Tag: spy

French ISPs will not surrender their clouds to government

libertyFrench ISPs have warned the government that they will move their operations out of France if the government brings through a bizarre spying bill.

Five hosters of French computer data said the bill will create an intelligence “exile” from France as ISPs try to avoid losing their customers by moving their operations somewhere else in the EU.

The five do not want to install the “real-time capture of data connection” boxes on their sites which is part of the law.

The ISPs believe that this project “will not reach its goal of putting every French person under surveillance, and will destroy a major segment of the economy of the country.” They said that their customers will turn to other territories to flee the intrusion.

The five have pledged to move their infrastructure, investments and employees where our customers will want to work with us. This will mean massive job losses in France.

“There are thousands of jobs … and start-ups and large companies will go also create elsewhere,” they added.

Two of the biggest data warehouses Gandi and OVH signed the statement along with IDS outfits Ikoula and Lomaco.

The French Association of Software and Internet solutions Publishers (AFDEL), which brings together publishers and Internet companies, said that the proposed implementation of the devices mentioned in the bill was “vague” and that it “feared” that this law, which is part of an extra-judicial framework, would undermine confidence in digital technologies and solutions and thus the competitiveness and attractiveness of French industry.

Cameron advisor wants ISPs to spy for studios

Mike_WeatherleyDavid “one is an ordinary bloke” Cameron’s top internet advisor has suggested that ISPs spy on their customers to work out which are downloading pirated content.

Mike Weatherley, a Conservative MP and Intellectual Property Adviser to UK Prime Minister David Cameron also wants ISPs to censor the Internet better.

According to his report, ISPs have a moral obligation to do more against online piracy.

One would think that Weatherley would have worked out that sort of thing did not work very well. He has previously suggested that search engines should blacklist pirate sites which does not seem to have changed much.

So going “more draconian” seems to be Weatherley’s answer. The just-released 18-page report stresses that these companies have a moral obligation to tackle copyright infringement and can’t stand idly by.

The report uses information which has been helpfully provided by people with a history of providing accurate and not at all misleading figures – the pro-copyright groups including the MPAA, BPI, and the Music Publishers Association.

It offers various recommendations for the UK Government and the EU Commission to strengthen their anti-piracy policies.

One of the key points is to motivate Internet services and providers to filter content proactively. According to the report it’s feasible to “filter out infringing content” and to detect online piracy before it spreads.

“There should be an urgent review, by the UK Government, of the various applications and processes that could deliver a robust automated checking process regarding illegal activity being transmitted,” Weatherley said.

Weatherley added that ISPs should not just remove the content they’re asked to, but also police their systems to ensure that similar files are removed, permanently.

“ISSPs to be more proactive in taking down multiple copies of infringing works, not just the specific case they are notified of,” he said.

This type of filtering is already used by YouTube, which takes down content based on fingerprint matches. However, the report suggests that regular broadband providers could also filter infringing content.

Weatherley also said that protecting the rights of copyright holders has priority over a “no monitoring” principle that would ensure users’ privacy. If the monitoring is done right.

“There is also the question as to whether society will want to have their private activities monitored (even if automatically and entirely confidentially) and whether the trade off to a safer, fairer internet is a price worth paying to clamp down on internet illegal activity. My ‘vote’ would be “yes” if via an independent body.”

Huawei ignores US to clean up

cia-cleanerDespite being on a US spying list, China’s Huawei technologies continues to clean up.

Huawei does not have to tell us much, because it is a private company, but the world’s No.2 telecommunications equipment maker, reported a 33 percent rise in profit for 2014.

This matches company guidance, as the global adoption of fourth-generation (4G) mobile technology boosted sales.

Net profit for 2014 rose to $45.7 billion US dollars, the Shenzhen-based company told media in an earnings briefing today.

In a breakdown, its revenue from telecom operator business rose 16.4 percent year on year, to $31 billion dollars; its revenue from enterprise business reached $3.1 billion dollars, up 27.3 percent year on year; and its revenue from consumer business reached $12.1 billion dollars, up 32.6 percent year on year.

Meanwhile, the company invested $66 billion dollars in research and development, rising 29.4 percent year on year and representing 14.2 percent of its annual sales revenue.

In the past ten years, Huawei’s investment in research and development accumulated to $307 billion dollars.

Either way, despite the US’s most ironic embargo, Huawei is doing rather well.

 

UK spooks can spy on anyone anywhere

GCHQ buildingThere has been a gasp of horror after it was announced that US spooks wanted the power to spy on anyone, anywhere – but it turns out that their British counterparts have been doing that already.

