John Oliver is an English comedian who first attracted US attention through his work on The Daily Show with Jon Stewart. In April 2014, he began taping episodes of Last Week Tonight with John Oliver, a weekly half-hour program that satirizes news and current events. Even as a comedy program, it focuses heavily on topics like climate change and other contemporary concerns that lend themselves to critical, in-depth discussions. HBO has given Oliver has full creative freedom and can thus he can target whomever he likes, be they corporations, politicians, or anybody else who considers themselves beyond the reach of the average journalist or comedian.
From the start, Oliver stepped in to boldly expose issues most often misrepresented in mainstream news. In May 2014, he skewered the media’s laughable coverage of the climate change “debate.” Standard news coverage on a topic of any scientific nature generally has a talking head on each side, with Bill Nye the Science Guy (or another familiar face) speaking for the scientists and some nameless “skeptic” speaking for the powers-that-be currently benefiting from the bounty of fossil fuels. Oliver decided to hold his own “statistically accurate” version of one of these conversations, quickly re-confirming that all proof points to the reality of our rapidly warming world.
As Oliver pointed out, 97 percent of the peer-reviewed papers on climate change state that it is real and is caused by human activity. Oliver then showed the audience what a televised debate reflecting that reality would look like. After seating the two or three “skeptics” on one side of a table, Oliver invited the scientists to join them, which led to a horde of people in lab coats swarming in. The scene was hilarious and the video went viral on YouTube. According to energy experts at Dominion Gas, this tactic of marrying humor and education, when it comes to energy usage and climate change, is an easy way to get viewers to tune in and learn without even trying.
A month later, Oliver took on the net neutrality question – despite admitting that many people find the topic “even boring by C-Span standards.” Maintaining net neutrality, however, is vital, for it is the chief principal of the Internet. It holds that all data should be displayed equally and that everybody should be able to access it. That means that sites affiliated with large companies should not have any advantages over other sites. Amongst other things, net neutrality makes it easier for start-ups to compete with larger entities by keeping the playing field level for everybody.
At the time, the FCC was considering changing the rules to produce a two-tiered Internet with high speed service for the bigger sites and slower speeds for everybody else. That, of course, would have drastically changed the Internet – and not for the better. Oliver ended his dissertation with an impassioned and hilarious plea to all the Internet trolls to go forth and send their angry, ranting comments to the FCC opposing the new rules. 45,000 trolls did so – and crashed the FCC’s comment page. The FCC got the hint and scuttled the new rules, at least for the time being. The net neutrality video also went viral. Oliver’s segment on the exploitation of small poultry farmers by large corporations also ended with a call to action, this time directed at members of Congress.
Oliver will also invite guests on to his show who fit and can expand on a given theme. Most famously, he got Edward Snowden to talk about government surveillance. Similarly, he invited Pepe Julian Onziema, a Ugandan LGBT rights activist, to discuss that very topic.
Since his show is on HBO, John-Oliver does have a lot of creative freedom. He doesn’t have to worry about possibly offending any advertisers. If he’d been on network television, he would not have been allowed to skewer General Motors for its mishandling of the recall crisis, since the networks all need GM’s money. HBO is not in that position, so Oliver could lambaste GM. Similarly, his show has fewer commercial breaks than do network programs so he can do things like devote 13 minutes to net neutrality. Not only can he cover a topic in greater depth, he can also issue a call to action.
John-Oliver’s use of humor makes his show both popular and effective. As mentioned earlier, his segment on net neutrality proved to be very popular – despite the fact that most people find the topic not all that interesting. His use of humor helps him make his point. Having several dozen scientists swarm the stage during a “debate” on climate change showed people that the vast majority of scientists accept the reality of climate change. In that same episode, he pointed out the fallacy of taking opinion polls on known scientific facts, for such polls only demonstrate that an embarrassing percentage of Americans don’t understand science.
