Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘security’

gchq-hacking-news

The Feds Will Soon Be Able to Legally Hack Almost Anyone

September 19, 2016

Digital devices and software programs are complicated. Behind the pointing and clicking on screen are thousands of processes and routines that make everything work. So when malicious software—malware—invades a system, even seemingly small changes to the system can have unpredictable impacts.

That’s why it’s so concerning that the Justice Department is planning a vast expansion of government hacking. Under a new set of rules, the FBI would have the authority to secretly use malware to hack into thousands or hundreds of thousands of computers that belong to innocent third parties and even crime victims. The unintended consequences could be staggering.
The new plan to drastically expand the government’s hacking and surveillance authorities is known formally as amendments to Rule 41 of the Federal Rules of Criminal Procedure, and the proposal would allow the government to hack a million computers or more with a single warrant. If Congress doesn’t pass legislation blocking this proposal, the new rules go into effect on December 1. With just six work weeks remaining on the Senate schedule and a long Congressional to-do list, time is running out.

The government says it needs this power to investigate a network of devices infected with malware and controlled by a criminal—what’s known as a “botnet.” But the Justice Department has given the public far too little information about its hacking tools and how it plans to use them. And the amendments to Rule 41 are woefully short on protections for the security of hospitals, life-saving computer systems, or the phones and electronic devices of innocent Americans.
Without rigorous and periodic evaluation of hacking software by independent experts, it would be nothing short of reckless to allow this massive expansion of government hacking.
If malware crashes your personal computer or phone, it can mean a loss of photos, documents and records—a major inconvenience. But if a hospital’s computer system or other critical infrastructure crashes, it puts lives at risk. Surgical directives are lost. Medical histories are inaccessible. Patients can wait hours for care. If critical information isn’t available to doctors, people could die. Without new safeguards on the government’s hacking authority, the FBI could very well be responsible for this kind of tragedy in the future.
No one believes the government is setting out to damage victims’ computers. But history shows just how hard it is to get hacking tools right. Indeed, recent experience shows that tools developed by law enforcement have actually been co-opted and used by criminals and miscreants. For example, the FBI digital wiretapping tool Carnivore, later renamed DCS 3000, had weaknesses (which were eventually publicly identified) that made it vulnerable to spoofing by unauthorized parties, allowing criminals to hijack legitimate government searches. Cisco’s Law Enforcement access standards, the guidelines for allowing government wiretaps through Cisco’s routers, had similar weaknesses that security researchers discovered.

The government will likely argue that its tools for going after large botnets have yet to cause the kind of unintended damage we describe. But it is impossible to verify that claim without more transparency from the agencies about their operations. Even if the claim is true, today’s botnets are simple, and their commands can easily be found online. So even if the FBI’s investigative techniques are effective today, in the future that might not be the case. Damage to devices or files can happen when a software program searches and finds pieces of the botnet hidden on a victim’s computer. Indeed, damage happens even when changes are straightforward: recently an anti-virus scan shut down a device in the middle of heart surgery.

Compounding the problem is that the FBI keeps its hacking techniques shrouded in secrecy. The FBI’s statements to date do not inspire confidence that it will take the necessary precautions to test malware before deploying them in the field. One FBI special agent recently testified that a tool was safe because he tested it on his home computer, and it “did not make any changes to the security settings on my computer.” This obviously falls far short of the testing needed to vet a complicated hacking tool that could be unleashed on millions of devices.

Why would Congress approve such a short-sighted proposal? It didn’t. Congress had no role in writing or approving these changes, which were developed by the US court system through an obscure procedural process. This process was intended for updating minor procedural rules, not for making major policy decisions.

This kind of vast expansion of government mass hacking and surveillance is clearly a policy decision. This is a job for Congress, not a little-known court process.

If Congress had to pass a bill to enact these changes, it almost surely would not pass as written. The Justice Department may need new authorities to identify and search anonymous computers linked to digital crimes. But this package of changes is far too broad, with far too little oversight or protections against collateral damage.

Congress should block these rule changes from going into effect by passing the bipartisan, bicameral Stopping Mass Hacking Act. Americans deserve a real debate about the best way to update our laws to address online threats.

