Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


+ - OPSEC for Activists, Because Encryption Is No Guarantee ->

Submitted by Nicola Hahn
Nicola Hahn (1482985) writes "In the wake of the Snowden revelations strong encryption has been promoted by organizations like The Intercept and Freedom of the Press Foundation as a solution for safeguarding privacy against the encroachment of Big Brother. Even President Obama acknowledges that “there’s no scenario in which we don’t want really strong encryption.”

Yet the public record shows that over the years the NSA has honed its ability to steal encryption keys. Recent reports about the compromise of Gemalto’s network and sophisticated firmware manipulation programs by the Office of Tailored Access Operations underscore this reality.

The inconvenient truth is that the current cyber self-defense formulas being presented are conspicuously incomplete. Security tools can and will fail. And when they do, what then? It’s called Operational Security (OPSEC), a topic that hasn’t received much coverage. Until now."

Link to Original Source

+ - Strong Encryption Will Not Protect You from The NSA-> 2

Submitted by Nicola Hahn
Nicola Hahn (1482985) writes "This past October FBI director James Comey proposed that hi-tech companies implement key escrow encryption as a way for online service providers to give law enforcement officials access to user data. However in a recent interview President Obama reassured viewers that "There's no scenario in which we don’t want really strong encryption." To an extent this echoes Ed Snowden’s assertion that “Properly implemented strong crypto systems are one of the few things that you can rely on.”

Unfortunately a report released by Moscow-based anti-virus vendor Kaspersky reveals that even strong cryptograph might not be enough. It would appear that the NSA was has poured its vast resources into hacking hardware platforms across the board, creating firmware exploits that allow U.S. spies to “capture a machine’s encryption password, store it in ‘an invisible area inside the computer’s hard drive’ and unscramble a machine’s contents.”

While these sophisticated subversion programs afford the intelligence community with an impressive array of collection tools, no doubt with more than a little help from the private sector, there are people who view this as sacrificing society’s collective security on behalf of murky clandestine objectives. In other words: it’s no accident that cyber security sucks, it’s a matter of official policy. Perhaps we should be surprised that more banks don’t get hacked?"

Link to Original Source

+ - What Will It Take to End Mass Surveillance? ->

Submitted by Nicola Hahn
Nicola Hahn (1482985) writes "Both the White House and the U.S. Intelligence Community have recently announced reforms to surveillance programs sanctioned under Section 215 of the Patriot Act and Section 702 of the Foreign Intelligence Surveillance Act. But do these reforms represent significant restructuring or are they just bureaucratic gestures intended to create the perception that officials are responding to public pressure?

The Executive’s own Privacy and Civil Liberties Oversight Board has written up an assessment of reform measures implemented by the government. For those who want a quick summary the Board published a fact sheet which includes a table listing recommendations made by the board almost a year ago and corresponding reforms. The fact sheet reveals that the Board’s mandate to “end the NSA’s bulk telephone records program” has not been implemented.

In other words, the physical infrastructure of the NSA’s global panopticon is still in place. In fact, it’s growing larger. So despite all of the press statements and associated media buzz very little has changed. There are people who view this as an unsettling indication of where society is headed. Ed Snowden claimed that he wanted to “trigger” a debate, but is that really enough? What will it take to tear down Big Brother?"

Link to Original Source

+ - The Sony Incident Reveals Mass Media Groupthink->

Submitted by Nicola Hahn
Nicola Hahn (1482985) writes "In the past several days stalwarts of the corporate media like the New York Times, Wall Street Journal, and Washington Post have all cited unnamed officials claiming that North Korea is responsible for the recent attack on Sony. They have done so with very little visible skepticism. There is one exception: Kim Zetter at Wired has decried the evidence as flimsy and vocally warns about the danger of jumping to conclusions. Surely we all remember high-ranking, ostensibly credible, officials warning about the smoking gun that comes in the form of a mushroom cloud? This underscores the ability of the agenda-setting elements of the press to frame issues and control the acceptable limits of debate. Some would even say that what’s happening reveals tools of modern social control."
Link to Original Source

