Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘private email’

f;laksjdf;laksdjfadf

SPYING ON THE INTERNET IS ORDERS OF MAGNITUDE MORE INVASIVE THAN PHONE METADATA

January 4, 2016

When you pick up the phone, who you’re calling is none of the government’s business. The NSA’s domestic surveillance of phone metadata was the first program to be disclosed based on documents from whistleblower Edward Snowden, and Americans have been furious about it ever since. The courts ruled it illegal, and Congress let the section of the Patriot Act that justified it expire (though the program lives on in a different form as part of the USA Freedom Act).

Yet XKEYSCORE, the secret program that converts all the data it can see into searchable events like web pages loaded, files downloaded, forms submitted, emails and attachments sent, porn videos watched, TV shows streamed, and advertisements loaded, demonstrates how Internet traffic can be even more sensitive than phone calls. And unlike the Patriot Act’s phone metadata program, Congress has failed to limit the scope of programs like XKEYSCORE, which is presumably still operating at full speed. Maybe Verizon stopped giving phone metadata to the NSA, but if a Verizon engineer uploads a spreadsheet full of this metadata without proper encryption, the NSA may well get it anyway by spying directly on the cables that the spreadsheet travels over.

The outrage over bulk collection of our phone metadata makes sense:Metadata is private. Americans call suicide prevention hotlines, HIV testing services, phone sex services, advocacy groups for gun rights and for abortion rights, and the people they’re having affairs with. We use the phone to schedule job interviews without letting our current employer know, and to manage long-distance relationships. Most of us, at one point or another, have spent long hours on the phone discussing the most intimate details about our lives. There isn’t an American alive today who didn’t grow up with at least some access to a telephone, so Americans understand this well.

But Americans don’t understand the Internet yet. Bulk collection of phone metadata is, without a doubt, a violation of your privacy, but bulk surveillance of Internet traffic is orders of magnitude more invasive. People also use the Internet in all the ways they use phones — often inadvertently sharing even more intimate details through online searches. In fact, the phone network itself is starting to go over the Internet, without customers even noticing.

XKEYSCORE, as well as NSA’s programs that tap the Internet directly and feed data into it, have some legal problems: They violate First Amendment rights to freedom of association; they violate the Wiretap Act. But the biggest and most obvious concerns are with the Fourth Amendment.

The Fourth Amendment to the U.S. Constitution is short and concise:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

It means that Americans have a right to privacy. If government agents want to search you or seize your data, they must have a warrant. The warrant can only be issued if they have probable cause, and the warrant must be specific. It can’t say, “We want to seize everyone’s Internet traffic to see what’s in it.” Instead, it must say something like, “We want to seize a specific incriminating document from a specific suspect.”

But this is exactly what’s happening:

The government is indiscriminately seizing Internet traffic to see what’s in it, without probable cause. The ostensible justification is that, while tens of millions of Americans may be swept up in this dragnet, the real targets are foreigners. In a legal document called USSID 18, the NSA sets out policies and procedures that purportedly prevent unreasonable searches of data from U.S. persons.

But it doesn’t prevent, or even claim to prevent, unreasonable seizures.

Kurt Opsahl, general counsel of the Electronic Frontier Foundation, explains: “We have a fundamental disagreement with the government about whether [data] acquisition is a problem. Acquisition is a seizure and has to be compliant with the Fourth Amendment.”

If you read USSID 18 carefully, you’ll see that it appears to limit, with many exceptions, the government’s ability to intentionally collect data concerning U.S. persons. But the Department of Defense, under which the NSA operates, defines “collection” differently than most of us do. It doesn’t consider seized data as “collected” until it’s been queried by a human.

If you email your mom, there’s a good chance the NSA will intercept the message as it travels through a fiberoptic cable, such as the ones that make up the backbone of the Internet, eventually making its way to an XKEYSCORE field site. You can thwart this with encryption: either by encrypting your email (hopefully someday all parents will know how to use encrypted email), or by using email servers that automatically encrypt with each other. In the absence of such encryption, XKEYSCORE will process the email, fingerprint it and tag it, and then it will sit in a database waiting to be queried. According to the Department of Defense, this email hasn’t been “collected” until an analyst runs a query and the email appears on the screen in front of them.

