Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×

Submission + - Operation AURORAGOLD: How the NSA hacks cellphone networks worldwide (firstlook.org)

Submitted by Advocatus Diaboli
Advocatus Diaboli writes: The documents also reveal how the NSA plans to secretly introduce new flaws into communication systems so that they can be tapped into—a controversial tactic that security experts say could be exposing the general population to criminal hackers. Codenamed AURORAGOLD, the covert operation has monitored the content of messages sent and received by more than 1,200 email accounts associated with major cellphone network operators, intercepting confidential company planning papers that help the NSA hack into phone networks.

Submission + - New Snowden Docs: GCHQ ties to Telcos gave Spies Global Surveillance Reach (arstechnica.com)

Submitted by Advocatus Diaboli
Advocatus Diaboli writes: According to a report in the German newspaper Süddeutsche Zeitung, the telecommunications company Cable & Wireless—now a subsidiary of Vodafone—“actively shaped and provided the most data to GCHQ surveillance programs and received millions of pounds in compensation.” The relationship was so extensive that a GCHQ employee was assigned to work full time at Cable & Wireless (referred to by the code name “Gerontic” in NSA documents) to manage cable-tap projects in February of 2009. By July of 2009, Cable & Wireless provided access to 29 out of the 63 cables on the list, accounting for nearly 70 percent of the data capacity available to surveillance programs.

Submission + - Malware in European Union Attack linked to U.S and British Intelligence Agencies (firstlook.org)

Submitted by Advocatus Diaboli
Advocatus Diaboli writes: The Regin malware, whose existence was first reported by the security firm Symantec on Sunday, is among the most sophisticated ever discovered by researchers. Symantec compared Regin to Stuxnet, a state-sponsored malware program developed by the U.S. and Israel to sabotage computers at an Iranian nuclear facility. Sources familiar with internal investigations at Belgacom and the European Union have confirmed to The Intercept that the Regin malware was found on their systems after they were compromised, linking the spy tool to the secret GCHQ and NSA operations.

Submission + - British Spies are free to target Lawyers and Journalists (firstlook.org)

Submitted by Advocatus Diaboli
Advocatus Diaboli writes: British spies have been granted the authority to secretly eavesdrop on legally privileged attorney-client communications, according to newly released documents. On Thursday, a series of previously classified policies confirmed for the first time that the U.K.’s top surveillance agency Government Communications Headquarters (pictured above) has advised its employees: “You may in principle target the communications of lawyers.” The country’s other major security and intelligence agencies—MI5 and MI6—have adopted similar policies, the documents show. The guidelines also appear to permit surveillance of journalists and others deemed to work in “sensitive professions.”

Submission + - Secret manuals show the spyware sold to despots and cops worldwide (firstlook.org)

Submitted by Advocatus Diaboli
Advocatus Diaboli writes: The manuals describe Hacking Team’s software for government technicians and analysts, showing how it can activate cameras, exfiltrate emails, record Skype calls, log typing, and collect passwords on targeted devices. They also catalog a range of pre-bottled techniques for infecting those devices using wifi networks, USB sticks, streaming video, and email attachments to deliver viral installers. With a few clicks of a mouse, even a lightly trained technician can build a software agent that can infect and monitor a device, then upload captured data at unobtrusive times using a stealthy network of proxy servers, all without leaving a trace. That, at least, is what Hacking Team’s manuals claim as the company tries to distinguish its offerings in the global marketplace for government hacking software.

Submission + - Core Secrets: NSA Saboteurs in China and Germany (firstlook.org)

Submitted by Advocatus Diaboli
Advocatus Diaboli writes: The National Security Agency has had agents in China, Germany, and South Korea working on programs that use “physical subversion” to infiltrate and compromise networks and devices, according to documents obtained by The Intercept. The documents, leaked by NSA whistleblower Edward Snowden, also indicate that the agency has used “under cover” operatives to gain access to sensitive data and systems in the global communications industry, and that these secret agents may have even dealt with American firms. The documents describe a range of clandestine field activities that are among the agency’s “core secrets” when it comes to computer network attacks, details of which are apparently shared with only a small number of officials outside the NSA.

Submission + - US says it can hack into foreign-based servers without warrants (arstechnica.com)

Submitted by Advocatus Diaboli
Advocatus Diaboli writes: The US government may hack into servers outside the country without a warrant, the Justice Department said in a new legal filling in the ongoing prosecution of Ross Ulbricht. The government believes that Ulbricht is the operator of the Silk Road illicit drug website. Monday's filing in New York federal court centers on the legal brouhaha of how the government found the Silk Road servers in Iceland. Ulbricht said last week that the government's position—that a leaky CAPTCHA on the site's login led them to the IP address—was "implausible" and that the government (perhaps the National Security Agency) may have unlawfully hacked into the site to discover its whereabouts

Submission + - The FBI Just Finished Its Insane New Facial Recognition System (gizmodo.com)

Submitted by Advocatus Diaboli
Advocatus Diaboli writes: "After six years and over one billion dollars in development, the FBI has just announced that its new biometric facial recognition software system is finally complete. Meaning that, starting soon, photos of tens of millions of U.S. citizen's faces will be captured by the national system on a daily basis. The Next Generation Identification (NGI) program will logs all of those faces, and will reference them against its growing database in the event of a crime. It's not just faces, though. Thanks to the shared database dubbed the Interstate Photo System (IPS), everything from tattoos to scars to a person's irises could be enough to secure an ID. What's more, the FBI is estimating that NGI will include as many as 52 million individual faces by next year, collecting identified faces from mug shots and some job applications. So if you apply for any type of job that requires fingerprinting, for instance, those prints (which will now also likely be asked for along with a photo) will be sent off to the government for processing."

