privacy - Page 31

  • why spytainment like 24hours and Homeland security is in fact brainwashing us

    this from a national US poll that is organized yearly

    Second is the the influence of spy-themed entertainment, or “spytainment.” I have been researching for some time whether spy-themed entertainment (particularly on television and the big screen) has become adult education for intelligence. Last year, I found a strong correlation between frequent spytainment viewing and approval of aggressive counterterrorism tactics, including rendition, assassination, and harsh interrogation methods. In fact, support for torture was higher in 2012 than it was during the Bush administration. The influence of spytainment, I posited, helps explain why. Here are some of the statistically significant findings from my 2012 national poll:

     

    • 38 percent of frequent spy TV watchers believed that waterboarding terrorists was the right thing to do, compared to 28 percent of infrequent watchers.
    • 60 percent of frequent spy TV watchers thought transferring a terrorist to a country known for using torture was right versus 45 percent of infrequent watchers.
    • 34 percent of frequent spy moviegoers said that they thought it was right to chain terrorist detainees naked in uncomfortable positions in cold rooms for hours. Only 27 percent of non-movie goers thought the naked-chaining-stress-position approach was right.

    http://www.lawfareblog.com/2013/11/real-spies-fake-spies-nsa-and-more-what-my-2012-and-2013-national-polls-reveal/

    Nowhere in these films or series do you see that they have to consider legal and ethical considerations, they go immediately for action with a direct result phone directly with the President of the US to get permission who says they have to do what they have to do to stop the terrorists (and they always 'nearly or in the end finally' do)

    Nowhere in these series it is shown that intelligence and investigations take hours, days, weeks, months, year of work looking at all kinds of details and dead-ends and having more office politics and budgetfights than direct calls to the President himself

    Nowhere in these series it is shown that intelligence and antiterrorism don't depend solely on some rambo man or some small supersecretive totally paranoid team that can do whatever they want they way they want it

    Nowhere in these series are the other effects shown of this kind of methods and mentality and that in the end it doesn't help a bit, on the contrary in the end you are facing a much bigger crowd of angry people and very tense diplomatic and political relations

    it is time for some real intelligence people to show how intelligence is done the intelligent way and how this can be done within the democratic and legal framework we have and why this is better for the privacy and security of all of us

  • how journalist becomes a datamule to get secretive documents out of the US

    My editors told me that we could not discuss the story via phone or email, so we met in a conference room in Al Jazeera's downtown Manhattan offices. There, they made an unusual request. Would I be willing to act as a mule and go to LA to pick up a document? They asked me to fly out within the week, meet Leopold and bring back a thumb drive. If these precautions seem silly, one has to remember the recent news that the NSA had been spying on Al Jazeera. We had to presume it was monitoring Leopold. The question of surveillance, pushed into the news by NSA revelations, interested me more than the opportunity to smuggle a protected unclassified document. What also caught my interest was the way that, in our era of electronic and fiber-optic transmissions, past practices — in-person meetings to hand over documents — seemed to have returned to the present and the future. So I agreed.
    http://america.aljazeera.com/articles/2013/11/5/a-document-mule-intheinternetage.html

    no phone no mail and lots of paranoia (or call it being careful)

    the airlines can win a fortune now with a schedule that brings people back and forth the same day or the day after

    just don't forget that at the US border the borderpatrol can copy harddisks and usb things and so on (so the more important it is to get out of the US the more it shouldn't look like documents (selfprint books ?) or usb or datadisks

    Manning called his dvd with all the cables Madonna - so nobody asked him what was on it

    and the journalist seemed to have liked all the exciting spystuff that is now coming with his job because it makes it all 'exciting' (tell that to your kids that you have been on a plane to meet someone to get a secret document you had to smuggle out of the US and that you had to hide the documents and that you could be arrested anytime.....)

    the next technical borderspyinvention will be one that discovers anything electronic data in your suitecase or clothes (chips or usb) and can read instantly anything on a cd without loading first (which would take too much time - maybe airlines will prohibit cd's on board to make it easier