When NSA seizes, in bulk, data belonging to U.S. citizens or residents, data that inevitably includes information from innocent people that the government does not have probable cause to investigate, the agency has already committed an unconstitutional “unreasonable seizure,” even if analysts never query the data about innocent U.S. persons.

The NSA has legal justifications for all their surveillance: Section 215 of the Patriot Act, now expired, was used to justify bulk collection of phone and email metadata. Section 702 of the Foreign Intelligence Surveillance Act(FISA) is currently used to justify so-called “upstream” collection, tapping the physical infrastructure that the Internet uses to route traffic across the country and around the world in order to import into systems like XKEYSCORE. Executive Order 12333, approved by President Reagan, outlines vague rules, which are littered with exceptions and loopholes, that the executive branch made for itself to follow regarding spying on Americans, which includes USSID 18.

But these laws and regulations ignore the uncomfortable truth that the Fourth Amendment requires surveillance of Americans to be targeted; it cannot be done in bulk. Americans are fighting to end bulk surveillance in dozens of lawsuits, including Jewel v. NSA, which relies on whistleblower-obtained evidence that NSA tapped the fiber optic cables that carry Internet traffic in AT&T’s Folsom Street building in San Francisco. It’s easy for the government to stall cases like this, or get them dismissed, by insisting that talking about it at all puts our national security at risk.

And, of course, let’s not forget the 6.8 billion people on Earth who are not in the United States. Article 12 of the U.N. Declaration of Human Rightsstates:

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

The NSA has very few restrictions on spying on non-Americans (it must be for “foreign intelligence” or “counterintelligence” purposes, and not other purposes), despite XKEYSCORE and the bulk collection programs that feed it being an “arbitrary interference” with the privacy of such persons. NSA doesn’t even have restrictions on spying on allies, such as Germany and France.

Facebook feeds everywhere are decorated with baby pictures. When those babies are grown up and getting elected to Congress, maybe then Americans will understand how the Internet works, and that bulk surveillance of phone metadata is just a tiny sliver of the enormous “collect it all” bulk surveillance pie.

Photo: Getty

Tags: , , , , ,

featured image 3

Privacy hawks turn to White House in encryption fight

December 14, 2015

Privacy advocates are leaning on the White House to counter lawmakers’ renewed efforts to pass encryption-piercing legislation in the wake of the terror attacks in Paris and San Bernardino, Calif.

Despite a lack of direct evidence the technology played a role in either incident, lawmakers continue to use both deadly plots to promote a bill that would force companies to decrypt data upon request.

The tactic has left technologists and privacy advocates frustrated, even outraged.

In a meeting with privacy and civil liberties groups on Thursday, the Obama administration said it was preparing to issue an updated stance on encryption policy in the coming weeks, giving the pro-encryption community hope it might have a new ally in its fight.

“I’m very hopeful and the White House has been very receptive,” said Kevin Bankston, director of New America’s Open Technology Institute, who attended the sit-down with top White House cybersecurity and technology officials.

The White House is the one force in government that digital rights advocates believe has the power to shut down the what they see as damaging and distracting battles over a technology they say is necessary and inevitable.

“My concern is we’re going to be arguing this every few years unless there’s a definitive statement from the White House,” Bankston said.

Since the deadly attacks, major Silicon Valley players such as Apple and Google have been under intense pressure from Congress and law enforcement to allow investigators some form of guaranteed access to encrypted data.

As a result, privacy advocates say several types of useful encryption have become vilified with little reason. 

“I’m frustrated by this cynical, opportunistic playbook where the intelligence community sits poised to take advantage of whatever tragedy comes along,” Bankston said, “even if the facts on the ground have nothing to do with it.”

On Capitol Hill this week, FBI Director James Comey portrayed claims that companies cannot crack their own encrypted data, even under court order, as a business decision, not a technological imperative. 

Among them, Apple argues the company itself is incapable of getting at the encrypted data on its latest operating system.

“There are plenty of companies today that provide secure services to their customers and still comply with court orders,” Comey told the Senate Judiciary Committee on Wednesday. “This is not a technical issue, it is a business model question.”

Lawmakers have picked up on this message, using it to lambast Silicon Valley.

“Here’s my message to Silicon Valley: Change your business model tomorrow,” Sen. Lindsey Graham (R-S.C.), who is running for president, said Wednesday on Fox News.

Joe Hall, chief technologist with the Center for Democracy and Technology (CDT), which was also represented at the White House meeting, called this language “really infuriating.”

