jm + spying   26

Exclusive: Snowden intelligence docs reveal UK spooks' malware checklist / Boing Boing
This is an excellent essay from Cory Doctorow on mass surveillance in the post-Snowden era, and the difference between HUMINT and SIGINT. So much good stuff, including this (new to me) cite for, "Goodhart's law", on secrecy as it affects adversarial classification:
The problem with this is that once you accept this framing, and note the happy coincidence that your paymasters just happen to have found a way to spy on everyone, the conclusion is obvious: just mine all of the data, from everyone to everyone, and use an algorithm to figure out who’s guilty. The bad guys have a Modus Operandi, as anyone who’s watched a cop show knows. Find the MO, turn it into a data fingerprint, and you can just sort the firehose’s output into ”terrorist-ish” and ”unterrorist-ish.”

Once you accept this premise, then it’s equally obvious that the whole methodology has to be kept from scrutiny. If you’re depending on three ”tells” as indicators of terrorist planning, the terrorists will figure out how to plan their attacks without doing those three things.

This even has a name: Goodhart's law. "When a measure becomes a target, it ceases to be a good measure." Google started out by gauging a web page’s importance by counting the number of links they could find to it. This worked well before they told people what they were doing. Once getting a page ranked by Google became important, unscrupulous people set up dummy sites (“link-farms”) with lots of links pointing at their pages.
adversarial-classification  classification  surveillance  nsa  gchq  cory-doctorow  privacy  snooping  goodharts-law  google  anti-spam  filtering  spying  snowden 
february 2016 by jm
Red lines and no-go zones - the coming surveillance debate
The Anderson Report to the House of Lords in the UK on RIPA introduces a concept of a "red line":
"Firm limits must also be written into the law: not merely safeguards, but red lines that may not be crossed." …   
"Some might find comfort in a world in which our every interaction and movement could be recorded, viewed in real time and indefinitely retained for possible future use by the authorities. Crime fighting, security, safety or public health justifications are never hard to find." [13.19] 

The Report then gives examples, such as a perpetual video feed from every room in every house, the police undertaking to view the record only on receipt of a complaint; blanket drone-based surveillance; licensed service providers, required as a condition of the licence to retain within the jurisdiction a complete plain-text version of every communication to be made available to the authorities on request; a constant data feed from vehicles, domestic appliances and health-monitoring personal devices; fitting of facial recognition software to every CCTV camera and the insertion of a location-tracking chip under every individual's skin.

It goes on:
"The impact of such powers on the innocent could be mitigated by the usual apparatus of safeguards, regulators and Codes of Practice. But a country constructed on such a basis would surely be intolerable to many of its inhabitants. A state that enjoyed all those powers would be truly totalitarian, even if the authorities had the best interests of its people at heart." [13.20] …  

"The crucial objection is that of principle. Such a society would have gone beyond Bentham's Panopticon (whose inmates did not know they were being watched) into a world where constant surveillance was a certainty and quiescence the inevitable result. There must surely come a point (though it comes at different places for different people) where the escalation of intrusive powers becomes too high a price to pay for a safer and more law abiding environment." [13.21]
panopticon  jeremy-bentham  law  uk  dripa  ripa  surveillance  spying  police  drones  facial-recognition  future  tracking  cctv  crime 
november 2015 by jm
The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle
Holy shit. Gemalto totally rooted.
With [Gemalto's] stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.

[...] According to one secret GCHQ slide, the British intelligence agency penetrated Gemalto’s internal networks, planting malware on several computers, giving GCHQ secret access. We “believe we have their entire network,” the slide’s author boasted about the operation against Gemalto.
encryption  security  crypto  nsa  gchq  gemalto  smartcards  sim-cards  privacy  surveillance  spying 
february 2015 by jm
Sign up for Privacy International's anti-surveillance campaign
Have you ever made a phone call, sent an email, or, you know, used the internet? Of course you have!

Chances are, at some point over the past decade, your communications were swept up by the U.S. National Security Agency. The NSA then shares information with the UK Government's intelligence agency GCHQ by default. A recent court ruling found that this sharing was unlawful. But no one could find out if their records were collected and then illegally shared between these two agencies… until now!