  • We have heard about airdrones, automatic cars and seadrones but this one does it all

    so why would you need soldiers for (or marines) ?

    the perfect drone that can go wherever you want the way you want

  • your smartphone is so stupid (but intelligent for intelligence)

    Mobile networks are a blessing and a curse for spies worldwide. Because each major wireless communications company operates its own networks, tapping into them becomes more complex. On the other hand, the mobile multi-use devices in our pockets are a blessing, because they often reveal more personal information than stationary computers, such as the user's lifestyle habits and location. They can also be transformed into bugging devices that can be activated remotely at any time to listen in on the user's conversations.
    http://www.spiegel.de/international/world/ghcq-targets-engineers-with-fake-linkedin-pages-a-932821.html

    less is better, also in information

    and your smartphone is the least protected of any device you have (but better than your tablet)

    so the more information you have in your weakest link, the greater the risks you are taking

    there are even banks trying to tell you that it is safe to bank with your mobile (and are now trying to ask themselves how they are going to protect it....)

  • belgacomhack operation socialist II VPN's of Belgacom were decrypted

    nterim reports on the course of the Belgacom operation were even more enthusiastic, concluding that the British spies had penetrated "deep into the network" of the Belgian company and were "at the edge of the network." This enabled the British internal encryption specialists ("Crypt Ops") to launch their "Operation Socialist II," so as to crack the encrypted connections, or VPNs.
    http://www.spiegel.de/international/world/ghcq-targets-engineers-with-fake-linkedin-pages-a-932821-2.html

    thus this means that all the encrypted communications since surely for one to two years may have been decrypted and are compromised  (so who uses these VPN connections from BRICS-BELGACOM)

    this also means that the BELGIAN confidential communications and data is now stored in the UK in its central datacenter (how is this for friendly relations)  - it is time to know what have been intercepted no

    oh yes according to the answers of our ministers, they don't want to take the information in Der Spiegel into consideration for now and are awaiting the results of the investigation, but that can take easily months or even years if they ever find enough clear footprints that show without any doubt that the UK-US spy operation is responsable for this hack

  • don't believe anything any 'ITexpert', Belgian representative Karolien

    "Zeer onwaarschijnlijk", reageert prof Frank Neven van de vakgroep informatica aan de UHasselt. "Mogelijk werd de code in de e-mail geïnterpreteerd als een IP-adres, omdat het dezelfde vorm heeft. Toevallig komt die code ook overeen met het IP-adres van een Amerikaanse militaire basis. Heel wat elementen wijzen er echter op dat de betreffende cijfercode geen IP-adres vormt, maar de versiecode van het gebruikte e-mailprogramma is. Dat is een cijfercombinatie die Mail.com, het programma dat Grosemans gebruikte, zelf aan een e-mail kan toevoegen. Zulke codes kunnen handig zijn om eventuele fouten in hun softwareprogramma's gemakkelijk op te sporen."

    Een kleine test staaft dat vermoeden: "Als je een account aanmaakt op Mail.com en jezelf een mailtje verstuurt, verschijnt precies dezelfde code als die uit Grosemans' mailtje. Als je terugkijkt in de tijd, blijken ook andere mails verstuurd via Mail.com zo'n code te bevatten: hoe recenter de mail, hoe hoger het cijfer. Vandaar het vermoeden dat het om de aanduiding van een versie gaat: ook zo'n code loopt met de tijd op."
    http://www.gva.be/nieuws/binnenland/aid1482742/kamerlid-karolien-grosemans-wellicht-niet-slachtoffer-van-spionage.aspx

    she said that the NSA was spying on her mail - we took at first her declarations at face value and said that that was normal (why shouldn't her mail be traced if so many emails are traced and intercepted ?)

    now she has been making a fool of herself with this declaration that she said to the whole of the Belgian press with a big picture of her - saying that ITexperts have helped her with her proposal for ITsecurity and discover the NSA spying (luckily for them they aren't named - but it is NOT me)

    it looks now that number she was seeing in the extended header of her email was not an IP address but a number that is generated by mail.com to know which kind of browser and so on you are using to know what to look for if you declare an incident or problem with access to their mailserver or with a certain mail

    don't begin being too paranoid and don't jump to conclusions - and maybe the press should check before they even publish it (and not wait two days untill some people who had the header do the research for them and tell them it is nuts)

  • member of Belgian parliament says that Belgacom abuses its access to mailboxes and phones to control its critics

    this is the article in De Morgen of today and it is really staggering because if this is true

    CD&V-Kamerlid Roel Deseyn stuurt niet langer vertrouwelijke e-mails en sms'en via Belgacom. "Er wordt al eens rondgesnuffeld in mailboxen van kritische politici en journalisten", klinkt het.

    Deseyn: "De eerste keer dat er een belletje ging rinkelen, was voor de zomer toen mijn Skynet-mailbox plots werd afgesloten (Skynet is het internetfiliaal van Belgacom, STS). Na lang aandringen kreeg ik te horen dat dit uit veiligheidsoverwegingen was gebeurd, maar men iets te overijverig te werk was gegaan. Ook de Skynet-blog van Belsec, waar een aantal informaticaspecialisten en betrokkenen aan meewerken, werd plots geblokkeerd na een aantal kritische artikels."

    Kan dat geen toeval zijn?
    "Misschien, maar ik heb nog heel wat andere zaken te horen gekregen van verschillende interne bronnen bij Belgacom. Bijvoorbeeld dat er al eens rondgesnuffeld wordt in mailboxen van kritische politici en journalisten. Dat bepaalde bestuurders en managers voor het versturen van gevoelige sms-berichten met voorbetaalde telefoonkaarten werken omdat ze er geen vertrouwen in hebben dat het systeem waterdicht is. Uitgerekend Didier Bellens zelf heeft een mailadres bij Yahoo.fr omdat hij weet hoe lek zijn eigen systeem is."

    Bestaan daar bewijzen van?
    "Het is enorm moeilijk om dergelijke zaken te bewijzen. Mensen die het kunnen weten zeggen dat Bellens medewerkers verzoekt om bepaalde vertrouwelijke zaken op te snorren en te printen. Er is al eens een incident rond geweest. Toen onderzocht men of het mogelijk is om zomaar de inhoud van mailboxen te doorzoeken. En bleek dat men zomaar aan die paswoorden kan. Als je een paswoord en een mailadres hebt, kun je via de webmail de inhoud van een mailbox checken."
    http://www.demorgen.be/dm/nl/5403/Internet/article/detail/1736368/2013/11/07/Belgacom-snuffelt-in-mailbox-van-politici-en-journalisten.dhtml

    He says that

    * the CEO of Belgacom uses a mailbox of yahoo.fr because he doesn't trust the internal mailsystem according to internal sources the members of parliament says

    * the CEO of Belgacom and his direct staff use prepaid cards to send confidential messages by email (which is a method used by terrorists and spies by the way). If this is only since may 2013 it is a normal and good practice because as we have said over and over again, if there has been a full penetration of the network for over several years and it will take normally months to be sure that everything has been found, traced, cleaned or changed than those hyperconfidential messages shouldn't use any internal system as long as they haven't been totally cleaned and seperated in a totally secured zone under permanent detailed monitoring (securing from inside out after securing the walls around the network)

    * Belgacomstaff had access to the mailbox of the member of parliament and if this is the case, one should file an official compliant with the Privacycommission, which normally when such accusations are made in the press will even have the power to start itself an investigation because if Belgacomstaff have direct access to the mailboxes of individual members (even if they are not journalists or members of parliament) than I can imagine of no greater risk to privacy and freedom of press and in the case of the members of parliament of democracy itself - especially if there is no courtorder or case of enormous interest of national security (intelligence, terrorism)

    * belsec, this critical blog, has been several times kept offline by skynetblogs during a limited time and the main problem with that is not that they have done it (somewhere they will have the right in their legal fine letters) but the way in which they do it. Their procedure is one without any pre-warning and without asking the author to delete the postings or part of it. An alternative is to only block the concerned postings and ask the writer meanwhile to delete or adapt the postings.  The writer-blogger doesn't even know who has complained about your blog or any of your postings (and at Belsec we are at more than 6000 postings)

    the only thing we would like to see is that skynetblogs has a more transparant procedure for treating such complaints and treats its bloggers-writers with the necessary due respect and not with the feeling that we are guilty without having any possibility to be heard first

    this procedure lacks any transparancy because they don't publish a case-officer and you don't know who will decide what when you have adapated the postings accordingly (and they don't tell you what aspect of your posting is at the heart of the complaint)

    even if I am VERY critical of the way Belgacom is treating security before and since the incident (and the other ISP's are not any better) I have only been kept offline when there were complaints about personal details from leaks and passwords that were public on the internet and easy to be found but that lawyers in Belgacom and the people complaining didn't want to see on this blog read by many Belgian journalists and ITpeople (to close at home)

    and for the people concerned, if we do publish that information than it was because it was necessary as proof like with VOO (who said that no server was hacked while the details of the servers were published by Rex Mundi) or because people forget that not only logins and emailaddresses are published online but also many other personal financial and administrative details (for which we in Belgium have no national plan of remedy so for example what will we do if  a 1000 or half a milllion numbers of Belgian EID cards or mobile numbers are published online)

    If we find personal logins and details online, we forward them to the CERT who will treat and forward that information to the persons and institutions concerned, if we would publish every personal detail or all the vulnerability information we had-have, this blog would be very seldom online (and I would probably be more in court than at home)

    we try to do responsable disclosure without closing our eyes to the fact that it would not be good for the public and the democratic institutions responsable for the oversight of the policymakers and administrations to be left in the dark about the dramatic state of cybersecurity in Belgium today and the very high need for that central cybersecurity institution with a budget threefold more than was originally asked (don't spend it on reports and very expensive blablabla consultants with long cv's and no battle experience - we need more cybersoldiers than any more wining and dining generals)

  • how the Danish EID has periods of attack vulnerability thanks to java

    A bungled IT upgrade has downed Denmark's universal NemID login system, forcing people to stay on an insecure version of Java if they want to carry out online banking, check their insurance, or retrieve tax return information.

    Problems with NemID were first reported on Tuesday, and on Thursday the NATS IT consultancy behind the system said Danes wouldn't be able to use both the latest patched version of Java and NemID until Friday.

    NemID is a single login for services from private banking and email to insurance services, local council services. It consists of a user ID, a password, and a code card that generates a one-time key.

    The system was developed through a collaboration between the state and the banking sector, and reaches into "hundreds" of bank and public IT systems. And, to the no-doubt dismay of Reg readers, it relies on Java.
    http://www.theregister.co.uk/2013/10/17/java_causes_problems_denmark/

    of but don't ask too many questions, trust us we know what we are doing..... we think

  • the status of the Belgian access points to TOR

    http://torstatus.blutmagie.de/index.php?SR=CountryCode&SO=Asc  with more details about its performance

    ps being on Tor doesn't mean you are totally anonymous or nobody is (trying to be) watching

    I also suppose that these are individual ISP accounts by individuals and not sure that they have permission to do this - play an access server for TOR

    any such PC or server may be confiscated by the FCCU the moment it is used for acts which are under the investigation (and the responsable person or enterprise can have some responsability aside losing its server) this is not to scare you, it are just the bare facts

  • uproxy the Google Idea P2P proxy you can use between trusted partners to hide each other

    its a peering session, i.e. the data does not traverse through google, it is a direct connection between you and someone you trust. it does actually say this in the video, so even google or the NSA cant snoop the encrypted traffic
    http://www.youtube.com/watch?v=ZJ6BuHL0EiQ

    the traffic doesn't pass Google's warehouses they say (those are breached and tapped as we know now)

    it looks as if you can set up this proxy between people of your network, office, company or whatever and than hide each other's traffic

    but some questions remain and some attacks (even by your peers) should be investigated (because it is not because you are in a trusted environment that you can as an individual trust everyone on that network)

    the idea is a good start because it let trusted circles to make secret rings and that is all it is for the moment, an idea

  • the 1984 database and surveillance Argentine will be installing

    In Argentina, a government database holding the pictures and fingerprints of its citizen will soon allow officials to identify citizens based on their DNA, their iris information, and the way they walk. The government-made promotional video (below) explains SIBIOS, the Federal System of Biometric Identification, and now airs on huge LCDs at selected border control stations. In addition to technical details, the video offers dubious philosophical assertions (like a metanarrative on how knowing who you are is equal to the state ID system and/or your physical features) and bold claims about what technology can do—for instance, the video suggests that technology can capture footage from CCTV’s cameras and use a facial recognition software to identify people. But in Argentina, at least, we are not quite there yet.
    http://www.slate.com/blogs/future_tense/2013/11/04/argentina_s_biometrics_database_and_more_latin_american_surveillance.html

    but once the system is installed with its possibilities there is no way one can guarantee that they won't be used in the future, with or without the knowledge of the officials or with or without an internal revolt or a 9-11

    we stopped people making atomic bombs and nerve gas because they were too dangerous, maybe these tools should be stopped also because they are too dangerous for privacy, democracy and freedom in the hands of the wrong people

    imagine Hitler having this

  • why any private contactinformation shared with US officials should be changed

    The confidential memo reveals that the NSA encourages senior officials in its "customer" departments, such the White House, State and the Pentagon, to share their "Rolodexes" so the agency can add the phone numbers of leading foreign politicians to their surveillance systems. The document notes that one unnamed US official handed over 200 numbers, including those of the 35 world leaders, none of whom is named. These were immediately "tasked" for monitoring by the NSA
    http://www.slate.com/blogs/the_slatest/2013/10/24/nsa_snowden_leak_guardian_reports_nsa_spied_35_world_leaders_with_help_of.html

    just a preventive trick

    change is not that bad

  • how little we allready know about the NSA from the small number of published documents

    so how many documents have already been published of the rumored 19000 to 50000 NSA documents

  • GPS data still needs a warrant in the US says a federal court

    Police must get a warrant before using GPS to track a suspect’s vehicle, a federal appeals court has ruled, throwing out a cache of evidence against three brothers charged in a wave of pharmacy burglaries and going beyond a Supreme Court ruling that left open the question of whether judges have to approve of the high-tech surveillance.

     

    State police investigating the pharmacy burglaries were making progress in 2010 when they found tools, gloves and a ski mask in a search of suspect Harry Katzin’s van.

     

    The electrician said they were merely tools of his trade, and police let him go. But police, working with the FBI, soon put a GPS device under his bumper and closed in on the van after another burglary. They found Katzin and his two brothers inside, along with a large stash of pills, cash and other store property.

     

    Three years later, the evidence has been tossed out after the 3rd U.S. Circuit Court called the GPS tracking an illegal search. The Katzins, who have pleaded not guilty, are free on bail.
    http://www.matthewaid.com/post/65919960919/u-s-court-police-must-get-warrants-before-using-gps

    this is huge because there has been going back and forth about GPS data as if it was public data or metadata and for which the police doesn't want to do the paperwork that comes with it

  • what are the sources for the daily intelligence reports for the US president

     

    http://apps.washingtonpost.com/g/page/world/the-nsas-three-types-of-cable-interception-programs/553/

  • after Google's and NSA denial Washington Post publishes proof that NSA is inside Google's network snooping

    this is part of a series of documents

    the basic arguments are

    http://apps.washingtonpost.com/g/page/world/what-yahoo-and-google-did-not-think-the-nsa-could-see/555/

  • privacy international files an complaint against British Telecomfirms and GCHQ

    Privacy International today has filed formal complaints with the Organisation for Economic Cooperation and Development (OECD) in the UK against some of the world’s leading telecommunication companies, for providing assistance to British spy agency GCHQ in the mass interception of internet and telephone traffic passing through undersea fibre optic cables.

     

    According to recent reports, BT, Verizon Enterprise, Vodafone Cable, Viatel, Level 3, and Interoute granted access to their fibre optic networks for the United Kingdom’s Government Communications Headquarters (GCHQ) surveillance program, Tempora. As a result, Privacy International believes that there are grounds to investigate whether up to a dozen OECD guidelines, pertaining to companies' responsibilities to respect human rights, including the right to privacy and freedom of expression, were violated.

     

    In granting GCHQ access to the fibre-optic cables the companies own, operate or control, and thus facilitating mass surveillance, Privacy International believes the telecommunications companies have undermined their customers’ internationally recognized human rights and contributed to adverse human rights impacts. Privacy International wrote to the companies in August, seeking clarification to their role in Tempora, but did not receive answers demonstrating that the telcos have taken steps to mitigate or prevent the adverse human rights impacts that have occurred.

     

    It has been recently reported that some of the companies have gone “well beyond” what was legally required in facilitating GCHQ’s mass surveillance and received payment for their cooperation. By collaborating with GCHQ and providing access to networks, Privacy International argues that these companies have knowingly contributed to the violation of human rights by enabling the mass and indiscriminate collection of data and interception of communications.

     

    Privacy International is asking the telecommunications companies to:

     

    • Explain all steps taken to oppose, resist or challenge requests or directions to facilitate GCHQ’s mass interception programmes, to the extent that the companies are being legally compelled to cooperate with GCHQ;
    • Exhaust all legal avenues available to challenge GCHQ’s requests or directions to facilitate GCHQ’s mass interception programmes, to the extent that the companies are being legally compelled to cooperate with GCHQ;
    • Cease any voluntary compliance with GCHQ;
    • Take measures to mitigate the respondent’s contributions to the impact of GCHQ’s mass interception programmes on human rights; and
    • Introduce policies ensuring all measures available are taken to resist requests from any government that would result in mass interception that is contrary to the fundamental right to privacy.

     

    While other companies, such as Facebook, Google, Microsoft, and Yahoo! have pushed back against government surveillance requests, it appears that none of the fibre optic cable companies pursued any available legal avenues to protect the rights of their customers. Privacy International hopes that the British National Contact Point (NCP) will investigate what steps the companies took to participating in these surveillance programmes and help ensure stronger steps will be taken in the future to fulfil its responsibilities under the Guidelines.
    https://www.privacyinternational.org/press-releases/privacy-international-files-oecd-complaints-against-telcos-for-role-in-uk-mass

  • EU commission thinking about an European Intelligence Service

    Speaking on Monday (4 November) to Greek daily Naftemporiki on the US snooping scandal, she said: "What we need is to strengthen Europe in this field, so we can level the playing field with our US partners."

     

    She added: "I would therefore wish to use this occasion to negotiate an agreement on stronger secret service co-operation among the EU member states - so that we can speak with a strong common voice to the US. The NSA needs a counterweight. My long-term proposal would therefore be to set up a European Intelligence Service by 2020."
    http://euobserver.com/justice/121979

    on the condition that it doesn't fall under the third pilar which has no real democratic oversight and is the playground of the national leaders who like to continue their backroom dealing and answer any local opposition with the argument that it is the fault of 'europe'

  • belgium has a focused cooperation with the NSA (like most of other European countries)

    http://www.elmundo.es/espana/2013/10/30/5270985d63fd3d7d778b4576.html