An unnamed scientific researcher walks out to her mailbox, shuffles through some bills and advertisements, and pulls out an envelope containing a CD of pictures from a recent scientific conference the researcher had attended in Houston. Excited – though maybe a bit nervous – to see the candid photos of herself and her colleagues snapped by an excitable event photographer, the researcher walks inside, casually drops the unopened bills on the kitchen table, opens up her laptop, and slides in the CD. Windows asks if she’d like to open the pictures to view them. She accepts, and the pictures pop up in the photo viewer. One by one she clicks through them, viewing the photos from the event. She reminisces fondly, wincing only at that one photo where she looks either drunk or high, making mental note of the pictures to print out for her lab desk.
What the researcher doesn’t see, however, is a malicious payload – a virus, one of the most sophisticated known to man – secretly installing itself in the background of her computer. This virus would give a certain secret group of individuals complete access to her system, a group which had hijacked the package mid-transit in the mail, replaced the original CD with a copy that included the virus, taped everything back up without evidence of tampering, and sent the package on its way to her. The virus was practically untraceable and completely irremovable; it could map out networks, jump to computers not connected via the Internet, and even selectively target and destroy specific computers much like a bioengineered nano-virus – all at the direction of a secret shadow organization that was covertly infiltrating the world’s most secure computer systems.
The Equation Group
What may sound like the start to a Tom Clancy novel, or an episode of 24, is, in fact, completely real, the likes of which actually happened to one or more researchers back in 2009. In fact, surreptitious, interdiction-based cyberattacks like this one have apparently been happening since at least the early 2000s and may date back to 1996.
Last Monday, Moscow-based Kaspersky Lab released a cybersecurity report uncovering details about the most sophisticated, covert, and pervasive hacker groups known to man and possibly ever imagined. The organization, dubbed the Equation Group due to the group’s affinity towards sophisticated encryption methods, had operated practically undetected for over a decade, silently infecting computers across the globe and delivering attack payloads still unknown.
“There is nowhere I can’t go. There is nowhere I won’t find you.” – Bane, The Matrix Revolutions
Kaspersky Lab, a cybersecurity firm known primarily for its antivirus software, is no stranger to hackers. The company tracks and documents security breaches of all shapes and sizes.
For years, most high-profile computer hacks had been primarily the work of individuals or small groups motivated by curiosity or, more recently, financial interest – gray-collar criminals who would infiltrate computer systems for credit card numbers to sell on the black market. Usually these attacks are relatively unsophisticated, relying on bad operational cybersecurity practices (dubbed “opsec”) from corporations to create exploitable security holes like those seen in the recent Target and Home Depot security breaches. Only upon the discovery of the Stuxnet virus in June 2010 that sabotaged Iran’s Natanz uranium enrichment facilities have cybersecurity researchers and the public at large turned an eye towards advanced persistent threats (APTs) which use advanced hacking techniques capable of bypassing strong opsec protocols.
What make Equation Group so impressive are their “almost superhuman” technical feats, which include never-before-seen levels of ingenuity in hacking, engineering, and encryption. Those feats include:
using virtual file systems like those found in the Regin (a.k.a. WarriorPride) malware attack used by the NSA to infect overseas computers;
the ability to infect and surveil sensitive air-gapped (i.e. non-Internet connected) networks by piggybacking on USB flash drives, much like the Stuxnet virus;
encrypting malicious files and storing them in multiple branches of the Windows registry, making it immune to detect with antivirus software;
using over 300 Internet domains and 100 servers to command and control malware infrastructure; and
hijacking URL requests on iPhones to spoofed Mac servers, which indicates that Equation Group has compromised the iOS and OSX operating systems.
Hollywood good
Perhaps most impressive is an Equation Group malware platform that rewrites the firmware of infected hard drives, allowing the virus to survive even low-level reformatting that is used to securely wipe a hard drive. All major hard drive manufacturers have drive models that have been compromised, including Western Digital, Seagate, Maxtor, Samsung, IBM, Toshiba, and Micron. Once the drive has been infected, the malware is completely impossible to detect or remove; the drive is compromised forever.