Tags: , , , , , , , ,

s.aolcdn.com

FBI Chief James Comey Recommends Taping Over Your Webcam And Likened It To Locking Your Car And Your House At Night.

September 15, 2016

FBI director James Comey revealed during the Center for Strategic and International Studies conference that he knew he was mocked for admitting that he tapes over his webcam. But that didn’t stop him from recommending that other people do the same. “There’s some sensible things you should be doing, and that’s one of them,” he said at the event. He likened it to locking cars and doors at night, as well as setting up alarm systems for your own safety and security. He added: “You go into any government office and we all have the little camera things that sit on top of the screen. They all have a little lid that closes down on them. You do that so that people who don’t have authority don’t look at you. I think that’s a good thing.”
If hackers get a hold of your webcam, they can easily turn your life into a reality show without your consent. Back in 2014, someone put up a website that showed live feeds from people’s CCTVs, baby monitors and webcams, while a hacker live streamed footage from people’s computers on YouTube last year. In some instances, hackers use the victims’ webcams to take sensitive photos, like what happened to Miss Teen USA 2013 Cassidy Wolf.
Despite the dangers of leaving webcams uncovered, Comey was still mocked online because, as The Hill noted, people find it funny that the FBI’s head honcho takes extra care of his privacy. Some reference the agency’s efforts to force Apple into unlocking the San Bernardino shooter’s iPhone, in particular. If you’ll recall, Apple didn’t budge, and the feds had to pay a third party for a tool to unlock the device. Comey defended himself during his talk, however, telling attendees that “It’s not crazy that the FBI director cares about personal security as well.”

Tags: , , , ,

china-censorship-of-the-internet-cartoon_0btrteh

Internet Tracking Has Moved Beyond Cookies

September 6, 2016

Chances are you know you’re being tracked online. Most of us are at the point where we’re not surprised when an ad for something we searched for on one site appears on the next site we visit. We know that many pages (yes, this one you’re reading, too) drop cookies and other scripts into our browser to keep tabs on our activity and sell us stuff.
A new survey from a group of Princeton researchers of one million websites sheds some light on the cutting-edge tricks being used to follow your digital trail. Rather than placing a tracker on your browser, many sites are now “fingerprinting” — using information about your computer such as battery status or browser window size to identify your presence.
Arvind Narayanan, one of the authors of the Princeton study, discusses his research, the latest in online tracking and what you (and our lawmakers) can do to counter the trackers.
Read a partial transcript below. Here are a few of the tools and studies we mentioned in the show:
• Arvind Narayanan and Steven Englehardt’s full paper (PDF)
• Ghostery, an online tool that alerts you to the trackers on the website you’re visiting
• Panopticlick from the Electronic Frontier Foundation, which analyzes how well your browser is protected from tracking
How fingerprinting works
Arvind Narayanan: In the ad tech industry, cookies are gradually being shunted in favor of fingerprinting. The reason that fingerprinting is so effective is that even if you have a device that you think is identical to the device of the person sitting next to you, there are going to be a number of differences in the behavior of your browser. The set of fonts installed on your browser could be different. The precise version number of the browser could be different. Your battery status could be different from that of the person next to you, or anybody else in the world. And it turns out that if you put all of these pieces of information together, a unique or nearly unique picture of the behavior of your device emerges that’s going to be relatively stable over time. And that enables your companies to recognize you when you come back.
Jody Avirgan: But how does it enable that? My actual finger’s fingerprint doesn’t change from today to tomorrow. But my computer’s battery status can change. So how do they know it’s still you?
Narayanan: The battery status is actually the only exception to that general principle. And that’s the reason why we’re still figuring out how that works. [Editor’s note: Earlier in the interview, Narayanan had mentioned that the rate at which your battery depletes might be an identifier.] But let’s say you’ve got 41 fonts installed on your browser today. You come back in a week, maybe you have 43 fonts installed. But 41 of those are going to be the same as what they saw a week ago. And it changes slowly enough that statistically you can have a high degree of confidence. In the industry they call these things statistical IDs. It’s not as certain as putting a cookie on your browser, but you can derive a very high degree of confidence.
Tracking’s chilling effect
Narayanan: The reason that this is really important, and perhaps the primary thing that motivates me to do this research, is this world of pervasive surveillance that we’re entering into — and I’m going to use that word surveillance very deliberately, because it is surveillance. Everything that we look at online and click on is getting stored in a database somewhere. And it’s being data-mined and various [decisions] are being based on that. Targeted advertising is a relatively innocuous example, but there are a variety of other things that can and do happen.
There is research that shows that when people know they are being tracked and surveilled, they change their behavior. We lose our intellectual freedom. A variety of things we consider important for our civil liberties — say, marriage equality — are things that would have been stigmatized just a few decades ago. And the reason we got to the point where it was possible to talk about it and try to change our norms and rules is because people had the freedom to talk to each other privately. To find out that there are like-minded people. As we move to a digital world, are we losing those abilities or freedoms? That is the thing to me that is the question. That’s the most worrisome thing about online tracking. It’s not so much the advertising.

Tags: , , , , , , ,

static2.politico.com

ICIT Reports Says: “Hacking Elections Is Easy! Tactics, Techniques And Procedures”

August 30, 2016

True democracy relies on the reliability of the democratic process. The “Help America Vote Act”, passed in 2002, ushered in an era of uncertainty by proliferating the use of electronic voting systems vulnerable to cyber, technical and physical attack. More often than not, electronic voting systems are nothing but bare-bone, decade old computer systems that lack even rudimentary endpoint security. Despite the recurring discussion on electronic voting vulnerabilities that occurs every four years, only limited attention is given to the systemic problem undermining American democracy. It’s time for a complete overhaul in the electoral process’ cyber, technical and physical security.
In this analysis, entitled, “Hacking Elections is Easy! Part One: Tactics, Techniques, and Procedures”, the Institute for Critical Infrastructure Technology provides a detailed analysis of the risks that voting machines and the digital age have introduced into our democratic process which have the potential to impact the integrity of election results. The report discusses:
• The shocking ease of hacking all aspects of virtually any voting machine’s “black box” technology
• The cyber, technical and physical attack methods that could be enlisted by Nation States, Hacktivists and black hat hackers
• Social Engineering attack vectors and methods that are so easy, even a novice script kiddie can do it
• A few simple tactics that can “fix” any local, state or national campaign in just days or even hours
• And much more
This paper was authored by:
• James Scott (Senior Fellow – Institute for Critical Infrastructure Technology)
• Drew Spaniel (Researcher – Institute for Critical Infrastructure Technology)
The following experts contributing to this report:
• Rob Roy (Fellow – Institute for Critical Infrastructure Technology & Federal CTO, HPE)
Part Two of this paper will be published shortly and provide a deeper technical analysis of this threat.
Download the paper here: http://icitech.org/wp-content/uploads/2016/08/ICIT-Analysis-Hacking-Elections-is-Easy-Part-One1.pdf

Tags: , , , , , , , ,

CnLLlWSVYAM8NTZ

You Are Unknowingly A CIA Subcontractor Agent If You Play PokemonGO. And Here Is Why.

