Forgot your password?

Comment: trapped in nomenclature (Score 1) 79

by AHuxley (#47924225) Attached to: NSA Director Says Agency Is Still Trying To Figure Out Cyber Operations
The other fun part is what where "nuclear plans" doing on the web to be found?
On average they might have been kind of expected to be found? The press getting whispers to stoke public outrage to show that they where very real?
A nation goes to try and build from altered plans that wastes a decade and makes import supply lines and requests show up?
The domestic press feeds a perfect operation to ensure plans are seen as real but nobody told the rest of the cleared political or signals intelligence teams not to worry.
For that to work the internet has to be fully connected to all kinds of interesting mil sites just waiting to be found, downloaded from and then discovered to have been accessed from around the world.
The only trick is to keep the term honeypot away from the tech press. Or not have the press recall the same trick been done with altered paper plans sold in old Europe.
Thats the problem with massive signals intelligence teams and other massive intelligence moving agencies all having their own hidden missions.
In the past signals intelligence teams could be kept as support only and intelligence agencies could roam the world tricking other nations for decades while keeping political leaders in the loop.
Now active signals intelligence teams, contractors and the press with political contacts are reporting on active projects by intelligence agencies as if they where fact vs just fun cover stories.
Protect the super new plans from been downloaded for free from wide open sites every year, get good press... more political interest and a bump in next years budget.
Act of luck or just net activity looking for wide open sites every year and finding decades of complex 'plans' waiting?

Comment: This isn't impossible... (Score 1) 79

by AHuxley (#47924127) Attached to: NSA Director Says Agency Is Still Trying To Figure Out Cyber Operations
The problem for that is the origin. Other nations and their fellow travellers, cult members, dual citizens, deep cover agents or useful groups can stage any kind of network event with internal or expected external IP address, time zones and other code hints all pointing to the expected 'country' or group.
Contractors, the politically connected all then feed from the event with digital products, services, clean ups, changes, new expensive training and long term monitoring.
All that is found is a legal working company legend, cut out or site used. How would a country find where the bad code entered the internet?
The neutral country with great hosting and low bandwidth costs that all was traced back to? The country who has on average produced expert coders over generations of very gifted academics? The code used kind of looks like something from that part of the world? Something was left to be found days later in the code in that language, it fits the time zone, ip and with international politics?
It could all be a distraction, false flag or just average code re used by an unexpected nation for their own national interest with the skills to have a great cover story.
The only good method is to air gap a nations vital infrastructure and clear all on site local staff.
The problem with networks is they face the wider world or strangers can build trust with cleared staff who then allow code to move along a trusted internal network.
All a nation gets in the end is a local staff members account was the origin or easy found, expected code fragments 100% that 'that' country.
International partners then have to be 100% told it was that 'that' country.
Then what? Other nations share the same code and other their different country of origin findings that they where 100% sure of?

Comment: Is Australia different? (Score 1) 73

by AHuxley (#47923143) Attached to: NSW Police Named as FinFisher Spyware Users
Think of it in Cold War terms.
Communist using the under the cover of workers rights, trying law reform, Vietnam war protests or other national or State issues.
That would need a close working relationship between national and state gov staff, local police. To find the foreign aspect and have real locals watching every public meeting or protest and befriend the group or person.
The operational capability of hardware and software once in the hands of the mil or national gov due to buying and running costs is now at a much lower level.
Consumer culture also allows for people to be much for relaxed around computers and other cellular devices. The cell phone is on, mic is active and stays on as two people meet face to face.
No more plain old telephone service recording, tracking beacon in the car and hope to have enough local staff to be in position for that face to face meeting if the car is not used.
The only change is the total cost of tracking below the federal level and quality of audio or images.

