privacy - Page 6

  • sometimes biometrics don't play any role in high-level arrests

    so the third guy responsable for the Pirate Bay that is searched for all over the world is arrested in Bangkok after travelling 30 times to the country

    but details are always important and than this happens this time

    http://thehackernews.com/2014/11/pirate-bay-Fredrik-Neij-arrested.html

    one of the basics of going undercover is losing everything that you had before, even your favourite t-shirt

  • internal mailserver of automative training company hacked and leaked

    well, it is not nothing, you have got into the internal network of

     

    http://pastebin.com/NAcF8b0m

    this is how they started their operation at Belgacom :)

    it is possible that the internal emailaddresses have less protection than the external ones (for example some filetypes may be accepted internally (zip files for example) that are not accepted from outside).

  • 27 Torservers with around 400 illegal tradingplaces were downed

    this seems to be more or less the case in the first big international action coordinated between the FBI and Europol

    it is in fact a cleanup only because the Torcommunity itself couldn't and wouldn't do it while Tor in the first place has nothing to do with dealing drugs and guns but with giving protection for those who are risking their lives because they are dissidents

    Now, you will ask yourself, how it is possible that TOR servers are being wrapped up like that ?

    First that is not that difficult for three different reasons

    * many of these servers are placed in european countries and the US because of the speed of those servers 

    * some of these operators are just doing stupid things like using webmail addresses that you can trace and which are also based in european or american countries

    * those servers themselves aren't always that secure because in one of the guides to set up an anonymous TOR servers it is written that you shouldn't have any microsoft update, antivirus and stuff like that because you can be identified by such (this makes it quite easy to hack you in fact once there is somewhere a trace)

    as long as they are only getting to pedophiles and drugdealers I really don't care

    but they still have a long way to go

     we are upgrading and checking our tor list you find

    this is not a list to illegal services by the way

  • Belgium is an official client of Finfisher

    Finfisher has developed technology to intercept and follow mobile phones

    on the leaked lists were Belgian contacts

    the minister of Justice said that his services (FCCU probably) was an official client

    they have already spent some 1 million for such hardware and software and recently this was 18K Euro

    Van Hecke wilde in de bevoegde Kamercommissie van Minister Geens te weten komen hoe de vork precies aan de steel zit. De CD&V'er antwoordde dat de FOD Justitie op 26 augustus en 21 oktober van dit jaar telkens 18.181,81 euro heeft betaald aan het bedrijf.
    http://www.demorgen.be/binnenland/justitie-betaalde-omstreden-cyberspionagebedrijf-dit-jaar-al-twee-keer-a2112307/

    the only real question is in how far the judicial overview of the use of this kind of technology is sufficiently and that no innocent bypassers are also 'intercepted'

  • #itunes hack this is the pastebin about the 3 million hack accounts that was deleted

    there are other lists of leaked Itunes accounts that are still online

    one is her http://pastebin.com/47ZGpnr9

    a copy based on a screenshotservice of that page can be found here

     

  • this is the real legal basis for the full authority of the #NSA global spying without oversight

    "Today, we’re releasing a new set of documents concerning Executive Order 12333 that we — alongside the Media Freedom and Information Access Clinic at Yale Law School — obtained in an ongoing Freedom of Information Act lawsuit. EO 12333 hasn’t received much public attention to date, but the government’s prior disclosures in our suit have shown that the executive order in fact governs most of the NSA’s surveillance. In the NSA’s own words, EO 12333 is “the primary source of the NSA’s foreign intelligence-gathering authority.”

     

    Surveillance conducted under EO 12333 is implemented almost entirely by the executive branch, without review by Congress or the courts. EO 12333 lacks even the plainly inadequate legislative and judicial checks on the two more well-known surveillance authorities — Section 215 of the Patriot Act and the FISA Amendments Act.
    http://www.mintpressnews.com/new-nsa-documents-shine-light-black-box-executive-order-12333/198440/

  • #Anonymous says that it has hacked and leaked mails and documents from AIG 2008

    they are here https://mega.co.nz/#F!BgFj3QyQ!NVpnZCSbTFciZ2EtWTpTNQ

    these are really from 2013 and they are full of confidential documents ....

    A lot of the documents are about the rescue in 2008 and are marked confidential

  • and what if Snowden is after all a spy ? or has become one at last ?

    So I think I am at my 10th+ book about /KGB/US/UK/German spying (if you want to send me more, you can by sending me giftcard or books from the wish list - see right of this text) 

    and there is one thing that I have never forgot. It stays as a canary in the back of my head even if it may seem a detail (or a slip of the tongue by a person who is otherwise extremely controlled)

    and so I am thinking about what I have learned 

     the intelligence organisations are primarily interested in 

    * people who have access to vertical information as the intelligence organisations are always organized in different blocks of information (quarantaine). If you read the story of Snowden you will see that he did everything to have access to as many blocks of information as possible and was abusing his position to get that access. (although one could say that the NSA had a very limited form of security that was too much based on trust that people could be trusted and that procedures and limitations would be respected). 

    * technical manuals of information. You can read whatever book about whatever spy organisation in whatever part of the last century and it will always come down to this. They always want the technical manuals of the stuff the other party has (except for the list of spies but that Snowden has taken also some say). I can't understand why you would need all that information if it is only to blow the whistle on some technology and practices that are normally not acceptable. You don't need a million documents for that and you don't need all those technical documents either. In fact if you are an honest whistle-blower you only take those documents that you need to proof your case because at that time you have your case already in your head and you know what you are going to protest about. Downloading between half a million and a million documents or more (depending on the calculations) isn't exactly what you would call such a targeted action. 

    What happens normally afterwards ? 

    * the person is extracted to a safe place (Russia) when he has to drop a signal to his handler who will come and get him and get him out in time 

    * the person arrives in Russia and is being surrounded by handlers 

    * the person is being taken care off, his familiy can come over and so on 

    * he will be used for propaganda and will be used in films, books, press conferences (and that he is doing all the time) 

    What does this mean ? 

    * we will probably never be totally sure, but seeing these facts against the normal procedures in which such things happen in intelligence organisations for decades, there is no way he won't be treated as a spy because there are so many indications that he could be a spy. Even if he would be willing to come back it could be that some people would just see him as a 'disinformation plant' still controlled by the KGB. And from experience the CIA knows that for that reason it can't necessarily trust him a bit and it won't probably. 

    * there are two different things. It is not because he is a spy that everything the intelligence organisations did was lawful and acceptable. They probably get carried away by the technological possibilities (unlimited storage) and the disappearing oversight and control. It is time to get back to the real business, which is to hunt for crime, spies and terrorists (not all the people all the time anywhere)

    * it isn't because he has published those documents that have made it possible to make those remarks that this makes him a hero.  There are holes in his story, there is a very selected argument that is only against the western intelligence services, there are the 600.000 operational documents about real spies and real procedures and there is the fact that he didn't have to download these to make his case (so what or who for ?). You can 't really compare him with Ellsberg (Vietnam papers) because the Russians had nothing to win with the publication and he stayed in the US and he did only take and use what was important to make his case. And this is also the case in other cases of whistleblowers (even if today they can make the most stupid declarations without any critical analysis). 

    * it doesn't mean that everything Snowden says is true and that the way he says something at a certain moment isn't part of some psychological procedure and this is also the question some journalists and newspapers have to be asking themselves. In how far are they not just being manipulated and what is the real news or objective discussion point in publishing or repeating this or that story ? Maybe there is not much left to tell. 

    * since the publication we have to go forward, having ISIS in the arabic region and Putin in the east each making our world much more dangerous than it was a year ago. We have to set a framework in which specific information from specific people or groups of people can be intercepted and exchanges as fast as necessary. But the global interception and analysis of all our communication is not the role of an intelligence organisation in a democratic society and if we are going to fight the fight against Putin and ISIS than it is because we are still convinced there is still enough democracy in our society which makes it worth fighting for. You first need democracy, than intelligence - not the other way round. 

    * it doesn't mean that Snowden should be shut either, let him sit in Russia and enjoy his girlfriend in his flat, like Philby and others. People are moving one and his audience is now moving on to other stories and cases. (by the way the German intelligence organisation also placed trojans in computers and tapped telephone lines and so on - just as the Russians or any other intelligence organisation that had some technical possibilities and a lack of democratic oversight). 

    everything can be different than it looks at first sight in the palace of mirrors that the world of intelligence is and the players in that court play many different roles at the same time and you can't be sure which role he is playing in which game when you are confronted with him 

    you just have to try to do the right thing for the right cause at the right moment 

    This is to say that I am not sure that the story of Snowden is totally truthful, that there are no other games and roles that we don't know about and of which we don't know the outcome now (and maybe never will) and I am also not convinced anymore that he has done only the right thing in the right way even if his cause seemd right at that time

    but again, I am just guessing but after reading all those things, I think sometimes, Hey where did I read that also last year ? And I always come back to

    Snowden

  • Anonymous hackers claim they hacked 3 million Itunes accounts

    • ***** ITUNES HACKED *****
    •  
    • 3,887,882 ITUNES ACCOUNTS HACKED
    •  
    • More pastebin pastes will appear.
    • To find them, simply search for "ITUNES HACKED" and you
    • will see any additional pastes as they are published.
    •  
    • FIRST TEASER - 1000 ITUNES ACCOUNTS
    •  
    • Complete Database - http://sh.st/uhlcW
    •  
    • COME BACK AND CHECK PASTEBIN FOR NEW DROPBOX DROPS
    • WE DON'T NEED YOUR MONEY, WE DON'T BEG FOR BTC.
    • WE ARE FREEDOM.
    • WE ARE ANONYMOUS.
    •  
    • START OF ITUNES HACKED ACCOUNT LOGIN AND PASSWORDS
    •  
    • jrittmas@clinique.com:ritt6870
    • CSHaid@aol.com:rearden1
    • bgordon@ebeanstalk.com:X8sOq9XN
    • craig.delizia@gs.com:morgan
    • mgoodman@pharus.com:Goodnews

    http://pastebin.com/jJdtdZ56

  • Privacy advocates have nothing in common with terrorists and online pedophiles

    "Open Rights Group has responded to an FT comment piece by the Director of GCHQ, Robert Hannigan, in which he calls for “greater co-operation from technology companies', who are in his words, “the command and control networks of choice” for terrorists.

     

    Executive Director Jim Killock said:

     

    “Robert Hannigan's comments are divisive and offensive. If tech companies are becoming more resistant to GCHQ's demands for data, it is because they realise that their customers' trust has been undermined by the Snowden revelations. It should be down to judges, not GCHQ nor tech companies, to decide when our personal data is handed over to the intelligence services. If Hannigan wants a 'mature debate' about privacy, he should start by addressing GCHQ's apparent habit of gathering the entire British population's data rather than targeting their activities towards criminals.”

    https://www.openrightsgroup.org/press/releases/open-rights-group-response-to-gchq-directors-claim-that-tech-companies-are-aiding-terrorists

    this is in essence the answer given by one of the most prestigious British groups at a commentary written by the head of GHCQ. 

    it says in fact that there is no problem that terrorists and criminals should be taken of the web, that there services and their accounts should monitored or taken down 

    but it all has to happen with due process and within an acceptable definition (some antiterrorist ideologues even say that 'strikes' are 'social terrorism'). 

    So instead of asking all the time for the impossible and something that in fact costs enormous lots more than a targeted surveillance, intelligence companies should ask for quicker and better ways of having access to the data they need to prosecute terrorists and criminals 

    the should focus on fast-track procedures and technical means to be able to consult that data and work on it with other colleagues around the world - once the targets have been approved in due process 

    because if there is one thing that the operations against megaspammers, cybercrimegangs and Lulzsec have learnt is that you can only catch them if you an ongoing international coordination and cooperation 

    you don't need some data about everybody, hoping that you will be able to find something of use in time but you need all the data about your specific high-priority suspects all the time and everywhere 

  • Canada is to unify domestic and foreign spying into one agency

    "CSIS’ mandate is to act as a domestic intelligence service, surveying domestic threats and running counter-intelligence. While it has long tried to run operations abroad, Canadian courts have repeatedly stood in its way, including attempts to cooperate with the NSA to intercept communications in other countries.

    Under this new legislation, CSIS would be unique amongst the so-called Five Eyes – the intelligence partnership of Canada, the US, Britain, New Zealand, and Australia – by being the only agency in the group to be empowered with domestic and foreign spying powers. In the US, a coalition of Homeland Security and the FBI manage domestic security and anti-terrorism programs, while the CIA manages foreign intelligence.
    http://www.csmonitor.com/World/Americas/2014/1030/Rattled-by-Ottawa-shooting-Canada-to-broaden-powers-of-spy-agency?cmpid=TW

    big data makes big privacy worries

  • your smart tv is watching and hearing you and sending that info elsewhere

    "The amount of data this thing collects is staggering. It logs where, when, how, and for how long you use the TV. It sets tracking cookies and beacons designed to detect “when you have viewed particular content or a particular email message.” It records “the apps you use, the websites you visit, and how you interact with content.” It ignores “do-not-track” requests as a considered matter of policy.

     

    It also has a built-in camera — with facial recognition. The purpose is to provide “gesture control” for the TV and enable you to log in to a personalized account using your face. On the upside, the images are saved on the TV instead of uploaded to a corporate server. On the downside, the Internet connection makes the whole TV vulnerable to hackers who have demonstrated the ability to take complete control of the machine.

     

    More troubling is the microphone. The TV boasts a “voice recognition” feature that allows viewers to control the screen with voice commands. But the service comes with a rather ominous warning: “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party.” Got that? Don’t say personal or sensitive stuff in front of the TV.

     

    You may not be watching, but the telescreen is listening.
    http://www.brennancenter.org/analysis/im-terrified-my-new-tv-why-im-scared-turn-thing

    You can do the test by saying in front of the tv that you are going to kill Obama and so on

  • the fort Knox phone by Samsung can be broken says securityresearcher

    Samsung launched a Fort Knox hypersecure phone approved by NSA but its security is according to securityresearchers still lacking some fundamental features (full encryption) and makes some other mistakes. Some may think this is unfortunate while others may suppose it is deliberate.

    "Samsung really tried to hide the functionality to generate the key, following the security by obscurity rule. In the end it just uses the Android ID together with a hardcoded string and mix them for the encryption key. I would have expected from a product, called Knox, a different approach:

    • The fact that they are persisting the key just for the password hint functionality is compromising the security of that product completely. For such a product the password should never be stored on the device. There is no need for it, only if you forget your password. But then your data should be lost, otherwise they are not safe if there is some kind of recovery option.
    Recommendation:
    Instead of Samsung Knox, use the built-in Android encrpytion function and encrypt the whole device. Android is using a PBKDF2 function from the encryption password you choose and never persists it on the device. Obviously you can never access the data if you forget your password, but that's the point of a good encryption.

    http://mobilesecurityares.blogspot.co.uk/2014/10/why-samsung-knox-isnt-really-fort-knox.html?m=1

  • this is how mobile networks can upgrade to make surveillance more difficult

    "Wireless carrier T-Mobile US has been quietly upgrading its network in a way that makes it harder for surveillance equipment to eavesdrop on calls and monitor texts, even on the company’s legacy system.

     

    The upgrade involves switching to a new encryption standard, called A5/3, that is harder to crack than older forms of encryption. Testing by The Washington Post has found T-Mobile networks using A5/3 in New York, Washington and Boulder, Colorado, instead of the older A5/1 that long has been standard for second-generation (2G) GSM networks in the United States. More advanced technologies, such as 3G and 4G, already use stronger encryption
    http://www.washingtonpost.com/blogs/the-switch/wp/2014/10/22/t-mobile-quietly-hardens-part-of-its-u-s-cellular-network-against-snooping/

  • if you are paranoid enough, this is how to hide from the NSA

    "Strong, non-NSA backed crypto primitives. I’m a big fan of NaCl because it’s fast, constant-time, secure crypto that doesn’t rely on anything backed by the NSA. To make it easier to use, it’s made portable (and extended) in libsodium. I won’t promote anti-NIST FUD, but some things should be questioned, such as the NIST ECC curves.

    • Minimal metadata. The amount of information that can be extracted from messages should be at a minimum. Anything that’s exposed (username, user ID, public keys, etc.) can be used when collected en mass to begin mapping relationships and undoing the veil of anonymity.
    • Encrypt everything in transit. As with metadata, anything in the clear going over the network can be captured, stored, analyzed - and in targeted cases, altered in various ways. Using TLS is a great start to this, as it removes the option for simple passive monitoring, though it shouldn’t be assumed to be enough. Active attackers can man-in-the-middle the server, passing a forged/stolen certificate. Certificate pinning, and additional layers of encryption help protect against these attacks.
    • Server knows as little as possible. The more the server knows, the more the provider(s) can divulge - either by court order, or by more clandestine means. Even the simplest HTTP server logs can provide valuable information to such an attacker, especially when combined with other data sources.
    • Encrypt everything in storage. When at rest, everything should be encrypted - if a device is compromised, it should reveal as little as possible. By encrypting everything based on the user’s password, only the user is able to access the data (though may be by force).
    • Hide everything. The CIA at least once used a weather application to hide a communication system; it was only available when looking up weather for a certain city. Such techniques make it harder to spot the use of secure communication tools. This may seem a bit extreme, but there are good reasons to do it.
    https://adamcaudill.com/2014/10/19/on-nsa-proof-security/

  • this is how big and completed a fake celltower doesn't look like to intercept your phones

    You can place it anywhere in fact as long as you have power

    http://www.newsobserver.com/2014/10/18/4245744_charlotte-police-investigators.html?rh=1

    it is used in the US by several police stations and explains in some states that researchers have found rogue telephone towers that asked you to connect to them as if they were the real cell towers.

    so next time why would they have to hack Belgacom to trace some cellphones ? Why bother ?

    The Belgian privacycommission has been informed by Belsec that several of these installations are in Belgium according to international reports and that is illegal according to Belgian law if they haven't been certified for that.

  • naughty users of sextoy site leaked

    well now you will be the joke

    maybe you need a spank