security - Page 58

  • belgacomhack says that strange things are happening on its routers

    do I have to laugh or cry

    do they really think I am stupid and I don't know what I am talking about

    off course, there are strange things that will happen on all your routers and switches and servers for long time, so you shouldn't let off your guard - anytime (they can easily wait a year - or two to retake control through backdoors and accounts that you didn't control and that you didn't think were there and while you went back to your day-to-day business, they come back and than they will observe, wait to see if you see something and they will scan and look what the new controls and accounts are and what is logged and what isn't and so they will take another month or two to infiltrate again)

    your only possible choice is to stay on high alert for the coming years and to be patient and use this high state of alert as an advantage (even if it will cost you much now but you are learning much more much faster than any other ISP about the most advanced techniques of command and control)

    it will cost you millions but your network will be worth millions again - if you don't invest millions it will be worthless because nobody will use a network that has been hacked inside out by the NSA for years and that isn't supervised and controlled and replaced and upgraded as if they are still in the network

    secondly why don't you believe or understand the NSA slides in Der Spiegel about this attack ?

    It is clearly written that they want to be CNE certified Network Engineer

    what is a certified Network Engineer ? someone who controls routers and switches

    where will you have problems and backdoors and sleeping code ? on your routers and switches and your servers and a lot of other stuff

    they had according to the slides more or less 3 years - take 2 with holidays and so on - to do on your network whatever they wanted before you had any idea that this was more than a stability problem of a server

    that is a lot of time for experienced hackers and penetrators and spies

    in fact it was their network, they were the CNE, they controlled the switches and the routers

    by the way, do you encrypt the passwords going over your network ? NO  ?  Ooops. you may change them again.

    ever thought of double authentification for administrators and important people ? maybe this is the perfect time because so passwords are worthless ?

    and last but not least, the Internet Storm Center said some time ago that if a hacker had root and was an experienced one with many code and tools on his hand that you better throw away the machine if you had to be absolutely sure that there was no code or backdoor left after the first cleanup

    maybe you can throw some chinese routers out and put some European stuff in its place because rumor has it that there is a lot of code in these chinese routers that your engineers and those of Telenet don't really understand and you know probably that malicious code doesn't has to be long to be able to do its duties

  • belgacomhack communication has 6 big problems, don't blame our questions

    the first thing about crisiscommunication is that your communication has to make sense or otherwise it will be unbelievable

    * unbelievable is it that you say that you have cleaned it up in a few weeks while at the other hand you say that it has been a state actor with enormous resources. This is unbelievable because we can hardly believe that a state actor with such enormous arsenal of possibilities and resources would only have placed one virus that one could clean with a simple update of Microsoft Defender. So they didn't install other backdoors and they didn't install sniffers and they didn't take control of servers and so on ? Unbelievable.

    the second thing about crisiscommunication is that your communication should not be contradicted by other information published by other trusted sources

    * there was a clear contradiction between the communication by Belgacom and the information in the slides about the 'operation socialist' against Belgacom published by Der Spiegel. THe information in these slides (from the NSA) were even never incorporated into the communication which made the contradiction even more apparent. 

    There were three big contradictions. The first was that it was a highly specialised targeted attack while in the slides you could read that in fact it was probably done by spearphishing (which puts questions about the antiviruscontrols in the heads of professionals). The second was that the penetration attempt was succesful in 2010 while Belgacom just continued to talk about 2011 or 2012. The third contradiction was that the goal of the penetration by the NSA was to become CNE (certified Network Engineer) which means that you have full control over the switches and routers (and also all the passing passwords) while Belgacom said that the penetrators had no control over the switches and routers.

    the third problem with the crisiscommunication by Belgacom is that their communication about the impact of the penetration was confusing and contradictory and for that reason unbelievable.

    * You can't say in the first hearings (in the European Parliament) that at the one hand there has been no impact about the data of the communication networks and the users and a bit earlier say that you don't know which data has been compromised because you aren't capapble yet to decypher the encrypted packages that you have found and weren't transferred yet. Or you know it or you don't know it. If you aren't sure, you don't know and if you don't know you can't say there has been no impact.