“What that shows is a misunderstanding of why one would choose to secure either a given communication or a device,” he added.

Providing “easy-to-use, mass market cybersecurity tools” keeps American tech firms competitive in the global marketplace and help secure broad swaths of data from rapidly expanding cyber crime syndicates and overseas cyber spies, Hall said.

Congress has long “been on the warpath,” he added, to get companies and individuals to adopt this type of secure technology. 

Yet suddenly, increasingly common forms of securing data and messages, such as end-to-end encryption and full-disk encryption, are under attack.

With end-to-end encryption, a digital message — an email, or iMessage, for instance — is only visible to the sender and receiver. Full-disk encryption allows people to lock down all information on a hard drive. 

During his Wednesday testimony, Comey told lawmakers that one of the shooters in the Garland, Texas, attack on a contest to draw a cartoon of the Prophet Mohammed exchanged 109 of encrypted messages with overseas terrorists.

“We have no idea what he said, because those messages were encrypted,” he said.

Investigators have not produced similar examples for the suspects in Paris and San Bernardino, although ABC News reported the couple behind the San Bernardino shootings had digital devices with “some form of encryption,” citing two unnamed U.S. officials.

Still, these details have fueled those calling for a policy that would ensure government access to secured data.

Sens. Richard Burr (R-N.C.) and Dianne Feinstein (D-Calif.) have vowed to offer legislation that would compel companies to comply with court orders seeking encrypted messages. 

“I think this world is really changing in terms of people wanting the protection and wanting law enforcement, if there is conspiracy going on over the Internet, that that encryption ought to be able to be pierced,” Feinstein said Wednesday.

But technologists and civil society groups say such a bill would essentially amount to a ban on manufacturing or selling devices with features such as end-to-end or full-disk encryption.

The result, they insist, would be a world in which everyday people are more vulnerable to data breaches and dissidents are more exposed to repressive government spies. 

In response, these encryption advocates have turned their hopes to the White House.

“The White House has to look at those comments and what may result from where the senators are headed and start to take a proactive stance in regards to that,” said Amie Stepanovich, U.S. policy manager at digital rights advocate Access, who attended Thursday’s White House meeting. 

“We need somebody in a position of power to take leadership on this issue,” she added.

Privacy hawks have seen positive movement from the White House over the past year. 

For months, the administration was investigating legislative options and technological mandates that would allow law enforcement its desired access to data on encrypted devices. Ultimately, the White House decided to back away, for the time being, from any mandate.

Following Thursday’s meeting, attendees praised the administration’s ongoing attention to the issue.

“They really wanted to listen to our opinions and the research that we were able to bring in,” Stepanovich said.

But the White House can’t drag its feet forever, privacy advocates agreed. 

They see the administration’s current encryption stance as “no stance.” The position is allowing Congress and law enforcement to continue down potentially destructive paths that would undermine security, encryption advocates said.

A full-throated endorsement of robust encryption methods, such as end-to-end encryption and full-disk encryption, can cut off that path, they said.

“It could be a game-changer,” Bankston said. “I think it would help us put to bed this debate that’s been raging for well over a year.”

“We can move on and start having a more productive conversation about how law enforcement and the tech community can adapt to a world where encryption is common,” he added.

Tags: , , , , , ,

featured image 2

Game for privacy is gone, mass surveillance is here to stay – Assange on #RT10 panel