Comment: It doesn't appear to affect linux based machines. (Score 1) 73

by AHuxley (#47923033) Attached to: NSW Police Named as FinFisher Spyware Users
It depends on how the product was crafted per person.
On some consumer OS versions all you have to do is get under the consumer grade antivirus by not having to use in the wild malware thats been found.
That product has to avoid consumer grade antivirus behavior analysis, cosumer software firewalls over days and get the data out.
The 'out' part can be just as fun. A waiting consumer computer that looks like any other home computer in an empty home at the end of a city street with rental phone company records to match.
As for Linux (16 September 2014)
has the line " can infect Apple OS X, Windows and Linux computers as well as Android, iOS, BlackBerry, Symbian and Windows Phone devices."
The issue is consumer grade antivirus has to have something to find and report back on. If the software is crafted per person and then removed in a short time that consumer grade antivirus option will never be a factor.
The other option is just to go for the keyboard or other cell phone input layer on the active cell device. A user can then encrypt, hide ip all they want at a software or higher hardware level but every keystroke is collected.
With a correct password any later software alterations would be part of the next expected, correct Linux checksums. The keyboard logger would not even have to use any internet network, it could just go very short range wireless avoiding all software/hardware packet sniffers efforts.

Comment: Re:Sunglasses (Score 2) 106

by AHuxley (#47922829) Attached to: FBI Completes New Face Recognition System
Re sunglasses
Fashion that will hide you from face-recognition technology ( 1/06/14)
"For example, if you are wearing sunglasses, the system will recognize the sunglasses and then ignore that part of your face. The program will then simply analyze whatever is left behind. "... "that it's possible to recognize faces with 30% and in some cases 50% occlusion."

Comment: Re:I hope it's better than the existing system.... (Score 1) 106

by AHuxley (#47922773) Attached to: FBI Completes New Face Recognition System
Re "It's probably also worth nothing that it's an investigation tool and can't be used as a source of positive identification."
Just like phone call parallel construction? Just like the use of lower cost cellular phone surveillance devices at a city and State level?
CCTV from city, state, federal and other sites will be joined in public private partnerships to ensure every face in some areas gets a good probability of been compared to existing databases or new faces saved for years.
Add in cell phone information at the same time, tracking license plates, getting the passengers face, over time builds up years of positive identification.
Add in tame partnerships between the private sector and the federal gov, very tame social media, very tame web 2.0 providers and helpful telcos.
The cpu costs per face and time per face is low, storage costs are low. Side on images and the physics of the lens distance is really the only difficult part left.
Funding for more CCTV can help with that. Social media can also be used to induce the wider public to upload many pictures of staff, friends, random faces in public for national "promote awareness" events. With gps, camera details kept in the uploaded file, good lighting, more resolution and lots of faces facing in the right direction for facial recognition.

+ - Aussie state cops outed as Finfisher law enforcement malware users

Submitted by Bismillah
Bismillah (993337) writes "Wikileaks latest release of documents shows the the Australian New South Wales police force has spent millions on licenses for the FinFisher set of law enforcement spy- and malware tools — and still has active licenses. What it uses FinFisher, which has been deployed against dissidents by oppressive regimes, for is yet to be revealed."

Comment: What the meaning of the words 'concerns' is? (Score 4, Insightful) 193

by AHuxley (#47907287) Attached to: New Details About NSA's Exhaustive Search of Edward Snowden's Emails
Recall the "NSA Releases Snowden Email, Says He Raised No Concerns About Spying" (05.29.14)
".... the NSA released a statement and a copy of the only email it says it found from Snowden.
That email, the agency says, asked a question about legal authority and hierarchy but did not raise any concerns."
Now its just about FIOA requests finding more or wondering what was held back as as the gov felt it "did not raise any concerns"....
From no emails to one email found back to none under a definition of what "identify" is going to find?
The other option is to only look for a few narrow legal terms that would constitute a formal complaint and not find one.

+ - New Details About NSA's Exhaustive Search of Edward Snowden's Emails-> 4

Submitted by Anonymous Coward
An anonymous reader writes "Vice News reports, "The NSA disclosed these new details about its investigation into Snowden in response to a FOIA lawsuit VICE News filed against the NSA earlier this year seeking copies of emails in which Snowden raised concerns about spy programs he believed were unconstitutional..... As part of this investigation, the Agency collected and searched all of Mr. Snowden's email available on NSA's classified and unclassified system. This included sent, received, and deleted email, both in his inboxes still on the networks and email obtained by restoring back-up tapes from Agency networks. Multiple members of the Associate Directorate for Security and Counterintelligence read all of the collected email. Additionally, given that organizational designators appear for each NSA sender and recipient for email transmitted on NSA's classified and unclassified systems, searches of Mr. Snowden's collected email also were done using the organizational designators for the offices most likely to have been recipients of any email written raising concerns about an NSA signals intelligence program. ... Those offices included the NSA's Office of General Counsel, the Office of the Comptroller, and the Signals Intelligence Directorate Office of Oversight and Compliance. Moreover, Sherman said, the NSA tasked the Office of General Counsel, the Office of Inspector General, and the Office of the Director of Compliance to "search for communications to or from Mr. Snowden in which he may have raised concerns about NSA programs." ..."The search did not identify any email written by Mr. Snowden in which he contacted Agency officials to raise concerns about NSA programs," ...""
Link to Original Source

