Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×

Submission + - Secret manuals show the spyware sold to despots and cops worldwide (firstlook.org)

Submitted by Advocatus Diaboli
Advocatus Diaboli writes: The manuals describe Hacking Team’s software for government technicians and analysts, showing how it can activate cameras, exfiltrate emails, record Skype calls, log typing, and collect passwords on targeted devices. They also catalog a range of pre-bottled techniques for infecting those devices using wifi networks, USB sticks, streaming video, and email attachments to deliver viral installers. With a few clicks of a mouse, even a lightly trained technician can build a software agent that can infect and monitor a device, then upload captured data at unobtrusive times using a stealthy network of proxy servers, all without leaving a trace. That, at least, is what Hacking Team’s manuals claim as the company tries to distinguish its offerings in the global marketplace for government hacking software.

Submission + - Core Secrets: NSA Saboteurs in China and Germany (firstlook.org)

Submitted by Advocatus Diaboli
Advocatus Diaboli writes: The National Security Agency has had agents in China, Germany, and South Korea working on programs that use “physical subversion” to infiltrate and compromise networks and devices, according to documents obtained by The Intercept. The documents, leaked by NSA whistleblower Edward Snowden, also indicate that the agency has used “under cover” operatives to gain access to sensitive data and systems in the global communications industry, and that these secret agents may have even dealt with American firms. The documents describe a range of clandestine field activities that are among the agency’s “core secrets” when it comes to computer network attacks, details of which are apparently shared with only a small number of officials outside the NSA.

Submission + - US says it can hack into foreign-based servers without warrants (arstechnica.com)

Submitted by Advocatus Diaboli
Advocatus Diaboli writes: The US government may hack into servers outside the country without a warrant, the Justice Department said in a new legal filling in the ongoing prosecution of Ross Ulbricht. The government believes that Ulbricht is the operator of the Silk Road illicit drug website. Monday's filing in New York federal court centers on the legal brouhaha of how the government found the Silk Road servers in Iceland. Ulbricht said last week that the government's position—that a leaky CAPTCHA on the site's login led them to the IP address—was "implausible" and that the government (perhaps the National Security Agency) may have unlawfully hacked into the site to discover its whereabouts

Submission + - The FBI Just Finished Its Insane New Facial Recognition System (gizmodo.com)

Submitted by Advocatus Diaboli
Advocatus Diaboli writes: "After six years and over one billion dollars in development, the FBI has just announced that its new biometric facial recognition software system is finally complete. Meaning that, starting soon, photos of tens of millions of U.S. citizen's faces will be captured by the national system on a daily basis. The Next Generation Identification (NGI) program will logs all of those faces, and will reference them against its growing database in the event of a crime. It's not just faces, though. Thanks to the shared database dubbed the Interstate Photo System (IPS), everything from tattoos to scars to a person's irises could be enough to secure an ID. What's more, the FBI is estimating that NGI will include as many as 52 million individual faces by next year, collecting identified faces from mug shots and some job applications. So if you apply for any type of job that requires fingerprinting, for instance, those prints (which will now also likely be asked for along with a photo) will be sent off to the government for processing."

Here are two recent and related news items.

Boston police used facial recognition software on thousands of people at a music festival (http://theweek.com/speedreads/index/266552/speedreads-boston-police-used-facial-recognition-software-on-thousands-of-people-at-a-music-festival)

"Attendees of last year's Boston Calling music festival were — without their knowledge — test subjects for the Boston Police Department's new facial recognition software. The IBM program — which also analyzes each individual's build, clothes, and skin color — captured video of thousands of people, 50 hours of which is still intact."

and

General Motors May Be The First To Offer Cars That Detect Distracted Drivers (http://www.washingtonpost.com/cars/general-motors-may-be-the-first-to-offer-cars-that-detect-distracted-drivers/2014/09/02/d00b5bc4-32b9-11e4-9f4d-24103cb8b742_story.html)

"According to CNBC, the technology will come from an Australian firm called Seeing Machines. It will take the form of a series of cameras paired with facial recognition software — kind of like the software that Facebook uses to auto-tag your friends in photos, but in this case, it'll take note of things like the rotation of the driver's head and how often he/she blinks. That will help the system determine whether a driver is looking at the road, at a cell phone, or even nodding off. If the situation proves dire enough, the system could theoretically slow the vehicle and force the driver to pull over — not unlike a certain attention-powered car we've seen before."

