Forgot your password?
typodupeerror

Comment: Re:Malware infection vector? (Score 1) 22

by AHuxley (#48031577) Attached to: FBI Plans To Open Up Malware Analysis Tool To Outside Researchers
A person at a cafe, gym gets near a person who has clearance, a file worked on at home is infected, a well crafted email that is opened on an internal network.
With wireless, huge internal networks and new staff been security cleared for very sensitive positions over the past decade... it more connecting a project to staff to a location and working the needed code in.
Internal networks are well understood as they are the same product sold around the world, trusted or been expanded with security to be upgraded when done.
Ideas around cloud, sharing data, regional and national searching is also a new aspect to what was one air gapped. Contractors are also happy to suggest wider networking, upsell their network security and onging network support.

Comment: Re:if they give it away....... (Score 1) 22

by AHuxley (#48031491) Attached to: FBI Plans To Open Up Malware Analysis Tool To Outside Researchers
State-sponsored malware seems to be crafted per person or project so it can get past most of the existing behavioral analysis.
Or a gov just goes to hardware logging or social engineering after a sneak and peek visit.
Suspect files will just be the the same real time consumer system's behavior AV finds in the wild everyday :)

Comment: Re:I can't quite decide (Score 1) 82

by AHuxley (#48007805) Attached to: How the NSA Profits Off of Its Surveillance Technology
re "But I can't actually decide if making useful security tools available is somehow against our citizens' interests."
The tools offered will protect against distant man, expected in the wild man in the middle efforts.
The tools, tame crypto, tame academics, tame OS, tame source code will not protect against modern version or equivalents of TEMPEST like ideas.
The plain text, voice, call, gps, voice print or other network details will always be in the clear for gov tracking and parallel construction.
Just good enough for international work, always easy enough for realtime domestic decryption.

Comment: Re:Someone explain please (Score 1) 211

by AHuxley (#47992121) Attached to: Australian Senate Introduces Laws To Allow Total Internet Surveillance
Re But why? It can't be just the lobbyist money.
To the political class it becomes addictive. Reading embassy communications in the 1920's, WW2 Enigma. Australian staff became aware of a huge effort to listen to the world and wanted in after WW2.
Australia was warned by some of it's top military people not to sell out to the US and UK given Australia's role in WW2 (full exploitation of crypto in Australia, troops under the control of the UK) but the political leaders joined the 5 eyes.
The rest is history, from Soviet traffic in the late 1940's to the early role of ASIO, the Defence Signals Branch work on China in the 1950's, then Indonesia, Vietnam (Australian special forces with real time sigint support).
US Ryolite satellites got Australia into more ground station work with sites like Pine Gap and local support. DSD Geraldton took over from UK sites lost in Hong Kong.
After that its USA all the way. Generations of Australian staff know nothing but supporting roles.
What the USA and UK do not put into law, Australia may to have to to secure legally safe convictions. Parallel construction would not work so mass collection and self signed warrants are made legal.
User Journal

Journal: DoJ and FBI looking at users "concealed through technological means"

Journal by AHuxley

http://www.theregister.co.uk/2014/09/19/fbi_overseas_hacking_powers/
A change to Rule 41 of the Federal Rules of Criminal Procedure may allow for deeper searches into foreign countries that hide people wanting to protect their anonymity on the internet. Interesting times for darknet, Tor users, proxies or VPN users.

Comment: Re:What could possibly go wrong (Score 1) 241

by AHuxley (#47952631) Attached to: Putin To Discuss Plans For Disconnecting Russia From the Internet
Re: "Sure it'd be noticeable and some stuff would stop working, but it is certainly feasable."
Russia knows most of its spending on Western tech was useful but the reality of phone home or back doors, trap doors, poor quality crypto or other access cannot be totally understood network wide.
The ability to turn the net off to bulk external chatter would be a safe option for Russia to have fully explored over time. Russia can then just let its air gapped internal networks function and Russians would understand the reason why.
Academic, science and other larger institutions would be fine on wide national local networks. Domestic phones would work. Russian language sites would show when connecting to any local isp.
The US could think of it in terms of the quality built into the older POTS networks from the 1950-1980's per building, city, regional site, workers kept on site and expensive voice and data redundancy.
Chinese backed credit card products will also help.

Comment: fortress on foundations of sand. (Score 1) 236

by AHuxley (#47942391) Attached to: Apple's "Warrant Canary" Has Died
Thats why govs use number stations and one time pads. The data around any encryption use found is just so useful.
Every product sold that can be connected and used with a telco has to conform tech thats wide open to "Communications Assistance for Law Enforcement Act"
https://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act

Comment: Re:There is no (Score 1) 236

by AHuxley (#47942239) Attached to: Apple's "Warrant Canary" Has Died
With a gov/mil buying spy software thats ready for average consumer phone products?
The running process and modules are looked at to ensure different drop/inject methods will get around any antivirus products found.
With your average consumer OS and devices, seconds after you enter your pw :)
Its like the 1950's and been given Western encryption hardware. The code works and the message will not be broken as sent.
Its just that using TEMPEST every plaintext keystroke in and print out is readable near the hardware.
That same fun idea has never left signals intelligence, get the world fixated on encryption, company branding, while a input layer just offers up all plaintext.