+ - Glenn Greenwald Neglects the Lessons of Cypherpunk History->

Submitted by Nicola Hahn
Nicola Hahn (1482985) writes "Over the course of the Snowden revelations there have been a number of high profile figures who've praised the merits of encryption as a remedy to the quandary of mass interception. Companies like Google and Apple have been quick to publicize their adoption of cryptographic countermeasures in an effort to maintain quarterly earnings. This marketing campaign has even convinced less credulous onlookers like Glenn Greenwald. For example, in a recent Intercept piece Greenwald claimed:

"It is well-established that, prior to the Snowden reporting, Silicon Valley companies were secret, eager and vital participants in the growing Surveillance State. Once their role was revealed, and they perceived those disclosures threatening to their future profit-making, they instantly adopted a PR tactic of presenting themselves as Guardians of Privacy. Much of that is simply self-serving re-branding, but some of it, as I described last week, are genuine improvements in the technological means of protecting user privacy, such as the encryption products now being offered by Apple and Google, motivated by the belief that, post-Snowden, parading around as privacy protectors is necessary to stay competitive."

So while he concedes the role of public relations in the ongoing cyber security push Greenwald concurrently believes that encryption is a "genuine" countermeasure. In other words, what we're seeing is mostly marketing hype... except for the part about strong encryption.

With regard to the promise of encryption as a privacy cure-all, history tells a markedly different story. Guarantees of security through encryption have often proven illusory, a magic act. There are subtle currents flowing beneath the surface of the body politic and seeking refuge in a technical quick fix can be hazardous for a number of reasons."

Link to Original Source

+ - Greenwald Advises Market-Based Solution to Mass Surveillance->

Submitted by Nicola Hahn
Nicola Hahn (1482985) writes "In his latest Intercept piece Glenn Greenwald considers the recent defeat of the Senate's USA Freedom Act. He remarks that governments "don’t walk around trying to figure out how to limit their own power." Instead of appealing to an allegedly irrelevant Congress Greenwald advocates utilizing the power of consumer demand to address the failings of cyber security. Specifically he argues that companies care about their bottom line and that the trend of customers refusing to tolerate insecure products will force companies to protect user privacy, implement encryption, etc.

All told Greenwald’s argument is very telling: that society can rely on corporate interests for protection. Is it true that representative government is a lost cause and that lawmakers would never knowingly yield authority? Looking back at the past couple of decades have Silicon Valley companies demonstrated that they view security as anything other than a marketing scheme? Noise for rubes. After all of the lies can we trust hi-tech vendors to be honest? There are people who think that advising citizens to devolve into consumers is a dubious proposition."

Link to Original Source

+ - Et tu Laura Poitras?->

Submitted by Nicola Hahn
Nicola Hahn (1482985) writes "Recently Laura Poitras, the documentary filmmaker who directed the movie Citizenfour, spoke with the Danish media outlet NRC Handelsblad. Near the end of her interview she told NRC:

"I think certainly a change in consciousness has come after Snowden. Google's servers are secure: that's a big change. This protects the privacy of people. Apple brings a secure phone on the market, that frustrates the FBI again"

There are recurring themes if one analyzes the basic talking points of Greenwald, Poitras, and Snowden: that corporations were victimized by a government run amok, that we can safeguard our civil liberties by going out and getting the latest app. Is it any surprise that all three of the above people are linked somehow to a man named Pierre Omidyar? Could a form of subtle manipulation be at work? Hints of betrayal?"

Link to Original Source

+ - Silk Road 2 Seizure Was Just an Appetizer

Submitted by Nicola Hahn
Nicola Hahn (1482985) writes "The Guardian reports that law enforcement officials in Europe and the United States have been busy taking down hundreds of tor-protected “.onion” domains in an extensive campaign that spans the Darknet. The resulting flurry of arrests raises an interesting question: how did they do it? Isn’t Tor supposed to offer hidden service operators anonymity?