Comment: Re:it's over: the media (in the US) have moved on. (Score 3, Interesting) 255

Depends on the phone used, telco and gov. Just pressing off might be the only option with some tame telco products. Removing a battery might be an option with other telco products.
A gov or mil may wish to map out the path taken by a member of the press A person turns their phone off in the same area and then both phones are turned on again moving away from each other later?
Kind of easy to track the members of the press still covering gov and mil stories in person per city.
If one person left their phone battery in thats a live malware or telco activated mic in real time. Treasure Map would be fun for the office computer, home computer, any devices on the move.

Comment: Re:Past all the NATed machines. hmm (Score 1) 255

The content can be sorted, saved once a person is found to be interesting. The ip, MAC and other data around all network use is the Treasure Map prize.
What network data a business, university or household sends can be looked at in real time for keywords, voice prints or people been tracked.
Treasure Map provides a much better/deeper understanding of the local network than just ending at an .edu or .com with a lot of users per day on different networks.
Tame software, tame hardware, junk weak crypto, the tame admin staff member "invited" into a gov public private security partnership could open a lot of the networks expected to be difficult.
That laptop might drift from a dorm room to free wifi to a home to friends house. A lot of different networks but thanks to public private partnerships not every network is difficult anymore.

Comment: Re:Technical Perspective (Score 1) 255

Average nations internet service providers can keep ip, time and user name for a few years at a low cost?
Average phone companies can keep all details on all calls connected over many years.
Nations have the data split in real time, the ip, get help from the tame telcos and fully understand the internet crypto as used.
Collect everything surrounding all message, keywords and usage, save and sort. Find people been tracked connecting to new people, trace the hops and then add in all the new people to trace.
Storage is now cheap, cpu speed is cheap to sort hops, compression keeps pace over years.
Voice prints, keywords, phone numbers called all worked well in the past but no need to be so selective with the data around a call, message, fax, email, chat, web 2.0 use.
eg voice print information will will ensure any call connected with that person globally is kept.
A new person or people already in the system? Keyword use look into every message so all network users can be sorted, added.
1960's tech for calls made, numbers used. Voice prints are not new. Massive domestic surveillance exposed in 1970's has been in news a lot.

Comment: Re:So they'll suffer from TMI (Score 2) 255

Nations can just use their number stations. One time pads and decades of very safe trusted sleeper agents are promoted.
Signals gathering expects the world to be using this generations ww2 ENIGMA like network over decades - tame telco crypto networks and internet will bring back lots of useful data as all other nations are not careful.
The interview with whistleblower William Binney: 'The NSA's main motives: power and money' (19.08.2014)
"Money. It takes a lot of money, you have to build up Bluffdale [the location of the NSA's data storage center, in Utah] to store all the data. If you collect all the data, you've got to store it, you have to hire more people to analyze it, you have to hire more contractors, managers to manage the flow. You have to start a big data initiative. It's an empire. Look at what they've built!"
Face to face, holidays, dual citizens, smart people invited in by rushed digital clearances. Clearances issued for a contractor to bring in expert staff.
Other nations have no need for their own to use the "Treasure Mapped" internet in any interesting ways.

Comment: Re:it's over: the media (in the US) have moved on. (Score 4, Informative) 255

The good news is people meeting the press are more aware of having their cell phone on or powered and with them.
The press can now understand that turning off a phone can be seen as getting ready to meet a contact.
Anyone in the same area at the same time who turns off their phone might be that contact. Kind of a short list :)
The press is more aware of been under constant surveillance.
Treasure Map just adds to the collect it all idea and that digital entry or exit points can be fully reconstructed or are always been tracked.
Thats a lot of expensive effort to put into signals intelligence considering what most skilled nations fully understood about global telephone and computer networks going back over decades.

Many people write memos to tell you they have nothing to say.