12/03/2014

US police services are using laws from the 18Th century to oblige Apple and Google to give them your decryption keys

"Now court documents have emerged showing just how far the Feds are willing to go to decrypt citizens' data.

 

 

The paperwork has shown two cases where federal prosecutors have cited the All Writs Act – which was enacted in 1789 as part of the Judiciary Act – to force companies to decrypt information on gadgets.

The Act, which was signed into law by none other than George Washington and later revised in the 20th century, gives the courts the right to...

issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.

That's a pretty broad remit, but the Feds think it's just the thing to force Apple and others to break down privacy protections.http://www.theregister.co.uk/2014/12/01/feds_turn_to_1789...

Permalink | |  Print |  Facebook | | | | Pin it! |

12/01/2014

fanning : some kids lost their digital virginity online and some online firms should protect them better

yep this is one screenshot ..... and the most innocent part of the fanning collections that were downloaded from icloud because they had forgotten to active the most active defense against passwordguessing being prohibiting bruteforce attacks in which thousands of passwords could be tested without any alert

but you have to see the files to understand the real disaster is that these are youngsters who will find some of these files on all kinds of fileservers and pornservers (there is pornographic stuff in it although not that much even if I didn't look at or downloaded each of the thousands of files)

maybe we should demand from online organisations that they protect the files of our kids higher than our own. if we make a stupid sextape than it is our own fault, we are adults - but we can't control them every minute of the day or control every contact or movie they make - so it is up for the online organisations to give them a safer and more secure online environment

and really this is innocent stuff

once digital, it can travel anywhere anytime and once it is out there or with someone else it is gone - out of control - out of your control

Permalink | |  Print |  Facebook | | | | Pin it! |

since the forget me ruling Google (and yahoo and bing now) are no internet index anymore

they are only part of the internet and they are becoming more and more irrelevant

we will work on that in the coming weeks by preparing more specific searches to bypass this censorship

(how do I know it is censorship because when I search for the names of spies that are in my books about the latest espionage scandals of the last years (to understand Snowden) it is clear that information has been deleted because it is mentioned under the first page with the search results)

for the moment some say that you can find the urls's that are being abolished in Europe in other versions of the Google search machine

but meanwhile the effect is enormous (and it is bigger than the millions of urls's to pirated content because this is about legal content but that some people for some reason don't want you to see anymore in Google)

"Google was the first company to publish a form to make such requests, and has so far received more than 174,000 requests covering more than 600,000 URLs, removing 41.5% of them from its search results. Now it has been joined by Bing and Yahoo.
http://www.theguardian.com/technology/2014/dec/01/microso...

for those who have known the internet before Google

we are going back to local searches and linkindexes and keeping information you have found online because you never know how long it will stay online

Permalink | |  Print |  Facebook | | | | Pin it! |

how to find anything online if you take your time and you know how

there are 5 ways to find anything online

first is Google  

  and than you have to make first a Google account so you can use the advanced search options

  if the data or some of the data has disappeared from Google you should use BING

  there are some operators "term"  you use to find any data in which there is only that term

   "mymailadres"  will give you everything with your emailadres in it

   than there is the period  (last week, last 24hours, last month) but you always will have to use it without time indicator because that indicator doesn't work that well - it is only interesting to find links that have a good time indicator

   you can also limit to a certain domain or site  site:.....

   another interesting is  filetype:txt for example of .cvs   or .pdf  or .whatever

secondly there are torrents

   here you will have to search at torrent search sites because many links aren't in the searchengines anymore

   you will have to use several because there isn't a google for the torrents

thirdly there are the online forums; IRC and usenet

    several of those forums are blocked off from Google and other search engines

    you have to be member to  be able to see the postings and in some cases you have to upload information that others like to have access to data yourself

    for this you probably will need another identity

    for USenet there are few interesting services that are free and for IRC you have really to be careful for viruses, for snoopers and that you have gone through several proxies because on pastebin you will find a whole lot of IRC logs with the full networkname of your identity.

fourth there is twitter with links to download dumps

   so with the download file servers you will find thousands of files online on these servers

   and they are not necessary on Google or they make no sense (who knows that xhx.avi is the latest film for example)

   they are sometimes only on twitter links to such files so you will have to find the necessary twitter links

Fifth there is TOR where you need to download the client and than to follow our guide to find or search for the files - many services are invite only