December 11, 2015

Humanity has lost its battle for privacy and must now learn to live in a world where mass surveillance is becoming cheaper for governments to implement, WikiLeaks founder Julian Assange said during a panel dedicated to RT’s 10th anniversary.
Assange addressed the panel on security and surveillance hosted by RT in central Moscow on Thursday via videoconference from the Ecuadorian embassy in London, where he has remained holed up for the last three years in order to avoid extradition to Sweden.
When offered a chance to comment on the session’s topic – “Security or Surveillance: Can the right to privacy and effective anti-terror security coexist in the digital age?” – the whistleblower asked the moderator, and host of The Big Picture Show on RT American, Thom Hartmann: “How long have you got, Tom?” implying he has a lot to say on the issue.
But it was Assange’s only joke during the event, as his reply turned out to be gravely serious and in many respects depressing.
“In thinking about this issue I want to take quite a different position, perhaps, from what you would expect me to have taken… I think that we should understand that the game for privacy is gone. It’s gone. The mass surveillance is here to stay,” he said.
Mass surveillance is already being implemented not only by major world powers, but also by some medium and small-sized countries, he added.
“The Five Eyes intelligence arrangement [of Australia, Canada, New Zealand, the UK and the US]… is so evasive in terms of mass surveillance of domestic and international telecommunications that while some experts can achieve practical privacy for themselves for limited number of operations… it’s gone for the rest of the populations,” the WikiLeaks founder stressed.
International terrorists are among those “experts” capable of making their communications invisible for security agencies, he added.
Privacy “will not be coming back, short of a very regressive economic collapse, which reduces the technological capacity of civilization,” Assange said.
“The reason it will not come back is that the cost of engaging in mass surveillance is decreasing by about 50 per cent every 18 months, because it’s the underlying cost that’s predicated on the cost of telecommunications, moving surveillance intercepts around and computerization and storage – all those costs are decreasing much faster at a geometric rate than the human population is increasing,” he explained.
Mass surveillance and computerization are “winning” the competition with humanity and human values and they’re “going to continue to win at an ever-increasing rate. That’s the reality that we have to deal with,” the WikiLeaks whistleblower added.
The focus should now switch from defending privacy to understanding what kind of society will be built in these new, changed conditions, he said.
The WikiLeaks founder reminded the panel of the historic examples of East Germany and other societies, in which people adapted to living under the scrutiny of the authorities.
“If you look at societal behavior in very conformist, small, isolated societies with reduced social spaces – like Sweden, South Korea, Okinawa in Japan and North Korea – then you’ll see that society adapts. Everyone becomes incredibly timid, they start to use code words; use a lot of subtext to try and sneak out your controversial views,” he said.
According to Assange, the modern world is currently moving “towards that kind of a society.”
Privacy is among values “that simply are unsustainable… in the face of the reality of technological change; the reality of the deep state with a military-industrial complex and the reality of Islamic terrorism, which is legitimizing that sector in a way that it’s behaving,” he stressed.
Assange encouraged those present on the panel as well as the general public to “get on the other side of the debate where it’s going” and stop holding on to privacy.
The panel discussion was part of an RT conference titled ‘Information, messages, politics:The shape-shifting powers of today’s world.’ The meeting brought together politicians, foreign policy experts and media executives from across the globe, among them former director of the US Defense Intelligence Agency Michael Flynn, the Green Party’s Jill Stein and former vice president of the Parliamentary Assembly of the OSCE, Willy Wimmer.

Tags: , , , , , , , ,

yooooooooooooooooooo

Encryption Is Being Scapegoated To Mask The Failures Of Mass Surveillance

November 18, 2015

Well that took no time at all. Intelligence agencies rolled right into the horror and fury in the immediate wake of the latest co-ordinated terror attacks in the French capital on Friday, to launch their latest co-ordinated assault on strong encryption — and on the tech companies creating secure comms services — seeking to scapegoat end-to-end encryption as the enabling layer for extremists to perpetrate mass murder.

There’s no doubt they were waiting for just such an ‘opportune moment’ to redouble their attacks on encryption after recent attempts to lobby for encryption-perforating legislation foundered. (A strategy confirmed by a leaked email sent by the intelligence community’s top lawyer, Robert S. Litt, this August — and subsequently obtained by theWashington Post — in which he anticipated that a “very hostile legislative environment… could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement”. Et voila Paris… )

Speaking to CBS News the weekend in the immediate aftermath of the Paris attacks, former CIA deputy director Michael Morell said: “I think this is going to open an entire new debate about security versus privacy.”

“We, in many respects, have gone blind as a result of the commercialization and the selling of these devices that cannot be accessed either by the manufacturer or, more importantly, by us in law enforcement, even equipped with search warrants and judicial authority,” added New York City police commissioner, William J. Bratton, quoted by the NYT in a lengthy article probing the “possible” role of encrypted messaging apps in the Paris attacks.

Elsewhere the fast-flowing attacks on encrypted tech services have come without a byline — from unnamed European and American officials who say they are “not authorized to speak publicly”. Yet are happy to speak publicly, anonymously.

The NYT published an article on Sunday alleging that attackers had used “encryption technology” to communicate — citing “European officials who had been briefed on the investigation but were not authorized to speak publicly”. (The paper subsequently pulled the article from its website, as noted by InsideSources, although it can still be read via the Internet Archive.)