The UK, granted similar powers to its own intelligence services and is now revealing it.

According to Privacy International , the British Government has admitted its intelligence services have the broad power to hack into personal phones, computers, and communications networks, and claims they are legally justifed to hack anyone, anywhere in the world, even if the target is not a threat to national security nor suspected of any crime.

The admission was was made in what the UK government calls its “Open Response” to court cases started last year against GCHQ.

Buried deep within the document, Government lawyers claim that while the intelligence services require authorisation to hack into the computer and mobile phones of “intelligence targets”, GCHQ is equally permitted to break into computers anywhere in the world even if they are not connected to a crime or a threat to national security.

The intelligence services are allowed to exploit communications networks in covert manoeuvres that severely undermine the security of the entire internet. This was how GCHQ hacked into Belgacom using the malware Regin, and targeted Gemalto, the world’s largest maker of SIM cards used in countries around the world.

Many people had assumed that this was the case. But court cases against the UK’s GCHQ are ferreting out numerous details that were previously secret. This shows the value of the strategy, and suggests it should be used again where possible.

 

Big Brother calls Apple Big Brother

Ad_apple_1984_2US spooks, who have been dubbed “Big Brother” for their worldwide surveillance programme think that the title belongs to Apple.

Following up its exposé about the NSA’s ability to hack into individual smartphones and decrypt their contents, Der Spiegel published a new story about NSA spying on smartphones which features the spook’s Powerpoint presentation.

One slide calls iPhone users “zombies” who pay for the services that enable the NSA to track physical locations.

Another slide calls deceased Apple founder and former CEO Steve Jobs “Big Brother”. This because Apple is already collecting a shedload of geolocation data which the NSA can hack.

The first slide in the series alludes to George Orwell’s 1984, which is ironic because Apple became famous with its 1984 advert where it promised to set users free.

Of course the Tame Apple Press is furious  claimed it showed a “profound disrespect” for “we” users. Given that “we” are not stupid enough to buy an iPhone “we” would say that the NSA is showing a profound disrespect for those who pay for the pleasure of being spied on. It is disrespect that people outside the Apple reality distortion field all share.

 

Kaspersky finds more US snoops

spyMoscow-based Kaspersky Labs has uncovered more evidence indicating that the US National Security Agency is behind a particularly successful hacking group.

“Equation Group” ran the most advanced hacking operation ever uncovered and was untouched for more than 14 years.

Kaspersky researchers did not say that the hackers were the NSA, saying only that the operation had to have been sponsored by a nation-state with nearly unlimited resources to dedicate to the project.

However the mountain of  evidence that Kaspersky provided  strongly implicated the spy agency.

The strongest new tie to the NSA was the string “BACKSNARF_AB25” discovered only a few days ago embedded in a newly found sample of the Equation Group espionage platform dubbed “EquationDrug.” “BACKSNARF,” according to page 19 of this undated NSA presentation, was the name of a project tied to the NSA’s Tailored Access Operations.

“BACKSNARF” joins a host of other programming “artifacts” that tied Equation Group malware to the NSA. They include “Grok,” “STRAITACID,” and “STRAITSHOOTER.” Just as jewel thieves take pains to prevent their fingerprints from being found at their crime scenes, malware developers endeavor to scrub usernames, computer IDs, and other text clues from the code they produce. While the presence of the “BACKSNARF” artifact isn’t conclusive proof it was part of the NSA project by that name, the chances that there were two unrelated projects with nation-state funding seems tiny.

The code word is included in a report Kaspersky detailing new technical details uncovered about Equation Group.

Among other new data included in the report, the timestamps stored inside the Equation Group malware showed that members overwhelmingly worked Monday through Friday and almost never on Saturdays or Sundays. The hours in the timestamps appeared to show members working regular work days, an indication they were part of an organised software development team.

The timestamps show the employees were likely in the UTC-3 or UTC-4 time zone, a finding that would be consistent with people working in the Eastern part of the US.

 

 

British and US spooks stole SIM card keys

james_bond_movie_poster_006Spies from the US and the UK hacked into the internal computer network of the largest manufacturer of SIM cards in the world and stole encryption keys used to protect the privacy of mobile phones.

According to the latest release from the Edward Snowden cache, the hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ.

It all happened in 2010 when GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world’s mobiles, including both voice and data.

Gemalto, a multinational firm incorporated in the Netherlands, makes chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world.

It makes two billion SIM cards a year and with the stolen encryption keys, intelligence agencies could monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments.