Permalink | |  Print |  Facebook | | | | Pin it! |

update : this blog is FORBIDDEN TO PUBLISH ANY information about online MENSURA DATA

due to a complaint from the lawyers of Mensura we are not allowed to post specific links to the data

we didn't even publish any direct links just how to find it and even than it was just a posting about using Google to find that data

things anybody with a little bit of intelligence and internetknowledge can do

well you have to learn it yourselfs because I am forbidden to write anything about how to find any particular set of data

so people will continue to think that their data is not online anymore

IT is still online

I know how to find it but I can't write about it

or this whole blog will disappear

which is just what mensura wants

to 'make believe' that the data is not online anymore

and that I am not allowed to publish anything anymore

nothing even not a hint

but believe me that data is ONLINE

Permalink | |  Print |  Facebook | | | | Pin it! |

11/28/2014

BND wants to keep security holes in SSL to itself to spy on you

"Confidential plans seen by the SZ and broadcasters WDR and NDR show that the BND said it would spend €4.5 million to help it find security holes in the Secure Sockets Layer (SSL) protocol used by millions of web services to protect personal information. There is a lively grey market online among hackers and security researchers for "zero day" exploits, so called because they are undiscovered and internet users have had no time to prepare for them.

 

But rather than fixing the security problems, the spies want to use them for surveillance.The programme to penetrate SSL, codenamed Nitidezza, would also target the HTTPS protocol which is the standard for many banks, online shops, webmail providers and social networks.

 

“Holes in SSL need to be patched [fixed] because it is ubiquitous and everyone depends on it for their security," said Jim Killock of London-based digital rights NGO Open Rights Group."There is a real risk that failing to fix problems means criminal gangs will seek to obtain the same data using the same defects."
http://www.thelocal.de/20141110/spies-hire-hackers-to-che...

Permalink | |  Print |  Facebook | | | | Pin it! |

how the german intelligence agency BND can spy on its own citizens

"Dr Stefan Burbaum, who worked at the BND from 2000 to 2005, said that some Germans were targeted as “office holders”, a legal loophole the spies used to circumvent the law that protects Germans citizens from being spied on by its own intelligence agency.

 

Normally, the intelligence agencies must overcome high legal hurdles laid out in the so-called “G10 law” to spy on German citizens, including when they live abroad.Otherwise, information regarding German citizens has to be filtered out from any foreign communications intercepted by the BND.

 

But the German spies argue that a citizen working for a foreign company abroad is only protected in his private life, not in his professional communications, Burbaum told the Bundestag inquiry committee into National Security Agency (NSA) mass spying."The office holder is the legal person," Burbaum said. "It's a small exception. But a German citizen can function as an office holder in a foreign organization."The decisive thing is whether he's communicating as a citizen or as an office holder."
http://www.thelocal.de/20141128/bnd-spied-on-germans-livi...

just get a bit legally creative

Permalink | |  Print |  Facebook | | | | Pin it! |

this is why the intelligence 5 eyes cooperation is so important (us-uk-nz-aust-canada)

if you are one of the 5 eyes you are on so much more than any other partner

https://edwardsnowden.com/2014/10/12/cno-core-secrets/

Permalink | |  Print |  Facebook | | | | Pin it! |

International Atomic Agency in Wenen a target of #Regin

this is typical for a spy operation, always spies have in history get the positions and information of the other parties to the other negotatiors at the table. It was always seen as strategic information

google translate of http://derstandard.at/2000008742912/Spionagesoftware-Regin-nahmAtomenergiebehoerde-in-Wien-ins-Visier

Permalink | |  Print |  Facebook | | | | Pin it! |

the Dutroux documentary (VTM) and the Dutroux files and the unprotected judicial files

When you are watching the Dutroux Documentary on VTM you will see from time to time pictures that come from the judicial files that were used during the trial.

first it is strange that pieces of a trail are used because I am sure if those files are public

but secondly there is a reason for this and I know very well why there is a reason for it

those pictures probably come from the DVDroms that the journalists received during the trial to make it more easy for them to follow the trial and to do their reporting

only there was no protection on those DVDroms - not on how to access them (password) not on the files themselves (encryption eventually with timebomb)

in other words these files of this trial where easily copied and distributed and if you knew how to strip away the source of the files than you could do that without any danger

I have always found that enormously dangerously and even though there seems to be some law that makes it a crime to distribute these files they could be found in a newspaper or with any interested people or on the internet (part of it on wikileaks)

and it is not that the parliament doesn't know because they have a copy of these DVDroms to show how dangerously it is that these kind of documents is distributed freely without any protection (especially if it isn't that hard or expensive to put impose those protections).