The irony of government/intelligence agency sources briefing against encryption on condition of anonymity as they seek to undermine the public’s right to privacy would be darkly comic if it weren’t quite so brazen.

Seeking to outlaw technology tools that are used by the vast majority of people to protect the substance of law-abiding lives is not just bad politics, it’s dangerous policy.

Here’s what one such unidentified British intelligence source told Politico: “As members of the general public get preoccupied that the government is spying on them, they have adopted these applications and terrorists have found them tailor-made for their own use.”

It’s a pretty incredible claim when you examine it. This unknown spook mouthpiece is saying terrorists are able to organize acts of mass murder as a direct consequence of the public’s dislike of government mass surveillance. Take even a cursory glance at the history of terrorism and that claim folds in on itself immediately. The highly co-ordinated 9/11 attacks of 2001 required no backdrop of public privacy fears in order to be carried out — and with horrifying, orchestrated effectiveness.

In the same Politico article, an identified source — J.M. Berger, the co-author of a book about ISIS — makes a far more credible claim: “Terrorists use technology improvisationally.”

Of course they do. The co-founder of secure messaging app Telegram, Pavel Durov, made much the same point earlier this fall when asked directly by TechCrunch about ISIS using his app to communicate. “Ultimately the ISIS will always find a way to communicate within themselves. And if any means of communication turns out to be not secure for them, then they switch to another one,” Durov argued. “I still think we’re doing the right thing — protecting our users privacy.”

Bottom line: banning encryption or enforcing tech companies to backdoor communications services has zero chance of being effective at stopping terrorists finding ways to communicate securely. They can and will route around such attempts to infiltrate their comms, as others have detailed at length.

Here’s a recap: terrorists can use encryption tools that are freely distributed from countries where your anti-encryption laws have no jurisdiction. Terrorists can (and do) build their own securely encrypted communication tools. Terrorists can switch to newer (or older) technologies to circumvent enforcement laws or enforced perforations. They can use plain old obfuscation to code their communications within noisy digital platforms like thePlaystation 4 network, folding their chatter into general background digital noise (of which there is no shortage). And terrorists can meet in person, using a network of trusted couriers to facilitate these meetings, as Al Qaeda — the terrorist group that perpetrated the highly sophisticated 9/11 attacks at a time when smartphones were far less common, nor was there a ready supply of easy-to-use end-to-end encrypted messaging apps — is known to have done.

Point is, technology is not a two-lane highway that can be regulated with a couple of neat roadblocks — whatever many politicians appear to think. All such roadblocks will do is catch the law-abiding citizens who rely on digital highways to conduct more and more aspects of their daily lives. And make those law-abiding citizens less safe in multiple ways.

There’s little doubt that the lack of technological expertise in the upper echelons of governments is snowballing into a very ugly problem indeed as technology becomes increasingly sophisticated yet political rhetoric remains grounded in age-old kneejerkery. Of course we can all agree it would be beneficial if we were able to stop terrorists from communicating. But the hard political truth of the digital era is that’s never going to be possible. It really is putting the proverbial finger in the dam. (There are even startups working on encryption that’s futureproofed against quantum computers — and we don’t even have quantum computers yet.)

Another hard political truth is that effective counter terrorism policy requires spending money on physical, on-the-ground resources — putting more agents on the ground, within local communities, where they can gain trust and gather intelligence. (Not to mention having a foreign policy that seeks to promote global stability, rather than generating the kind of regional instability that feeds extremism by waging illegal wars, for instance, or selling arms to regimes known to support the spread of extremist religious ideologies.)

Yet, in the U.K. at least, the opposite is happening — police force budgets are being slashed. Meanwhile domestic spy agencies are now being promised more staff, yet spooks’ time is increasingly taken up with remote analysis of data, rather than on the ground intelligence work. The U.K. government’s draft new surveillance laws aim to cement mass surveillance as the officially sanctioned counter terror modus operandi, and will further increase the noise-to-signal ratio with additional data capture measures, such as mandating that ISPs retain data on the websites every citizen in the country has visited for the past year. Truly the opposite of a targeted intelligence strategy.