John-Oliver is also willing to tackle topics like the exploitation of small farmers by large corporations that network journalists cannot or will not touch. Revealing such information can hurt the corporations, for many of their customers would presumably take their business to competitors who treat farmers fairly. To keep that from happening, the corporations try to keep their misdeeds hidden. Since Oliver names names, his fans know which corporations are involved. By using humor to inform and rouse people, Oliver performs a public service.
One of the most widely used tools for Schools monitoring kids and restricting pupils’ internet use in UK schools has a serious security flaw which could leave hundreds of thousands of children’s personal information exposed to hackers, a researcher has warned.
Impero Education Pro, a product that restricts and monitors’ students’ website use and searches, is used in 27% of UK secondary schools, according to the company. In a controversial pilot programme, a version of the software looks for extremism-related searches such as “jihadi bride”.
But last month the security researcher Zammis Clark posted extensive details of a flaw in the company’s encryption protocols which could allow almost anyone to gain full access to computers running the Impero software, run software such as spyware on the systems, or access files and records stored on them.
The company said it had released a temporary security patch and was working on a permanent upgrade.
Clark said the flaw he found would leave affected schools’ networks “completely pwned”, online slang meaning in this context that the networks’ security would be fully compromised and information on it would be rendered vulnerable.
He said he had posted it publicly, rather than privately disclosing it to the company, for several reasons. “One was that I was against the ‘anti-extremism’ stuff, the other was because not being a customer, I didn’t know where to send it.”
Schools using Impero’s software said the company had notified them of the security flaw in the middle of last month but they were offered few details of its potential scale.
One school IT manager said the response from Impero was vague and required managers to contact the firm for more information. “Impero are crap at communication,” he said.
Three schools and chains using the software that were approached by the Guardian said the company had been slow to deliver promised software patches. Impero also offered fixes to schools that were using the software without contractual support, but left it up to those schools to make contact.
One school said the most recent update on the situation from Impero arrived by email on Monday.
The company is known on school tech forums for its pushy sales techniques, but the software remains popular because of the lack of quality alternatives.
Impero stressed that no data had been compromised, it had already issued a temporary fix for the vulnerability and it would install a full solution before the start of the next academic year.
“On 13 June 2015, we were made aware that someone had maliciously and illegally hacked our product, subsequently making this hack public rather than bringing it to our attention privately and in confidence. No customers have been affected by this and no data has been leaked or compromised,” it said.
“We immediately released a hot fix, as a short-term measure, to address the issue and since then we have been working closely with our customers and penetration testers to develop a solid long-term solution. All schools will have the new version, including the long-term fix, installed in time for the new school term.”
The company said “the methods used to identify and communicate this particular issue were not legal” and they would take a “firm stance”.
“Impero Education Pro is designed to protect and safeguard children in schools and any attempt to jeopardise this by illegally obtaining and publicising sensitive information will be dealt with appropriately,”it said.
On Monday, a month after Clark first disclosed the software vulnerability, lawyers acting for Impero demanded in a letter that he should remove all of his online postings about the company, under the threat of civil proceedings for breach of confidence and copyright infringement and criminal proceedings under the computer misuse act. The letter admits the potential seriousness of the vulnerability Clark disclosed in schools’ systems.
“By publicising the encryption key on the internet and on social media and other confidential information, you have enabled anyone to breach the security of our client’s software program and write destructive files to disrupt numerous software systems throughout the UK,” it said.
Impero said the hack “could only be exploited if basic network security does not exist” and would require the hacker to be physically present in a school.
Publicly disclosing details of security vulnerabilities is a controversial practice in the online security world. Some believe private disclosure is better initially, as it gives companies time to fix flaws before they are made public, but it rarely results in legal action.
Mustafa al-Bassam, a security engineer and former member of the hacking collective Lulzsec, said the legal threat against Clark was bizarre, especially when such exploits can be used or sold for profit, rather than posted online to be fixed.
“Responding with a legal threat to a security researcher that highlighted a serious security flaw in your software is bizarre and shows utter disregard for customers,” he said.