British spies mined the private communications of unwitting engineers and other company employees in multiple countries.

Apparently, Gemalto did not notice and still cannot work out how it was done.

According to one secret GCHQ slide, the British intelligence agency penetrated Gemalto’s internal networks, planting malware on several computers, giving GCHQ access.

French spooks behind latest malware

peter_sellers_3918It seems that the French are not going to stand idly by while other nations spies get all the attention for creating spyware.

Cyphort Labs found a cyber-espionage tool of the kind a nation state would be behind which invades Windows desktop machines and aims at extracting almost anything of value: it steals data from instant messengers, softphones, browsers and office applications.

Dubbed ‘Babar64’  the malware is believed to have been written by French intelligence.

It is a natty bit of code. It logs keystrokes, taking screenshots, steams audio from softphone applications, nicks clipboard data and can steal the names of desktop windows.

The malware creates an invisible window, with no other purpose than to receive window messages. By processing the window message queue it filters out input events and dispatches them to a raw input device object. Said object is configured to grab keyboard events through GetRawInputData.

Babar has two hard coded C&C server addresses included in its configuration data — http://www.horizons-tourisme.com/_vti_bin/_vti_msc/bb/index.php and http://www.gezelimmi.com/wp-includes/misc/bb/index.php

The domain horizons-tourisme.com is a legitimate website, operated by an Algerian travel agency, located in Algiers. The website is in French and still online today. Gezelimmi.com is a Turkish domain, currently responding with an HTTP error message 403, access not permitted. Both domains appear to be of legitimate use, but compromised and abused to host Babar’s server side infrastructure.

US spooks hide in hard drives

spyIf you own hard-drives made by Western Digital, Seagate, and Toshiba all your data could have been seen by US spooks.

According to Kaspersky Lab, the US National Security Agency figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba, IBM, Micron and Samsung.

Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said.

The Russian outfit did not name the US as the country behind the software, but said it was closely linked to Stuxnet, which was a NSA-led effort.

A former NSA employee told Reuters that Kaspersky’s analysis was correct, and that people still in the spy agency valued these espionage programmes as highly as Stuxnet. Another former intelligence operative confirmed that the NSA had developed the prized technique of concealing spyware in hard drives.

Kaspersky published the technical details of its research on Monday, a move that could help infected institutions detect the spying programs, some of which trace back as far as 2001

The announcement could lead to a backlash against Western technology, in countries such as China, which is already drafting regulations that would require most technology suppliers to provide copies of their software code for inspection.

Kaspersky said the spies made a technological breakthrough by figuring out how to lodge malicious software in the obscure code called firmware that launches every time a computer is turned on.

Disk drive firmware is viewed by spies and cybersecurity experts as the second-most valuable real estate on a PC for a hacker, second only to the BIOS code invoked automatically as a computer boots up.

The information was news to Western Digital, Seagate and Micron who said it was the first they had heard of it. Toshiba and Samsung declined to comment and IBM just ignored hacks requests.

Western spooks behind Regin

 james_bond_movie_poster_006Security experts at Kaspersky Lab have discovered shared code and functionality between the Regin malware and a similar platform  in a newly disclosed set of Edward Snowden documents 10 days ago by Germany’s Der Spiegel.

The link, found in a keylogger called QWERTY allegedly used by the so-called Five Eyes, leads them to conclude that the developers of each platform are either the same, or work closely together.

Writing in their blog, Kaspersky Lab researchers Costin Raiu and Igor Soumenkov  said that considering the extreme complexity of the Regin platform there’s little chance that it can be duplicated by somebody without having access to its source codes.

They think that the QWERTY malware developers and the Regin developers were the same or working together.

The Der Spiegel article describes how the U.S National Security Agency, the U.K.’s GCHQ and the rest of the Five Eyes are allegedly developing offensive Internet-based capabilities to attack computer networks managing the critical infrastructure of its adversaries.

QWERTY is  a module that logs keystrokes from compromised Windows machines; Der Spiegel said the malware is likely several years old and has likely already been replaced.

Kaspersky researchers Raiu and Soumenkov said QWERTY malware is identical in functionality to a particular Regin plugin.

Raiu and Soumenkov said within QWERTY there were three binaries and configuration files. One binary called 20123.sys is a kernel mode component of the QWERTY keylogger that was built from source code also found in a Regin module, a plug-in called 50251.

Side-by-side comparisons of the respective source code shows they are close to identical and sharing large chunks of code.