Forensics software displays, in Matrix-like fashion, some of the hard drives Equation Group was able to successfully hijack. (Credit: Kaspersky)
The difference in sophistication between your average Internet hacker and Equation Group cannot be understated. Your run-of-the-mill hacker is more or less equivalent to your run-of-the-mill burglar, who might break into a place with all of the sophistication of opening an unlocked door or busting out a window with a crowbar. APTs are more like museum thieves who might dress up like a guard or clone a keycard to snatch a valuable diamond or painting. Equation Group is an APT well beyond its peers, using super-spy tactics with analogical laser grids, vent shafts, and harnesses to swap a diamond with a perfect replica, remaining entirely undetected. It’s the stuff of Hollywood’s Mission: Impossible, only without the gratuitous explosions and Tom Cruise (…at least as far as anyone knows). And like Mission: Impossible, Equation Group is more than likely a clandestine operation of the U.S. government. via RedOrbit
For those who are completely new to the Palantir Platform or could simply use a refresher, this talk will start from scratch and provide a broad overview of Palantir’s origins and mission. A live demonstration of the product will help to familiarize newcomers with Palantir’s intuitive graphical interface and revolutionary analytical functionality, while highlighting the major engineering innovations that make it all possible. -Palantir
Big Brother is watching. No kidding. And the warning is coming from none other than Google, which says government spies may be spying on you. Some believe the Google announcement may be related to the recent discovery of the data-mining virus named “Flame.” In a June 3 New York Times article, Andrew Kramer and Nicole Perlroth write1:
“When Eugene Kaspersky, the founder of Europe’s largest antivirus company, discovered the Flame virus that is afflicting computers in Iran and the Middle East, he recognized it as a technologically sophisticated virus that only a government could create.
He also recognized that the virus, which he compares to the Stuxnet virus built by programmers employed by the United States and Israel, adds weight to his warnings of the grave dangers posed by governments that manufacture and release viruses on the internet.
“Cyberweapons are the most dangerous innovation of this century,” he told a gathering of technology company executives… While the United States and Israel are using the weapons to slow the nuclear bomb-making abilities of Iran, they could also be used to disrupt power grids and financial systems or even wreak havoc with military defenses.”
Mr. Kaspersky claims he was called in to investigate the new virus on behalf of the International Telecommunication Union, an agency of the United Nations. The virus was allegedly erasing files on computers belonging to the Iranian oil ministry.
What makes the Flame virus a major potential concern for common citizens of the world is the fact that it’s the first virus found with the ability to spread wirelessly by attaching itself to Bluetooth-enabled devices.
Once there, it can not only trace and steal information stored on those devices; according to Kramer and Perlroth the program also contains a “microbe” command that can activate any microphone within the device, record whatever is going on at the time—presumably whether you’re actually using the device or not—and transmit audio files back to the attacker. This, clearly, has huge privacy implications were it to be deployed against civilian populations.
New Revelations about the Links Between Flame and Stuxnet
While cybersecurity experts initially claimed there were no links between the earlier Stuxnet worm and the Flame virus, a recent article on The Verge now reports that the two are undoubtedly related2. Joshua Kopstein writes:
“[I]n examining an earlier version of Stuxnet, the lab’s researchers now find that they were wrong: a previously overlooked module within the virus is now providing the “missing link” between the two pieces of malware. The module in question… matches very closely with a module used by an early version Flame. “It was actually so similar, that it made our automatic system classify it as Stuxnet,” wrote Alexander Gostev… indicating that the module was likely the seed of both viruses. “We think it’s actually possible to talk about a ‘Flame’ platform, and that this particular module was created based on its source code.”
The new evidence suggests that Stuxnet and Flame are two sides of the same coin, with the former built for sabotage and the latter for surveillance. But researchers also say that the Flame platform pre-dated Stuxnet and its sister, Duqu, and was likely built in the Summer of 2008.”
InformationWeek Security recently offered the following advice3:“… Microsoft has been working quickly to patch the certificate bug exploited by Flame. Notably, Microsoft released an update Friday [June 8] for Windows Server Update Services (WSUS) 3.0 Service Pack 2 (SP2), which according to the release notes “strengthens the WSUS communication channels … [by] trusting only files that are issued by the Microsoft Update certification authority.”
Microsoft is also set to issue an update Tuesday–as part of its monthly Patch Tuesday–that will further update all supported versions of Windows to block Flame. Security experts are recommending that all users install the update as soon as possible, since attackers will likely attempt to use the certificate vulnerability before it becomes widely patched. “Apply the certificate patch released a week ago today if you haven’t done so already,” said SANS Institute chief research officer Johannes B. Ullrich in a blog post. “This way, no patch signed by the bad certificate should be accepted tomorrow. Patch Tuesday is one of the best dates to launch such an attack, as you do expect patches anyway.”
When installing the update, however, do so preferably only if using a trusted environment. “Avoid patches while ‘on the road.’ Apply them in your home [or] work network whenever possible,” said Ullrich. “This doesn’t eliminate the chance of a ‘man in the middle’ (MitM) attack, but it reduces the likelihood.”