“Unfortunately it shows a theme that is too common in the software industry: companies view security as an external PR issue because it often affects their customers more than it affects them. And they should be grateful that this security flaw was disclosed publicly instead of being sold to malware developers like Hacking Team.”
Impero’s Education Pro software serves a variety of roles in schools’ systems, including blocking inappropriate web surfing – such as adult sites – and monitoring students’ activity, as well as rationing printing and making IT administration simpler.
However, last month – just days before Clark discovered the flaw – the Guardian reported Impero was offering a new feature to monitor keywords potentially tied to terrorism or extremism before the implementation of new counter-terrorism legislation introducing a requirement on schools to monitor pupils for such signs.
The pilot, introduced in 16 UK schools and five in the US, monitors for phrases such as “YODO” – You Only Die Once – “War on Islam”, and “Storm Front”, a neo-Nazi group.
The Department for Education said: “We have been clear that schools are expected to ensure that sensitive pupil information is held securely. The Data Protection Act of 1998 is clear what standards schools are expected to adhere to and we provide guidance on this.”
Anonymous radio host know as Lorax aka Adam Bennett Anon was arrested (full article).
Everybody who has known Adam ‘Lorax’ Bennett aka Adam Bennett Anon knows he’s an awesome anon. Furthermore, the article now let us know he was also involved in his local community as an experienced life saver and a fundraising manager for Cancer Support. This kind of person doesn’t belong in jail! He belong to it’s people. The people he give each day of is life to protect.
If you’ve know Lorax, or Adam John Bennett, now is the time to get involved and help!
The lifesaving Lorax’s tale took an interesting turn the last few nights, as the internets and ircs were ablaze with controversy, flame wars, and a little good-ole-fashioned ‘he-said she-said.’ What was already looking like a classic tale of governmental overreach and the suppression of Adam John Bennett’s Civil-Rights is turning into a dark tale of deception, duplicity, and police-led treachery. While there was much argument among the anons present, one thing was very clear, the Australian government had tricked and deceived a minor in an unsuccessful attempt to lure the Lorax into a hacking scheme. Having failed in that they have continued to attempt to argue that the research work that he did at his job for a Cancer fighting charity that showed a clear problem with the same security protocol that the Australian Government was proposing using with it’s upcoming, Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014, plan for telecoms to keep their customer’s e-mail and phone metadata for two years.
Soon after Bennett began criticizing the plan there was an alleged hack into AATP (third-largest telecom in Australia) and the Indonesian government, Anonymous was blamed. The Government initially charged the Lorax and two hackers with the breach. After nearly a year of delays and continuations, the court announced that all of the charges for hacking by Bennett would be dropped, but replaced with obscure sounding charges like, “aiding and harassment.” It has become ever more clear that there wasn’t ever much of a case and the government is using Bennett’s bail restrictions to keep his LoraxLive show off of the air.
This dark tale really begins in 2011, even before the government started suggesting an ill-conceived data retention scheme, before anyone hacked AATP and the Indonesian government. Back in the heyday of lulzsec a 15 year-old hacker who we’ll call Hacker-Z (not his real hacker handle) was caught up in the glamour and prestige of the lulzsec-style direct-action hacking. Hacker-Z was like almost nearly ever teenage boy he wanted to listen to loud music and raise a little hell. That sounds anti-social perhaps, but when you see that the things that young hacktivists want to break are things like evil autocratic governments like Libya or Tunisia, or on-line bullying groups, that anti-social streak can begin to turn an odd shade of heroic on a young person. Apparently, according to general consent, it wasn’t hard for the same sort of Five Eyes investigators–who were at that same time acting as the nefarious Sabu’s puppet masters, in a separate scheme to entrap Anons–to get a hold of this inspired, if naive teenager.