Comment: Re:The act of detecting changes your results (Score 1) 64

by AHuxley (#47941443) Attached to: London's Crime Hot Spots Predicted Using Mobile Phone Data
The GCHQ was very aware of this in the 1960's on and did all it could to ensure people saw radomes and satellite dishes as been for tracking Soviet movements deep into Eastern Europe.
ie not a gov ground station getting domestic calls.
UK law enforcement and political parties where more interested in phone calls, later cell phone tracking, rapid decryption of consumer grade computer encryption and getting legally safe convictions in closed courts.
Government Technical Assistance Centre (GCHQ Technical Assistance Centre), National Technical Assistance Centre and other units where set up to try and hide the GCHQ role in tracking and helping with crime from courts.
The problem the GCHQ had was that such details about such efforts would make it to the press, lawyers, the public and the people been tracked or court cases been worked on.
Smart people in the press, legal system and police forces quickly saw the new tasks and the interesting people changed methods away from easy signals intelligence just as the GCHQ had always predicted. All the UK police could do is try and find out who leaked but details about that leak hunt went public too.
Contrast with the US views around keeping all domestic call data and using it in court as a talking point.
The easy days of voice prints, "catch them in the act" or at least catch them quicker "after the fact" dont last if people dont need the the phone or computer.
The other option is to place or turn an informant but that has always been more interesting.

Comment: Re:Old NSA jokes (Score 1) 183

by AHuxley (#47941299) Attached to: Snowden's Leaks Didn't Help Terrorists
The depth of public private partnerships, the numbers of new staff cleared, the size and speed of long term data storage for all domestic and international data is now understood. The lack of any domestic legal protections, the understanding of parallel construction and state or city level cell and call tracking, long term call databases for domestic use. Private sector help with consumer phones, the tame OS brands, tame telcos, tame international staff willing to help, tame crypto staff willing to give their political leaders calls to other nations for free. Tame govs willing to give all their nations telco data, banking and other trade data to a list of other nations.
Tame academics teach the same old crypto, tame developers offer software and networking solutions at great cost from the same tame teams.
The press understands that they are been watched and how. People have a better understanding of terms like VPN, the origins of and funding for onion routing, XKeyscore, Five Eyes databases, collecting wholesale information and the limited powers local political leaders have to protect their own citizens once fully committed to global collection networks.
Signals intelligence has become the big project, with political access and budgets. Its like ENIGMA 2.0 but that still needs all communications to go via ENIGMA or related radio systems.
The amount of data gathered gets difficult, the ability to not use digital networks or load up on long term disinformation becomes interesting too :)

Comment: Re:Biggest joke a hundred years later (Score 1) 183

by AHuxley (#47941195) Attached to: Snowden's Leaks Didn't Help Terrorists
Its kind of hard considering how others facing US courts tried to get the press and lawyers to take note. After that using the US legal system showed no "debate" was possible.
http://cryptome.org/2013-info/... Lots of people tried to stay in the US court system with lawyers and still got no traction with the US press.

Comment: Re:Assuming .... (Score 1) 504

by AHuxley (#47941163) Attached to: Apple Will No Longer Unlock Most iPhones, iPads For Police
As people have mentioned Communications Assistance for Law Enforcement Act (CALEA) helps.
https://en.wikipedia.org/wiki/...
Beyond that is a vast selection of private sector options for law enforcement to help with any consumer device.
Software that will seek out any version of consumer antivirus and just install its way around it.
The software will be unique to your device so their will be no in the wild antivirus help and the install has already hidden from your chosen antivirus product.
Your phone or web 2.0 software layer is turned into a beacon, camera, live microphone and key logger for as long as is needed and setting power off wont help.

Comment: trapped in nomenclature (Score 1) 103

by AHuxley (#47924225) Attached to: NSA Director Says Agency Is Still Trying To Figure Out Cyber Operations
The other fun part is what where "nuclear plans" doing on the web to be found?
On average they might have been kind of expected to be found? The press getting whispers to stoke public outrage to show that they where very real?
A nation goes to try and build from altered plans that wastes a decade and makes import supply lines and requests show up?
The domestic press feeds a perfect operation to ensure plans are seen as real but nobody told the rest of the cleared political or signals intelligence teams not to worry.
For that to work the internet has to be fully connected to all kinds of interesting mil sites just waiting to be found, downloaded from and then discovered to have been accessed from around the world.
The only trick is to keep the term honeypot away from the tech press. Or not have the press recall the same trick been done with altered paper plans sold in old Europe.
Thats the problem with massive signals intelligence teams and other massive intelligence moving agencies all having their own hidden missions.
In the past signals intelligence teams could be kept as support only and intelligence agencies could roam the world tricking other nations for decades while keeping political leaders in the loop.
Now active signals intelligence teams, contractors and the press with political contacts are reporting on active projects by intelligence agencies as if they where fact vs just fun cover stories.
Protect the super new plans from been downloaded for free from wide open sites every year, get good press... more political interest and a bump in next years budget.
Act of luck or just net activity looking for wide open sites every year and finding decades of complex 'plans' waiting?

Our business in life is not to succeed but to continue to fail in high spirits. -- Robert Louis Stevenson

Working...