source penetration testing tool that lets users assemble and deliver an attack from component parts—identify a target, pick an exploit, add a payload and let it fly. Supported by a vast community of contributors and researchers, Metasploit established a kind of lingua franca for attack code. When a new vulnerability emerges, like April’s Heartbleed bug, a Metasploit module to exploit it is usually not far behind.

Moore believes in transparency—or “full disclosure”—when it comes to security holes and fixes, and he’s applied that ethic in other projects under the Metasploit banner, like the Month of Browser Bugs, which demonstrated 30 browser security holes in as many days, and Critical.IO, Moore’s systematic scan of the entire Internet for vulnerable hosts. That project earned Moore a warning from law enforcement officials, who cautioned that he might be running afoul of federal computer crime law.

In 2006, Moore launched the “Metasploit Decloaking Engine,” a proof-of-concept that compiled five tricks for breaking through anonymization systems. If your Tor install was buttoned down, the site would fail to identify you. But if you’d made a mistake, your IP would appear on the screen, proving you weren’t as anonymous as you thought. “That was the whole point of Decloak,” says Moore, who is chief research officer at Austin-based Rapid7. “I had been aware of these techniques for years, but they weren’t widely known to others.”

One of those tricks was a lean 35-line Flash application. It worked because Adobe’s Flash plug-in can be used to initiate a direct connection over the Internet, bypassing Tor and giving away the user’s true IP address. It was a known issue even in 2006, and the Tor Project cautions users not to install Flash.

The decloaking demonstration eventually was rendered obsolete by a nearly idiot-proof version of the Tor client called the Tor Browser Bundle, which made security blunders more difficult. By 2011, Moore says virtually everyone visiting the Metasploit decloaking site was passing the anonymity test, so he retired the service. But when the bureau obtained its Operation Torpedo warrants the following year, it chose Moore’s Flash code as its “network investigative technique”—the FBI’s lingo for a court-approved spyware deployment.

Torpedo unfolded when the FBI seized control of a trio of Dark Net child porn sites based in Nebraska. Armed with a special search warrant crafted by Justice Department lawyers in Washington DC, the FBI used the sites to deliver the Flash application to visitors’ browsers, tricking some of them into identifying their real IP address to an FBI server. The operation identified 25 users in the US and an unknown number abroad.

Gross learned from prosecutors that the FBI used the Decloaking Engine for the attack — they even provided a link to the code on Archive.org. Compared to other FBI spyware deployments, the Decloaking Engine was pretty mild. In other cases, the FBI has, with court approval, used malware to covertly access a target’s files, location, web history and webcam. But Operation Torpedo is notable in one way. It’s the first time—that we know of—that the FBI deployed such code broadly against every visitor to a website, instead of targeting a particular suspect.

The tactic is a direct response to the growing popularity of Tor, and in particular an explosion in so-called “hidden services”—special websites, with addresses ending in .onion, that can be reached only over the Tor network.

Hidden services are a mainstay of the nefarious activities carried out on the so-called Dark Net, the home of drug markets, child porn, and other criminal activity. But they’re also used by organizations that want to evade surveillance or censorship for legitimate reasons, like human rights groups, journalists, and, as of October, even Facebook.

A big problem with hidden service, from a law enforcement perceptive, is that when the feds track down and seize the servers, they find that the web server logs are useless to them. With a conventional crime site, those logs typically provide a handy list of Internet IP addresses for everyone using the site – quickly leveraging one bust into a cascade of dozens, or even hundreds. But over Tor, every incoming connection traces back only as far as the nearest Tor node—a dead end.

Thus, the mass spyware deployment of Operation Torpedo. The Judicial Conference of the United States is currently considering a Justice Department petition to explicitly permit spyware deployments, based in part on the legal framework established by Operation Torpedo. Critics of the petition argue the Justice Department must explain in greater detail how its using spyware, allowing a public debate over the capability.

“One thing that’s frustrating for me right now, is it’s impossible to get DOJ to talk about this capability,” says Chris Soghoian, principal technologist at the ACLU. “People in government are going out of their way to keep this out of the discussion.”

For his part, Moore has no objection to the government using every available tool to bust pedophiles–he once publicly proposed a similar tactic himself. But he never expected his long-dead experiment to drag him into a federal case. Last month he started receiving inquiries from Gross’ technical expert, who had questions about the efficacy of the decloaking code. And last week Moore started getting questions directly from the accused pedophile in the case— a Rochester IT worker who claims he was falsely implicated by the software.

Moore finds that unlikely, but in the interest of transparency, he answered all the questions in detail. “It only seemed fair to reply to his questions,” Moore says. “Though I don’t believe my answers help his case at all.”

Using the outdated Decloaking Engine would not likely have resulted in false identifications, says Moore. In fact, the FBI was lucky to trace anyone using the code. Only suspects using extremely old versions of Tor, or who took great pains to install the Flash plug-in against all advice, would have been vulnerable. By choosing an open-source attack, the FBI essentially selected for the handful offenders with the worst op-sec, rather than the worst offenders.

Since Operation Torpedo, though, there’s evidence the FBI’s anti-Tor capabilities have been rapidly advancing. Torpedo was in November 2012. In late July 2013, computer security experts detected a similar attack through Dark Net websites hosted by a shady ISP called Freedom Hosting—court records have since confirmed it was another FBI operation. For this one, the bureau used custom attack code that exploited a relatively fresh Firefox vulnerability—the hacking equivalent of moving from a bow-and-arrow to a 9-mm pistol. In addition to the IP address, which identifies a household, this code collected the MAC address of the particular computer that infected by the malware.

“In the course of nine months they went from off the shelf Flash techniques that simply took advantage of the lack of proxy protection, to custom-built browser exploits,” says Soghoian. “That’s a pretty amazing growth … The arms race is going to get really nasty, really fast.”

One Question on the Sydney Siege: Why didn't the Snipers Shoot Earlier?

I’m troubled by the Sydney siege at the Lindt Chocolate Café in Martin Place that has just concluded with 3 fatalities and 3 injured.

For starters, here’s one easy question: What’s wrong with these pictures (above from 7 News and the 2 below) and the video below (watch from 2:06 onwards)?

Sydney siege gunman-PIC
Photo credit: 7 News

Sydney-LindtCafeSeige-PIC
Picture: Ross Schultz Source: News Corp Australia

Now, the real question is: Where were the snipers? And why didn’t they shoot when they had the chance?

(Snipers reportedly manned nearby rooftops and shouted “Hostage down, window two” only when tactical police stormed the café at the end of the siege.)

If the media had these clear shots of the gunman Man Haron Monis, why didn’t the authorities have the snipers to take him down within the 16 hours window? If the snipers were not in a better position than the media, surely they have enough time to move for better views, rooftop or on the ground? The snipers of course need clearance from their commanders who should be on site with their squads. So does that mean the authorities did not want to kill him for whatever reasons?

Certainly many complicated questions but in any case, there were 17 hostages at stake and the police did not move in for the kill until (negotiations apparently failed and) there were gunshots within the café?

I have only one potential explanation: the authorities were concerned with the hostage taker’s claims that there were other explosive devices planted around the city – and the police have intelligence that he has comrades who would trigger those devices if he’s dead (I know it’s easier said than done but with good use of negotiators and intelligence, and a good 16-hour timeframe, the police and intelligence agencies could have established if he has other accomplices to detonate those devices, if any – plus it’s not that Man Haron Monis was any stranger to the Australian authorities. They should have a huge file on him all along).

Anything short (and as it turned out, his former lawyer, Manny Conditsis, reportedly told the media that Monis was an isolated figure who had acted alone), it’s sad to see yet another case whereby the authorities have not followed protocol in hostage situations: Take the man down (at the very opportunity).

It’s reminiscent of the Manila hostage event of 23 August 2010, when the hostage taker, former Philippines police officer Rolando Mendoza, hijacked a tourist bus with 25 hostages onboard. He was in plain sight (see picture below) several times, more than sufficient for the snipers to decide where to aim. But the Philippines authorities missed the opportunities, resulting in 9 deaths (including the perpetrator).

Manila-BusHostage-PIC

A longer version of this column appears in AsiaSentinel.com

Shhh… Michael Hayden on the Senate’s CIA Interrogation Report

Photo (above) credit: CIA

I like to share this POLITICO MAGAZINE exclusive interview with former CIA Director (May 30, 2006 – February 12, 2009) Michael Hayden on the release of the US Senate’s report.

Michael Hayden Is Not Sorry
The Senate report rakes Bush’s former CIA director over the coals. He fires back in an exclusive interview.

By MICHAEL HIRSH
December 09, 2014

Though the CIA’s “enhanced interrogation” program long predated his takeover of the agency in 2006, former Director Michael Hayden has found himself at the center of the explosive controversy surrounding the Senate Intelligence Committee’s executive summary of its still-classified report on torture. In a long, impassioned speech on the floor Tuesday, Committee Chair Dianne Feinstein cited Hayden’s testimony repeatedly as evidence that the CIA had not been forthright about a program that the committee majority report called brutal, ineffective, often unauthorized “and far worse than the CIA represented to policymakers and others.” She publicly accused Hayden of falsely describing the CIA’s interrogation techniques “as minimally harmful and applied in a highly clinical and professional manner.” In an interview with Politico Magazine National Editor Michael Hirsh, Hayden angrily rebuts many of the report’s findings.

Michael Hirsh: The report concludes, rather shockingly, that Pres. George W. Bush and other senior officials—including Defense Secretary Donald Rumsfeld for a time and Secretary of State Colin Powell—were not aware of many details of the interrogation programs for a long period. According to CIA records, it concludes, no CIA officer including Directors George Tenet and Porter Goss briefed the president on the specific enhanced interrogation techniques before April 2006. Is that true?

Michael Hayden: It is not. The president personally approved the waterboarding of Abu Zubaydah [in 2002]. It’s in his book! What happened here is that the White House refused to give them [the Senate Intelligence Committee] White House documents based upon the separation of powers and executive privilege. That’s not in their report, but all of that proves that there was dialogue was going on with the White House. What I can say is that the president never knew where the [black] sites were. That’s the only fact I’m aware that he didn’t know.