Here are two recent and related news items.

Boston police used facial recognition software on thousands of people at a music festival (http://theweek.com/speedreads/index/266552/speedreads-boston-police-used-facial-recognition-software-on-thousands-of-people-at-a-music-festival)

"Attendees of last year's Boston Calling music festival were — without their knowledge — test subjects for the Boston Police Department's new facial recognition software. The IBM program — which also analyzes each individual's build, clothes, and skin color — captured video of thousands of people, 50 hours of which is still intact."

and

General Motors May Be The First To Offer Cars That Detect Distracted Drivers (http://www.washingtonpost.com/cars/general-motors-may-be-the-first-to-offer-cars-that-detect-distracted-drivers/2014/09/02/d00b5bc4-32b9-11e4-9f4d-24103cb8b742_story.html)

"According to CNBC, the technology will come from an Australian firm called Seeing Machines. It will take the form of a series of cameras paired with facial recognition software — kind of like the software that Facebook uses to auto-tag your friends in photos, but in this case, it'll take note of things like the rotation of the driver's head and how often he/she blinks. That will help the system determine whether a driver is looking at the road, at a cell phone, or even nodding off. If the situation proves dire enough, the system could theoretically slow the vehicle and force the driver to pull over — not unlike a certain attention-powered car we've seen before."

Submission + - U.S. threatened massive fine to force Yahoo to release data (washingtonpost.com) 1

Submitted by Advocatus Diaboli
Advocatus Diaboli writes: The U.S. government threatened to fine Yahoo $250,000 a day in 2008 if it failed to comply with a broad demand to hand over user data that the company believed was unconstitutional, according to court documents unsealed Thursday that illuminate how federal officials forced American tech companies to participate in the NSA’s controversial PRISM program. The documents, roughly 1,500 pages worth, outline a secret and ultimately unsuccessful legal battle by Yahoo to resist the government’s demands. The company’s loss required Yahoo to become one of the first to begin providing information to PRISM, a program that gave the National Security Agency extensive access to records of online communications by users of Yahoo and other U.S.-based technology firms.

Submission + - Reports on drivers, training by firm fueled law enforcement aggressiveness (washingtonpost.com)

Submitted by Advocatus Diaboli
Advocatus Diaboli writes: Operating in collaboration with the U.S. Drug Enforcement Administration, Immigration and Customs Enforcement and other federal entities, Black Asphalt members exchanged tens of thousands of reports about American motorists, many of whom had not been charged with any crimes, according to a company official and hundreds of internal documents obtained by The Post. For years, it received no oversight by government, even though its reports contained law enforcement sensitive information about traffic stops and seizures, along with hunches and personal data about drivers, including Social Security numbers and identifying tattoos. Black Asphalt also has served as a social hub for a new brand of highway interdictors, a group that one Desert Snow official has called “a brotherhood.” Among other things, the site hosts an annual competition to honor police who seize the most contraband and cash on the highways. As part of the contest, Desert Snow encouraged state and local patrol officers to post seizure data along with photos of themselves with stacks of currency and drugs. Some of the photos appear in a rousing hard-rock video that the Guthrie, Okla.-based Desert Snow uses to promote its training courses.

Submission + - NSA built "Google-like" interface to scan 850+ billion metadata records (arstechnica.com)

Submitted by mpicpp
mpicpp writes: Data like unique phone identifiers, e-mail addresses, and chat handles now being shared.

According to newly published documents, the National Security Agency has built a “Google-like” search interface for its vast database of metadata, and the agency shares it with dozens of other American intelligence agencies. The new documents are part of the Snowden leaks and were first published on Monday by The Intercept.

The new search tool, called ICREACH, is described in an internal NSA presentation as a “large scale expansion of communications metadata shared with [intelligence community] partners.” That same presentation shows that ICREACH has been operational since the pilot launched in May 2007. Not only is data being shared to more agencies, but there are more types of such data being shared—ICREACH searches over 850 billion records.

New data types being shared include IMEI numbers (a unique identifier on each mobile handset), IMSI (another unique identifier for SIM cards), GPS coordinates, e-mail address, and chat handles, among others. Previously, such metadata was only limited to date, time, duration, called number, and calling number.

Submission + - NSA/GCHQ: The HACIENDA Program for Internet Colonization (heise.de)

Submitted by Advocatus Diaboli
Advocatus Diaboli writes: Since the early days of TCP, port scanning has been used by computer saboteurs to locate vulnerable systems. In a new set of top secret documents seen by Heise, it is revealed that in 2009, the British spy agency GCHQ made port scans a "standard tool" to be applied against entire nations. Twenty-seven countries are listed as targets of the HACIENDA program in the presentation, which comes with a promotional offer: readers desiring to do reconnaissance against another country need simply send an e-mail.

Submission + - NSA BIOS Backdoor a.k.a. God Mode Malware Part 1: DEITYBOUNCE (infosecinstitute.com)

Submitted by Advocatus Diaboli
Advocatus Diaboli writes: This article is the first part of a series on NSA BIOS backdoor internals. Before we begin, I’d like to point out why these malwares are classified as “god mode.” First, most of the malware uses an internal (NSA) codename in the realms of “gods,” such as DEITYBOUNCE, GODSURGE, etc. Second, these malwares have capabilities similar to “god mode” cheats in video games, which make the player using it close to being invincible. This is the case with this type of malware because it is very hard to detect and remove, even with the most sophisticated anti-malware tools, during its possible deployment timeframe.

Slashdot Top Deals

One man's constant is another man's variable. -- A.J. Perlis

Close