 

 

Permalink | |  Print |  Facebook | | | | Pin it! |

11/26/2014

#regin was also targeted at Mobile telephone infrastructure

this is much cheaper than installating rogue GSM receivers together with jammers that will block the official normal GSM receivers

source Kaspersky

Permalink | |  Print |  Facebook | | | | Pin it! |

11/25/2014

the list of telecommunication cables that are intercepted by GHCQ

http://international.sueddeutsche.de/post/103543418200/snowden-leaks-how-vodafone-subsidiary-cable

Permalink | |  Print |  Facebook | | | | Pin it! |

#leak police website brabant wallon est is dumped

not that there is much information

it was because of an international operation against local police websites

but the attackers seems amateurs

 http://pastebin.com/nBaVpsZV

Permalink | |  Print |  Facebook | | | | Pin it! |

Mensura dient klacht in bij skynetblogs tegen belsec but.....

ze wensten de verwijdering van bepaalde postings en wilden in feite de totale verwijdering van deze blog 

ze zeiden dat het opnemen van screenshots en links naar de datadumps illegaal is 

de betrokken verwijzingen en screenshots op de genoemde postings zijn dan ook verwijderd en er is gemeld dat dit is door een klacht bij skynetblogs 

deze klachten worden trouwens altijd opgevolgd 

maar maak u zelf geen blaasjes wijs 

deze data is slechts een peulschil van de data online 

en er is niemand in België die deze dataleaks opvolgt op een systematische manier en de CERT die het zou moeten doen is zodanig onderbemand en overbelast dat ze deze datasets zelfs niet aankan 

dit kost trouwens niet veel moeite om ze te vinden (ik gebruik een tweetal sites en een paar googledorks) en het gaat niet om duizenden .be mailadressen maar in het slechtste geval een paar tiental in een week (tenzij Rex Mundi weer bezig is) 

Het zou slechts een paar duizend euro kosten om dit efficiënt te monitoren en een kleine applicatie om de slachtoffers onmiddellijk na de automatische ontdekking hiervan op de hoogte te brengen. Maar er is wel geld voor grote onderzoeken over wat al onderzocht is. 

trouwens wat doet Mensura dan met de meer dan 400 downloads van de data die al hebben plaatsgevonden 

ik zou zeggen, nice try Mensura maar er zijn belangrijker dingen om je mee bezig te houden 

vb hoe verklaar je dat je certificaat nog altijd kreupel is en dat je formulier voor ziektecontrole nog altijd niet achter een beschermde inlogpagina zit en dat men nog altijd het Rijksregisternummer vraagt van de persoon die moet gecontroleerd worden (die dit dus NIET weet en daar ook zijn akkoord NIET voor heeft gegeven) en dat de 'meer info' rubriek (waar al die schandalige onuitwisbare commentaren in stonden) er ook nog altijd in staat 

zelfs al wist u sinds het lek dat u NOOIT heb aangekondigd op uw blog (tenzij onderhoudswerken op zondag maar zonder te specifiëren) dat er drie grote problemen zijn met dat formulier

* het is niet beschermd door een inlogscherm

* het bevat persoonlijke info waarvan de eigenaar van die info de toelating niet toe heeft gegeven (rijksregister)

* het staat niet alleen op het internet maar het heeft een gebrekkige encryptie maar het had een sql injection (die niet getest was ondanks het feit dat ze in de OWASP 10 staan) 

en indien dat de fout is van uw serviceproviders, dan bent u beter bezig met een andere te zoeken en met een klacht tegen hen in te dienen

btw there are numerous blogs, forums and twitterstream who do nothing else than to report and link to new datadumps on the internet  - it is even by such a twitterstream that I have found the information on saturday that you were trying to hide. 

Trouwens indien advokaten bezig zijn met een klacht voor te bereiden zullen ze deze informatie al lang hebben. 

Permalink | |  Print |  Facebook | | | | Pin it! |

#NSA stop hacking our telecom infrastructure and get a global surveillance permission for REAL terrorists

If the NSA hacks telecom infrastructure worldwide it is because it wants to get the information without having to go through court to get it and because it thinks this is more effective and faster. The latter is more evident than the first because you won't be able to present this information in court (although many of the presumed terrorists are now killed by Drones before they ever get to see a real court). 

But this poses some big problems and can also create diplomatic and other difficulties even if the different intelligence agencies need information from the NSA to be able to re-act fast enough to dangers yet unknown to them. So they are like two scorpions in a bottle who will only get out if they help each other out. 

This is only possible if there is an European agreement that a number of people or organisations can be tracked and monitored throughout the European Union without having to present an individual court order in each of these countries. We already have Europol that can coordinate this and it needs the necessary supervision. 

The only problem here is mission creep and the only way to stop mission creep is that the list may for example be never bigger than 100. This means that there is no way this system can be turned into a global surveillance tool but that is fast and general only for the most important terrorist suspects or contacts that need to be followed anywhere. The terror watchlist of nearly half a million people is a perfect example of this.

It is by going after the real leaders and organizers one by one that one can limit the operational possibilities of a terrorist organisation because they can't be replaced as easily as another disgruntled fighter taking up the gun or bomb of his fallen comrade in arms. And to do that you need the top100 tracklist throughout the US, Europe and the partners. 

Nobody seriously has a problem with tracking the most dangerous terrorists but many people have a problem with the fact that some want to watch everybody all the time as if they all can turn into a terrorist one day. 

And if the intelligence agencies have an instrument by which they can concentrate their resources on immediate dangers and the biggest organizers they can submit court orders for all the rest if they still need it. 

Permalink | |  Print |  Facebook | | | | Pin it! |

11/24/2014

year old story of massive tapping and filtering of the internet by gchq comes back with Cable and Wireless

First it is said that this series of articles is based upon new documents. it would be interesting to know which kind of documents. Do they come from Snowden or from a part of his archive that is probably now in the hands of many more people than we can imagine ? Or is there another source in the UK ?

Secondly it builds upon something that we already know. The program the 'mastering the internet' and the role of gchq was already researched and written about a year ago.

http://www.wired.co.uk/news/archive/2013-06/24/gchq-tempo...

this is one of the best articles if you want an overview and be sure that you take your time to read it because it is all legal according to British law and the new British laws on intelligence will even broaden these capabilities.

Now it seems that Cable and Wireless is one of the companies that was working closely with the gchq to give it all the possible means to filter and intercept as much information as was possible. We are talking about pentabytes of information.

Now Vodafone looks like to have inherited the program when it bought Cable and Wireless and it is not clear if they are fully informed about the topsecret programs. In such big companies such arrangements can also be made between people without the full knowledge of the hierarchy who sometimes just doesn't want to know.

and as this is probably the case everything you read in the article is a logical consequence of this. It is the same process when US firms work together with the NSA or other telecom companies with their respective intelligence companies

the fear to miss something and the absolute trust that is put into technology to give you that (false) assurance is sometimes much bigger than common sense and good intelligence strategies

Permalink | |  Print |  Facebook | | | | Pin it! |

11/23/2014

#regin where does it come from and did it target Belgacom ?

first look at the countries that are NOT in this table

than which countries are NOT in that list ?

and which countries are enormously interested in what passes through Mobile towers and phone companies ?

Belgacom and some other telephone companies may have some scanning to do just to be sure that they aren't impacted. Belgacom is very interesting for a spy because it has so many telephone firms and alliances in so many countries of which a few are very interesting for any espionage agency that follows presumed or real terrorists and their networks and supporters.

 

Permalink | |  Print |  Facebook | | | | Pin it! |

why the new TOR drugmarket Evolution is even more advanced than Silk Road

"Evolution doesn’t just offer an escrow, but also takes advantage of a more advanced feature built into bitcoin known as multi-signature transactions. That feature is designed to prevent both scams and seizure of escrow funds by law enforcement. It requires two out of three parties—the buyer, the user, and the site itself—to sign off on a deal before the escrowed bitcoins can be transferred. Evolution has also had much faster pageload times than competitors, most of whom run painfully slowly thanks to Tor’s process of routing web traffic among randomly chosen computers around the world. (Just how Evolution managed those speeds despite running on Tor itself isn’t clear.) And it has been online far more reliably: The website Darknet Stats counts Evolution as online 97 percent of the time, compared with 83 percent for Agora and 93.5 percent for Silk Road 2 at last check in September.
http://www.wired.com/2014/11/the-evolution-of-evolution-a...

I think the Achilles Spees of Evolution is how they arrive at these speeds because it may be that not all traffic is as TOR protected as is should or they have invested enormous money in SSL accelators and other hardware stuff on their servers.

The protection that is given to Bitcoin shows that not all bitcoins are equal and that some are even not that anonymous, it all depends on how they configurate it and that is something the receiver of bitcoins doesn't always has any control over.

Permalink | |  Print |  Facebook | | | | Pin it! |

openbank.ru hacked and leaked ?

find the link on my twitter account

some hacktivists are hacking and leaking giga's of information every month but withouit all the press attention that others got

Permalink | |  Print |  Facebook | | | | Pin it! |

new anonymous postings or blogging forum -

here http://www.thethoughtcrate.com/

Permalink | |  Print |  Facebook | | | | Pin it! |