Having entrapped the would-be activist with an illegal hacking scheme, they first terrified the lad and his mother with the prospect of nearly life in prison for his unsuccessful attempt, while being directed by undercover government agents, to hack government and military websites; according to some in the chatroom. Having scared his mother as best they could it was easy for the police to convince her to give consent for them to use their son as a mole to keep an eye on on-line hacktivists. Any mother if, confronted with the prospect of sending her only child to prison, for probably, the rest of his life would almost surely make the same decision. Having Hacker-Z as a mole worked well for the police apparently, he was generally reported to be a friendly, helpful, and affable young man. No one on this side of things is sure how much information he really got in his few years, probably, working for the police, but needless to say when he was arrested with the Lorax, many a hard drive was wiped, just in case.
It seems the feds kept Hacker-Z on ice until the day they needed him. That day came, apparently, during the summer of 2012, when the Australian Government first proposed the current anti-privacy legislation that they are quietly pushing through the legislature right now. When The Lorax caught wind of the Government’s plan he immediately saw the obvious problems with warehousing the entire Australian population’s personal web data. Even if the government could show an actual need for all of this personal, which they can’t, Bennett honed in on the first and most obvious problem, security. Eventually Bennett showed, at his workplace, while testing their server, that recent flaws found in OpenSSL, the so called “Heartbleed Bug” could eventually lead to losses of citizen’s personal data to criminals or terrorists, if the government continued with their data retention plan.
Seeing the problem the Lorax did what the Lorax does when the community is in danger; he warned people through his popular show, Lorax Live, whose archives, that haven’t been seized by the government, can be heard here and here. Obviously, the leaders and politicians backed by corporatism and fully vested in the telecom industry, couldn’t afford to have a lot people aware of or critical of their massive transfer of both citizen’s data and the nation’s wealth, in the form of fees paid by taxes, to the nation’s telecoms. No, classically, power becomes annoyed when confronted by truth, this story is no different.
By the Winter of 2012, as far as the Australian government and the Australian Federal Police were concerned; the Lorax had to be silenced. Later when they learned that, while at his job testing his employer’s server’s security, Bennett had discovered a way that the “Heartbleed Bug” might be used to access encrypted files on a server, the very sort of thing that privacy advocates had been screaming about ever since the government first suggested the data retention program, government agents hatched a plan to silence the Lorax.
The police knew that they would never convince a reputable, white-hat security researcher like Adam John Bennett to participate in a criminal attack on the internet’s infrastructure. It is rumored that the police devised a plan to implicate the Lorax without needing him to take part in any illegal activity. To do this, they gathered up their friendly young, unfortunate mole, Hacker-Z and sent him into an irc chat with the Lorax and had him plead with Bennett to give him, Hacker-Z, Bennett’s note’s from his research work on OpenSSL. The authorities, it seems, hoped that by obtaining information on how one might be able to attack encryption from the researcher they could implicate him in a crime and, at least, keep his radio show off the Internet until they got their data retention plans passed into law.
Perhaps more despicable than the government’s attempt frame and implicate a man are its motives, of depriving a citizen of his civil-rights, and its methods of abusing the criminal justice system through the attempted entrapment of an innocent man, and misuse of a citizen’s right to bail in order to silence a benign, but vocal critic of governmental corruption and malfeasance. This is not Syria or Zimbabwe where a critic can simply be tossed in a hole or executed by despots, in “free” societies, like Australia, you must design administrative and judicial straps with which to bind their tongues and hands to things like restrictive bail requirements or plea agreements, to trumped up or false charges. The critic is silenced, the powers-that-be have no blood on their hands, the media calls the former hero-of-the-people a villain, and whatever danger the critic was fighting against is forgotten. It’s all very civilized.
If the police were unaware of who they were dealing with or simply unfamiliar with the world of white-hats is unclear. Bennett did not give their mole any help or information, and not because he believed he was a mole. (As a white-hat researcher Bennett was well aware of cyber-crime and the need for enforcement in the field, it can assuredly be assumed then that he supports law-enforcement and legitimate undercover operations, but any thinking adult would have to wonder about the wisdom of using children as moles to bait and entrap adult criminals.) No, it is rumored that Bennett refused to help the boy, not because he believed he was working with police, rather he believed that the youth might be an impassioned young hacktivist who could possibly do something unwise or damaging with the information, something that might hurt others as well as get the lad in trouble with the law. Most likely, in Bennett’s mind, the young Hacker-Z would be better off waiting until the bugs in OpenSSL were fixed to get a look at the Lorax’s research notes.
Blown off course, but not sunk by the Adam John Bennett’s integrity, the Australian Government tried a new, indirect tack to get their entrapment scheme back on course. They would have Hacker-Z engage an intermediary, another White Hat researcher, someone the Lorax would trust. They found him in a passionate young researcher we’ll call Hacker-X. Hacker-X was known as a knowledgeable and helpful security expert. He had long been very helpful getting newbloods on the right track on-line and helping others secure their computer systems. Like a lot of hacker culture Hacker-X believes in education and the open-sharing of information, not to cause damage but to protect from damage.
Imagine you bought a lock for your front door, it’s a common lock, and there are many like it in your neighborhood. If there was a flaw in that lock that could allow criminals to enter your home then you would like to know about it, wouldn’t you? Of course you would, and it would be good for you to know so you could find a way to fix it or replace it, so the burglars can’t come in. Certainly, you wouldn’t want burglars to know about the flaw, but luckily the vast majority of humans aren’t burglars, likewise very few people interested in computer security are criminals. So, for a researcher such as Hacker-X to want to share something that could easily be used to help secure a network, is understandable and legal. It’s not clear if he already had possession of the notes from Lorax’s research into OpenSSL, or if he actually obtained them on behalf of Hacker-Z, regardless, sharing information about a weakness in an encryption protocol is not illegal, as the Australian Government’s delays and recent charge droppings indicate.
Whether the police were directly involved in or only supervising the alleged hacks on AATP and the Indonesian government isn’t clear, but it has become very clear that they never had any evidence against Adam John Bennett, the Lorax. In an extraordinary judicial move they have dropped all of the charges against Bennett, but have come up with ten new charges that, they claim they will commit to at his next hearing in June. While on one hand it is great to think that the Lorax may end up getting the justice he deserves in a dismissal of all charges at his next hearing, what is maddening is the obvious and bald faced way in which the Australian Government is misusing the criminal justice system to keep him Bennett on the restrictive bail terms that prevent him from broadcasting his show, LoraxLive and his protest about the government’s data retention plan.
Aaron Swartz was a computer programmer and Internet activist who is often referred to as the third founder of Reddit.
Early Years
Aaron Swartz was born on November 8, 1986, in Chicago. Precocious from the start, Swartz taught himself to read when he was only three, and when he was 12, Swartz created Info Network, a user-generated encyclopedia, which Swartz later likened to an early version of Wikipedia.
Info Network landed Swartz in the finals for the ArsDigita Prize, and he also was invited to join the RDF Core Working Group of W3C (World Wide Web Consortium), a group assembled to help the Web evolve.
RSS & Creative Commons
Swartz’s next steps were co-authoring news aggregator RSS 1.0 (which went on to become the industry standard) and moving to San Francisco to write code for Creative Commons, a public domain watchdog group. He then headed to California to study sociology at Stanford University. At Stanford, he downloaded law review articles from the Westlaw database and used the data to write an important paper about the connection between research funders and biased results. However, he left academia after only a year, taking a leave of absence to join Y Combinator, an incubator for up-and-coming Internet talent.
Also around this time, Swartz’s new project, Infogami, merged with Reddit.com, making Swartz a co-founder of the resulting company. Reddit had millions of visitors per month when Condé Nast bought it a year later (2006).
In 2008 Swartz wrote “Guerilla Open Access Manifesto,” which was an argument against information being hoarded and controlled by any particular group. The document ended with a demand that information be freely available and grabbed forcibly, if need be: “We need to take information, wherever it is stored, [and] make our copies and share them with the world.”
Felony Charges
That fall, Swartz decided to take on PACER, a system that charged users to download court documents. Through an algorithm he wrote, Swartz downloaded 19,865,160 pages of text from the database. By the spring of 2009, FBI agents were at Swartz’s door, questioning him about the downloads. The investigation was dropped, but a year later Swartz began downloading academic articles from the JSTOR archive at MIT, ending up with around 5 million documents. Swartz’s motivation for downloading the articles was never fully determined, however, friends and colleagues believe his intention was either to upload them to the Internet to share them with the public or analyze them to uncover corruption in the funding of climate change research.
After launching activist group Progressive Change Campaign Committee and later Demand Progress, in January 2011, Swartz was detained in Cambridge, Mass. by police and Secret Service agents. Since his activities in PACER, the government had been watching, and by July 2011, Swartz was facing multiple counts of computer and wire fraud, charges that could have resulted in 35 years in federal prison.
Suspicious Death – Murdered?
When Aaron Swartz refused to deal with the devil, did the government “suicide” him?
“You could eat a sandwich in the time it takes to suffocate from hanging. If he really was as depressed as media says, he could have easily gotten a prescription for Xanex, put on some nice music, light some candles and gone to sleep and never wake up. Why hanging? “
Aaron Swartz was found hung in his Brooklyn apartment. The coroner and Media say he killed himself.
Swartz was no Occupy Wall Street hippie. At 27, he’d already reached the top of his field. He was a software genius and Internet champion. He co-authored the “RSS 1.0” a widely-used syndication format. he also co-founded Reddit which was sold to Conde Naste. He founded Open Library, an internet database dedicated to obtaining public domain documents that had been appropriated by private interests. He ‘hacked’ the Library of Congress database and uploaded it to Open Library making it available for free.
The “social media” industry has virtually taken over every aspect of human communication. This industry increasingly is synonymous with erosion of privacy and commercialism. The movie, ‘The Social Network’ glorified Facebook’s CEO Mark Zuckerberg, as a ‘genius’ at betrayal of friends and classmates in order to get sex, money, and power.
Aaron Swartz wasn’t as famous as Mark Zuckerberg – but he was an effective advocate for freedom of information. He wasn’t billionaire, or even a millionaire, though he could have been. Harvard law professor Lawrence Lessig said, “He never did anything for the money”.
LEGAL PROBLEMS
In 2010, Swartz downloaded the entire JSTOR archives because the organization pays the publishers of scholarly articles, not the authors.
On July 19th, 2011, the Attorney General of Massachusetts threw the book at him. He was charged under the 1986 Computer Fraud and Abuse Act, otherwise known as “hacking”. But this broad, fuzzy law wasn’t a good fit for downloading uncopyrighted articles with intent to redistribute.
At the moment, that’s not a crime yet. Making such a thing a crime is what the PIPA / SOPA bills meant to do. Undaunted by the warning from Federal muscle to “chill”, last year Swartz was a significant organizer against the SOPA bill that threatened freedom of information access on the internet.
Lawrence Lessig, said, “The government was not gonna stop until he admitted he was a felon. In a world where the architects of the financial crisis regularly dine at the White House, it’s ridiculous to think Aaron Swartz was a felon.”
Lessig knew Aaron for twelve years. He was Swartz’ advisor on intellectual property law for Creative Commons and Open Library.
WAS HE MURDERED?
The mainstream media has been doing a snow job to make us believe that Aaron Swartz committed suicide by tying a rope around his neck and hanging himself.
Personally, I think he would have been creative enough to think of a less horrible way to die. You could eat a sandwich in the time it takes to suffocate from hanging. If he really was as depressed as media says, he could have easily gotten a prescription for Xanex, put on some nice music, light some candles and gone to sleep and never wake up. Why hanging?
Hanging is a horrible way to die. The sentence of hanging was intended to send a message to other offenders “this could happen to you”. I think that’s why Aaron Swartz died by hanging. It’s a message to other activists — probably those he knew who worked with him.