Because of our recent victory against the UK intelligence agency in court, now anyone in the world — yes, ANYONE, including you — can find out if GCHQ illegally received information about you from the NSA. Join our campaign by entering your details below to find out if GCHQ illegally spied on you, and confirm via the email we send you. We'll then go to court demanding that they finally come clean on unlawful surveillance.
gchq  nsa  spying  surveillance  internet  phone  uk  law  campaign  privacy-international 
february 2015 by jm
Amazing comment from a random sysadmin who's been targeted by the NSA
'Here's a story for you.
I'm not a party to any of this. I've done nothing wrong, I've never been suspected of doing anything wrong, and I don't know anyone who has done anything wrong. I don't even mean that in the sense of "I pissed off the wrong people but technically haven't been charged." I mean that I am a vanilla, average, 9-5 working man of no interest to anybody. My geographical location is an accident of my birth. Even still, I wasn't accidentally born in a high-conflict area, and my government is not at war. I'm a sysadmin at a legitimate ISP and my job is to keep the internet up and running smoothly.
This agency has stalked me in my personal life, undermined my ability to trust my friends attempting to connect with me on LinkedIn, and infected my family's computer. They did this because they wanted to bypass legal channels and spy on a customer who pays for services from my employer. Wait, no, they wanted the ability to potentially spy on future customers. Actually, that is still not accurate - they wanted to spy on everybody in case there was a potentially bad person interacting with a customer.
After seeing their complete disregard for anybody else, their immense resources, and their extremely sophisticated exploits and backdoors - knowing they will stop at nothing, and knowing that I was personally targeted - I'll be damned if I can ever trust any electronic device I own ever again.
You all rationalize this by telling me that it "isn't surprising", and that I don't live in the [USA,UK] and therefore I have no rights.
I just have one question.
Are you people even human?'
nsa  via:ioerror  privacy  spying  surveillance  linkedin  sysadmins  gchq  security 
january 2015 by jm
Why Ireland must protect privacy of Irish emails and internet usage from surveillance
It’s now over a year since Edward Snowden went public with evidence of mass surveillance and extensive abuses by the NSA, GCHQ and other intelligence agencies. In other countries these revelations prompted parliamentary inquiries, diplomatic representations and legislation. In Ireland the only response was a promise [..] to help extradite Mr Snowden should he land here.
ireland  politics  edward-snowden  extradition  privacy  nsa  gchq  spying  surveillance  tj-mcintyre 
december 2014 by jm
Operation Socialist: How GCHQ Spies Hacked Belgium’s Largest Telco
Chilling.
GCHQ maintains a huge repository named MUTANT BROTH that stores billions of these intercepted cookies, which it uses to correlate with IP addresses to determine the identity of a person. GCHQ refers to cookies internally as “target detection identifiers.”
privacy  gchq  surveillance  belgacom  regin  uk  spying  belgium  isps  cookies  malware 
december 2014 by jm
Six things we know from the latest FinFisher documents | Privacy International
The publishing of materials from a support server belonging to surveillance-industry giant Gamma International has provided a trove of information for technologists, security researchers and activists. This has given the world a direct insight into a tight-knit industry, which demands secrecy for themselves and their clients, but ultimately assists in the violation human rights of ordinary people without care or reproach. Now for the first time, there is solid confirmation of Gamma's activities from inside the company's own files, despite their denials, on their clients and support provided to a range of governments.
finfisher  gamma-international  privacy  surveillance  iphone  android  rootkits  wiretapping  germany  privacy-international  spying  bahrain  turkmenistan  arab-spring  egypt  phones  mobile 
august 2014 by jm
SpideyApp
an Android-based stingray (IMSI catcher) detector that uses machine learning to detect the presence of stingray devices which can be used to eavesdrop on cellular communication.


In pre-launch right now. Via EthanZ via Antoin
imsi-catcher  stingray  surveillance  via:ethanz  snooping  spying  privacy  mobile 
may 2014 by jm
"They Know Everything We Do"
[via Boing Boing:] A new, exhaustive report from Human Rights Watch details the way the young state of modern Ethiopia has become a kind of pilot program for the abuse of "off-the-shelf" surveillance, availing itself of commercial products from the US, the UK, France, Italy and China in order to establish an abusive surveillance regime that violates human rights and suppresses legitimate political opposition under the guise of a anti-terrorism law that's so broadly interpreted as to be meaningless.