Submission + - U.S. threatened massive fine to force Yahoo to release data (washingtonpost.com) 1

Submitted by Advocatus Diaboli
Advocatus Diaboli writes: The U.S. government threatened to fine Yahoo $250,000 a day in 2008 if it failed to comply with a broad demand to hand over user data that the company believed was unconstitutional, according to court documents unsealed Thursday that illuminate how federal officials forced American tech companies to participate in the NSA’s controversial PRISM program. The documents, roughly 1,500 pages worth, outline a secret and ultimately unsuccessful legal battle by Yahoo to resist the government’s demands. The company’s loss required Yahoo to become one of the first to begin providing information to PRISM, a program that gave the National Security Agency extensive access to records of online communications by users of Yahoo and other U.S.-based technology firms.

Submission + - Reports on drivers, training by firm fueled law enforcement aggressiveness (washingtonpost.com)

Submitted by Advocatus Diaboli
Advocatus Diaboli writes: Operating in collaboration with the U.S. Drug Enforcement Administration, Immigration and Customs Enforcement and other federal entities, Black Asphalt members exchanged tens of thousands of reports about American motorists, many of whom had not been charged with any crimes, according to a company official and hundreds of internal documents obtained by The Post. For years, it received no oversight by government, even though its reports contained law enforcement sensitive information about traffic stops and seizures, along with hunches and personal data about drivers, including Social Security numbers and identifying tattoos. Black Asphalt also has served as a social hub for a new brand of highway interdictors, a group that one Desert Snow official has called “a brotherhood.” Among other things, the site hosts an annual competition to honor police who seize the most contraband and cash on the highways. As part of the contest, Desert Snow encouraged state and local patrol officers to post seizure data along with photos of themselves with stacks of currency and drugs. Some of the photos appear in a rousing hard-rock video that the Guthrie, Okla.-based Desert Snow uses to promote its training courses.

Submission + - NSA built "Google-like" interface to scan 850+ billion metadata records (arstechnica.com)

Submitted by mpicpp
mpicpp writes: Data like unique phone identifiers, e-mail addresses, and chat handles now being shared.

According to newly published documents, the National Security Agency has built a “Google-like” search interface for its vast database of metadata, and the agency shares it with dozens of other American intelligence agencies. The new documents are part of the Snowden leaks and were first published on Monday by The Intercept.

The new search tool, called ICREACH, is described in an internal NSA presentation as a “large scale expansion of communications metadata shared with [intelligence community] partners.” That same presentation shows that ICREACH has been operational since the pilot launched in May 2007. Not only is data being shared to more agencies, but there are more types of such data being shared—ICREACH searches over 850 billion records.

New data types being shared include IMEI numbers (a unique identifier on each mobile handset), IMSI (another unique identifier for SIM cards), GPS coordinates, e-mail address, and chat handles, among others. Previously, such metadata was only limited to date, time, duration, called number, and calling number.

Submission + - NSA/GCHQ: The HACIENDA Program for Internet Colonization (heise.de)

Submitted by Advocatus Diaboli
Advocatus Diaboli writes: Since the early days of TCP, port scanning has been used by computer saboteurs to locate vulnerable systems. In a new set of top secret documents seen by Heise, it is revealed that in 2009, the British spy agency GCHQ made port scans a "standard tool" to be applied against entire nations. Twenty-seven countries are listed as targets of the HACIENDA program in the presentation, which comes with a promotional offer: readers desiring to do reconnaissance against another country need simply send an e-mail.

Submission + - NSA BIOS Backdoor a.k.a. God Mode Malware Part 1: DEITYBOUNCE (infosecinstitute.com)

Submitted by Advocatus Diaboli
Advocatus Diaboli writes: This article is the first part of a series on NSA BIOS backdoor internals. Before we begin, I’d like to point out why these malwares are classified as “god mode.” First, most of the malware uses an internal (NSA) codename in the realms of “gods,” such as DEITYBOUNCE, GODSURGE, etc. Second, these malwares have capabilities similar to “god mode” cheats in video games, which make the player using it close to being invincible. This is the case with this type of malware because it is very hard to detect and remove, even with the most sophisticated anti-malware tools, during its possible deployment timeframe.

Submission + - NSA Tried To Delete Court Transcript In Lawsuit Over Deleting Evidence (yahoo.com)

Submitted by Advocatus Diaboli
Advocatus Diaboli writes: The National Security Agency secretly tried to delete part of a public court transcript after believing one of its lawyers may have accidentally revealed classified information in a court case over alleged illegal surveillance. Following a recent hearing in the ongoing Jewel v. NSA case, in which the Electronic Frontier Foundation is challenging NSA’s ability to surveil foreign citizen’s U.S.-based email and social media accounts, the government informed U.S. District Court Judge Jeffrey White it believed one of its attorneys mistakenly revealed classified information. The government then requested that the select portion of the hearing’s public transcript be secretly deleted without alerting the public to the alteration. According to the EFF, the open courtroom case — which has been steadily picking up media coverage following NSA leaker Edward Snowden’s bulk surveillance revelations — was “widely covered by the press” and “even on the local TV news on two stations.”

Submission + - Leaked docs show spyware used to snoop on US computers (arstechnica.com)

Submitted by Advocatus Diaboli
Advocatus Diaboli writes: Software created by the controversial UK-based Gamma Group International was used to spy on computers that appear to be located in the United States, the UK, Germany, Russia, Iran, and Bahrain, according to a leaked trove of documents analyzed by ProPublica. It's not clear whether the surveillance was conducted by governments or private entities. Customer e-mail addresses in the collection appeared to belong to a German surveillance company, an independent consultant in Dubai, the Bosnian and Hungarian Intelligence services, a Dutch law enforcement officer, and the Qatari government.

Submission + - The FBI Is Infecting Tor Users with Malware with Drive-by Downloads (wired.com)

Submitted by Advocatus Diaboli
Advocatus Diaboli writes: For the last two years, the FBI has been quietly experimenting with drive-by hacks as a solution to one of law enforcement’s knottiest Internet problems: how to identify and prosecute users of criminal websites hiding behind the powerful Tor anonymity system. The approach has borne fruit—over a dozen alleged users of Tor-based child porn sites are now headed for trial as a result. But it’s also engendering controversy, with charges that the Justice Department has glossed over the bulk-hacking technique when describing it to judges, while concealing its use from defendants.

Submission + - Barack Obama's Secret Terrorist-Tracking System, by the Numbers (firstlook.org)

Submitted by Advocatus Diaboli
Advocatus Diaboli writes: Nearly half of the people on the U.S. government’s widely shared database of terrorist suspects are not connected to any known terrorist group, according to classified government documents obtained by The Intercept. Of the 680,000 people caught up in the government’s Terrorist Screening Database—a watchlist of “known or suspected terrorists” that is shared with local law enforcement agencies, private contractors, and foreign governments—more than 40 percent are described by the government as having “no recognized terrorist group affiliation.” That category—280,000 people—dwarfs the number of watchlisted people suspected of ties to al Qaeda, Hamas, and Hezbollah combined.

Submission + - The NSA's New Partner in Spying: Saudi Arabia's Brutal State Police (firstlook.org)

Submitted by Advocatus Diaboli
Advocatus Diaboli writes: The National Security Agency last year significantly expanded its cooperative relationship with the Saudi Ministry of Interior, one of the world’s most repressive and abusive government agencies. An April 2013 top secret memo provided by NSA whistleblower Edward Snowden details the agency’s plans “to provide direct analytic and technical support” to the Saudis on “internal security” matters. The Saudi Ministry of Interior—referred to in the document as MOI— has been condemned for years as one of the most brutal human rights violators in the world. In 2013, the U.S. State Department reported that “Ministry of Interior officials sometimes subjected prisoners and detainees to torture and other physical abuse,” specifically mentioning a 2011 episode in which MOI agents allegedly “poured an antiseptic cleaning liquid down [the] throat” of one human rights activist. The report also notes the MOI’s use of invasive surveillance targeted at political and religious dissidents.

Slashdot Top Deals

The use of money is all the advantage there is to having money. -- B. Franklin

Close