Forgot your password?

Comment: Re:What could possibly go wrong (Score 1) 238

by AHuxley (#47952631) Attached to: Putin To Discuss Plans For Disconnecting Russia From the Internet
Re: "Sure it'd be noticeable and some stuff would stop working, but it is certainly feasable."
Russia knows most of its spending on Western tech was useful but the reality of phone home or back doors, trap doors, poor quality crypto or other access cannot be totally understood network wide.
The ability to turn the net off to bulk external chatter would be a safe option for Russia to have fully explored over time. Russia can then just let its air gapped internal networks function and Russians would understand the reason why.
Academic, science and other larger institutions would be fine on wide national local networks. Domestic phones would work. Russian language sites would show when connecting to any local isp.
The US could think of it in terms of the quality built into the older POTS networks from the 1950-1980's per building, city, regional site, workers kept on site and expensive voice and data redundancy.
Chinese backed credit card products will also help.

Comment: fortress on foundations of sand. (Score 1) 231

by AHuxley (#47942391) Attached to: Apple's "Warrant Canary" Has Died
Thats why govs use number stations and one time pads. The data around any encryption use found is just so useful.
Every product sold that can be connected and used with a telco has to conform tech thats wide open to "Communications Assistance for Law Enforcement Act"

Comment: Re:There is no (Score 1) 231

by AHuxley (#47942239) Attached to: Apple's "Warrant Canary" Has Died
With a gov/mil buying spy software thats ready for average consumer phone products?
The running process and modules are looked at to ensure different drop/inject methods will get around any antivirus products found.
With your average consumer OS and devices, seconds after you enter your pw :)
Its like the 1950's and been given Western encryption hardware. The code works and the message will not be broken as sent.
Its just that using TEMPEST every plaintext keystroke in and print out is readable near the hardware.
That same fun idea has never left signals intelligence, get the world fixated on encryption, company branding, while a input layer just offers up all plaintext.

Comment: Re:The act of detecting changes your results (Score 1) 61

by AHuxley (#47941443) Attached to: London's Crime Hot Spots Predicted Using Mobile Phone Data
The GCHQ was very aware of this in the 1960's on and did all it could to ensure people saw radomes and satellite dishes as been for tracking Soviet movements deep into Eastern Europe.
ie not a gov ground station getting domestic calls.
UK law enforcement and political parties where more interested in phone calls, later cell phone tracking, rapid decryption of consumer grade computer encryption and getting legally safe convictions in closed courts.
Government Technical Assistance Centre (GCHQ Technical Assistance Centre), National Technical Assistance Centre and other units where set up to try and hide the GCHQ role in tracking and helping with crime from courts.
The problem the GCHQ had was that such details about such efforts would make it to the press, lawyers, the public and the people been tracked or court cases been worked on.
Smart people in the press, legal system and police forces quickly saw the new tasks and the interesting people changed methods away from easy signals intelligence just as the GCHQ had always predicted. All the UK police could do is try and find out who leaked but details about that leak hunt went public too.
Contrast with the US views around keeping all domestic call data and using it in court as a talking point.
The easy days of voice prints, "catch them in the act" or at least catch them quicker "after the fact" dont last if people dont need the the phone or computer.
The other option is to place or turn an informant but that has always been more interesting.

Comment: Re:Old NSA jokes (Score 1) 182

by AHuxley (#47941299) Attached to: Snowden's Leaks Didn't Help Terrorists
The depth of public private partnerships, the numbers of new staff cleared, the size and speed of long term data storage for all domestic and international data is now understood. The lack of any domestic legal protections, the understanding of parallel construction and state or city level cell and call tracking, long term call databases for domestic use. Private sector help with consumer phones, the tame OS brands, tame telcos, tame international staff willing to help, tame crypto staff willing to give their political leaders calls to other nations for free. Tame govs willing to give all their nations telco data, banking and other trade data to a list of other nations.
Tame academics teach the same old crypto, tame developers offer software and networking solutions at great cost from the same tame teams.
The press understands that they are been watched and how. People have a better understanding of terms like VPN, the origins of and funding for onion routing, XKeyscore, Five Eyes databases, collecting wholesale information and the limited powers local political leaders have to protect their own citizens once fully committed to global collection networks.
Signals intelligence has become the big project, with political access and budgets. Its like ENIGMA 2.0 but that still needs all communications to go via ENIGMA or related radio systems.
The amount of data gathered gets difficult, the ability to not use digital networks or load up on long term disinformation becomes interesting too :)