    * it is impossible to believe that communication because the NSA slides of Der Spiegel made it clear that the only goal of the penetration was to be able to intercept all the communciations on the mobiles of the thousands of targets that they were using in PRISM and other interception methods. If you believe those secret leaked slides than (which date from 2010) than there is information that will have been transferred to another destination. Not all information but specific information will have been intercepted, collected, packaged, encrypted, channeled and send.

    the fourth problem is that when there are leaks (and those may have mistakes in their information because the journalists doesn't really understand the technical aspects or doesn't understand the intelligence objectives as explained in the slides and doesn't put the facts and leaks aside those) you will have to respond to at least some information in the article. Saying that there is a judicial investigation has nothing to do with this because most of the technical information that has to be corrected will have no impact whatsoever on the investigation or trial (if there is even ever to be one).

    If it is a state-actor, than he will be following the news and the rumors and there will be agents swirling around the place looking for information to know what we know by now.

    the fifth problem is that by giving no usable actionable intelligence you are really frustrating a lot of network and securityworkers in Belgium who have also to secure their network and also want to know  - aside from the name of the virus and the used channels and IP addresses - a few more general things that you may have learnt by now and that would make ik possible to revise their securitystrategies and methodologies and controls for their own networks.

    * it is a 64bit windows virus and has the definition or sample already be communicated to other securityservices

    * were there attack or managment tools or platforms on linux and solarisservers and what were they

    * does the virus has signature or a certificat

    * which channels were used

    * was the penetration done by spearphishing and/or by webservers in the DMZ

    and there are a lot of other questions out in the open

    and don't come telling that there is an investigation if it is a state-actor you will never be able to prosecute because there is no law against spying in other countries against other nationals. THe only laws about intelligence are about the interdiction to spy on its own citizens and the procedures an agency has to follow when it wants to spy on someone in their own country and what kind of actions need what kind of approval. and the rest is all political and diplomatic.

    and the last reminder is that according to other leaks by SNowden is that Belgium was selected as a target by the NSA in 2006.

    So Belgaom your first objective has been accomplished, your stock wasn't too much affected by the news

    but now you have to communicate better - even if it is behind closed doors so the rest of the Belgian security officials can do their work as they should be and as you are the first of having discovered the total take-over of your network by the NSA, you are a good reference to give at least some 'actionable' intelligence

    and yes we understand that for the coming year you will have problems and it will take months, even years if you have cleaned and controlled your netwerk of whatever backdoor or software or channel or code or account that was place during those 3 years

    there is nobody going to blame you for that, as long as you work together with the security community because we are all in this together

  • FOD financiën koopt nog enkel laptops en gaat voor 'tele'werk (antwoord parlement)

    Daarbij komt nog dat de manier van werken in de loop van de volgende tien jaar aanzienlijk zal veranderen. Telewerk en arbeidsflexibiliteit zullen meer en meer aan belang winnen binnen de openbare sector. Mijn Departement besliste reeds om voortaan geen "vaste" PC's meer aan te kopen ten voordele van draagbare PC's, omdat dit deze flexibeler manier van werken faciliteert.

    aldus de minister

    desktops hebben enkel nog zin als je echt veel horsepower nodig hebt maar hebben ook andere uitdagingen zoals veiligheid (zeker bij financiën)

    de satellietkantoren zijn dan ook betere oplossingen dan telewerken aangezien ze aan beide voorwaarden kunnen voldoen

  • after the Nigerian fake bank accounts in your mail, now Mexican criminals are calling about fake abductions to get your money

    Mexican criminals have become as adept as faux Nigerian princes at clearing out the bank accounts of the unwitting.

     

    Callers, often identifying themselves as members of the Zetas or one of Mexico’s other deadly criminal gangs, declare they have abducted someone’s loved one and demand ransom deposited in return to the supposed victim’s continued existence.

     

    A favorite tactic is to have a crying child scream over the phone that he or she has been kidnapped.