For users who must update while on the road, perhaps because they travel frequently, always use a VPN connection back to the corporate network, said Ullrich, since hotel networks can be malware and attack hotbeds. “Hotel networks and public hotspots frequently use badly configured HTTP proxies that can be compromised and many users expect bad SSL certificates–because of ongoing MitM attacks,” he said.”
Spy Central: Utah
In related news, Wired Magazine recently reported that the US government is building a massive spy center, right in the heart of Mormon country, in Bluffdale, Utah4–so massive, in fact, that once finished, the facility will be five times larger than the US Capitol.
According to Wired Magazine:
“Under construction by contractors with top-secret clearances, the blandly named Utah Data Center is being built for the National Security Agency. A project of immense secrecy, it is the final piece in a complex puzzle assembled over the past decade. Its purpose: to intercept, decipher, analyze, and store vast swaths of the world’s communications as they zap down from satellites and zip through the underground and undersea cables of international, foreign, and domestic networks. The heavily fortified $2 billion center should be up and running in September 2013.
Flowing through its servers and routers and stored in near-bottomless databases will be all forms of communication, including the complete contents of private emails, cell phone calls, and Google searches, as well as all sorts of personal data trails—parking receipts, travel itineraries, bookstore purchases, and other digital “pocket litter.” It is, in some measure, the realization of the “total information awareness” program created during the first term of the Bush administration—an effort that was killed by Congress in 2003 after it caused an outcry over its potential for invading Americans’ privacy.
But “this is more than just a data center,” says one senior intelligence official who until recently was involved with the program. The mammoth Bluffdale center will have another important and far more secret role that until now has gone unrevealed. It is also critical, he says, for breaking codes.
And code-breaking is crucial, because much of the data that the center will handle—financial information, stock transactions, business deals, foreign military and diplomatic secrets, legal documents, confidential personal communications—will be heavily encrypted. According to another top official also involved with the program, the NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US.
The upshot, according to this official: “Everybody’s a target; everybody with communication is a target.”[Emphasis mine]
That about says it all. And for those of you still under the mistaken belief that the US government does not have the authority to spy on its citizens, consider the following:
“… [The NSA] has undergone the largest building boom in its history, including installing secret electronic monitoring rooms in major US telecom facilities. Controlled by the NSA, these highly secured spaces are where the agency taps into the US communications networks, a practice that came to light during the Bush years but was never acknowledged by the agency. The broad outlines of the so-called warrantless-wiretapping program have long been exposed…
In the wake of the program’s exposure, Congress passed the FISA Amendments Act of 2008, which largely made the practices legal. Telecoms that had agreed to participate in the illegal activity were granted immunity from prosecution and lawsuits. What wasn’t revealed until now, however, was the enormity of this ongoing domestic spying program.
For the first time, a former NSA official has gone on the record to describe the program, codenamed Stellar Wind, in detail…
As chief and one of the two cofounders of the agency’s Signals Intelligence Automation Research Center, [William] Binney and his team designed much of the infrastructure that’s still likely used to intercept international and foreign communications. He explains that the agency could have installed its tapping gear at the nation’s cable landing stations—the more than two dozen sites on the periphery of the US where fiber-optic cables come ashore.
If it had taken that route, the NSA would have been able to limit its eavesdropping to just international communications, which at the time was all that was allowed under US law.
Instead it chose to put the wiretapping rooms at key junction points throughout the country… thus gaining access to not just international communications but also to most of the domestic traffic flowing through the US. The network of intercept stations goes far beyond the single room in an AT&T building in San Francisco exposed by a whistle-blower in 2006. “I think there’s 10 to 20 of them,” Binney says… The eavesdropping on Americans doesn’t stop at the telecom switches. To capture satellite communications in and out of the US, the agency also monitors AT&T’s powerful earth stations…
… Binney suggested a system for monitoring people’s communications according to how closely they are connected to an initial target. The further away from the target—say you’re just an acquaintance of a friend of the target—the less the surveillance. But the agency rejected the idea, and, given the massive new storage facility in Utah, Binney suspects that it now simply collects everything…”
To learn more, I highly recommend reading the featured Wired article5 in its entirety. It’s a fascinating read, but it will not likely make you sleep better at night. The full article is available on their website and is free to view.
Google Also in the Privacy News
Beginning the first week of June, Google will warn you every time it picks up activity on your computer account that looks suspiciously like someone trying to monitor your computer activities. Google won’t say how it figured out that state-sponsored attackers may be attempting to compromise your account or computer. But it’s promised to let you know if it thinks Big Brother is tuned in to what you’re doing.