The draft Investigatory Powers Bill also has some distinctly ambiguous wording when it comes to encryption — suggesting the U.K. government is still seeking to legislate a general ability that companies be able to decrypt communications. Ergo, to outlaw end-to-end encryption. Yes, we’re back here again. You’d be forgiven for thinking politicians lacked a long-term memory.

Effective encryption might be a politically convenient scapegoat to kick around in the wake of a terror attack — given it can be used to detract attention from big picture geopolitical failures of governments. And from immediate on the ground intelligence failures — whether those are due to poor political direction, or a lack of resources, or bad decision-making/prioritization by overstretched intelligence agency staff. Pointing the finger of blame at technology companies’ use of encryption is a trivial diversion tactic to detract from wider political and intelligence failures with much more complex origins.

(On the intelligence failures point, questions certainly need to be asked, given that French and Belgian intelligence agencies apparently knew about the jihadi backgrounds of perpetrators of the Paris attacks. Yet weren’t, apparently, targeting them closely enough to prevent Saturday’s attack. And all this despite France having hugely draconian counter-terrorism digital surveillance laws…)

But seeking to outlaw technology tools that are used by the vast majority of people to protect the substance of law-abiding lives is not just bad politics, it’s dangerous policy.

Mandating vulnerabilities be built into digital communications opens up an even worse prospect: new avenues for terrorists and criminals to exploit. As officials are busy spinning the notion that terrorism is all-but only possible because of the rise of robust encryption, consider this: if the public is deprived of its digital privacy — with terrorism applied as the justification to strip out the robust safeguard of strong encryption — then individuals become more vulnerable to acts of terrorism, given their communications cannot be safeguarded from terrorists. Or criminals. Or fraudsters. Or anyone incentivized by malevolent intent.

If you want to speculate on fearful possibilities, think about terrorists being able to target individuals at will via legally-required-to-be insecure digital services. If you think terror tactics are scary right now, think about terrorists having the potential to single out, track and terminate anyone at will based on whatever twisted justification fits their warped ideology — perhaps after that person expressed views they do not approve of in an online forum.

In a world of guaranteed insecure digital services it’s a far more straightforward matter for a terrorist to hack into communications to obtain the identity of a person they deem a target, and to use other similarly perforated technology services to triangulate and track someone’s location to a place where they can be made the latest victim of a new type of hyper-targeted, mass surveillance-enabled terrorism. Inherently insecure services could also be more easily compromised by terrorists to broadcast their own propaganda, or send out phishing scams, or otherwise divert attention en masse.

The only way to protect against these scenarios is to expand the reach of properly encrypted services. To champion the cause of safeguarding the public’s personal data and privacy, rather than working to undermine it — and undermining the individual freedoms the West claims to be so keen to defend in the process.

While, when it comes to counter terrorism strategy, what’s needed is more intelligenttargeting, not more mass measures that treat everyone as a potential suspect and deluge security agencies in an endless churn of irrelevant noise. Even the robust end-to-end encryption that’s now being briefed against as a ‘terrorist-enabling evil’ by shadowy officials on both sides of the Atlantic can be compromised at the level of an individual device. There’s no guaranteed shortcut to achieve that. Nor should there be — that’s the point. It takes sophisticated, targeted work.

But blanket measures to compromise the security of the many in the hopes of catching out the savvy few are even less likely to succeed on the intelligence front. We have mass surveillance already, and we also have blood on the streets of Paris once again. Encryption is just a convenient scapegoat for wider policy failures of an industrial surveillance complex.

So let’s not be taken in by false flags flown by anonymous officials trying to mask bad political decision-making. And let’s redouble our efforts to fight bad policy which seeks to entrench a failed ideology of mass surveillance — instead of focusing intelligence resources where they are really needed; honing in on signals, not drowned out by noise.

Source: TechCrunch.com

Tags: , , , ,

AAeYhK4

Emails: Russia-linked hackers tried to access Clinton server

October 5, 2015

WASHINGTON (AP) — Russia-linked hackers tried at least five times to pry into Hillary Rodham Clinton’s private email account while she was secretary of state, emails released Wednesday show. It is unclear if she clicked on any attachment and exposed her account.

Clinton, the Democratic front-runner in the 2016 presidential race, received the infected emails, disguised as speeding tickets from New York, over four hours early the morning of Aug. 3, 2011. The emails instructed recipients to print the attached tickets. Opening the attachment would have allowed hackers to take over control of a victim’s computer.