     

    After years of such calls, often made as randomly as a dinner-hour insurance pitch, many Mexicans have learned to simply hang up and go about their business.

     

    But foreign visitors unaccustomed to the tactics have apparently been taken in.

     

    “In case of receiving threatening phone calls … give absolutely no information and hang up as quickly as possible,” the Spanish Foreign Ministry advises.
    http://www.mintpressnews.com/virtual-kidnappings-mexico-real-threats-abduction/170385/

    off course spanish speaking countries and communities are the first that are selected.

    interesting to see how we should call that as we have already vishing (phishing for your login by phone), how should we call these scams by phone (phonescams ? so we can call them phoney scams ?)

  • your personal sexting pics are stolen from your mobile or laptop and go to pornsites

    Now watchdog the Internet Watch Foundation has warned that many of these pictures are ending up online.

    Susie Hargreaves, chief executive of the charity, said ‘self-generated’ pictures of children are now a major source of images used on websites viewed by paedophiles.

    In a search lasting just 40 hours, one of her analysts found 12,224  self-generated images of teenagers on 70 paedophilic websites. Given the speed of the investigation, the true number of stolen pictures is likely to be far higher.
    http://www.dailymail.co.uk/news/article-2458252/How-teens-sexting-photos-end-paedophile-websites-Thousands-images-published-sites-stolen-Facebook-social-networks.html

    especially the most valued ones for which some sick people are prepared to pay good money (because they are rare and risky) and these are the underage sex pics

    so three things

    * everything digital can be transferred or intercepted and will live on somewhere for ever

    * your mobile has no security that is worth being called by that name

    * your upload and connection accounts are only passwords of which millions are stolen every month

  • what are you going to do with 10 million for cybersecurity ?

    at a time when social and other funds are seeing cuts deeper than anybody could have imagined (even when you have lived through the nineties)

    at a time when there are a thousand other social and economic priorities who also need whatever kind of money that they can get a hold on

    the federal government has decided to free not 3 but 10 million for cybersecurity

    this is three times the sum that was asked (and the pressure and importance of the huge hacks that were leaked the last weeks will have sent some scuds into the negotiation room (or should I say cutting room))

    they were probably also thinking what some-one is going to leak tomorrow (knowing there is a lot of other stuff that is staying under the carpet for now)

    but don't make a mistake, 10 million is a lot of money or not

    it is a lot if you use it to make the cert function 24h a day

    it is a lot if you have an operational team that has as a mission to organize 'actionable intelligence' for the networkadministrators and dataprotectors in Belgium

    it is a lot if you have a team that is responsable for the coordination of everybody who has something to do with one aspect of cybersecurity and privacy in Belgium and works around very small but realisable projects (but which can be realised one after another)

    it will be just a drop in the ocean if you use it

    to take in project managers, project coordinators, project blalalblalbalblalalb

    to place instrument after instrument to defend and control infrastructure without anybody looking at the alerts or analyzing the traffic to watch for trends and problems or attacks that went unnoticed

    it is people who will make the difference

    people who work and accomplish something

  • none of the belgian icann registered domainsellers signed the 2013 agreement

    http://www.internic.net/origin.html

    The information that appears for each registrar, including the referral web address and contact information, has been provided by each individual registrar.

    The 2013 RAA ICANN logo indicates that the registrar has signed the 2013 Registrar Accreditation Agreement ("RAA"), which is the most current contract governing the registrar relationship with ICANN. The 2013 RAA provides enhanced protections for registrants and an increased level of accountability for registrars, including but not limited to added registrar posting requirements, added compliance enforcement tools and increased accountability to third parties. Prospective registrants may want to take this fact into account when selecting a registrar for their gTLD name(s). The 2013 RAA ICANN logo is not an indication of how long the registrar has been ICANN accredited. You can view this contract at http://www.icann.org/en/resources/registrars/raa/approved-with-specs-27jun 13-en.htm.