Regin was discovered in late November by Kaspersky Lab and it was quickly labelled one of the most advanced espionage malware platforms ever studied, surpassing even Stuxnet and Flame in complexity. The platform is used to steal secrets from government agencies, research institutions, banks and can even be tweaked to attack GSM telecom network operators.

 

 

UK pledges to increase snooping with US

spyThe UK and the US are using the massacres in Paris as a pretext for “increasing co-operation” on snooping on internet users.

Prime Minister David “one is an ordinary bloke” Cameron said the two countries will set up “cyber cells” to share intelligence and conduct simulated attacks to test the defences of organisations such as banks.

Cameron is visiting Washington to tell them how to sort out their economy and security, and is due to have a second meeting with President Barack Obama today.

Cameron said that the two countries had  hugely capable cyber defences and the expertise and that is why they  should set up cyber cells on both sides of the Atlantic to share information, Cameron said.

The cooperation between Britain’s GCHQ eavesdropping agency and the US National Security Agency will include joint war games, with the UK providing the Games Workshop figures and the US providing the rules, the polyhedral dice and the joints.

The first exercise later this year to involve the Bank of England and commercial banks in both the City of London and Wall Street. It is not clear who will be exercising but if you ask any bankers we have seen to do a push up the body bag count will be high.

“This is a real signal it is time to step up the efforts and to do more,” said Cameron.

The British leader said he also planned to discuss with Obama how the two countries could work more closely with big Internet companies such as Facebook and Google to monitor communications between terror suspects. This is of course something that Facebook and Google want nothing to do with, so chances are he will be talking about bringing in laws to force them.

One thing Cameron has not answered is that if the UK and US have such wonderful cyber ability and resources, how did the Paris attacks actually happen? It seems that the more snooping powers that the UK and the US demand, the less effect it has on the goal of preventing terrorism.

CIA clears itself of charges of spying

cia-cleanerThe ironically named CIA Accountability Board has cleared the agency of wrongdoing after the spooks searched the files of congressional investigators who were investigating the possible use of torture tactics during the Bush years.

The board, set up by the CIA itself, published a report that said that five agency officials made a “mistake” by searching for files used by the Senate Intelligence Committee investigating the CIA, but said that their actions “did not reflect malfeasance, bad faith, or the intention to gain improper access to Senate Select Committee on Intelligence confidential, deliberative material”.

So, that is alright then, Americans can go back to bed knowing that its spooks are not really spying on their elected representatives.

However the  accountability board said such a mistake was possible because there were no clear rules for using the “unprecedented” RDINet, the secure network set up to allow congressional investigators to review the CIA’s files on rendition, detention, and interrogation techniques.

The five individuals had “acted reasonably to investigate a potential security breach.”

Needless to say this inquiry overturns the conclusions of the current inspector general of the CIA, David Buckley, who said in a report last July that the five CIA officials had acted improperly by accessing the network. Buckley also found at the time that the CIA had inaccurately filed criminal referrals against congressional investigators that accused them of mishandling classified information.

Intelligence Committee investigators were presented with a message — “your use of this system may be monitored and you have no expectation of privacy” — every time they logged on. While the accountability board rejected that the agency had deliberately attempted to access confidential material, it alleged that Intelligence Committee investigators had accessed restricted CIA documents, violating an agreement about the use of RDINet.

Senators are furious with the results of the review and wanted to make sure that the CIA would stop stonewalling investigations and retaliating by snooping on investigating Senators.

Senator Dianne Feinstein, the ex-chairperson of the SSCI, also voiced her reaction in a statement in which she said she was “disappointed that no one at the CIA will be held accountable.”

Feinstein accused the CIA of improperly accessing Senate computers in 2010, a year after investigators began looking into whether the CIA’s “enhanced interrogation” methods constituted torture.  CIA officials had snooped on the Intelligence Committee to discover what it knew about the agency’s interrogation methods, and that officials then began to remove almost 900 documents from the secure network that could implicate the agency in torture.

Cameron wants to read all internet communication

stupid cameronBritish Prime Minister David “one is an ordinary bloke” Cameron is insisting that he should be allowed to read any internet communication on the planet.

Cameron claims that there are places on the world wide wibble where terrorists can hide and he wants a  “comprehensive piece of legislation” to close the “safe spaces”. To do this he wants authorities to be able to access the details of communications and their content.

Apparently all the surveillance powers Cameron already has were not enough to stop an attack similar to the one which happened in Paris taking place in Blighty.

Mr Cameron said the recent attacks in Paris showed the need for such a move and he said he was comfortable that it was appropriate in a “modern liberal democracy”.  After all he and his chums will not be snooped on.

Speaking at an event in the East Midlands, Cameron said he recognised such powers were “very intrusive” but he believed that they were justified to counter the growing threat to the UK, as long as proper legal safeguards were in place.

The coalition introduced emergency legislation last year to maintain internet and phone companies’ obligation to store their customers’ personal communications data and to give access to the police.

But an attempt to extend these powers to include internet browsing history and social media sites were dropped following opposition from the Liberal Democrats.

Legislation would be needed to allow for “more modern forms of communication.”

He would also legislate in the “more contentious” area of the content of these online communications. There should be no “means of communication” which “we cannot read,” he said.

Previous governments had backed away from going down such a route, Cameron said, but he believed this would have to change so that, “in extremis,” such material could be obtained with a signed warrant from the home secretary.

It looks like voting him out will not get rid of such a law either — Labour leader Ed Miliband said it was important for security services to “keep up to date with technology” but said it had to be “done in the right way”, with “basic liberties” protected.

“That’s why we said there needs to be an independent look at these issues, to make recommendations about what needs to be changed for the future,” he added.

In other words, it is not fair you letting Cameron look at your emails I want a peek too.

Liberal Democrat Civil Liberties Minister Simon Hughes said he would not support “blanket powers” that would take away the liberties of “innocent civilians.”

What no one seems to be understanding is that if any government brings in laws the terrorists will work out a way to avoid them and it will be ordinary people who cannot get around the laws who will lose their privacy.

 

Spies are putting off writers

spyA survey of writers around the world by the PEN American Centre has found that a significant majority said they were deeply concerned with government surveillance.

Some have said that the spying has meant they have avoided, or have considered avoiding, controversial topics in their work or censored their posts or phone calls.

More than 75 percent of respondents in countries classified as “free,” 84 percent in “partly free” countries, and 80 percent in countries that were “not free” said that they were “very” or “somewhat” worried about government surveillance in their countries.

The survey was conducted anonymously online in Autumn 2014 and yielded 772 responses from fiction and nonfiction writers and related professionals, including translators and editors, in 50 countries.

Smaller numbers said they avoided or considered avoiding writing or speaking on certain subjects, with 34 percent in countries classified as free, 44 percent in partly free countries and 61 percent in not free countries reporting self-censorship. Respondents in similar percentages reported curtailing social media activity, or said they were considering it, because of surveillance.

The executive director of the PEN American Centre, Suzanne Nossel, said that the findings, taken together with those of a 2013 PEN survey of writers in the United States, indicate that mass surveillance is significantly damaging free expression and the free flow of information around the world.

“Writers are the ones who experience encroachments on freedom of expression most acutely, or first,”. Nossel said. “The idea that we are seeing some similar patterns in free countries to those we’ve traditionally associated with unfree countries is pretty distressing.”

The survey added that mass surveillance by the United States government had damaged its reputation as a defender of free expression, with some 36 percent in other “free” countries and 32 percent in “less free” countries saying freedom of expression had less protection in the United States than in their nations.

 

NSA spys on Wikileaks

spyGoogle has told WikiLeaks that on Christmas Eve the Gmail mailboxes and account metadata of a WikiLeaks employee were turned over to law enforcement under a US federal warrant.

WikiLeaks journalist and Courage Foundation acting director Sarah Harrison displayed a redacted copy of the warrant during her presentation on source protection at the Chaos Communications Congress yesterday in Hamburg, Germany.

The warrant was dated for execution by April 5, 2012 by the United States District Court for the Eastern District of Virginia, and it was apparently part of the continuing investigation by the Justice Department into criminal charges against WikiLeaks and its founder Julian Assange.

It is not clear whose e-mail was searched and details were not provided, and Wikileaks is a little er secretive about who works there. According to a statement on the organisation’s website, “Given the high level assassination threats against WikiLeaks staff, we cannot disclose exact details about our team members.”

A Google spokesperson said in a statement: that it did not talk about individual cases to help protect all its users.

When it received a subpoena or court order, Google check to see if it meets both the letter and the spirit of the law before complying. And if it doesn’t, it asks that the request is narrowed.

“We have a track record of advocating on behalf of our users,” a spokesGoogle said.

This is the second time a US warrant has been served at Google for data from someone connected to WikiLeaks. A sealed warrant was served to Google in 2011 for the email of a WikiLeaks volunteer in Iceland. The Justice Department has also previously sought to get metadata from WikiLeaks-connected Twitter accounts, and won a court battle with Twitter three years ago to force it to hand it over.