Comment: Re:Biggest joke a hundred years later (Score 1) 182

by AHuxley (#47941195) Attached to: Snowden's Leaks Didn't Help Terrorists
Its kind of hard considering how others facing US courts tried to get the press and lawyers to take note. After that using the US legal system showed no "debate" was possible. Lots of people tried to stay in the US court system with lawyers and still got no traction with the US press.

Comment: Re:Assuming .... (Score 1) 502

by AHuxley (#47941163) Attached to: Apple Will No Longer Unlock Most iPhones, iPads For Police
As people have mentioned Communications Assistance for Law Enforcement Act (CALEA) helps.
Beyond that is a vast selection of private sector options for law enforcement to help with any consumer device.
Software that will seek out any version of consumer antivirus and just install its way around it.
The software will be unique to your device so their will be no in the wild antivirus help and the install has already hidden from your chosen antivirus product.
Your phone or web 2.0 software layer is turned into a beacon, camera, live microphone and key logger for as long as is needed and setting power off wont help.

Comment: trapped in nomenclature (Score 1) 103

by AHuxley (#47924225) Attached to: NSA Director Says Agency Is Still Trying To Figure Out Cyber Operations
The other fun part is what where "nuclear plans" doing on the web to be found?
On average they might have been kind of expected to be found? The press getting whispers to stoke public outrage to show that they where very real?
A nation goes to try and build from altered plans that wastes a decade and makes import supply lines and requests show up?
The domestic press feeds a perfect operation to ensure plans are seen as real but nobody told the rest of the cleared political or signals intelligence teams not to worry.
For that to work the internet has to be fully connected to all kinds of interesting mil sites just waiting to be found, downloaded from and then discovered to have been accessed from around the world.
The only trick is to keep the term honeypot away from the tech press. Or not have the press recall the same trick been done with altered paper plans sold in old Europe.
Thats the problem with massive signals intelligence teams and other massive intelligence moving agencies all having their own hidden missions.
In the past signals intelligence teams could be kept as support only and intelligence agencies could roam the world tricking other nations for decades while keeping political leaders in the loop.
Now active signals intelligence teams, contractors and the press with political contacts are reporting on active projects by intelligence agencies as if they where fact vs just fun cover stories.
Protect the super new plans from been downloaded for free from wide open sites every year, get good press... more political interest and a bump in next years budget.
Act of luck or just net activity looking for wide open sites every year and finding decades of complex 'plans' waiting?

Comment: This isn't impossible... (Score 1) 103

by AHuxley (#47924127) Attached to: NSA Director Says Agency Is Still Trying To Figure Out Cyber Operations
The problem for that is the origin. Other nations and their fellow travellers, cult members, dual citizens, deep cover agents or useful groups can stage any kind of network event with internal or expected external IP address, time zones and other code hints all pointing to the expected 'country' or group.
Contractors, the politically connected all then feed from the event with digital products, services, clean ups, changes, new expensive training and long term monitoring.
All that is found is a legal working company legend, cut out or site used. How would a country find where the bad code entered the internet?
The neutral country with great hosting and low bandwidth costs that all was traced back to? The country who has on average produced expert coders over generations of very gifted academics? The code used kind of looks like something from that part of the world? Something was left to be found days later in the code in that language, it fits the time zone, ip and with international politics?
It could all be a distraction, false flag or just average code re used by an unexpected nation for their own national interest with the skills to have a great cover story.
The only good method is to air gap a nations vital infrastructure and clear all on site local staff.
The problem with networks is they face the wider world or strangers can build trust with cleared staff who then allow code to move along a trusted internal network.
All a nation gets in the end is a local staff members account was the origin or easy found, expected code fragments 100% that 'that' country.
International partners then have to be 100% told it was that 'that' country.
Then what? Other nations share the same code and other their different country of origin findings that they where 100% sure of?

Comment: Is Australia different? (Score 1) 73

by AHuxley (#47923143) Attached to: NSW Police Named as FinFisher Spyware Users
Think of it in Cold War terms.
Communist using the under the cover of workers rights, trying law reform, Vietnam war protests or other national or State issues.
That would need a close working relationship between national and state gov staff, local police. To find the foreign aspect and have real locals watching every public meeting or protest and befriend the group or person.
The operational capability of hardware and software once in the hands of the mil or national gov due to buying and running costs is now at a much lower level.
Consumer culture also allows for people to be much for relaxed around computers and other cellular devices. The cell phone is on, mic is active and stays on as two people meet face to face.
No more plain old telephone service recording, tracking beacon in the car and hope to have enough local staff to be in position for that face to face meeting if the car is not used.
The only change is the total cost of tracking below the federal level and quality of audio or images.

Comment: It doesn't appear to affect linux based machines. (Score 1) 73

by AHuxley (#47923033) Attached to: NSW Police Named as FinFisher Spyware Users
It depends on how the product was crafted per person.
On some consumer OS versions all you have to do is get under the consumer grade antivirus by not having to use in the wild malware thats been found.
That product has to avoid consumer grade antivirus behavior analysis, cosumer software firewalls over days and get the data out.
The 'out' part can be just as fun. A waiting consumer computer that looks like any other home computer in an empty home at the end of a city street with rental phone company records to match.
As for Linux (16 September 2014)
has the line " can infect Apple OS X, Windows and Linux computers as well as Android, iOS, BlackBerry, Symbian and Windows Phone devices."
The issue is consumer grade antivirus has to have something to find and report back on. If the software is crafted per person and then removed in a short time that consumer grade antivirus option will never be a factor.
The other option is just to go for the keyboard or other cell phone input layer on the active cell device. A user can then encrypt, hide ip all they want at a software or higher hardware level but every keystroke is collected.
With a correct password any later software alterations would be part of the next expected, correct Linux checksums. The keyboard logger would not even have to use any internet network, it could just go very short range wireless avoiding all software/hardware packet sniffers efforts.

Comment: Re:Sunglasses (Score 2) 129

by AHuxley (#47922829) Attached to: FBI Completes New Face Recognition System
Re sunglasses
Fashion that will hide you from face-recognition technology ( 1/06/14)
"For example, if you are wearing sunglasses, the system will recognize the sunglasses and then ignore that part of your face. The program will then simply analyze whatever is left behind. "... "that it's possible to recognize faces with 30% and in some cases 50% occlusion."

Comment: Re:I hope it's better than the existing system.... (Score 1) 129

by AHuxley (#47922773) Attached to: FBI Completes New Face Recognition System
Re "It's probably also worth nothing that it's an investigation tool and can't be used as a source of positive identification."
Just like phone call parallel construction? Just like the use of lower cost cellular phone surveillance devices at a city and State level?
CCTV from city, state, federal and other sites will be joined in public private partnerships to ensure every face in some areas gets a good probability of been compared to existing databases or new faces saved for years.
Add in cell phone information at the same time, tracking license plates, getting the passengers face, over time builds up years of positive identification.
Add in tame partnerships between the private sector and the federal gov, very tame social media, very tame web 2.0 providers and helpful telcos.
The cpu costs per face and time per face is low, storage costs are low. Side on images and the physics of the lens distance is really the only difficult part left.
Funding for more CCTV can help with that. Social media can also be used to induce the wider public to upload many pictures of staff, friends, random faces in public for national "promote awareness" events. With gps, camera details kept in the uploaded file, good lighting, more resolution and lots of faces facing in the right direction for facial recognition.

+ - Aussie state cops outed as Finfisher law enforcement malware users

Submitted by Bismillah
Bismillah (993337) writes "Wikileaks latest release of documents shows the the Australian New South Wales police force has spent millions on licenses for the FinFisher set of law enforcement spy- and malware tools — and still has active licenses. What it uses FinFisher, which has been deployed against dissidents by oppressive regimes, for is yet to be revealed."

Prediction is very difficult, especially of the future. - Niels Bohr