The 137 page report [from Human Rights Watch] details the technologies the Ethiopian government has acquired from several countries and uses to facilitate surveillance of perceived political opponents inside the country and among the diaspora. The government’s surveillance practices violate the rights to freedom of expression, association, and access to information. The government’s monopoly over all mobile and Internet services through its sole, state-owned telecom operator, Ethio Telecom, facilitates abuse of surveillance powers.
human-rights  surveillance  ethiopia  spying  off-the-shelf  spyware  big-brother  hrw  human-rights-watch 
march 2014 by jm
Theresa May warns Yahoo that its move to Dublin is a security worry
Y! is moving to Dublin to evade GCHQ spying on its users. And what is the UK response?
"There are concerns in the Home Office about how Ripa will apply to Yahoo once it has moved its headquarters to Dublin," said a Whitehall source. "The home secretary asked to see officials from Yahoo because in Dublin they don't have equivalent laws to Ripa. This could particularly affect investigations led by Scotland Yard and the national crime agency. They regard this as a very serious issue."


There's priorities for you!
ripa  gchq  guardian  uk  privacy  data-protection  ireland  dublin  london  spying  surveillance  yahoo 
march 2014 by jm
Enemies of the Internet 2014: entities at the heart of censorship and surveillance | Enemies of the Internet
The mass surveillance methods employed in [the UK, USA, and India], many of them exposed by NSA whistleblower Edward Snowden, are all the more intolerable because they will be used and indeed are already being used by authoritarians countries such as Iran, China, Turkmenistan, Saudi Arabia and Bahrain to justify their own violations of freedom of information. How will so-called democratic countries will able to press for the protection of journalists if they adopt the very practices they are criticizing authoritarian regimes for?


This is utterly jaw-dropping -- throughout the world, real-time mass-monitoring infrastructure is silently being dropped into place. France and India are particularly pervasive
journalism  censorship  internet  france  india  privacy  data-protection  surveillance  spying  law  snowden  authoritarianism 
march 2014 by jm
Rule 34, meet Kafka
Charlie Stross on GCHQ's 1984-esque webcam spying
webcams  porn  charlie-stross  funny  1984  dystopian  masturbation  surveillance  spying 
february 2014 by jm
Latest Snowden leak: GCHQ spying on Wikileaks users
“How could targeting an entire website’s user base be necessary or proportionate?” says Gus Hosein, executive director of the London-based human rights group Privacy International. “These are innocent people who are turned into suspects based on their reading habits. Surely becoming a target of a state’s intelligence and security apparatus should require more than a mere click on a link.” The agency’s covert targeting of WikiLeaks, Hosein adds, call into question the entire legal rationale underpinning the state’s system of surveillance. “We may be tempted to see GCHQ as a rogue agency, ungoverned in its use of unprecedented powers generated by new technologies,” he says. “But GCHQ’s actions are authorized by [government] ministers. The fact that ministers are ordering the monitoring of political interests of Internet users shows a systemic failure in the rule of law."
gchq  wikileaks  snowden  privacy  spying  surveillance  politics 
february 2014 by jm
Beirtear na IMSIs: Ireland's GSOC surveillance inquiry reveals use of mobile phone interception systems | Privacy International
It is interesting to note that the fake UK network was the only one detected by Verrimus. However, given that IMSI Catchers operate multiple fake towers simultaneously, it is highly likely that one or more Irish networks were also being intercepted. Very often a misconfiguration, such as an incorrect country code, is the only evidence available of an IMSI Catcher being deployed when forensic tools are not being used to look for one.
privacy  imsi-catchers  surveillance  bugging  spying  gsocgate  gsoc  ireland  mobile-phones 
february 2014 by jm
193_Cellxion_Brochure_UGX Series 330
The Cellxion UGX Series 330 is a 'transportable Dual GSM/Triple UMTS Firewall and Analysis Tool' -- ie. an IMSI catcher in a briefcase, capable of catching IMSI/IMEIs in 3G. It even supports configurable signal strength. Made in the UK
cellxion  imsi-catchers  imei  surveillance  gsocgate  gsm  3g  mobile-phones  security  spying 
february 2014 by jm
The Spyware That Enables Mobile-Phone Snooping - Bloomberg
More background on IMSI catchers -- looking likely to have been the "government-level technology" used to snoop on the Garda Ombudsman's offices, particularly given the 'detection of an unexpected UK 3G network near the GSOC offices':
The technology involved is called cellular interception. The active variety of this, the “IMSI catcher,” is a portable device that masquerades as a mobile phone tower. Any phone within range (a mile for a low-grade IMSI catcher; as much as 100 miles for a passive interception device with a very large antenna, such as those used in India) automatically checks to see if the device is a tower operated by its carrier, and the false “tower” indicates that it is. It then logs the phone’s International Mobile Subscriber Identity number -- and begins listening in on its calls, texts and data communications. No assistance from any wireless carrier is needed; the phone has been tricked.
[...] “network extender” devices -- personal mobile-phone towers -- sold by the carriers themselves, often called femtocells, can be turned into IMSI catchers.