Hirsh: The report directly challenges your truthfulness, repeatedly stating that your testimony on the details of the programs –for example on whether the interrogations could be stopped at any time by any CIA participant who wanted them halted— is “not congruent with CIA records.” Does that mean you weren’t telling the truth?

Hayden: I would never lie to the committee. I did not lie.

Hirsh: Does it mean that you, along with others at senior levels, were misled about what was actually going on in the program?

Hayden: My testimony is consistent with what I was told and what I had read in CIA records. I said what the agency told me, but I didn’t just accept it at face value. I did what research I could on my own, but I had a 10-day window in which to look at this thing [the committee’s request for information]. I was actually in Virginia for about 30 hours and studied the program for about three before I went up to testify. I was trying to describe a program I didn’t run. The points being made against my testimony in many instances appear to be selective reading of isolated incidents designed to prove a point where I was trying to describe the overall tenor of the program. I think the conclusions they drew were analytically offensive and almost street-like in their simplistic language and conclusions. The agency has pushed back rather robustly in its own response.

Hirsh: You seem upset.

Hayden: Yeah, I’m emotional about it. Everything here happened before I got there [to the CIA], and I’m the one she [Sen. Feinstein] condemns on the floor of the Senate? Gee, how’d that happen? I’m the dumb son of a bitch who went down and tried to lay out this program in great detail to them. I’m mentioned twice as much in there as George Tenet—but George and Porter Goss had 97 detainees during their tenure, while I had two.

Hirsh: Is there anything you think the report gets right?

Hayden: All of us are really upset because we could have used a fair and balanced review of what we did. … The agency clearly admits it was fly-by-wire in the beginning. They were making it up as they went along and it should have been more well-prepared. They’ve freely admitted that. They said that early on they lacked the core competencies required to undertake an unprecedented program of detaining and interrogating suspected terrorists around the world. But then what the committee does is to take what I said out of context. They take statements I made about the later days of the program, for example when I said it was well-regulated and there were medical personnel available, etc., and then apply it to the early days of the program, when there were not. It misrepresents what I said.

Hirsh: One of the most stunning and cited conclusions of the report is that interrogations of CIA detainees were brutal and far worse than the CIA represented to policymakers and others.

Hayden: That is untrue. And let me give you a data point. John Durham, a special independent prosecutor, over a three-year period investigated every known CIA interaction with every CIA detainee. At the end of that the Obama administration declined any prosecution. [In 2012, the Justice Department announced that its investigation into two interrogation deaths that Durham concluded were suspicious out of the 101 he examined—those of Afghan detainee Gul Rahman and Iraqi detainee Manadel al-Jamadi—would be closed with no charges.] So if A is true how does B get to be true? If the CIA routinely did things they weren’t authorized to do, then why is there no follow-up? I have copies of the DOJ reports they’re using today. The question is, is the DoJ going to open any investigation and the DoJ answer is no. You can’t have it both ways. You can’t have all this supposed documentary evidence saying the agency mistreated these prisoners and then Barack Obama’s and Eric Holder’s Department of Justice saying no, you’ve got bupkis here.

Hirsh: What about the report’s overarching conclusion that these enhanced techniques simply were not effective at getting intelligence?

Hayden: My very best argument is that I went to [then-Deputy CIA Director] Mike Morell and I said, ‘Don’t fuck with me. If this story [about the usefulness of intelligence gained from enhanced techniques] isn’t airtight then I’m not saying it to Congress.’ They came back and said our version of the story is correct. Because of this program Zubaydah begat [Khalid Sheikh Mohammed], who begat [others]. We learned a great deal from the detainees.

Hirsh: The report says that even the CIA’s inspector general was not fully informed about the programs—that in fact the CIA impeded oversight by the IG.

Hayden: The IG never told me that. The IG never reported that to Congress. Look, I’m relying on people below me. If they tell you an untruth, you get rid of them. But I never felt I was being misled, certainly not on the important contours of this program. What they [the committee] are doing is grabbing emails out of the ether in a massive fishing expedition. This is a partisan report, as you can see from the minority report out of the committee.

Hirsh: Can you sort out the discrepancy between your testimony that there were only 97 detainees in the history of the program when the report says there 119?

Hayden: We knew there were more. The high-value-target program—they don’t show up on my list if they’re at the [black] sites. And committee knew all about that. They have chapter and verse from [former CIA IG John] Helgerson about it. It’s a question of what criteria you use. When I met with my team about these discrepancies, I said, ‘You tell [incoming CIA director] Leon Panetta he’s got to change the numbers that have been briefed to Congress.’

Hirsh: The report suggests that you misrepresented what you told Congress in the briefings, telling a meeting of foreign ambassadors to the United States in 2006 that every committee member was “fully briefed.”

Hayden: I mean what are they doing—trying to score my public speeches? What’s that about? You want me to go out and score Ron Wyden’s speeches?

Hirsh: You don’t believe you’re in legal jeopardy?

Hayden: No, not at all. I didn’t do anything wrong. How could I be in legal jeopardy?

Michael Hirsh is national editor for Politico Magazine.

The US Senate Intelligence Committee & CIA Interrogation Report – A Closer Look at the Tortures at Guantanamo Bay

CIA-guantanamo

In view of the huge trove of news coverage following the release of the long overdue and highly anticipated CIA Interrogation report (the BBC has a nice summary of the 20 key findings) by the US Senate Intelligence Committee on Tuesday, I thought it is good to (re)view this UK’s Channel 4 “Guantanamo Handbook” documentary.

It is a reenactment of the tortures at one of the most well known US military prisons in Cuba called the Guantanamo Bay detention camp, also referred to as Guantánamo, G-bay or GTMO – whereby 7 British volunteered to be detainees and subjected to selected CIA-style tortures for 48 hours.

Most notably, one volunteer who started off saying he supported the torture program as a means to gather intelligence and save lives – as per White House speaks – was the first to withdraw on medical grounds after just 10 hours, saying even though he had “strong views” earlier, he has “become more sympathetic of what’s going on there than before” and felt lucky he was “pulled” (out of the program).

Action speaks louder than words? Period.

Life-Saving Gadgets like Bulletproof Bags and Shields for Schools & the Workplace

Photo (above) credit: Alexander Augusteijn

With the recent headlines on fatal shootings by the police, and school massacres in the US earlier, the demand for bulletproof gears may well be on the rise again. And with Christmas round the corner, there’s no better time to show your loved ones you really care about their safety, at school and the workplace.

Perhaps you’re not alien to these products but I thought of sharing anyway, especially my findings on price effective solutions.

But first, here’s the link to a video introduction on one such product. And here’s a demonstration of the gear at work – blocking the bullet.

If it’s convincing, there’s still one operational issue. It takes a good few seconds to convert those ordinary-looking computer bags into a bulletproof shield covering the upper body. And that’s why I thought the next product (picture below) is more practical: it takes just a second to transform the briefcase into a bulletproof wall to shield the entire body when one found himself/herself in a suddenly hostile cross-fire situation.

BulletproofBriefcase-BodyShield

I found online retail stores selling these briefcases at around US$800 apiece.

Subsequently, I also found the China-based OEM manufacturers for these same briefcases. The minimum order quantity (MOQ) is usually quoted at 50, ie. a minimum of 50 pieces per order.

Now for all I know, some manufacturers entertain orders for “one sample” but at a premium, which in this case was US$400 at best.

One manufacturer then offered a “much better price” if I ordered 10 samples instead, at US$250 apiece. And I also asked about the best price for the stated MOQ of 50: US$235 apiece.

Not bad but if only I can convince some buddies to pool in for at least 10 such briefcases.

So I thought the best solution both for the price and practical reasons are the bulletproof panels (picture below).

Bulletblocker-StrikeFace

Besides inserting these panels into the children’s backpacks, one can also insert them into computer bags and briefcases for working adults. The flexibility in use is a big plus. And they cost less than US$100 apiece.

Shhh… DOJ Uses 18th Century Law to Make Apple Unlock Encrypted iPhones

It’s time to raise the antenna again on smartphone encryption matters.

Law enforcement agencies, particularly the FBI, have been desperately pressurizing the Congress to force Apple and Google to do away with their new default smartphone encryption. And authorities are apparently giving in.

According to an exclusive report by Ars Technica (below) earlier this week, court documents from 2 federal criminal cases in New York and California show the US Department of Justice on October 31 this year went as far as exercising a 18th century law – the All Writs Act – to compel Apple and at least one other company to cooperate with law enforcement officials in investigations dealing with locked and encrypted smartphones.

The 225-year-old law gives the courts the right to issue whatever writs or orders in order to compel someone to do something.

To the extent that Apple has recently beefed up encryption in its latest iOS 8, the fact that the DOJ would go to such absurd lengths might set worrying precedence – recall a recent ludicrous DOJ assertion that the new encryption standards would kill a child.

A more disturbing question: What would you do if you were FBI director James Comey making his rounds to denounce smartphone encryption?

Make the DOJ use the All Writs Act to force manufacturers to install convenient backdoors. Why not?

—————————————-

Feds want Apple’s help to defeat encrypted phones, new legal case shows

Prosecutors invoke 18th-century All Writs Act to get around thorny problem.
by Cyrus Farivar – Dec 1 2014, 10:00pm CST

OAKLAND, CA—Newly discovered court documents from two federal criminal cases in New York and California that remain otherwise sealed suggest that the Department of Justice (DOJ) is pursuing an unusual legal strategy to compel cellphone makers to assist investigations.

In both cases, the seized phones—one of which is an iPhone 5S—are encrypted and cannot be cracked by federal authorities. Prosecutors have now invoked the All Writs Act, an 18th-century federal law that simply allows courts to issue a writ, or order, which compels a person or company to do something.

Some legal experts are concerned that these rarely made public examples of the lengths the government is willing to go in defeating encrypted phones raise new questions as to how far the government can compel a private company to aid a criminal investigation.

Two federal judges agree that the phone manufacturer in each case—one of which remains sealed, one of which is definitively Apple—should provide aid to the government.

Ars is publishing the documents in the California case for the first time in which a federal judge in Oakland specifically notes that “Apple is not required to attempt to decrypt, or otherwise enable law enforcement’s attempts to access any encrypted data.”

The two orders were both handed down on October 31, 2014, about six weeks after Apple announced that it would be expanding encryption under iOS 8, which aims to render such a data handover to law enforcement useless. Last month, The Wall Street Journal reported that DOJ officials told Apple that it was “marketing to criminals” and that “a child will die” because of Apple’s security design choices.

Apple did not immediately respond to Ars’ request for comment.

Meet the “All Writs Act”

Alex Abdo, an attorney with the American Civil Liberties Union, wondered if the government could invoke the All Writs Act to “compel Master Lock to come to your house and break [a physical lock] open.”

“That’s kind of like the question of could the government compel your laptop maker to unlock your disk encryption?” he said. “And I think those are very complicated questions, and if so, then that’s complicated constitutional questions whether the government can conscript them to be their agents. Then there’s one further question: can the government use the All Writs Act to compel the installation of backdoors?”

But, if Apple really can’t decrypt the phone as it claims, the point is moot.

“Then that’s pretty much the end of it,” Hanni Fakhoury, a staff attorney at the Electronic Frontier Foundation, told Ars. “The writ doesn’t require Apple to do something that is impossible for it to do.”

Andrew Crocker, a legal fellow also at the Electronic Frontier Foundation, pointed out on Twitter on Tuesday that back in 2005, a different New York magistrate refused to accept the government’s invocation of the All Writs Act to obtain real-time cell site data.

As Magistrate Judge James Orenstein wrote at the time:

Thus, as far as I can tell, the government proposes that I use the All Writs Act in an entirely unprecedented way. To appreciate just how unprecedented the argument is, it is necessary to recognize that the government need only run this Hail Mary play if its arguments under the electronic surveillance and disclosure statutes fail.

The government thus asks me to read into the All Writs Act an empowerment of the judiciary to grant the executive branch authority to use investigative techniques either explicitly denied it by the legislative branch, or at a minimum omitted from a far-reaching and detailed statutory scheme that has received the legislature’s intensive and repeated consideration. Such a broad reading of the statute invites an exercise of judicial activism that is breathtaking in its scope and fundamentally inconsistent with my understanding of the extent of my authority.

“Any capabilities [Apple] may have to unlock the iPhone”

One of the new phone search cases was filed in federal court in Oakland, just across the bay from San Francisco, while another was filed in federal court in Manhattan.

In the Oakland case, prosecutors asked a federal judge in to “assist in the execution of a federal search warrant by facilitating the un-locking of an iPhone.”

Ars went in person to the Oakland courthouse on Wednesday to obtain the documents and is publishing both the government’s application and the judge’s order for the first time here. The All Writs Act application and order are not available via PACER, the online database for federal court records.

“This Court has the authority to order Apple, Inc., to use any capabilities it may have to unlock the iPhone,” Garth Hire, an assistant US attorney, wrote to the court and cited the All Writs Act.

“The government is aware, and can represent, that in other cases, courts have ordered the unlocking of an iPhone under this authority,” he wrote. “Additionally, Apple has routinely complied with such orders.”

“This court should issue the order because doing so would enable agents to comply with this Court’s warrant commanding that the iPhone be examined for evidence identified by the warrant,” he continued. “Examination of the iPhone without Apple’s assistance, if it is possible at all, would require significant resources and may harm the iPhone. Moreover, the order is not likely to place any unreasonable burden on Apple.”

In response, Magistrate Judge Kandis Westmore ordered that Apple “provide reasonable technical assistance to enable law enforcement agents to obtain access to unencrypted data.” She did not specifically mention the All Writs Act.

But she added:


It is further ordered that, to the extent that data on the iOS device is encrypted, Apple may provide a copy of the encrypted data to law enforcement but Apple is not required to attempt to decrypt, or otherwise enable law enforcement’s attempts to access any encrypted data.

Westmore’s language is a near-duplicate of a June 6, 2014 order issued by a different judge from the Northern California district, San Jose division, which is about 40 miles south of Oakland. There, Magistrate Judge Howard Lloyd ordered Apple to assist in the search of an iPad Mini, months before the release of iOS 8.

New spying tools afoot

On Tuesday, The Wall Street Journal reported on an order issued by a federal magistrate in New York in a case involving alleged credit card fraud.

In that Manhattan case, Magistrate Judge Gabriel Gorenstein granted the government’s proposed order on the same day as Westmore (October 31, 2014), also citing the All Writs Act, which compels the unnamed phone manufacturer to provide “reasonable technical assistance” in unlocking the device.

The mystery company could challenge the judge’s order, according to Brian Owsley, a former federal magistrate judge who now is a law professor at Indiana Tech.

“Unfortunately, we will probably not know because the issue will likely be sealed even though there should be more transparency in these issues,” he told Ars by e-mail, noting that during his tenure on the bench he could not remember a time when the government invoked the All Writs Act.

“It is only through greater transparency will we start to get the answers. If the provider simply complies we will know nothing. Here, Judge Gorenstein’s approach strikes me as very even-handed, but the inherent problem is that those who are concerned about privacy issues in general simply have to hope that the provider will speak up for us.”

But Orin Kerr, a law professor at George Washington University and a former federal prosecutor, does not believe that the seized phone in the New York case was an iOS 8 device.

“The government obtained a warrant on October 10 for a phone already in its possession,” he told Ars by e-mail. “Apple’s announcement was something like September 18. If it was an iPhone, it was probably an iPhone running [on] an earlier operating system.”

Still, Alex Abdo, the ACLU attorney, after reading a copy of the Oakland documents, concluded that the “government’s application raises troubling questions about the extent to which it can force companies to break the products they sell.”

“We are heartened, however, that the court recognized that possibility and stopped short of ordering Apple to come up with a way to decrypt its customers’ data,” he added.

“More broadly, it is disconcerting that the government is relying on a catch-all law to seek surveillance powers that it should be seeking from Congress and the public,” said Abdo. “If the government wants new spying tools, it should allow our democratic process to debate them openly first.”

UPDATE 1:50pm CT: Jonathan Mayer, a lecturer at Stanford Law, said that use of the All Writs Act is not as novel as it may seem. (He recommended his recent lecture on the subject!)

“The TL;DR is that there is nothing new about using the All Writs Act to compel assistance,” Mayer told Ars by e-mail. “And there is also nothing new about using it to compel assistance with unlocking a phone. That repeated language you saw? It’s provided by Apple itself!”

“As for the opinion discounting the All Writs Act, that had to do with surveillance under the Electronic Communications Privacy Act. Where ECPA applies, the All Writs Act doesn’t. (It’s just a default, as the court rightly noted.) Phone unlocking isn’t covered by ECPA, so the All Writs Act remains in play.”

Shhh… USB Thumb Drives Everywhere

Here’s one topic I have long wanted to post and I found this one below serves a nice reminder: Just be careful with any USB thumb drives lying around. In fact, you should ignore them altogether because chances are good that they were there for a reason.

http://www.ksl.com/api/jwplayer/player.php?file=http://media.ksl.com/1417021128-685081439.mp4&image=//media.ksl.com/1417021128-685081439.jpg&width=640&height=360

Shhh… Glenn Greenwald with James Risen on "Pay Any Price: Greed, Power, and Endless War"

Photo (above) Source: https://www.youtube.com/watch?v=wZ68ZQhzwPs

I like to share with you this interview on the new book by James Risen, the two-time Pulitzer Prize-winning New York Times investigative reporter at the center of one of the most significant press freedom cases in decades who exposed the warrantless wiretapping of Americans by the National Security Agency as early as 2005, 8 years before the Snowden revelations. Risen also hit headlines after being on Obama’s blacklist after he was threatened with prison terms by the Justice Department for refusing to reveal the source of one of his stories.

https://soundcloud.com/the_intercept/james-risen-glenn-greenwald-pay-any-price-the-war-on-terror-press-freedoms

And here is the transcript from The Intercept.

Shhh… Views on the "Don't Spy On US" Campaign

I saw this Sky News clip earlier this week and thought I should share it. The 2 opposing views illustrate how these arguments could go on forever. But which side are you on?

Above from Sky News: The Campaign Director of the Don’t Spy On Us campaign, Mike Harris and the Director of the Centre for Security and Intelligence Studies at the University of Buckingham, Professor Anthony Glees discuss whether the UK needs more anti-terror laws.

Shhh… How to Contact US Senators Who Block NSA Surveillance Bill & Disregard Our Privacy

Fancy rolling up your sleeves and doing something about the (continued) intrusions of your privacy and communications? Now here’s your chance.

The US Senate was just 2 votes shy last Tuesday on the USA Freedom Act, a surveillance reform bill which would have otherwise put a (legal) stop to the National Security Agency’ clandestine domestic surveillance programs and metadata collection as revealed by the Snowden revelations.

Here is a list of the senators and their respective votes:

U.S. Senate Roll Call Votes 113th Congress - 2nd Session

And here’s a list of those 42 senators that voted NAYs – ie. they support more NSA surveillance – along with their social media handles so you can send them a personal Twitter message. Reckon they wouldn’t mind at all since they don’t value privacy, or respect your privacy to be precise. Besides it’s only their contact coordinates disclosed. Tell them how you feel about losing more than your contact coordinates, ie. your metadata and privacy. And share it with your friends, they may have something to tell those senators. So why are you waiting?

USsenate-Vote2
USsenate-Vote3
USsenate-Vote4

And here’s one to highlight:

Shhh… Assange to Appeal Swedish Court Decision After Ecuador Guarantees Indefinite Asylum

WikiLeaks founder Julian Assange said he will appeal, according to The Sydney Morning Herald, after a Swedish appeals court upheld last Thursday an arrest warrant issued 4 years ago – for accusations of sexual assault and rape allegations that Assange said are false and politically motivated.

Meanwhile, Ecuador has voiced its continued support and guaranteed him political asylum for “as long as necessary”. So it looks like poor Assange will continue to live in the Ecuadorian Embassy in London where he has stayed for more than 2 years to avoid extradition to Sweden, which he feared would then hand him over to the United States where a death penalty possibly awaits if he is convicted of uploading troves of US government secrets through WikiLeaks.