    A registrar with a 2009 RAA ICANN logo is one that has yet to sign the 2013 RAA. Registrars who are covered by the 2009 RAA are obligated to follow many provisions that safeguard registrants, but they will not be able to offer as many generic top level domains in the future. You can view the 2009 contract at http://www.icann.org/en/registrars/ra-agreement-21may09-en.htm.

    the only belgians accredited with ICANN have signed the 2009 agreement

    what is important is that the 2013 agreement imposes more security and other quality and procedural obligations

    maybe we should use the opportunity to only let ICANN 2013 covered domainsellers should be able to sell .brussels and .vlaanderen and so to be sure that we have chosen really important and quality resellers and not the boy from the house down in the street who is having his webbusiness from his living room and his laptop

  • 100 million facebook users have lost their explicit wish of being left alone

    at one side facebook has more than 1 billion active users (whatever that is because my feed is over there but I haven't been on facebook that much)

    they have decided that no everybody can be found on facebook

    this means that if you have blocked explicitely that you shouldn't be found by your real name on Facebook that in a few weeks anybody will find everything that you have set public

    their argument is that you should use the enormous and confusing list of privacycontrols to decide who can see or read what (and those controls change so often that you need real manuels for that)

    but if people have chosen not to be found on facebook except if they invited someone they knew than that is not only an easier model but also some that is much more easy to control - it is a privacymodel

    facebook is in fact throwing one privacymodel in the dustbin at a moment that privacy is becoming more every so many snowden leaks an important business advantage

    but they are in it for the money and not for the service the vision or whatever bullshit you will read and hear - facebook is a money machine and nothing more than that and it was a moneymachine from the beginning and it will end as a moneymachine

    this means that 100 million facebook users will become public in the coming weeks and will be bothered and asked and poked by people they explicitely didn't want to let know that they were on Facebook and having things public that were from the beginning not meant to be public to anyone else than they people they have explicitely invited

    so this also means that if between all those people there are people who don't go often on facebook or don't read all the articles about facebook in the press and so on will have a lot of stuff online that was never meant to be online

    and - not talking about me hihi - but if you have facebookpages about your sexual particularities, your political and sometimes dangerous opinions (take china) than they are not only putting reputations of people in danger but in certain countries also real lives of real dissidents

    they say that only 10% of their users use this function and that for that reason it should be abandoned

    this is not an acceptable explication because maybe those 10% need that protection, maybe that is their way of protecting themselves and their privacy

    and how is that, you agree to one set of the contract to use a service and than all of a sudden without any discussion it all changes all of a sudden without having any possibility of keeping the rights you had when you first joined

    even if they are not available anymore for the new users

    when you have agreed to a service and you abide by them the service should also keep to their obligations for you - even if they try to convince you to voluntarily to change to their new system

    this is the fundamental questions for the privacy commissions and this maybe the case they have been waiting for to make a case that once you had privacyrights you can keep them as long as you use the service and want to keep them - whatever the changes they make for the new users after you

    it is the question for 100 million people

    it is the question of stopping the slowly eroding of our privacyrights one step at a time by those giants

  • integrating antivirus filtration directly in your search (and before you visit or download)

    I don't know if avira is the best to do this

    and I am not sure if it should be one or several checks

    and maybe you should be able to select a level of security (number of securitychecks)

    just as you do now with adult filtering- porn filtering in fact

    but it is an interesting concept - going much further than the badware filtering in Google

    it should in fact also take the following in consideration

    * phishing blocking (phishtank feed)

    * blocking of hacked sites (zone-h feed)

    * level of SSL security (ssllabs check)

  • post-snowden return to paper for secret communication

     As an example of the far reaching implications, Ylonen says that since the Snowden documents about the NSA were leaked, Finland stopped electronically communicating top secret material between embassies, preferring to courier this kind of information instead
    http://www.networkworld.com/cgi-bin/mailto/x.cgi?pagetosend=/news/2013/100913-intel-nsa-274676.html&pagename=/news/2013/100913-intel-nsa-274676.html&pageurl=http://www.networkworld.com/news/2013/100913-intel-nsa-274676.html&site=security&nsdr=n

    invest in DHL and all the other courrier firms

  • source code of Adobe products stolen by hackers - zeroday attacks will come

    Chris Petersen, CTO of LogRhythm

    When it comes to the source code breach, the first risk Adobe is concerned with is that malicious code was inserted into product source code and then distributed to customers in a compiled form. The second risk is their source code being out in the open to would be attackers. Having access to product source code can allow attackers to identify software vulnerabilities that have been undiscovered to-date. Both risks could result in a treasure trove of zero-day exploits against Adobe software.