Via T.J. McIntyre
via:tjmcintyre  imsi-catchers  surveillance  privacy  gsocgate  mobile-phones  spying  imsi 
february 2014 by jm
Ryan Lizza: Why Won’t Obama Rein in the N.S.A.? : The New Yorker
Fantastic wrap-up of the story so far on the pervasive global surveillance story.
The history of the intelligence community, though, reveals a willingness to violate the spirit and the letter of the law, even with oversight. What’s more, the benefits of the domestic-surveillance programs remain unclear. Wyden contends that the N.S.A. could find other ways to get the information it says it needs. Even Olsen, when pressed, suggested that the N.S.A. could make do without the bulk-collection program. “In some cases, it’s a bit of an insurance policy,” he told me. “It’s a way to do what we otherwise could do, but do it a little bit more quickly.”

In recent years, Americans have become accustomed to the idea of advertisers gathering wide swaths of information about their private transactions. The N.S.A.’s collecting of data looks a lot like what Facebook does, but it is fundamentally different. It inverts the crucial legal principle of probable cause: the government may not seize or inspect private property or information without evidence of a crime. The N.S.A. contends that it needs haystacks in order to find the terrorist needle. Its definition of a haystack is expanding; there are indications that, under the auspices of the “business records” provision of the Patriot Act, the intelligence community is now trying to assemble databases of financial transactions and cell-phone location information. Feinstein maintains that data collection is not surveillance. But it is no longer clear if there is a distinction.
nsa  gchq  surveillance  spying  privacy  dianne-feinstein  new-yorker  journalism  long-reads  us-politics  probable-cause 
december 2013 by jm
Spy agencies in covert push to infiltrate virtual world of online gaming
[MMOGs], the [NSA] analyst wrote, "are an opportunity!". According to the briefing notes, so many different US intelligence agents were conducting operations inside games that a "deconfliction" group was required to ensure they weren't spying on, or interfering with, each other.
spies  spying  games  mmog  online  surveillance  absurd  east-germany  funny  warcraft 
december 2013 by jm
Mike Hearn - Google+ - The packet capture shown in these new NSA slides shows…
The packet capture shown in these new NSA slides shows internal database replication traffic for the anti-hacking system I worked on for over two years. Specifically, it shows a database recording a user login.


This kind of confirms my theory that the majority of interesting traffic for the NSA/GCHQ MUSCULAR sniffing system would have been inter-DC replication. Was, since it sounds like that stuff's all changing now to use end-to-end crypto...
google  crypto  security  muscular  nsa  gchq  mike-hearn  replication  sniffing  spying  surveillance 
november 2013 by jm
It’s time for Silicon Valley to ask: Is it worth it?
These companies and their technologies are built on data, and the data is us. If we are to have any faith in the Internet, we have to trust them to protect it. That’s a relationship dynamic that will become only more intertwined as the Internet finds its way into more aspects of our daily existences, from phones that talk to us to cars that drive themselves.

The US’s surveillance programs threaten to destroy that trust permanently.

America’s tech companies must stand up to this pervasive and corrosive surveillance system. They must ask that difficult question: “Is it worth it?”
silicon-valley  tech  nsa  gchq  spying  surveillance  internet  privacy  data-protection 
november 2013 by jm
Sorry, lobbyists! Europe’s post-Snowden privacy reform gets a major boost
Following months of revelations, and on the same day that France heard its citizens’ phone calls were being reportedly recorded en masse by the Americans, the Parliament’s committee gave a resounding thumbs-up to every single amendment proposed by industrious German Green MEP Jan Phillip Albrecht (pictured above).


lolz.
lobbying  tech  surveillance  privacy  eu  jan-phillip-albrecht  ep  spying 
october 2013 by jm
Necessary and Proportionate -- In Which Civil Society is Caught Between a Cop and a Spy
Modern telecommunications technology implied the development of modern telecommunications surveillance, because it moved the scope of action from the physical world (where intelligence, generally seen as part of the military mission, had acted) to the virtual world—including the scope of those actions that could threaten state power. While the public line may have been, as US Secretary of State Henry Stimson said in 1929, “gentlemen do not open each other’s mail”, you can bet that they always did keep a keen eye on the comings and goings of each other’s shipping traffic.