Security researchers who analyzed the malicious software in September 2011 said that infected computers would transmit information from victims to at least three server computers overseas, including one in Russia. That doesn’t necessarily mean Russian intelligence or citizens were responsible.

Nick Merrill, a spokesman for Clinton’s Democratic presidential campaign, said: “We have no evidence to suggest she replied to this email or that she opened the attachment. As we have said before, there is no evidence that the system was ever breached. All these emails show is that, like millions of other Americans, she received spam.”

Practically every Internet user is inundated with spam or virus-riddled messages daily. But these messages show hackers had Clinton’s email address, which was not public, and sent her a fake traffic ticket from New York state, where she lives. Most commercial antivirus software at the time would have detected the software and blocked it.

The phishing attempts highlight the risk of Clinton’s unsecure email being pried open by foreign intelligence agencies, even if others also received the virus concealed as a speeding ticket from Chatham, New York. The email misspelled the name of the city, came from a supposed New York City government account and contained a “Ticket.zip” file that would have been a red flag.

Clinton has faced increasing questions over whether her unusual email setup amounted to a proper form of secrecy protection and records retention. The emails themselves — many redacted heavily before public release — have provided no shocking disclosures thus far and Clinton has insisted the server was secure.

During Clinton’s tenure, the State Department and other U.S. government agencies faced their own series of hacking attacks. U.S. counterterrorism officials have linked them to China and Russia. But the government has a large staff of information technology experts, whereas Clinton has yet to provide any information on who maintained her server and how well it was secured.

The emails released Wednesday also show a Clinton confidant urging her boss and others in June 2011 not to “telegraph” how often senior officials at the State Department relied on their private email accounts to do government business because it could inspire hackers to steal information. The discussion never mentioned Clinton’s own usage of a private email account and server.

The exchange begins with policy chief Anne-Marie Slaughter lamenting that the State Department’s technology is “so antiquated that NO ONE uses a State-issued laptop and even high officials routinely end up using their home email accounts to be able to get their work done quickly and effectively.” She said more funds were needed and that an opinion piece might make the point to legislators.

Clinton said the idea “makes good sense,” but her chief of staff, Cheryl Mills, disagreed: “As someone who attempted to be hacked (yes I was one), I am not sure we want to telegraph how much folks do or don’t do off state mail b/c it may encourage others who are out there.”

The hacking attempts were included in the 6,300 pages the State Department released, covering a period when U.S. forces killed Osama bin Laden and the Arab Spring rocked American diplomacy.

The former first lady and New York senator had maintained that nothing was classified in her correspondence, but the intelligence community has identified messages containing “top secret” information. Clinton had insisted that all of her work emails were being reviewed by the State Department, but Pentagon officials recently discovered a new chain of messages between Clinton and then-Gen. David Petraeus dating to her first days in office that she did not send to the State Department.

As part of Wednesday’s release, officials upgraded the classification level of portions of 215 emails, State Department spokesman John Kirby said. Almost all were “confidential,” the lowest level of classification. Three emails were declared “secret,” a mid-tier level for information that could still cause serious damage to national security, if made public.

“The information we upgraded today was not marked classified at the time the emails were sent,” Kirby stressed.

Tags: , , , , , , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
privacy-coins-and-bitcoin-dominance-guide
Privacy Coins and Bitcoin Dominance Guide
August 7, 2018

The advent of Bitcoin has proved to be a key landmark in the way that money is thought about because...

Read more
Web threat
Privacy Coins Fall Through The Ranks As Market Caps Decline
July 30, 2018

Bitcoin.com has reported that the market caps for many privacy coins have decreased significantly ov...

Read more
venmo_pub_priv
SECURITY NEWS THIS WEEK: MAYBE GO AHEAD AND MAKE YOUR VENMO PRIVATE
July 25, 2018

THIS WEEK STARTED with a controversial, widely derided meeting between President Trump and Russian l...

Read more
4000
WhatsApp WARNING – Chat app blasted in damning new report on privacy
July 17, 2018

The Electronic Frontiers Foundation, EFF, has published its latest annual privacy audit, dubbed Who ...

Read more
imrs
SECURITY NEWS THIS WEEK: CARRIERS STOP SELLING LOCATION DATA IN A RARE PRIVACY WIN
June 26, 2018

WHAT'S THAT? A week with nearly as much good news as bad in the world of privacy and security? It's ...

Read more