    If indeed the source code stolen pertains to ColdFusion and Acrobat, this could leave thousands of web servers open to at-will compromise and make it easier to compromise end-user systems. This breach is a chilling reminder that all software companies should be on guard, as they too could be a stepping stone to other targets.
    http://www.net-security.org/secworld.php?id=15716

  • what are vulnaggressive mobile apps

    We coin the term “vulnaggressive” to describe this class of vulnerable and aggressive characteristics.

    Following is a sample of the aggressive behaviors and vulnerabilities we have discovered in Vulna.

    Aggressive behaviors:

    • In addition to collecting information used for targeting and tracking such as device identifiers and location, as many ad libraries do, Vulna also collects the device owner’s email address and the list of apps installed on the device. Furthermore, Vulna has the ability to read text messages, phone call history, and contact list, and share this data publicly without any access control through a web service that it starts on the device.
    • Vulna will download arbitrary code and execute it when instructed by the remote server.

    Vulnerabilities:

    • Vulna transfers user’s private information over HTTP in plain text, which is vulnerable to eavesdropping attacks.
    • Vulna also uses unsecured HTTP for receiving commands and dynamically loaded code from its control server. An attacker can convert Vulna to a botnet by hijacking its HTTP traffic and serving malicious commands and code.
    • Vulna uses Android’s WebView with JavaScript-­to-­Java bindings in an insecure way. An attacker can exploit this vulnerability and serve malicious JavaScript code to perform harmful operations on the device. This vulnerability is an instance of a common JavaScript binding vulnerability which has been estimated to affect over 90% of Android devices.

    Vulna’s aggressive behaviors and vulnerabilities expose Android users, especially enterprise users, to serious security threats. By exploiting Vulna’s vulnaggressive behaviors, an attacker could download and execute arbitrary code on user’s device within Vulna’s host app.
    http://www.net-security.org/malware_news.php?id=2606

  • dns hacking of your domainname is mostly getting that admin password

    Avira said its own network and customers were not affected, but that the DNS (Domain Name System) records -- administered by Network Solutions -- were changed to point to other domains, which is known as DNS hijacking.

     

    "It appears that our account used to manage the DNS records registered at Network Solutions has received a fake password-reset request which was honored by the provider," the company wrote on its blog. "Using the new credentials, the cybercriminals have been able to change the entries to point to their DNS servers."
    http://www.cio.com/article/741153/Network_Solutions_Investigating_DNS_Hijack?source=rss_news&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+cio%2Farticles+%28CIO+-+Articles%29

  • de zachte security-aanpak van awareness moet gedaan zijn zegt Europol

    "Ik ben geen fan van te veel regulering, maar ik vrees dat je security by design niet kunt implementeren door het bedrijven op een aardige toon te vragen", zegt het cybercrime-hoofd van de Europese politieorganisatie Europol tegenover Tweakers. Security by design betekent dat er bij het bouwen van software al afdoende wordt nagedacht over de beveiliging.

    "Er moeten criteria komen en die moeten worden nageleefd", aldus Troels Oerting. "Als je een auto bouwt, zijn er nu strenge veiligheidsregels, maar nog niet als je software op de markt brengt." Overigens zijn er wel al bepaalde certificeringen, bijvoorbeeld voor gebruik in de medische sector of door overheden, maar het is niet verplicht om een certificering aan te vragen.
    http://tweakers.net/nieuws/91805/europol-overheid-moet-eisen-stellen-aan-beveiliging-software.html

    juist, het werd tijd

  • European Cybersecurity month in Belgium

    This month is the European Cyber Security Month!