The cops aren’t giving away anything. When Wired asked the head of the European Cybercrime Center about this he replied:

“This is something we want to keep for ourselves The way we do this, we can’t share with the whole world, because we want to do it again and again and again.”

Again, and again, and again? Bad news for users who are putting all their eggs in the Tor Basket."

+ - German Editor Admits Working for The CIA->

Submitted by Nicola Hahn
Nicola Hahn (1482985) writes "The former editor of Frankfurter Allgemeine Zeitung, one of Germany's larger papers has come forward to admit that he worked closely with the CIA. Udo Ulfkotte indicates, among other things, that U.S. intelligence is set on fomenting military conflict with Russia:

"I am very fearful of a new war in Europe, and I don't like to have this situation again, because war is never coming from itself, there is always people who push for war, and this is not only politicians, it is journalists too. ...We have betrayed our readers, just to push for war. ...I don't want this anymore; I’m fed up with this propaganda. We live in a banana republic, and not in a democratic country where we have press freedom"

Of course the CIA’s long-standing connections to the press are part of the public record. As are its attempts to sway public opinion. But this sort of infiltration and subversion aren’t limited to newspapers. Intelligence agencies have shown a talent for undermining everything from hi-tech products to entire power structures. Such clandestine machinations raise a question: are spies and their covert programs compatible with democracy? Paging Mr. Snowden..."

Link to Original Source

+ - Google and Apple Mobile Encryption: Good News and Bad News->

Submitted by Nicola Hahn
Nicola Hahn (1482985) writes "Both Google and Apple scored headlines at the Washington Post with articles that laud recent efforts to implement strong device-level encryption. The implication being that purchasing the latest mobile release will safeguard users from warrants issued by the U.S. Government as vendors would be unable to access encrypted data (never mind data stored in the Cloud). While device-level encryption can be interpreted as a positive step in the right direction there’s also the risk that it might provide users with a false sense of security. Contrary to popular belief there are a multitude of ways for vendors to quietly undermine device-level encryption and an equally long list of reasons why they might do so. Caveat emptor, assurances of high-security are sometimes just noise for rubes and a cover for highly leveraged spies."
Link to Original Source

+ - [Big Bad] Yahoo Takes on The Big Bad Government 1

Submitted by Nicola Hahn
Nicola Hahn (1482985) writes "The Washington Post has reported that during secret court hearings the government threatened Yahoo with a "massive" $250,000 per day fine if the company failed to hand over user data to the NSA. Journalists have depicted Yahoo’s legal actions as part of an ongoing “battle” with the government. Yahoo’s general counsel has asserted on the company tumblr that:

“Users come first at Yahoo. We treat public safety with the utmost seriousness, but we are also committed to protecting users’ data. We will continue to contest requests and laws that we consider unlawful, unclear, or overbroad.”

This coverage creates the impression that Yahoo is an intrepid champion of human rights. But is this really the case? Is filing a law suit really the best that Yahoo could’ve done? Lavabit’s founder, Ladar Levison, decided that he’d rather shutter his business when confronted with government demands for information. Keep in mind that in the past Yahoo cooperated with the Chinese government, handing over information on political dissidents who were subsequently imprisoned and tortured. Are these the actions of a company that “battles” for civil liberties? Or perhaps they indicate that executives are more interested in obeying the law to maintain quarterly profits?"

+ - NATO's Joint Cyber Defense Pledge: False Flag Ops Anyone?

Submitted by Nicola Hahn
Nicola Hahn (1482985) writes "NATO leaders are meeting in Wales to discuss, among other things, a joint defense pledge regarding cyberattacks.