The real reason that surveillance in the context of state intelligence was limited until recently was because it was too expensive, and it was too expensive for everyone. The Westphalian compromise demands equality of agency as tied to territory. As soon as one side gains a significant advantage, the structure of sovereignty itself is threatened at a conceptual level — hence Oppenheimer as the death of any hope of international rule of law. Once surveillance became cheap enough, all states were (and will increasingly be) forced to attempt it at scale, as a reaction to this pernicious efficiency. The US may be ahead of the game now, but Moore’s law and productization will work their magic here.
government  telecoms  snooping  gchq  nsa  surveillance  law  politics  intelligence  spying  internet 
september 2013 by jm
David Miranda, schedule 7 and the danger that all reporters now face | Alan Rusbridger | Comment is free | The Guardian
The man was unmoved. And so one of the more bizarre moments in the Guardian's long history occurred – with two GCHQ security experts overseeing the destruction of hard drives in the Guardian's basement just to make sure there was nothing in the mangled bits of metal which could possibly be of any interest to passing Chinese agents. "We can call off the black helicopters," joked one as we swept up the remains of a MacBook Pro.

Whitehall was satisfied, but it felt like a peculiarly pointless piece of symbolism that understood nothing about the digital age. We will continue to do patient, painstaking reporting on the Snowden documents, we just won't do it in London. The seizure of Miranda's laptop, phones, hard drives and camera will similarly have no effect on Greenwald's work.

The state that is building such a formidable apparatus of surveillance will do its best to prevent journalists from reporting on it. Most journalists can see that. But I wonder how many have truly understood the absolute threat to journalism implicit in the idea of total surveillance, when or if it comes – and, increasingly, it looks like "when".

We are not there yet, but it may not be long before it will be impossible for journalists to have confidential sources. Most reporting – indeed, most human life in 2013 – leaves too much of a digital fingerprint. Those colleagues who denigrate Snowden or say reporters should trust the state to know best (many of them in the UK, oddly, on the right) may one day have a cruel awakening. One day it will be their reporting, their cause, under attack. But at least reporters now know to stay away from Heathrow transit lounges.
nsa  gchq  surveillance  spying  snooping  guardian  reporters  journalism  uk  david-miranda  glenn-greenwald  edward-snowden 
august 2013 by jm

related tags

3g  absurd  adversarial-classification  android  anti-spam  arab-spring  authoritarianism  bahrain  belgacom  belgium  big-brother  bugging  campaign  cctv  cellxion  censorship  charlie-stross  china  classification  cookies  cory-doctorow  crime  crypto  data-protection  david-miranda  dianne-feinstein  dripa  drones  dublin  dystopian  east-germany  edward-snowden  egypt  encryption  ep  ep-3e  ethiopia  eu  extradition  facial-recognition  filtering  finfisher  france  funny  future  games  gamma-international  gchq  gemalto  germany  glenn-greenwald  goodharts-law  google  government  gsm  gsoc  gsocgate  guardian  hrw  human-rights  human-rights-watch  imei  imsi  imsi-catcher  imsi-catchers  india  intelligence  internet  iphone  ireland  irish  isps  jan-phillip-albrecht  jeremy-bentham  journalism  law  linkedin  lobbying  london  long-reads  malware  masturbation  mike-hearn  mmog  mobile  mobile-phones  muscular  new-yorker  nsa  off-the-shelf  online  panopticon  phone  phones  police  politics  porn  privacy  privacy-international  probable-cause  regin  replication  reporters  ripa  rootkits  security  silicon-valley  sim-cards  smartcards  sniffing  snooping  snowden  spies  spy-planes  spying  spyware  stingray  surveillance  sysadmins  tech  telecoms  tj-mcintyre  tracking  turkmenistan  uk  us  us-politics  via:ethanz  via:ioerror  via:tjmcintyre  vodafone  warcraft  webcams  wikileaks  wiretapping  yahoo 

Copy this bookmark:



description:


tags: