Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Submission + - How the FBI Hacks around Encryption (

Advocatus Diaboli writes: To hear FBI Director James Comey tell it, strong encryption stops law enforcement dead in its tracks by letting terrorists, kidnappers and rapists communicate in complete secrecy. But that’s just not true. In the rare cases in which an investigation may initially appear to be blocked by encryption — and so far, the FBI has yet to identify a single one — the government has a Plan B: it’s called hacking.

Hacking — just like kicking down a door and looking through someone’s stuff — is a perfectly legal tactic for law enforcement officers, provided they have a warrant. And law enforcement officials have, over the years, learned many ways to install viruses, Trojan horses, and other forms of malicious code onto suspects’ devices. Doing so gives them the same access the suspects have to communications — before they’ve been encrypted, or after they’ve been unencrypted.

Submission + - From Radio to Porn, British Spies Track Web Users' Online Identities (

Advocatus Diaboli writes: "There was a simple aim at the heart of the top-secret program: Record the website browsing habits of “every visible user on the Internet.” Before long, billions of digital records about ordinary people’s online activities were being stored every day. Among them were details cataloging visits to porn, social media and news websites, search engines, chat forums, and blogs. The mass surveillance operation — code-named KARMA POLICE — was launched by British spies about seven years ago without any public debate or scrutiny. It was just one part of a giant global Internet spying apparatus built by the United Kingdom’s electronic eavesdropping agency, Government Communications Headquarters, or GCHQ."

"One system builds profiles showing people’s web browsing histories. Another analyzes instant messenger communications, emails, Skype calls, text messages, cell phone locations, and social media interactions. Separate programs were built to keep tabs on “suspicious” Google searches and usage of Google Maps. The surveillance is underpinned by an opaque legal regime that has authorized GCHQ to sift through huge archives of metadata about the private phone calls, emails and Internet browsing logs of Brits, Americans, and any other citizens — all without a court order or judicial warrant. Metadata reveals information about a communication — such as the sender and recipient of an email, or the phone numbers someone called and at what time — but not the written content of the message or the audio of the call."

Submission + - Microsoft adding spy features to Windows 7 and 8 (

Advocatus Diaboli writes: Windows' network activity continues to be scrutinized amid privacy concerns. Windows 10 was first put under the microscope with both new and old features causing concern. With its Cortana digital personal assistant, Windows 10 represents a new breed of operating system that incorporates extensive online services as an integral part of the platform. But its older predecessors haven't escaped attention, and questions are now being asked of Windows 7 and 8's online connectivity.

Windows 8 included many of the same online features as are now raising hackles around the Internet. While it had no Cortana, it nonetheless integrated Web and local search, supported logging in and syncing settings with Microsoft Account, included online storage of encryption keys, and so on and so forth. While a few privacy advocates expressed concern at these features when the operating system was first released, the response was far more muted than the one we see today about Windows 10. But a new addition has led to accusations that Windows 8 now mimics one of Windows 10's more problematic features: it reports information to Microsoft even when told not to.

Also see-

Submission + - Hacking Team and Boeing Subsidiary Envisioned Drones Deploying Spyware (

Advocatus Diaboli writes: The plan is described in internal emails from the Italian company Hacking Team, which makes off-the-shelf software that can remotely infect a suspect’s computer or smartphone, accessing files and recording calls, chats, emails and more. A hacker attacked the Milan-based firm earlier this month and released hundreds of gigabytes of company information online. Among the emails is a recap of a meeting in June of this year, which gives a “roadmap” of projects that Hacking Team’s engineers have underway. On the list: Develop a way to infect computers via drone. One engineer is assigned the task of developing a “mini” infection device, which could be “ruggedized” and “transportable by drone (!)” the write-up notes enthusiastically in Italian. The request appears to have originated with a query from the Washington-based Insitu, which makes a range of unmanned systems, including the small ScanEagle surveillance drone, which has long been used by the militaries of the U.S. and other countries. Insitu also markets its drones for law enforcement.

Submission + - Senate advances secret plan forcing Internet services to report terror activity (

Advocatus Diaboli writes: The Senate Intelligence Committee secretly voted on June 24 in favor of legislation requiring e-mail providers and social media sites to report suspected terrorist activities. The legislation, approved 15-0 in a closed-door hearing, remains "classified." The relevant text is contained in the 2016 intelligence authorization, a committee aide told Ars by telephone early Monday. Its veil of secrecy would be lifted in the coming days as the package heads to the Senate floor, the aide added.

The legislation is modeled after a 2008 law, the Protect Our Children Act. That measure requires Internet companies to report images of child porn, and information identifying who trades it, to the National Center for Missing and Exploited Children. That quasi-government agency then alerts either the FBI or local law enforcement about the identities of online child pornographers. The bill, which does not demand that online companies remove content, requires Internet firms that obtain actual knowledge of any terrorist activity to "provide to the appropriate authorities the facts or circumstances of the alleged terrorist activity," wrote The Washington Post, which was able to obtain a few lines of the bill text. The terrorist activity could be a tweet, a YouTube video, an account, or a communication.

Also see this link (

Submission + - Reddit's Top Forums are Shutting Down to Protest an Admin's Removal (

Advocatus Diaboli writes: Some of the most prominent parts of the social media site Reddit are going dark in defiance of the removal of an admin who organized the site’s popular “IAmA” interviews with celebrities, politicians, and other people of note. The subreddit /r/IAmA was the first to go dark following the departure of administrator Victoria Taylor, a Reddit employee who was let go, according to the forum moderators. Taylor scheduled and ran many of the forum’s Q&As.

Submission + - XKEYSCORE: NSA'S Google for the World's Private Communications (

Advocatus Diaboli writes: "The NSA’s ability to piggyback off of private companies’ tracking of their own users is a vital instrument that allows the agency to trace the data it collects to individual users. It makes no difference if visitors switch to public Wi-Fi networks or connect to VPNs to change their IP addresses: the tracking cookie will follow them around as long as they are using the same web browser and fail to clear their cookies. Apps that run on tablets and smartphones also use analytics services that uniquely track users. Almost every time a user sees an advertisement (in an app or in a web browser), the ad network is tracking users in the same way. A secret GCHQ and CSE program called BADASS, which is similar to XKEYSCORE but with a much narrower scope, mines as much valuable information from leaky smartphone apps as possible, including unique tracking identifiers that app developers use to track their own users."


"Other information gained via XKEYSCORE facilitates the remote exploitation of target computers. By extracting browser fingerprint and operating system versions from Internet traffic, the system allows analysts to quickly assess the exploitability of a target. Brossard, the security researcher, said that “NSA has built an impressively complete set of automated hacking tools for their analysts to use.” Given the breadth of information collected by XKEYSCORE, accessing and exploiting a target’s online activity is a matter of a few mouse clicks. Brossard explains: “The amount of work an analyst has to perform to actually break into remote computers over the Internet seems ridiculously reduced — we are talking minutes, if not seconds. Simple. As easy as typing a few words in Google.”

Submission + - Controversial GCHQ Unit Engaged in Domestic Law Enforcement, Online propaganda (

Advocatus Diaboli writes: The spy unit responsible for some of the United Kingdom’s most controversial tactics of surveillance, online propaganda and deceit focuses extensively on traditional law enforcement and domestic activities — even though officials typically justify its activities by emphasizing foreign intelligence and counter-terrorism operations. Documents published today by The Intercept demonstrate how the Joint Threat Research Intelligence Group (JTRIG), a unit of the signals intelligence agency Government Communications Headquarters (GCHQ), is involved in efforts against political groups it considers “extremist,” Islamist activity in schools, the drug trade, online fraud, and financial scams. Though its existence was secret until last year, JTRIG quickly developed a distinctive profile in the public understanding, after documents from NSA whistleblower Edward Snowden revealed that the unit had engaged in “dirty tricks” like deploying sexual “honey traps” designed to discredit targets, launching denial-of-service attacks to shut down internet chat rooms, pushing veiled propaganda onto social networks, and generally warping discourse online.

Submission + - Stepson of Stuxnet stalked Kaspersky for months, tapped Iran nuke talks (

Advocatus Diaboli writes: Not long after blowing the lid off a National Security Agency-backed hacking group that operated in secret for 14 years, researchers at Moscow-based Kaspersky Lab returned home from February's annual security conference in Cancun, Mexico to an even more startling discovery. Since some time in the second half of 2014, a different state-sponsored group had been casing their corporate network using malware derived from Stuxnet, the highly sophisticated computer worm reportedly created by the US and Israel to sabotage Iran’s nuclear program.

Further in the article..

While neither the US nor Israel has officially acknowledged any involvement with Stuxnet, New York Times reporter David Sanger's book Obama's Secret Wars and Surprising Use of American Power leaves little doubt the computer weapon was jointly developed by the two countries in an attempt to sabotage Iran's uranium enrichment program. Nearly identical code signatures in Stuxnet and the 2011 version of Duqu mean that whoever developed the latter had broad access to the Stuxnet source. And given the work schedules of the Duqu attackers, it seems likely they were physically located in or near Israel.

Submission + - New Snowden Documents Reveal Secret Memos Expanding Spying (

Advocatus Diaboli writes: Without public notice or debate, the Obama administration has expanded the National Security Agency’s warrantless surveillance of Americans’ international Internet traffic to search for evidence of malicious computer hacking, according to classified NSA documents. In mid-2012, Justice Department lawyers wrote two secret memos permitting the spy agency to begin hunting on Internet cables, without a warrant and on American soil, for data linked to computer intrusions originating abroad — including traffic that flows to suspicious Internet addresses or contains malware, the documents show.

The Justice Department allowed the agency to monitor only addresses and “cybersignatures” — patterns associated with computer intrusions — that it could tie to foreign governments. But the documents also note that the NSA sought permission to target hackers even when it could not establish any links to foreign powers.

Submission + - NSA Planned to Hijack Google App Store to Hack Smartphones (

Advocatus Diaboli writes: "The National Security Agency and its closest allies planned to hijack data links to Google and Samsung app stores to infect smartphones with spyware, a top-secret document reveals. The surveillance project was launched by a joint electronic eavesdropping unit called the Network Tradecraft Advancement Team, which includes spies from each of the countries in the “Five Eyes” alliance — the United States, Canada, the United Kingdom, New Zealand and Australia."

"The newly published document shows how the agencies wanted to “exploit” app store servers – using them to launch so-called “man-in-the-middle” attacks to infect phones with the implants. A man-in-the-middle attack is a technique in which hackers place themselves between computers as they are communicating with each other; it is a tactic sometimes used by criminal hackers to defraud people. In this instance, the method would have allowed the surveillance agencies to modify the content of data packets passing between targeted smartphones and the app servers while an app was being downloaded or updated, inserting spyware that would be covertly sent to the phones."

Submission + - On the Dangers and Potential Abuses of DNA familial searching (

Advocatus Diaboli writes: Investigators last year turned to a controversial technique known as familial searching, which seeks to identify the last name of potential suspects through a DNA analysis focusing on the Y chromosome. A promising “partial match” emerged between the semen sample and the genetic profile of Usry’s father, Michael Usry Sr. — a finding that excluded the father but strongly suggested one of his relatives had a hand in the young woman’s murder. The results instantly breathed new life into a high-profile investigation in which Idaho Falls authorities have weathered intense criticism. But the story of how the police came to suspect the younger Usry and then eventually clear him of murder raises troubling questions about civil liberties amid the explosive — and increasingly commercial — growth of DNA testing. The elder Usry, who lives outside Jackson, Mississippi, said his DNA entered the equation through a project, sponsored years ago by the Mormon church, in which members gave DNA samples to the Sorenson Molecular Genealogy Foundation, a nonprofit whose forensic assets have been acquired by, the world’s largest for-profit genealogy company.

Submission + - ACLU-Obtained Documents Reveal Breadth of Secretive Stingray Use in Florida (

Advocatus Diaboli writes: The results should be troubling for anyone who cares about privacy rights, judicial oversight of police activities, and the rule of law. The documents paint a detailed picture of police using an invasive technology — one that can follow you inside your house — in many hundreds of cases and almost entirely in secret. The secrecy is not just from the public, but often from judges who are supposed to ensure that police are not abusing their authority. Partly relying on that secrecy, police have been getting authorization to use Stingrays based on the low standard of “relevance,” not a warrant based on probable cause as required by the Fourth Amendment.

Submission + - "SSL Hijacker" Behind Superfish Debacle Imperils Large Number of Users (

Advocatus Diaboli writes: The fake secure sockets layer certificate found on Lenovo machines preinstalled with Superfish came from none other than Komodia. It was bundled with a password-protected private encryption key, presumably to prevent it from being used by malicious hackers to create websites that spied on users as they visited HTTPS-protected pages. But as Ars reported Thursday, the measure was laughably easy to bypass, since it took Errata Security CEO Rob Graham just three hours to discover that the password was, you guessed it, "komodia."

Submission + - The Great SIM Heist: How Spies Stole The Keys To The Encryptation Castle (

Advocatus Diaboli writes: AMERICAN AND BRITISH spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden. The hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ. The breach, detailed in a secret 2010 GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data.

Life in the state of nature is solitary, poor, nasty, brutish, and short. - Thomas Hobbes, Leviathan