As recently reported on the New York Times’ blog6, the warning will pop up at the top of your Gmail inbox, Google home page, or Chrome browser, stating:
“Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer.”
According to a Google blog post by Eric Grosse, VP of Security Engineering at Google7:
“If you see this warning it does not necessarily mean that your account has been hijacked. It just means that we believe you may be a target, of phishing or malware for example, and that you should take immediate steps to secure your account.
Here are some things you should do immediately: create a unique password that has a good mix of capital and lowercase letters, as well punctuation marks and numbers; enable 2-step verification as additional security; and update your browser, operating system, plugins, and document editors.
Attackers often send links to fake sign-in pages to try to steal your password, so be careful about where you sign in to Google and look for https://accounts.google.com/ in your browser bar. These warnings are not being shown because Google’s internal systems have been compromised or because of a particular attack.”
The Next Big War Zone = the Internet
Unless you’ve been living under a rock this past year, you’ve surely heard about the repeated attempts to restrict your online freedom and grant government near limitless control over the internet and its content.
It began in January with the introduction of two proposed laws in US Congress: the Stop Online Piracy Act (SOPA), and the Protect IP Act (PIPA). While “sold” as laws to address online copyright infringement, most of which allegedly arise from outside the US, both laws contained measures capable of severely restricting online freedom of speech and harm web sites and online communities of all kinds, including this one. After tens of millions of people rose up in various protests, both online and by hitting the pavement, both bills were “indefinitely postponed.”
Many have warned, however, that the bills are not “dead” and are likely to return.
It didn’t take long for the next round. In April, the Cyber Intelligence Sharing and Protection Act (CISPA) was brought forth, and quickly became described by opponents as an even greater threat to internet freedom than SOPA and PIPA. I won’t go into any detailed discussion on these bills here, but simply want to bring your attention to the fact that bills such as these three, while dressed up as laws that will protect you and save you money, are poorly guised attempts to gut privacy laws and open the door for a totalitarian takeover of the internet and its content.
Campaign for Liberty8 is continuing its fight to stop another government intrusion, warning that this coming December, the United Nations will also be meeting to compile even more recommendations for international internet regulations.
While it may seem hopeless at times, I urge you to take an active role anytime the opportunity presents itself to take a stand. I personally believe internet freedom and health freedom go hand in hand these days, as a majority of people get a majority of their health information from freely available web sites such as mine.
If Squelching In formation Freedom Doesn ‘t Work, What’s Next?
The draconian advancements in surveillance do not end with the erection of a massive spy central and ever-increasing attacks on internet freedom. We also have some 63 drone launch sites within the US9, and the US military has admitted it now has drone technology in the form of tiny mechanical insects, equipped with cameras, microphones, and DNA sampling capabilities10.
Besides that, there’s an ever-expanding arsenal of so-called “active denial weapons”—directed energy weapons that can scatter or incapacitate those in its path, by a variety of means11. Such weapons are already being used domestically by various law enforcement agencies for crowd control. Then there are more sinister signs of readiness for domestic combat. In April, news reports began circulating questioning the Department of Homeland Security’s rationale for purchasing 450 million rounds of hollow point bullets12
A report by RT News reads:
“The department has yet to discuss why they are ordering such a massive bevy of bullets for an agency that has limited need domestically for doing harm, but they say they expect to continue receiving shipments from the manufacturer for the next five years, during which they plan to blow through enough ammunition to execute more people than there are in the entire United States.
… the choice — and quantity — of its hollow point order raises a lot of questions about future plans for the DHS… On their website, the contractor claims that the ammunition is specifically designed so that it can pass through a variety of obstructions and offers “optimum penetration for terminal performance.” Or, in other words, this is the kind of bullet designed to stop any object dead in its tracks and, if emptied into the hands of the DHS a few hundred million times, just might do as much.
… As the DHS gains more and more ground in fighting terrorism domestically, the US at the same time has turned the tables to make its definition of terrorist way less narrow. With any American blogger or free thinking on the fringe of what the government can go after under H.R. 347, or the National Defense Authorization Act that allows for the indefinite detention of US citizens without charge, the DHS could just be blasting through what’s left of its budget to make sure that its roster of agents across the country can get in their target practice over the next few years.”
Without Online Freedom, You Cannot Exercise Health Freedom
Some of you may at this point wonder why I report on an issue such as this, so let me make this point clear. Access to health information could easily be deemed a “threat” to national welfare—especially when web sites such as this one publish information that contradicts the official government stance. Examples such as advising women against national mammography screening standards, or raising concerns about vaccine safety, or questioning conventional cancer treatments could all be considered a threat to an extremely profitable status quo.
In such a scenario, they could simply shut Mercola.com, and others like us, down; leaving you with no truth-telling, corruption-exposing, alternative voices other than the officially sponsored viewpoint. And it should be quite clear by now that the government-sanctioned stance on most issues relating to health and diet are primarily dictated by powerful lobbying groups furthering financially-driven industry agendas that have absolutely nothing to do with optimizing health and longevity.
Don’t Be Fooled—Internet Security Bills are Likely Nothing of the Sort
Interestingly enough, CISPA is promoted primarily as a cyber security bill, which brings us full circle back to where this article started. Recall, the Flame virus has surveillance capabilities that far surpass previous viruses and worms that may collect or destroy data. In fact, its capability to transfer to Bluetooth-enabled gadgets and secretly activate microphones renders it perfect for spying on anyone and everyone, anywhere, at any time… which is exactly the plan, if you believe the information detailed in the featured Wired Magazine article above.
It’s interesting to note the rationale used when trying sell us this bill. According to an April 26 report in the International Business Times13:
“Co-sponsor Rep. Dutch Ruppersberger, D-Md., says CISPA provides essential tools for repelling online security threats: “Without important, immediate changes to American cyber security policy, I believe our country will continue to be at risk for a catastrophic attack on our nation’s vital networks, networks that power our homes, provide our clean water or maintain the other critical services we use every day.”
Sounds like he was talking about an eventuality just like the Flame virus, or the older Stuxnet worm, for that matter—both of which, incidentally, appear to have targeted Iranian oil- and nuclear facilities, and neither of which has been officially traced back to any country or agency, despite our already overwhelming security apparatus—just over a month before Flame was discovered by a Russian antivirus company which, by the way, currently employs the virus hunter who discovered Stuxnet in 2010.
I’ll leave the meaning of such coincidences for you to ponder. But suffice it to say, it does not bode well if a law like CISPA is enacted that allows companies and governments to share information collected online, especially when combined with a massive data-mining virus that can skip around from one wireless piece of technology to another, from computers to cell phones to iPads, gathering data on every single social network contact every single person has, and audio files on every single conversation any one might have at any point in time. Especially now that we will shortly have the facility to store and “process” all that data.
In closing, I will simply urge you to take efforts at curbing online freedom and extending the government’s reach seriously, and whenever such efforts are launched, take action to help preserve your right to health freedom, which is closely tied to the right to online freedom of speech.
The Conspiracy driving Private Contractors, Private Security, and Privatized CyberSecurity. Major Players trying to remain Name-less. Government influence on outsourcing, etc.
The Feds raid the home of unofficial Anonymous spokesperson Barrett Brown.
They’re after his Twitter records, chat logs, IRC conversations, his computer, and apparently everything else, according to the search warrant obtained by BuzzFeed.
Last month, the FBI raided the Dallas home of Barrett Brown, the journalist and unofficial spokesperson for the Internet hacktivist group Anonymous.
According to the search warrant, the agents were after any information from Brown involving a “conspiracy to access without authorization computers,” one of three serious charges listed in the document.
The Feds seized Brown’s computer and cellphone, searched his parent’s home as well, and demanded his Twitter records, chat logs, IRC conversations, Pastebin info, all his Internet browsing activity, and almost any form of electronic communications Brown conducted.
The warrant, exclusively obtained by BuzzFeed, suggests the government is primarily after information related to Anonymous and the hacking group Lulzec.
The authorities also appear to be interested in info on two private intelligence contracting firms, HBGary and EndGame Systems, two companies Brown has frequently clashed with and criticized on a website he founded called Echelon2.
Brown, a 30 year old journalist who has written for Vanity Fair and the Guardian, is perhaps the most high profile target thus far in the FBI’s investigation into a series of hacks that have shaken the corporate and defense establishment.
Brown, currently at work on a book about Anonymous, believes he’s being wrongly investigated. “I haven’t been charged with anything at this point, although there’s a sealed affidavit to which neither I nor my attorney have access,” he emailed BuzzFeed. “I suspect that the FBI is working off of incorrect information.”
It has come to our attention that a NATO draft report has classified Anonymous a potential „threat to member states’ security”, and that you seek retaliation against us.
It is true that Anonymous has committed what you would call ‘cyber-attacks’ in protest against several military contractors, companies, lawmakers, and governments, and has continuously sought to fight against threats to our freedoms on the Internet. And since you consider state control of the Internet to be in the best interest of the various nations of your military alliance, you therefore consider us a potential threat to international security. (more…)