There are serious issues with this kind of scheme. It’s no secret that the military is actively working on deception technology. False flag attacks are hardly a thing of the past (cyber or otherwise). A few months back a recording surfaced of high-level officials in Turkey plotting an operation to justify military strikes in Syria.

Given that NATO members have shown a habit of conducting false flag operations online and unleashing cyber campaigns against each other, does it even make sense to ratify a joint defense agreement or are world powers simply keeping up appearances?"

+ - Mapping Out The American Deep State-> 2

Submitted by Nicola Hahn
Nicola Hahn (1482985) writes "In recent coverage of events taking place in the Ukraine, the New York Times refers to the country as being under the sway of a group of oligarchs:

“The ultra-wealthy industrialists wield such power in Ukraine that they form what amounts to a shadow government, with empires of steel and coal, telecoms and media, and armies of workers.”

Note the mention of a “shadow government,” also known as a “Deep State.” This terms was originally coined in Turkey to refer to an entrenched cabal of spies, politicians, and organized crime bosses who manipulated events to maintain political control.

Does this sound familiar? You might have noticed the mass death sentence passed down by a court in Egypt. Very odd, how could 500 people be responsible for killing a single police officer? Thus leading journalists at FRONTLINE to suggest that Egypt is also under the influence of a deep state.

There are those who postulate that deep states aren’t limited to third-world nations. Readers might notice that none of the bankers involved in the 2008 financial collapse have gone to prison. Or that officials like DNI James Clapper and CIA Director John Brennan are able to flout the law with little or no consequences. Not to mention our leadership's cognitive dissonance over the origins of ISIS and the quandary of self-perpetuating conflict in the Middle East. Is the beast of the American Deep State peeking its head above the surface of the body politic?"

Link to Original Source

+ - Cornering the Market on Zero-Day Exploits->

Submitted by Nicola Hahn
Nicola Hahn (1482985) writes "Kim Zetter of Wired Magazine has recently covered Dan Greer’s keynote speech at Black Hat USA. In his lengthy address Greer, representing the CIA’s venture funding arm, suggested that one way that the United States government could improve cyber security would be to use its unparalleled budget to buy up all the underground’s zero-day vulnerabilities.

While this would no doubt make zero-day vendors like VUPEN and middlemen like the Grugq very wealthy, is this strategy really a good idea? Can the public really trust the NSA to do the right thing with all those zero-day exploits? Furthermore, recall the financial meltdown of 2008 where the public paid the bill for Wall Street’s greed. If the government pays for information on all these unpatched bugs would society simply be socializing the cost of hi-tech’s sloppy engineering? Whose interests does this "corner-the-market" approach actually serve?"

Link to Original Source

+ - The CIA Does Las Vegas->

Submitted by Nicola Hahn
Nicola Hahn (1482985) writes "Despite the long line of covert operations that Ed Snowden’s documents have exposed public outcry hasn’t come anywhere near the level of social unrest that characterized the 1960s. Journalists like Conor Friedersdorf have suggested that one explanation for this is that the public is “informed by a press that treats officials who get caught lying and misleading (e.g., James Clapper and Keith Alexander) as if they're credible.”

Certainly there are a number of well-known popular venues which offer a stage for spies to broadcast their messages from while simultaneously claiming to “cultivate conversations among all members of the security community, both public and private.” This year, for instance, Black Hat USA will host Dan Greer (the CISO of In-Q-Tel) as a keynote speaker.

But after all of the lies and subterfuge is it even constructive to give voice to the talking points of intelligence officials? Or are they just muddying the water? As one observer put it, “high-profile members of the intelligence community like Cofer Black, Shawn Henry, Keith Alexander, and Dan Greer are positioned front and center in keynote slots, as if they were glamorous Hollywood celebrities. While those who value their civil liberties might opine that they should more aptly be treated like pariahs”"

Link to Original Source

It is not for me to attempt to fathom the inscrutable workings of Providence. -- The Earl of Birkenhead