     

    European Cyber Security Month (ECSM) is a European Union advocacy campaign that takes place in October. ECSM aims to promote cyber security among citizens, to change their perception of cyber-threats and provide up to date security information, through education and sharing good practices. You can read more about it on the ENISA website, where you can also view the events planned in the EU.

     

     

     

    Tomorrow the ECSM kick off event takes place in Brussels. The European level conference aims to bring together the stakeholders involved in public-private partnerships and single out their example in order to be followed by the entire community. Innovation, partnership and brokerage of information are the key drivers of the initiative!  B-CCENTRE will be also be there to present an overview of its activities.

     

     

     

    Upcoming events:

     

     

     

    ISSE2013 on 22-23 October in Brussels, Belgium

     

    see http://www.isse.eu.com/

     

     

     

    Belgian Internet Security Conference on 24 October in Brussels, Belgium

     

    The Belgian Internet Security Conference offers you the opportunity to take the lead in developing a coordinated approach. You will hear about the latest trends and get a chance to exchange ideas and views on cyber security with absolute top experts and policy makers from many domains.

     

    The BISC wants to reach IT decision makers and all who is interested in strategies for a better cyber security from different domains (federal and regional public services, big and small companies and research and education).

     

    The Belgian Internet Security Conference is organised by Belnet, the federal internet service provider responsible for the Belgian network for research and education. It also takes care of BNIX (Belgian National Internet eXchange) and the federal cyber emergency team CERT.be. Partners of the conference are CERT.be, Fedict, Febelfin, Agoria, BELTUG, B-CCENTRE, BIPT, the Federal Cyber Crime Unit, FPS Justice, FPS Economie, V-ICT-OR, FEB, ICC Belgium and ISPA. Participation costs 99 euro. Organisations connected to the Belnet network and students pay 50 euro.

     

     

     

    Pilot Training on physical attacks against security devices: 4 November 2013@UCL Crypto Group in Louvain-la-Neuve, Belgium

     

     

     

    One day training to understand the principles and consequences of physical attacks against crypto-enabled devices, intended for the security expert and organised by the B-CCENTRE. The training will describe the principles of side-channel attacks, the contexts in which they can and cannot apply, the equipment and skills needed for an attacker and the consequences on security. Real-life examples of attacks (e.g. Keeloq, MIFARE) will be discussed. The training will also present some demos using lab equipment. Attendance is free for registered participants.

     

     

     

    We refer to our website for further information on the events: www.b-ccentre.be

  • how belgacom and voo are using the fccu investigation to keep silent

    Both are saying that they can't inform us more about what happened because a judicial investigation is busy and that they don't want to compromise the investigation

    but both are abusing this investigation to have a crisis communication in which you hope that the news cycle will go further and that people will forget and that you can go on with your business as usual and that the victims won't file an complaint

    so it is necessary that the justice department defines what kind of information can be published without endangering the investigation

    * in the case of voo

       what kind of information was copied from its half a million of members (paswords, financial information, addresses, emailaddresses, mac address of the box or whatever information, national registernumber or whatever

    it is important for the victims to know what information especially has been copied and may or not may be in the hands or on the server of the blackmailer and what the consequences may be

    * in the case of Belgacom

    there is technical information that is of some importance to the other administrators of networks and that information has not even to be complete and may or may not be publc but that information has to be updated when needed

    there is no way that the information if there is a certificate or not, that the virus is a 64bit or not and that it uses this or that port will endanger a judicial investigation that will probably lead to nowhere because there is no legislation nationally or internationally that prohibits the spying of foreign services on people, institutions and business that are outside of their jurisdication

    so don't make any mistake about it if both say that they can't speak because there is a judicial information, they are just abusing that investigation and it is necessary for now and the future that the FCCU and the justice department set some clear rules for the future

  • how to file a FOIA freedom of Information for the NSA

    Unsurprisingly, the National Security Agency, the Department of Defense agency charged with collecting and analyzing foreign intelligence, is one of the more difficult federal agencies to coax information out of. Want to know if they have files on American activists? With the NSA, unlike the FBI, you're out of luck. Looking for more mundane information, like parking lot complaints? Better be prepared to pony up over $1,200 in search and processing fees.

     

    It's challenging to pry documents out of the NSA, but not impossible. Recently, MuckRock received a copy of the NSA's guide to Googling and other open-source intelligence methods, for example. One of our most prolific users, Jason Smathers, filed a request for the oldest open FOIA requests being processed by the NSA and received 4 pages back.

     

    So how can FOIA reasonably be used to better understand the NSA's role in national security? Here are some starting points when crafting your request strategy.

     

    Avoid asking for an individual's data

     

    It's tempting to be direct and ask for information about individuals, such as the NSA's file on Edward Snowden. Two factors make such requests highly unlikely to succeed. The first is the Privacy Act, which, working alongside the Freedom of Information Act, was enacted to balance individual privacy against public disclosure--most people wouldn't want, for example, the IRS to release full tax returns or other sensitive data.

     

    The second factor is that details about individuals typically fall under the NSA's Glomar policy, which is the famous "neither confirm nor deny" response. Here's an example of that response, which MuckRock received when we asked for the NSA file on Aaron Swartz.

     

    In our request for Aaron's file, you'll see that the NSA will at least look for, if not necessarily release, certain documents related to employment by the agency. If you're interested in what the NSA would release, I have filed a request with the NSA for employee files on Edward Snowden that should fall outside of investigative exemptions. Follow along and see updates to the request as soon as we get them.

     

    Follow the government's lead

     

    If you carefully parse statements from public officials and even press releases, there's often troves of information below the surface that's releasable. For instance, in order to talk about the recent PRISM leaks, the NSA took the step of declassifying at least some information on the program. Those classification and public statements often result in the creation of talking points documents, which are generally releasable in their entirety, since they are created for the public (though the NSA in particular has found some novel use of exemptions in this regard). Tom Nash filed a request for recent NSA talking points, while I requested documents related to the NSA's Utah Data Center public ribbon cutting event.

     

    While all this material is created for possible public release, a lot of it isn't released unless someone asks the right questions. If it is released, it's often overlooked. FOIA provides one effective avenue to give this information a second (or first) look.

     

    Be prepared to play the game

     

    For first-time (and even long-time) filers, FOIA can feel like an exercise in frustration. You'll get better results and have more fun if you treat it like a puzzle and don't get caught up with the success or failure of any one request: of 51 requests MuckRock users have filed with the NSA, only 6 have been succesfully completed, with 15 rejected outright on various grounds. But if you take advantage of administrative appeals, aggressively look for openings, and remain patient and persistent, you can make important gains.

     

    You can even get clever and look for ways to find out what is blocking your requests by asking for the request processing files:

     

    And hey, the good news is, at 86 days, the NSA's average response time is pluckier than a whole host of other agencies, including the FBI, the TSA and U.S Forest Service. And you're not alone: MuckRock is happy to help file and track your request and we now offer a free place to get your public records and FOIA questions answered by a community of government document geeks.
    https://www.muckrock.com/news/archives/2013/jun/11/foiaing-nsa-what-you-can-get-what-you-cant-and-whe/

    shouldn't some-one ask one for operation socialist or belgacom or brics or swift or just anything belgian ?

    at 1200 dollars it would be for an organisation or journalist

  • belnetsite bxl.be defaced by syrians

  • more about rex mundi

    there are 5 pages of articles on Rex mundi here, nearly all his hacks and analysis

    http://belsec.skynetblogs.be/apps/search/?s=rex+mundi

    we finally said who it was because we couldn't let the impression stay that only administrations and NSA espionage actions were happening in Belgium,

    no also the data of normal people like you and me is in danger

    that should be quite clear now

    and that we wanted to show in all its brutality and dangeriosity before the parliament today

    cybersecurity is something of importance for all of us

    and we kept quiet for a year, so that was enough time for the firm to ask it members to change their passwords, for example......