Shhh… Lawsuit After Proof of British Police Spying on Reporters for Years

A media friend once revealed how a stranger called him to offer some leaks, tried to force him to disclose his sources (which he declined) when they met and eventually coerced him to cooperate or “bear the consequences”.

He sought my advice after running away from the stranger – that he assumed to be a Chinese spy – as he reckoned all his communication channels have been snooped. It was a fear he lives to this day.

I suppose he is not as “lucky” as these British journalists (see story below), who filed a lawsuit against the London’s Metropolitan Police and Britain’s Home Office after they discovered evidence of how the British police have spent years stalking and detailing their movements.

UK Police Spied on Reporters for Years, Docs Show

LONDON — Nov 21, 2014, 12:28 PM ET
By RAPHAEL SATTER Associated Press

Freelance video journalist Jason Parkinson returned home from vacation this year to find a brown paper envelope in his mailbox. He opened it to find nine years of his life laid out in shocking detail.

Twelve pages of police intelligence logs noted which protests he
covered, who he spoke to and what he wore all the way down to the color of his boots. It was, he said, proof of something he’d long suspected: The police were watching him.

“Finally,” he thought as he leafed through documents over a strong black coffee, “we’ve got them.”

Parkinson’s documents, obtained through a public records request, are the basis of a lawsuit being filed by the National Union of Journalists against London’s Metropolitan Police and Britain’s Home Office. The lawsuit, announced late Thursday, along with recent revelations about the seizure of reporters’ phone records, is pulling back the curtain on how British police have spent years tracking the movements of the country’s news media.

“This is another extremely worrying example of the police monitoring journalists who are undertaking their proper duties,” said Paul Lashmar, who heads the journalism department at Britain’s Brunel University.

The Metropolitan Police and the Home Office both declined to comment.

Parkinson, three photographers, an investigative journalist and a newspaper reporter are filing the lawsuit after obtaining their surveillance records. Parkinson, a 44-year-old freelancer who has covered hundreds of protests some of them for The Associated Press said he and his colleagues had long suspected that the police were monitoring them.

“Police officers we’d never even met before knew our names and seemed to know a hell of a lot about us,” he said.

Several journalists told AP the records police kept on them were sometimes startling, sometimes funny and occasionally wrong.

One intelligence report showed that police spotted Parkinson cycling near his then-home in northwest London and carried detailed information about him and his partner at the time.

Jules Mattsson, a 21-year-old journalist with the Times of London, says another record carried a mention of a family member’s medical history, something he says made him so upset he called the police to demand an explanation.

“No one could possibly defend this,” he said.

Jess Hurd, a 41-year-old freelance photographer and Parkinson’s partner, said she was worried the intelligence logs were being shared internationally.

“I go to a lot of countries on assignment,” she said. “Where are these database logs being shared? Who with, for what purpose?”

The revelations add to public disclosures about British police secretly seizing journalists’ telephone records in leak investigations. Several senior officers have recently acknowledged using anti-terrorism powers to uncover journalists’ sources by combing through the records.

Some police argue they’re hunting for corrupt officers, a particularly salient issue in the wake of Britain’s phone hacking scandal, which exposed how British tabloid journalists routinely paid officers in exchange for scoops.

It isn’t yet clear how often the practice takes place, but the admission drew concern in Parliament and outrage from media groups.
Lashmar, a member of the National Union of Journalists who is not involved in the lawsuit, said the specter of terrorism was pushing police to be bolder and bolder about how closely they watch the nation’s press.

“Police seem to have got the message that journalists are now fair game and you can surveil and watch them,” he said.

Shhh… The Puppet Master Putin & Russia’s Escalating Spy Operations

The decision by Russian President Vladimir Putin to leave the G20 summit in Brisbane, Australia prematurely earlier this week, following a cold reception by other world leaders for his incursion into Ukraine, hit the global headlines but Putin, who bailed himself out on sleep deprivation grounds, might actually be laughing on his flight back to Moscow: his recognition of the rapidly deteriorating relations with the West and fear of being surrounded by enemies have probably justified his decision to beef up Russia’s espionage operations.

But it was probably for the same reason – the increased efforts in intelligence gathering – and its consequences that also prompted Putin to rush back to the Krelim.

According to the Russian Foreign Ministry earlier this week, Poland “made such an unfriendly and incomprehensible step” to expel some of its diplomats and subsequently:

Russia undertook adequate response measures. Several Polish diplomats have left the territory of our country for the activities not compatible with their status.

The Russian media reported last weekend that Moscow has deported former Latvian parliamentarian Aleksejs Holostovs after its intelligence agency, the Federal Security Service (FSB), alleged Holostovs of spying for both Latvia and America’s Central Intelligence Agency (CIA).

Germany’s Der Spiegel magazine also reported last weekend that a female diplomat at the German embassy in Moscow was expelled after a Russian diplomat working in Bonn was forced to leave amid media reports the latter was a spy.

There could be more to come following these sudden frenzies on the deportations of suspected Russian spies, and Russia’s (usual) tit-for-tat response, much reminiscent of the Cold War era.

And speaking of the Cold War, here’s a nice wrap up (below) from The Moscow Times about 6 spies who have defined that era.

One lasting impression I had on Robert Hanssen (below) – a former US Federal Bureau of Investigation agent who spied for Soviet and Russian intelligence services against the United States for 22 years from 1979 to 2001 – was the book Spy: The Inside Story of How FBI’s Robert Hanssen Betrayed America which described Hanssen’s initial reaction when he was eventually caught:

“What took you so long?!”

Six Spies Who Defined the Cold War Era
The Moscow Times Nov. 17 2014 21:54

AldrichAmes

1. Aldrich Ames

Plagued by drinking problems and a propensity toward extramarital affairs, Ames was lured into spying for the Soviet Union by the promise of money. Over the course of nine years, he received $4.6 million for revealing at least eight CIA sources. He was arrested in 1994 and sentenced to life imprisonment.

RobertHanssen

2. Robert Hanssen

Also motivated by the siren’s song of money, Hanssen worked for both the Soviet Union and Russia. He was suspected of acting as a double agent on a number of occasions, but was only arrested in 2001 while dropping off a garbage bag full of information in a park near Washington D.C. The failure to identify him for several decades was described by the U.S. Justice Department as “possibly the worst intelligence disaster in U.S. history.” Hanssen was sentenced to life imprisonment.

DmitriPolyakov

3. Dmitri Polyakov

Both Hanssen and Ames reportedly exposed Polyakov’s work as a CIA agent. A Soviet major general and a high-ranking GRU military intelligence officer, Polyakov served as a CIA informant for 25 years, ultimately becoming one of the best sources for the agency, providing information on the growing rift between the Soviet Union and China. He was arrested by the KGB in 1986, sentenced to death and executed in 1988. According to CIA officers who worked with him, he provided the information out of principle, not for money.

KimPhilby

4. Kim Philby

Philby was the most successful member of the Cambridge Five, a group of British spies who — driven by their socialist beliefs — defected to the Soviet Union. Philby was MI-6’s director for counter-espionage operations. In particular, he was responsible for fighting Soviet subversion activities in Western Europe. After arousing suspicion that he might be a defector, Philby was dismissed from his post and from MI-6 overall in 1956. He fled to the Soviet Union in 1963, where he lived until his death from heart failure in Moscow in 1988.

OlegGordievsky

5. Oleg Gordievsky

After growing disenchanted with the KGB and the Soviet Union, Gordievsky, a KGB colonel, became a longtime high-ranking spy for MI-6. In 1982, he was promoted to manage Soviet espionage in Britain as a resident in the London Embassy. He was called back to Moscow on suspicion of working for a foreign power, but the British managed to smuggle him out of the country. He has lived in England ever since.

ArkadyShevchenko

6. Arkady Shevchenko

Shevchenko was one of the highest-ranking Soviet officials to defect to the West. Working as undersecretary general of the United Nations, he became a CIA informant in 1975. Shevchenko was often referred to as a triple agent: While working as a Soviet diplomat at the UN, he was allegedly passing secrets to the U.S. In 1978 he fled to the U.S., dying of cirrhosis of the liver there in 1998.

Shhh… US Senate Vote Falls Short of Curbing NSA Surveillance

It’s a fitting scene from the classic movie Gone with the Wind with the famous closing quote “Frankly, my dear, I don’t give a damn”.

The US Senate vote on the USA Freedom Act Tuesday night to rein in the NSA spying power came shy of just 2 votes of the 60 needed to take up the legislation, which would have otherwise stopped the controversial phone record metadata collection by the NSA

Any hope will now hinge on June next year as the legal grounds for the NSA phone snooping, as revealed by the Snowden revelations, under the Patriot Act will then expire – which means the NSA would require then new legislation to justify their access to these mass data.

Shhh… We Can Now Hear & See Wi-fi?

A new software called Phantom Terrains, developed by London-based science writer Frank Swain, can now help the deaf listen to the sounds of wi-fi signals.

The software would utilize the wi-fi sensors of an iPhone to pick up, analyze and transform the invisible data around us – in the form of wi-fi networks and radio waves – into audible sound which are then sent wirelessly to a customized Bluetooth-enabled hearing aid – see video below.

But it turned out that we can also see wi-fi signals – see pictures above and below.

Wifi-Signals

Wifi-Signals2

In a project called “A creative exploration of wireless spectres”, artist Luis Hernan used a “Kirilian device” to capture the images of invisible wireless networks that levitate around us at all times every day – the resulting eerie and ghost-like images are no surprise because Kirilian photography is often associated with paranormal activity.

Shhh… WikiLeaks' Cousin AfriLeaks – A New Anonymous Whistleblowing & Open Data Platform for Africa

AfriLeaks, a brand new anonymous whistleblowing platform, will be launched end November but unlike the renowned and established WikiLeaks, this African cousin will not be releasing secret information directly to the public.

“[AfriLeaks will] provide a secure tool for connectivity between the whistleblowers and the media who then investigate the substance and character of the leak,” according to Khadija Sharife of the African Network of Centers for Investigative Reporting (ANCIR) – the organization that will host the platform – in a Deutsche Welle report earlier this week

According to Deustche Welle, unlike WikiLeaks’ aim to publish and disclose information, “AfriLeaks will be there to provide leads for stories to media and research organizations. The new platform will allow whistleblowers to choose the media or research organization to which they want to send the information”.

Assange-Bio

WikiLeaks founder Julian Assange may be smiling. According to a biography (above), Assange described “going to Africa and testing my ground” in the early days of WikiLeaks where one of the very first story his whistleblowing platform broke was on Kenya – which was then fed to The Guardian who ran “The Looting of Kenya” as a front-page story. The article was subsequently picked up by the Kenyan media.

“From our point of view, the leak supported the idea that oppressed media organizations could suddenly be freed when a story that mattered to them – and which they couldn’t reveal on their own – was given legitimacy and the oxygen of international exposure first,” according to the book.

“We kept at it, kept publishing stuff that the African papers were too frightened to publish…”

Shhh… A Personal Gadget to Block Wireless Surveillance Devices Like Drones & Google Glass

Are you concerned that someone might be spying on you using drones, Google Glass or hidden cameras and microphones – and streaming the recording online? Fancy owning a gadget that can detect and disconnect these intrusive surveillance devices?

A new German product called Cyborg Unplug, now available for online order (at 52 Euros), is designed to block wireless surveillance where you are most vulnerable – in public spaces where the devices can be easily prying, and streaming online, without your knowledge.

It sniffs the air for wireless signatures from devices you don’t want around, sending an alert to your phone when detected. Should the target device connect to a network you’ve chosen to defend, Cyborg Unplug will immediately disconnect them, stopping them from streaming video, audio and data to the Internet.”

But do note that whilst this Cyborg Unplug can disconnect the spying devices, it cannot prevent them from saving the video and audio recording locally. It’s only half the problem solved…

And equipments like the Cyborg Unplug are considered illegal in some countries, including the US.

Shhh… "Quiet Zone" for the perfect holiday?

Are you in trouble – still without any Christmas holiday plan? If that’s the case, maybe it’s a blessing in disguise.

Have you ever (even secretly) fancy a holiday with absolute peace, ie. where no one can reach or find you AT ALL? Or is that even remotely possible? Seriously, in this post-Snowden era?

Now, there’s actually a place where you’ll find no modern conveniences at all – no cell phones, no wi-fi and not even digital cameras? And it’s in the US: Pocahontas County in West Virginia.

Now where are my tents and books…??

Shhh… Hotel Cyber Blues

Business travels carry a huge price tag in security risks. Hence a common (but unspoken) practice amongst sleuths is particularly noteworthy: Avoid the biggest hotels in the biggest cities.

This is relevant because a Kaspersky Lab report (below) released earlier this week found a sophisticated industrial espionage campaign aimed at business executives using in-house wireless connections in luxury hotels across Asia, with thousands of victims since 2009 who otherwise believed they were using private and secure networks.

However, the risk with using hotel internet (both LAN and wireless) connections is nothing new.

The FBI has warned 2 years ago about malware being spread across hotel wi-fi systems.

And in the scandal involving former CIA director David Petraeus and his mistress Paula Broadwell (picture below) back in 2012, the way the FBI managed to trace emails sent by Broadwell from her hotel rooms also underscored the problems associated with using supposedly secure hotel internet connections – despite her attempt to shield her identity by using anonymous email accounts, the FBI were able to find out where the emails were sent from (ie. which cities, which wi-fi locations and which hotels) which eventually led to her name.

DavidPetraeus&PaulaBroadwell-2

Previously on Shhh-cretly, several columns also highlighted the perilous voyage business travelers faced, especially in Asia and the risks go well beyond hotel internet connections. Some fellow sleuths are well aware of how some government would send their agents to break into hotel rooms when the house guests were out for the day. For example, a Shhh-cretly post 2 years ago revealed how the FBI had video footage, covertly taken in a hotel room somewhere in China, showing how Chinese agents broke in and swept through the belongings and laptop of an American businessman.

It also helps to know that the locks found on between 4 and 5 million hotel room doors worldwide can easily be opened by a simple hacking device.

And one is still not necessarily safe inside a hotel room, even if the door is locked and blocked. Spy gadgets may have been planted inside the room to snoop on the unwary house guests. And some rooms even have “spying walls“.

With these knowledge, some sleuths have gone to great lengths to protect themselves – such as planting a covert camera in the room, weighing a data-less laptop, with and without the battery, and the power plug before and after leaving the hotel room as well as hiding a SD card (which store all your data transferred from your laptop prior to a business trip, thus the data-less laptop) under the tongue, etc.

According to the Kaspersky report, “a key mystery remains how attackers appear to know the precise travel itinerary of each victim”.

Well, recall the Snowden revelations have also revealed that the British intelligence agency GCHQ had a secretive “Royal Concierge” program that broke into the global hotel booking system of some 350 luxury hotels for about 3 years, specifically to trace and wiretap the suites of traveling diplomats.

Now, has the world reached a state of paranoia?

Execs in Asian luxury hotels fall prey to cyber-espionage -study

By Eric Auchard
FRANKFURT Mon Nov 10, 2014 5:04am EST

Nov 10 (Reuters) – Security researchers have uncovered a sophisticated industrial espionage campaign that targets business executives in luxury hotels across Asia once they sign on to computers using in-room wireless connections they consider private and secure.

The attacks, which go well beyond typical cybercriminal operations, have claimed thousands of victims dating back to 2009 and continue to do so, Kaspersky Lab, the world’s largest private security firm, shows in a report published on Monday.

Executives from the auto, outsourced manufacturing, cosmetic and chemical industries have been hit, the security firm said. Others targeted include military services and contractors.

In 2012, the FBI issued a general warning to U.S. government officials, businessmen and academics, advising them to use caution when updating computer software via hotel Internet connections when travelling abroad (1.usa.gov/1xAP4YI).

Kaspersky’s report goes further in detailing the scale, methods and precise targeting of these attacks on top business travelers. (bit.ly/1xcU0Gs)

The movements of executives appear to be tracked as they travel, allowing attackers to pounce once a victim logs on to a hotel Wi-Fi network. Hackers cover their tracks by deleting these tools off hotel networks afterward.

“These attackers are going after a very specific set of individuals who should be very aware of the value of their information and be taking strong measures to protect it,” said Kurt Baumgartner, principal security researcher for Kaspersky, the world’s largest privately held cybersecurity firm.

Unsuspecting executives who submit their room number and surname while logging on to their hotel room’s wireless network are tricked into downloading an update to legitimate software such as Adobe Flash, Google Toolbar or Microsoft Messenger, Kaspersky said. Because attacks happen at sign-on, encrypted communications set up later offer no defence against attack.

The same elite spying crew has used advanced keystroke-logging software and encryption-breaking at multiple hotel chains across Asia, it said.

Kaspersky declined to name the executives involved or the luxury destinations targeted but said it had informed the hotels as well as law enforcement officials in affected locations.

Ninety percent of the victims came from five countries — Japan, Taiwan, China, Russia and South Korea. Business travelers to Asia from Germany, Hong Kong, Ireland and the United States have also been duped, Baumgartner said.

The Kaspersky report said a key mystery remains how attackers appear to know the precise travel itinerary of each victim, which points to a larger compromise of hotel business networks that researchers say they are continuing to probe. (Reporting By Eric Auchard; Editing by Clara Ferreira Marques)

Shhh… List of Celebrities & Intellectuals in Support of Snowden

More than 50 well known musicians, actors and Nobel laureates (full list below) have shown their support for Edward Snowden and other whistleblowers like WikiLeaks and they are encouraging the public, through their social media outlets, to donate to the Courage Foundation which oversees the official legal defense fund for Edward Snowden and other whistleblowers, as well as fights for whistleblower protections worldwide.

SnowdenMovie

Meanwhile, The Guardian reported that actor Joseph Gordon-Levitt (best remembered for his roles in “Lincoln,” “The Dark Knight Rises” and “Inception” – photo above) has been confirmed to play Snowden in a movie to be directed by Oliver Stone, who has won best director Oscars for “Platoon” and “Born on the Fourth of July”. Stone is also noted for his political films like “JFK”, “Nixon” and “Looking for Fidel”.

According to a press release Monday, the list of signatories in support of Snowden includes:

Udi Aloni
Pamela Anderson
Anthony Arnove
Etienne Balibar
Alexander Bard
John Perry Barlow
Radovan Baros
David Berman
Russell Brand
Victoria Brittain
Susan Buck-Morss
Eduardo L. Cadava
Calle 13
Alex Callinicos
Robbie Charter
Noam Chomsky
Scott Cleverdon
Ben Cohen
Sadie Coles
Alfonso Cuaròn
John Deathridge
Costas Douzinas
Roddy Doyle
Bella Freud
Leopold Froehlich
Terry Gilliam
Charlie Glass
Boris Groys
Michael Hardt
P J Harvey
Wang Hui
Fredric Jameson
Brewster Kahle
Hanif Kureishi
Engin Kurtay
Alex Taek-Gwang Lee
Nadir Lahiji
Kathy Lette
Ken Loach
Maria Dolores Galán López
Sarah Lucas
Mairead Maguire
Tobias Menzies
M.I.A.
W. J. T. Mitchell
Moby
Thurston Moore
Tom Morello
Viggo Mortensen
Jean-Luc Nancy
Bob Nastanovich
Antonio Negri
Brett Netson
Rebecca O’Brien
Joshua Oppenheimer
John Pilger
Alexander Roesler
Avital Ronell
Pier Aldo Rovatti
Susan Sarandon
Peter Sarsgaard
Assumpta Serna
Vaughan Smith
Ahdaf Soueif
Oliver Stone
Cenk Uygur
Yanis Varoufakis
Peter Weibel
Vivienne Westwood
Tracy Worcester
Slavoj Zizek

Shhh… US Federal Judge Calls for Scrutiny of FBI's Facial Recognition System

A federal judge, US District Judge Tanya Chutkan, ruled last week that the FBI’s futuristic facial-recognition database requires scrutiny from open-government advocates because of the size and scope of the surveillance technology as well as privacy concerns – see story below.

Quick background: The FBI announced in late September its US$1 billion facial recognition program – the Next Generation Identification (NGI) System – was finally up and running. In development since at least 2008, “the NGI System was developed to expand the Bureau’s biometric identification capabilities, ultimately replacing the FBI’s Integrated Automated Fingerprint Identification System (IAFIS) in addition to adding new services and capabilities”.

Privacy groups are concerned that the NGI System becomes invasive by collecting images of people suspected of no wrongdoing.

Federal Judge Says Public Has a Right to Know About FBI’s Facial Recognition Database

By Dustin Volz National Journal November 7, 2014

A federal judge has ruled that the FBI’s futuristic facial-recognition database is deserving of scrutiny from open-government advocates because of the size and scope of the surveillance technology.

U.S. District Judge Tanya Chutkan said the bureau’s Next Generation Identification program represents a “significant public interest” due to concerns regarding its potential impact on privacy rights and should be subject to rigorous transparency oversight.

“There can be little dispute that the general public has a genuine, tangible interest in a system designed to store and manipulate significant quantities of its own biometric data, particularly given the great numbers of people from whom such data will be gathered,” Chutkan wrote in an opinion released late Wednesday.

Her ruling validated a Freedom of Information Act lawsuit filed by the Electronic Privacy Information Center that last year made a 2010 government report on the database public and awarded the group nearly $20,000 in attorneys’ fees. That government report revealed the FBI’s facial-recognition technology could fail up to 20 percent of the time. Privacy groups believe that failure rate may be even higher, as a search can be considered successful if the correct suspect is listed within the top 50 candidates.

“The opinion strongly supports the work of open-government organizations and validates their focus on trying to inform the public about government surveillance programs,” said Jeramie Scott, national security counsel with EPIC.

Privacy groups, including EPIC, have long assailed Next Generation Identification, which they argue could be used as an invasive means of tracking that collects images of people suspected of no wrongdoing. The program—a biometric database that includes iris scans and palm prints along with facial recognition—became “fully operational” this summer, despite not undergoing an internal review, known as a Privacy Impact Assessment, since 2008. Government officials have repeatedly pledged they would complete a new privacy audit.

FBI Director James Comey has told Congress that the database would not collect or store photos of ordinary citizens, and instead is designed to “find bad guys by matching pictures to mug shots.” But privacy groups contend that the images could be shared among the FBI and other agencies, including the National Security Agency, and even with state motor-vehicle departments.

In his testimony, given in June, Comey did not completely refute that database information could potentially be shared with states, however.

Government use of facial-recognition technology has undergone increasing scrutiny in recent years, as systems once thought to exist only in science fiction movies have become reality. TheNew York Times reported on leaks from Edward Snowden revealing that the NSA intercepts “millions of images per day” across the Internet as part of an intelligence-gathering program that includes a daily cache of some 55,000 “facial-recognition quality images.”

The Justice Department did not immediately return a request for comment regarding whether it will appeal Chutkan’s decision.

Shhh… Counting the Costs of FBI's Operation Onymous

Op-Onymous

The FBI announced last week that law enforcement agencies including the bureau, the Department of Homeland Security and Europol have arrested 26-year old San Francisco resident Blake Benthall (below) who was allegedly the operator and administrator – under the handle “Defcon” – of the online drugs marketplace Silk Road 2.0, just a year after the original Silk Road’s alleged mastermind, Russ Ulbricht, was also arrested in San Francisco.

BlakeBenthall

According to related court documents, Benthall was charged last Friday with narcotics trafficking, as well as conspiracy charges related to money laundering, computer hacking, and trafficking in fraudulent identification documents – which Benthall reportedly “admitted to everything”.

“The website [Silk Road 2.0] has operated on the “Tor” network, a special network of computers on the Internet, distributed around the world, designed to conceal the true IP addresses of the computers on the network and thereby the identities of the network’s users,” according to the FBI.

The globally coordinated effort involving 17 nations dubbed Operation Onymous – obviously as opposed to the “anonymous” Tor network – has reportedly led to 17 arrests and a seizure of more than 400 “hidden services” and darknet domains, $1 million in bitcoins, $250,000 in cash plus a variety of drugs, gold and silver.

It later emerged there were actually just over 27 sites seized – including Silk Road 2.0 – instead of more than 400 as initially reported: the FBI spokesperson David Berman later clarified the 400 URLs amounted only to a dozen or so sites.

However, several pertinent questions surfaced:

– Is Tor still safe given the FBI has obviously broken (how?) into it?

– Is the world really a safer place after the FBI shut down a major “darknet” marketplace? What makes the authorities rule out the emergence of a more secure, bigger and effective Silk Road 3.0? (The FBI said in its press release that “Those looking to follow in the footsteps of alleged cyber-criminals should understand that we will return as many times as necessary to shut down noxious online criminal bazaars. We don’t get tired.”)

– How much of taxpayers’ monies were spent to make these 17 arrests in 17 nations with this global operation?

Shhh… Former NSA Attorney: Encryption Behind Blackberry's Demise & Warning to Apple and Google

The authorities hate smartphone encryption and it shows. And they’re in concerted efforts to wage a war against it.

In echoing the recent messages from FBI director James Comey and GCHQ chief Robert Hannigan, former NSA general counsel Stewart Baker told the Web Summit audience in Dublin earlier this week that the moves by Google and Apple and others to encrypt user data was more hostile to western intelligence gathering than to surveillance by China or Russia.

In a conversation with Guardian special projects editor James Ball, Baker used Blackberry as an example:

Encrypting user data had been a bad business model for Blackberry, which has had to dramatically downsize its business and refocus on business customers. “Blackberry pioneered the same business model that Google and Apple are doing now – that has not ended well for Blackberry,” said Baker.

He claimed that by encrypting user data Blackberry had limited its business in countries that demand oversight of communication data, such as India and the UAE and got a bad reception in China and Russia. “They restricted their own ability to sell. We have a tendency to think that once the cyberwar is won in the US that that is the end of it – but that is the easiest war to swim.”

Baker said the market for absolute encryption was very small, and that few companies wanted all their employees’ data to be completely protected. “There’s a very comfortable techno-libertarian culture where you think you’re doing the right thing,” said Baker.

“But I’ve worked with these companies and as soon as they get a law enforcement request no matter how liberal or enlightened they think they are, sooner to later they find some crime that is so loathsome they will do anything to find that person and identify them so they can be punished.

This latest anti-encryption blabbing drew quick defense from Blackberry COO Marty Beard, who found Baker’s remarks “don’t make any sense”.

“Security is a topic that’s increasing in importance,” Beard told the audience at FedScoop’s FedTalks event Thursday. “It’s the reason that all G7 countries and the G20 work with BlackBerry.

“We just see it growing in importance. The increasing cybersecurity threats are exploding, security across all [technology] layers is critical.”

Shhh… CCTVs Live Broadcast

Do not be surprised to find yourself and your treasured private space broadcast round the clock and around the world if whoever installed the security surveillance systems at your home, office or the public areas simply left the default login and password unchanged.

The still images captured (with high-speed broadband) below are just some samples for illustration – the compromised CCTV cameras were conveniently categorized by countries and cities plus the details and exact coordinates like:

– Latitude
– Longitude
– ZIP code
– Time zone
– Channels
– Manufacturer (of the camera)
– Default login
– Default password

According to the web site:

Here you can see thousands of such cameras located in a cafes, shops, malls, industrial objects and bedrooms of all countries of the world. To browse cameras just select the country or camera type.

This site has been designed in order to show the importance of the security settings. To remove your public camera from this site and make it private the only thing you need to do is to change your camera password.

2CCTVhack8-Rome
Photo: Someone bought the latest iPhone in Rome, Italy?

2CCTVhack14-CorunaSPAIN
Photo: Early diners at a restaurant in Coruna, Spain.

2CCTVhack18-KrasnodarRUSSIA
Photo: Someone bothering a receptionist in Krasnodar, Russia?

2CCTVhack22-HanoiVN
Photo: She’s probably lost in Hanoi, Vietnam.

2CCTVhack13-BerlinGermany
Photo: He switched off the lights in a staff quarters at the end of the day in Berlin, Germany.

2CCTVhack11-BakerSt-London
Photo: A quiet part of Baker Street in London, England.

2CCTVhack17-SanFelipeCHILE
Photo: A busy gardener in San Felipe, Chile.

2CCTVhack9-AustinUSA
Photo: No one’s home in Austin, USA.

2CCTVhack16-LoPradoCHILE
Photo: Home in Lo Prado, Chile.

2CCTVhack20-KawasakiJPN
Photo: Home in Kawasaki, Japan.

Shhh… When the Postman Became A Spy

Question: If the NSA managed to threaten and make Internet and technology giants like Yahoo, Google, Apple, Facebook, etc to hand over our metadata, who else could they target?

The US Postal Service?

And why not – since the information like names, addresses and postmark dates of both the senders and recipients conveniently splashed on the package covers could provide valuable investigative leads to law enforcement agencies?

As it turned out, the USPS Office of Inspector General (OIG) — the internal watchdog of the postal service – found that “USPS captured information from the outside of about 49,000 pieces of consumer mail in 2013 and turned much of it over to law enforcement organizations throughout the country, unbeknownst to the intended senders and recipients” – see full story below.

And why then should one trust the postal services outside the US – given the Snowden revelations also revealed how intelligence agencies across the globe have duly followed the NSA leads?

The US Postal Service has been quietly surveilling more mail than anyone thought

Program captured information from the outside of 49,000 pieces of mail in 2013 alone, sharing it with law enforcement agents

By Carl Franzen on October 28, 2014 02:15 pm

Snail mail is growing steadily less popular thanks to the internet, but people in the US still send lots of it every year — over 158 billion pieces of mail were handled by the US Postal Service in 2013 alone. As it turns out, the USPS has also been quietly spying on way more of the mail passing through its doors than previously acknowledged. A report from the agency’s internal watchdog — the USPS Office of Inspector General (OIG) — found that USPS captured information from the outside of about 49,000 pieces of consumer mail in 2013 and turned much of it over to law enforcement organizations throughout the country, unbeknownst to the intended senders and recipients. This information reportedly did not include the contents of letters and packages, but rather was limited to the information appearing only on the exterior, such as names, addresses, and postmark dates.

The report on the USPS information capturing program, called “mail covers,” was initially published to little fanfare over the summer and subsequently reported on by Politico, but is getting more attention now with an article appearing today in The New York Times that includes additional details.

First some background: the mail covers program is hardly new, it’s been in existence for over a hundred years, as The Times notes. It’s also not as invasive as a full search warrant for the contents of mail, which the USPS also grants (although only for federal search warrants; state search warrants aren’t accepted by the agency). In a guide for law enforcement agencies, the USPS explains exactly how the program works: a police officer/law enforcement agent needs to be already conducting an investigation into a suspected felony and have the names and addresses for their intended surveillance targets. The officer must send this information to the USPS through the mail or provide it verbally (in person or over the phone), along with a reason why the mail cover is needed. Then the USPS will begin capturing the information from the exterior of all the targets’ incoming and outgoing mail for up to 30 days (although extensions are available). The USPS says that “information from a mail cover often provides valuable investigative leads,” but adds that it “is confidential and should be restricted to those persons who are participating in the investigation.”

However, as the OIG report found, there are numerous problems with the way the USPS has been running the mail covers program. For starters, the USPS has a mail cover app that apparently doesn’t work very well and is blamed for the agency continuing to capture information from the mail of 928 targets even after the surveillance period was supposed to have ended. The USPS also appears to have started mail cover surveillance on targets without sufficient justification from law enforcement as to why it was needed, and some USPS employees didn’t even keep the written justification on file like they were supposed to. And in a further failure of duty, several mail covers weren’t started on time. Perhaps most troubling of all, the USPS doesn’t appear to have been accurately reporting the total number of mail covers in its official records provided to the Times under Freedom of Information Act requests, which show only 100,000 total requests for mail surveillance between 2001 and 2012 (an average of 8,000 a year, way fewer than the 49,000 mail covers acknowledged in the OIG report). The USPS said it agreed with the findings of the OIG report and would work to implement changes, but for an agency already struggling with how to move into the future, the findings are hardly good news.

Shhh… FBI's Mock-Up As Newspaper to Hack Suspect's Computer

Previously on Shhh-cretly, we reported how the FBI could legally impersonate someone’s identity to create a phony Facebook account in that person’s name without that person’s knowledge in order to reach out to suspected criminals – and separately the NSA also disguised itself as Facebook servers in order to gain access to the computers of intelligence targets.

Well the buck doesn’t stop there. It turned out that the FBI, in the spirits of catching suspects, was also involved in planting fake news stories: The editor of The Seattle Times found out only last week that the FBI made a mock-up of the publication’s website in 2007 in order to spread spyware onto the computer of a suspect.

The FBI is reportedly defending its right to rely on such tactics to prevent “possible act of violence” – and let’s not forget FBI director James Comey is not impressed with Apple and Google phones being “too secure” and he’s been busy making his rounds pressurizing the Congress to force Apple and Google to do away with their new default smartphone encryption so that the bureau can access those devices, in the namesake of law enforcement of course.

Or do you think the bureau has gone well overboard and beyond its restraints?

Shhh… The BBC "Forgotten" List (& Forgotten Company Directors?)

The BBC plans to publish a regularly updated list of articles removed from the search engine Google following the controversial “right to be forgotten rule”.

Google has so far received some 153,000 requests which have involved about half a million different link and 40 percent of these links have been removed. However, according to associate professor David Glance, director of the Center for Software Practice at the University of Western Australia:

… there is a great deal of concern about the sorts of things that are being removed. So, for example, information about former company directors have been removed. So various people are now asking for that type of information to be restored because it’s part of the public record and important information when you are considering the effectiveness or the background of a company or the directors.”

Shhh… Snowden Awarded Russian Private Literary Prize

Former NSA contractor-turned-fugitive Edward Snowden has bagged another award earlier this week on Monday: a private literary prize from the Zinovyev Institute, a private foundation for the study of creative writings of Russian writer and philosopher Alexander Zinovyev.

Snowden was not in attendance to receive the award given his need to keep a low profile since his asylum in Russia in August last year though he has been appearing actively at various events globally via live broadcast.

Snowden, a 2014 Nobel Peace Prize nominee, also received the Right Livelihood Award 2014 in late September.

Shhh… More NSA Shakeup Following Another Conflict of Interest?

More personnel problems at the National Security Agency…

Another conflict of interest matter has led the agency’s top spy Teresa Shea to leave her position as director of signals intelligence (SIGINT), which the NSA said last week was a “routine” transition “planned well before recent news articles”.

Shea as the SIGINT head was behind some of the most controversial mass surveillance programs disclosed by former NSA contractor Edward Snowden.

The shakeup followed a recent BuzzFeed report (below) on the financial interests of Shea and her husband James Shea. The latter was a contractor with a SIGINT “contracting and consulting” company – Telic Networks – registered to the couple’s home. He is also the vice president of another SIGINT contractor – DRS Signals Solutions – that “appears to do business with the NSA”. The sleuth Shea herself had also incorporated an “office and electronics” business at her home.

These headlines came hot on the heels of recent reports on former NSA director Keith Alexander, who had business dealings with potential conflicts of interest during and after his NSA reign in March. Furthermore, a recent Reuters report found Alexander also hired another top NSA official, chief technology officer Patrick Dowd, to work at his new cyber-security company when Dowd was still on NSA payroll.

Find out more from the following Buzzfeed report:

Exclusive: Shakeup At NSA After BuzzFeed News Reports On Potential Conflict Of Interest

Top National Security Agency official Teresa Shea is leaving her position after BuzzFeed News reported on her and her husband’s financial interests. The move comes as the NSA faces more questions about the business dealings of its former director Keith Alexander, and potential ethics conflicts. This post has been updated to include a response from the NSA.

posted on Oct. 24, 2014, at 12:28 p.m.

Aram Roston
BuzzFeed Staff

WASHINGTON — One of the nation’s top spies is leaving her position at the National Security Agency (NSA), a spokesman confirmed Friday, amid growing disclosures of possible conflicts of interest at the secretive agency.
The shakeup comes just a month after BuzzFeed News began reporting on the financial interests of the official, Teresa Shea, and her husband.

Shea was the director of signals intelligence, or SIGINT, which involves intercepting and decoding electronic communications via phones, email, chat, Skype, and radio. It’s widely considered the most important mission of the NSA, and includes some of the most controversial programs disclosed by former contractor Edward Snowden, including the mass domestic surveillance program.

The NSA provided a statement Friday that said Teresa Shea’s “transition” from the SIGINT director job was routine and “planned well before recent news articles.” The agency indicated she would remain employed, but did not provide specifics.

The Sheas did not respond to a message left at their home telephone number.

In September, BuzzFeed News reported that a SIGINT “contracting and consulting” company was registered at Shea’s house, even while she was the SIGINT director at NSA. The resident agent of the company, Telic Networks, was listed as James Shea, her husband.

Mr. Shea is also the vice president of a major SIGINT contractor that appears to do business with the NSA. The company, DRS Signals Solutions, is a subsidiary of DRS Technologies, which itself is a subsidiary of Italian-owned Finmeccanica SPA.

Last week BuzzFeed News also reported Shea herself had incorporated an “office and electronics” business at her house, and that the company owned a six-seat airplane and a condominium in the resort town of Hilton Head, South Carolina.

Over the past month, Teresa and James Shea haven’t returned phone calls, and the NSA has declined to comment about any specifics, beyond explaining how the agency tries to address conflict of interest issues in general, and to say that “the agency takes Federal ethics laws quite seriously.”

In April, Adm. Michael Rogers took over as director of the NSA, and it was expected he might shuffle staff. One intelligence source said Shea’s departure from her job appeared to be due in part to the “optics” of a top NSA official coming under scrutiny by the press for her and her husband’s business dealings. The other said the press disclosures may have nothing to do with her leaving.

In a statement Friday, NSA spokesman Michael Halbig said that “NSA considers regular rotations of senior leaders as a catalyst for achieving diverse, fresh perspectives on the nation’s critical national security challenges.”

He added that “We value her leadership as a senior leader and look forward to her continued contribution to the mission to help defend the nation.”

Since she would no longer be director of SIGINT, presumably potential conflicts stemming from her husband’s role as a SIGINT contractor, with a SIGINT company at their home, would be alleviated.

Shea, as SIGINT director, presided over most of the NSA operations disclosed by Snowden. The most controversial of those is the mass domestic surveillance program, under which the agency collects data on virtually every phone call Americans make, domestically or overseas, from a cell phone or a landline. But other operations included disclosures that calls by the leaders of foreign allies were intercepted, and that a vast amount of electronic communications were collected from American internet companies such as Google and Yahoo.

Last week, the NSA came under increasing pressure because of the business dealings of former director Keith Alexander, who left the agency in March.

Reuters disclosed that Alexander hired another top NSA official to work at his company, even while the scientist continued to work at the NSA. Reuters said the NSA had begun a review of the unusual agreement, under which NSA Chief Technology Officer Patrick Dowd was to work 20 hours a week at Alexander’s company, Ironnet Cybersecurity, while still working for the U.S. government.

This week, after the controversy erupted, the company said Dowd would no longer work there.

Shhh… FTC New Appointee Ashkan Soltani Irks NSA Top Guns

The US Federal Trade Commission announced last week the appointment of Ashkan Soltani as the FTC’s chief technologist starting November, where he would advise on technology and policy issues for the same agency where he had previously served as a technical expert and staff technologist.

But what made his appointment stands out was other aspects of his resume. Soltani is a renowned and outspoken security researcher and has served as a technical expert for several state attorney general. Most notably, he was recently involved in investigative journalism, as a media consultant at the Washington Post helping Barton Gellman and other reporters on the technical and security aspects of the Snowden documents – and sharing their 2014 Pulitzer Prize for Public Service – plus other spells at The Wall Street Journal and The New York Times.

His latest appointment has upset NSA top guns, drawing criticisms from former NSA director Michael Hayden (and CIA director from 2006 to 2009):

I’m not trying to demonize this fella, but he’s been working through criminally exposed documents and making decisions about making those documents public.

and former NSA general counsel Stewart Baker:

I don’t think anyone who justified or exploited Snowden’s breach of confidentiality obligations should be trusted to serve in government.

In the same report on these reactions, there’s an interesting reader’s comment:

Applesauce-Oath

Hayden and Baker seem to think they took a different oath: to protect the American people from “terrorists” at all costs. And maybe to profit from investing in surveillance companies“? See my earlier posts on Keith Alexander’s business ventures during and after his NSA tenure.

Shhh… Keith Alexander An Active Commodities Player At the NSA

Shhh-cretly last reported about former NSA director Keith Alexander and his private sector aspirations – when he sought in July as many as nine new patents for a computer security system he’s building at the private security firm he has co-founded, IronNet Cybersecurity, Inc., raising questions whether he was cashing in on classified information he has learned at the NSA where he has stepped down in March.

A new Foreign Policy report released Wednesday showed the former spymaster has moved his pawns on the chessboard much earlier – trading in commodities linked to China and Russia, two countries which the NSA was spying on intensely – to seize the acute advantage he enjoyed with his privileged access to highly classified information. A new class of insider trading?

“U.S. officials have long insisted that the information that intelligence agencies steal from foreign corporations and governments is only used to make political and strategic decisions and isn’t shared with U.S. companies. But whether that spying could benefit individual U.S. officials who are privy to the secrets being collected, and what mechanisms are in place to ensure officials don’t personally benefit from insider knowledge, haven’t been widely discussed,” according to the report.

In answering questions on his post NSA ventures back in August:

“If I retired from the Army as a brain surgeon, wouldn’t it be OK for me to go into private practice and make money doing brain surgery?” Alexander said. “I’m a cyber guy. Can’t I go to work and do cyber stuff?”

Now it would be interesting to hear what he has to say about his (undisclosed) commodities trading activities during his NSA tenure.

Here is the full report from Foreign Policy:

Why Was the NSA Chief Playing the Market?

Newly released documents show the NSA chief was investing his money in commodities so obscure that most financial pros stay away.

BY Shane Harris
OCTOBER 22, 2014

At the same time that he was running the United States’ biggest intelligence-gathering organization, former National Security Agency Director Keith Alexander owned and sold shares in commodities linked to China and Russia, two countries that the NSA was spying on heavily.

At the time, Alexander was a three-star general whose financial portfolio otherwise consisted almost entirely of run-of-the-mill mutual funds and a handful of technology stocks. Why he was engaged in commodities trades, including trades in one market that experts describe as being run by an opaque “cartel” that can befuddle even experienced professionals, remains unclear. When contacted, Alexander had no comment about his financial transactions, which are documented in recently released financial disclosure forms that he was required to file while in government. The NSA also had no comment.

Alexander’s stock trades were reviewed by a government ethics official who raised no red flags, and there are no indications the former spymaster did anything wrong. There are also no indications that the trades did much for Alexander’s personal wealth. Disclosure documents show that he earned “no reportable income” from the sale of commodity company stocks, meaning either that it was less than a few hundred dollars or that possibly he lost money on the deals.

Still, the trades raise questions about whether Alexander’s job gave him insights into corporations and markets that may have influenced his personal financial investments. The NSA, which Alexander ran for more than eight years, routinely spies on foreign governments and businesses, including in Russia and China, where the agency has attempted to gain insights into political decision-making, economic strategy, and the countries’ plans for acquiring natural resources.

The financial disclosure documents, which were released to investigative journalist Jason Leopold and published this month by Vice News, reveal nothing explicitly about why Alexander sold the shares when he did. On Jan. 7, 2008, Alexander sold previously purchased shares in the Potash Corp. of Saskatchewan, a Canadian firm that mines potash, a mineral typically used in fertilizer. The potash market is largely controlled by companies in Canada, as well as in Belarus and Russia. And China was, and is, one of the biggest consumers of the substance, using it to expand the country’s agricultural sector and produce higher crop yields.

“It’s a market that’s really odd, involving collusion, where companies essentially coordinate on prices and output,” said Craig Pirrong, a finance professor and commodities expert at the University of Houston’s Bauer College of Business. “Strange things happen in the potash market. It’s a closed market. Whenever you have Russians and Chinese being big players, a lot of stuff goes on in the shadows.”

On the same day he sold the potash company shares, Alexander also sold shares in the Aluminum Corp. of China Ltd., a state-owned company headquartered in Beijing and currently the world’s second-largest producer of aluminum. U.S. government investigators have indicated that the company, known as Chinalco, has received insider information about its American competitors from computer hackers working for the Chinese military. That hacker group has been under NSA surveillance for years, and the Justice Department in May indicted five of its members.

Alexander may have sold his potash company shares too soon. The company’s stock surged into the summer of that year, reaching a high in June 2008 of $76.70 per share, more than $30 higher than the price at which Alexander had sold his shares five months earlier.

He may also have dodged a bullet. Shares in the company plunged in the second half of 2008, amid turmoil in the broader potash market. In 2009, “the bottom fell out of the market,” Pirrong said. Alexander may not have made a lot of money, but he also didn’t lose his shirt.

That didn’t keep the intelligence chief out of the trading game. In October 2008, in the midst of the potash downturn, Alexander purchased shares in an American potash supplier, the Mosaic Company, based in Plymouth, Minnesota. It was a good time to buy: On the day of the purchase, the stock closed at $33.16, having plummeted from highs of more than $150 per share during the summer.

But inexplicably, Alexander sold the shares less than three months later, in January 2009. The stock had barely appreciated in value, and Alexander again disclosed “no reportable income.”

The timing of both the potash and aluminum sales in January 2008 is also intriguing for political reasons. In the spring of 2008, shortly after Alexander sold his positions, senior U.S. officials began to speak on the record for the first time about the threat of cyber-espionage posed by Russia and especially China. Public attention to the intelligence threat was higher than it had been in recent memory. The optics of the NSA director owning stock in a company that his own agency believed may have been receiving stolen information from the Chinese government would have been embarrassing, to say the least.

In May 2008, four months after Alexander sold the shares, Joel Brenner, who at the time was in charge of all counterintelligence for the U.S. government and had previously served as the NSA’s inspector general, gave an interview to me when I was with National Journal and accused China of stealing secrets from American companies “in volumes that are just staggering.” Brenner’s comments came just three months ahead of the opening of the 2008 Olympic Games in Beijing. He eventually went on national U.S. television to warn Americans attending the games that they were at risk of having their cell phones hacked.

U.S. officials at the time said that computer hackers in both China and Russia were routinely breaking into the computers of American businesses to steal proprietary information, such as trade secrets, business strategy documents, and pricing information. Eventually, Alexander himself went on to call state-sponsored cyber-espionage “the greatest transfer of wealth” in American history, blaming it for billions of dollars in losses by U.S. businesses and a loss of competitive advantage.

By 2009, Alexander held no more direct shares in any foreign companies, his records show. His financial transactions while in government apparently garnered no additional scrutiny beyond a standard review by ethics officials, who found no violations. Under official rules governing conflicts of interest, a government employee is prohibited from owning more than $15,000 in holdings of a company “directly involved in a matter to which you have been assigned.” For Alexander, spying on foreign governments and protecting the United States from cyber-espionage would seem to meet that criteria. But his records indicate that he never owned in excess of $15,000 in any foreign company.

The financial disclosure forms don’t say when Alexander bought his shares. Citing ethics rules, the NSA told Leopold that it was only required to release six years’ worth of information, leaving a gap between 2005, when Alexander started at the NSA, and 2008, the first year for which the agency released his financial information. But there’s nothing in the documents that states Alexander used a blind trust, suggesting that he either made the trading decisions himself or was aware of them if they were handled by a broker or advisor.

U.S. officials have long insisted that the information that intelligence agencies steal from foreign corporations and governments is only used to make political and strategic decisions and isn’t shared with U.S. companies. But whether that spying could benefit individual U.S. officials who are privy to the secrets being collected, and what mechanisms are in place to ensure officials don’t personally benefit from insider knowledge, haven’t been widely discussed.

Alexander has arguably blurred the lines between his private interests and public obligations before. In July, Foreign Policy reported that he had filed patents for what he described in an interview as a “unique” approach to detecting malicious hackers and intruders on computer networks. But that technology was directly informed by the years Alexander spent at the NSA and as the head of U.S. Cyber Command, when he was responsible for detecting cyber-intrusions on military and intelligence agency computer networks.

“There is no easy black-and-white answer to this,” Scott Felder, a partner with the law firm Wiley Rein in Washington, said at the time, adding that it’s not uncommon for government employees to be granted patents to their inventions.

But another of Alexander’s business deals has also raised questions about whether he continues to benefit from classified information and access to top players at his old agency.

In an employment deal that prompted an internal investigation at the NSA and inquiries from Capitol Hill, Alexander arranged for the agency’s chief technology officer, Patrick Dowd, to work part time for a new cybersecurity consulting firm that Alexander started this year after leaving the NSA and retiring from the Army with a fourth star. Experts said the public-private setup was highly unusual and possibly unprecedented.

Reuters revealed the arrangement last week, and on Tuesday, Oct. 21, with pressure building from lawmakers to investigate, Alexander said that he was severing the relationship with Dowd. “While we understand we did everything right, I think there’s still enough issues out there that create problems for Dr. Dowd, for NSA, for my company,” Alexander told Reuters when explaining why he scuttled the deal. Alexander’s company, IronNet Cybersecurity, is based in Washington, and he has said he might charge clients as much as $1 million per month for his expertise and insights into cybersecurity.

Shhh… Tim Cook in China to Discuss Data Protection & iCloud Hacks

Apple CEO Tim Cook tweeted his photo Wednesday during a China “road trip” where he visited Foxconn and also met Chinese vice premier Ma Kai in Beijing to discuss recent targeted attacks on iCloud originating from the country – The activist group GreatFire.org has reportedly alleged Chinese government involvement.

Meanwhile, Apple has published a guide on how one can verify the authenticity of the iCloud website in Safari, Chrome and Firefox.

Shhh… Udo Ulfkotte: CIA Used Journalists to Push for War in Russia

Udo Ulfkotte, a former editor of German newspaper Frankfurter Allgemeine Zeitung, told Russia Today (RT) that he had worked for the CIA and he’s not alone – most so-called journalists in America and Europe are on “non-official cover” to run stories aimed to manipulate readers and create propaganda against Russia.

“The German and American media tries to bring war to the people in Europe, to bring war to Russia,” he said.