August 29, 2016

Before going in to explanations on why, let me take you to some areas you need to know previous to heading more deeply into this matter. Have you ever before heard of the NGA?
No, not the National Governors Associations, and neither a National Galery of Art.
The NGA which is a National Geospatial-Intelligence Agency (Wikipedia) – is a US Department Of Defense agency that provides location, mapping and imagery intelligence support to NSA and CIA in combat operations.
In 1999 a venture capital firm called In-Q-Tell was founded by former Lockheed Martin CEO Norman Augustine. In-Q-Tel invests in high-tech companies for the sole purpose of keeping the Central Intelligence Agency, and other intelligence agencies, equipped with the latest in information technology in support of United States intelligence capability.
In-Q-Tel’s mission is to identify and invest in companies developing cutting-edge technologies that serve United States national security interests. And much of the In-Q-tel’s funding comes’ from National Geospatial-Intelligence Agency
The firm is seen as a trend-setter in the information technology industry, with the average dollar invested by In-Q-Tel in 2012 attracting nine dollars of investment from other companies.
Former CIA director George Tenet who was Director of Central Intelligence from July 1997 to July 2004 says:
“We [the CIA] decided to use our limited dollars to leverage technology developed elsewhere. In 1999 we chartered … In-Q-Tel. … While we pay the bills, In-Q-Tel is independent of CIA. CIA identifies pressing problems, and In-Q-Tel provides the technology to address them. The In-Q-Tel alliance has put the Agency back at the leading edge of technology … This … collaboration … enabled CIA to take advantage of the technology that Las Vegas uses to identify corrupt card players and apply it to link analysis for terrorists and to adapt the technology that online booksellers use and convert it to scour millions of pages of documents looking for unexpected results”
In 2001, In-Q-Tel invested in “Keyhole Inc.” founded by John Hanke, who previously worked in a “foreign affairs” position within the U.S. government. Key Hole developed 3D “flyby” images of buildings and terrain from geospatial data collected by satellites with the name of the product known to public at that time as “Earth”
In 2004 In-Q-Tel sold it’s shares to Google which resulted in Google’s acquisition of “Key Hole”- the CIA funded satellite mapping software, which after the take over Google rolled it to what we now know as “Google Earth”
As of August 2006, In-Q-Tel had reviewed more than 5,800 business plans, invested some $150 million in more than 90 companies, and delivered more than 130 technology solutions to the intelligence community. In 2005 it was said to be funded with about $37 million a year from the CIA.
In 2010, John Hanke, the founder of Keyhole, has founded Niantic Labs, an internal start up at Google. Over the next few years, Niantic created two location-based apps/games. The first was Field Trip, a smartphone application where users walk around and find things. The second was Ingress, a sci-fi-themed game where players walk around and between locations in the real world.
And here is an interesting connection. The name of the first company founded by John Hanke – “Keyhole Inc” was a homage, a tribute to KH – code name of the satellites utilized in Corona program – a program that was launched back in 1959 by CIA to conduct photographic surveillance of the USSR, People’s Republic of China and other areas with the help of satellites. The Corona satellites were designated KH-1, KH-2, KH-3, KH-4, KH-4A and KH-4B.
KH stood for “Key Hole” or “Keyhole” with the name being an analogy to the act of spying into a person’s room by peering through their door’s keyhole.
It’s easy to see why the CIA would have an interest in the software behind Pokémon Go; the game utilizes the player’s camera and gyroscope to display an image of a Pokémon as though it were in the real world, such as the player’s apartment complex or workplace bathroom.
Software like that could theoretically turn millions of smartphone users into ‘Imperial probe droids’ who take real-time, ground-level footage of their cities and homes, reaching into dark alleyways and basements which spy satellites and Google cars can’t reach. Pokemon Go could be reasonably considered a logical continuation of the Corona program.
Going back to In-Q-Tel, the CIA is not just using games for its purposes in global surveillance, it’s venture firm’s start up projects in App and gaming industry are attracting public interest and participation in promotion of its startups which when successful create global buzz and generate $ billions of profit what in the end brings return on investment to the CIA initially having invested in these startups.
Young people have been tricked by the Pokemon Go into giving up their privacy to these intelligence agencies.And if you already downloaded Pokemon Go, what means you gave access to your Google User ID, Google account and email address, primarily your Gmail account- your email box, it’s a right time to think of moving to a secure and private email services like Shazzlemail which is free and offers end-to-end encryption of your email communications and is on guard of your privacy.

Tags: , , , , , , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
main-snowden
Edward Snowden’s Autobiography Makes a Plea for the Fourth Amendment, the Right to Privacy, and Encryption
September 24, 2019

America's most famous whistleblower calls for restricting the power of government. Article by SCO...

Read more
ph
Chinese deepfake app Zao sparks privacy row after going viral
September 3, 2019

Critics say face-swap app could spread misinformation on a massive scale A Chinese app that lets ...

Read more
1463600977631262
Google tightens grip on some Android data over privacy fears, report says
August 19, 2019

The search giant ends a program that provided network coverage data to wireless carriers. BY CARR...

Read more
4000
Wikipedia co-founder slams Mark Zuckerberg, Twitter and the ‘appalling’ internet
July 8, 2019

Elizabeth Schulze Wikpedia Co-Founder Larry Sanger said in an interview social media companies ...

Read more
venmo_pub_priv
Why America Needs a Thoughtful Federal Privacy Law
June 26, 2019

More than a dozen privacy bills have been introduced in this Congress. Here’s what it needs to do....

Read more