Swartz’s father is an intellectual property consultant to MIT’s computer lab. At Aaron’s funeral, he said his son was killed by the government.
Media has since spun Swartz’ father’s remark as if it he was speaking figuratively. Don’t you believe it. I don’t like the way mainstream media writers frame Swartz’s hanging as a reaction to ‘bullying’. It implies Swartz was afraid of the government, that he was a coward, or mentally ill.
That’s not it. Swartz’s career shows the familiar pattern of attempts to assimilate him into the system – scholarship to Stanford, lucrative job under auspices of WIRED, a fellowship from Harvard’s institution on ethics. All these perks failed to control him, so they switched to Federal muscle tactics.
Each attempt to control him drove him further beyond the pale. But I think his death warrant wasn’t issued till last year when he became an effective leader of a million people and stopped the PIPA and SOPA bills. Effective leaders aren’t allowed.
Bertrand Russell wrote frankly that geniuses would be carefully offered a place with the elite, but those that persisted in bucking the system would be exterminated. From “The Scientific Outlook”, 1931, Russell wrote;
“On those rare occasions, when a boy or girl who has passed the age at which it is usual to determine social status shows such marked ability as to seem the intellectual equal of the rulers, a difficult situation will arise, requiring serious consideration. If the youth is content to abandon his previous associates and to throw in his lot whole-heartedly with the rulers, he may, after suitable tests, be promoted, but if he shows any regrettable solidarity with his previous associates, the rulers will reluctantly conclude that there is nothing to be done with him except to send him to the lethal chamber before his ill-disciplined intelligence has had time to spread revolt. This will be a painful duty to the rulers, but I think they will not shrink from performing it.”
Lessig said “Aaron Swartz is now an icon, an ideal. He is what we will be fighting for, all of us, for the rest of our lives.”
AMERICAN AND BRITISH Leaked: NSA Spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden.
The hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ. The breach, detailed in a secret 2010 GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data.
The company targeted by the intelligence agencies, Gemalto, is a multinational firm incorporated in the Netherlands that makes the chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world. The company operates in 85 countries and has more than 40 manufacturing facilities. One of its three global headquarters is in Austin, Texas and it has a large factory in Pennsylvania.
In all, Gemalto produces some 2 billion SIM cards a year. Its motto is “Security to be Free.”
With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.
As part of the covert operations against Gemalto, spies from GCHQ — with support from the NSA — mined the private communications of unwitting engineers and other company employees in multiple countries.
Gemalto was totally oblivious to the penetration of its systems — and the spying on its employees. “I’m disturbed, quite concerned that this has happened,” Paul Beverly, a Gemalto executive vice president, told The Intercept. “The most important thing for me is to understand exactly how this was done, so we can take every measure to ensure that it doesn’t happen again, and also to make sure that there’s no impact on the telecom operators that we have served in a very trusted manner for many years. What I want to understand is what sort of ramifications it has, or could have, on any of our customers.” He added that “the most important thing for us now is to understand the degree” of the breach.
Leading privacy advocates and security experts say that the theft of encryption keys from major wireless network providers is tantamount to a thief obtaining the master ring of a building superintendent who holds the keys to every apartment. “Once you have the keys, decrypting traffic is trivial,” says Christopher Soghoian, the principal technologist for the American Civil Liberties Union. “The news of this key theft will send a shock wave through the security community.”
THE MASSIVE KEY THEFT IS “BAD NEWS FOR PHONE SECURITY. REALLY BAD NEWS.”
Beverly said that after being contacted by The Intercept, Gemalto’s internal security team began on Wednesday to investigate how their system was penetrated and could find no trace of the hacks. When asked if the NSA or GCHQ had ever requested access to Gemalto-manufactured encryption keys, Beverly said, “I am totally unaware. To the best of my knowledge, no.”
According to one secret GCHQ slide, the British intelligence agency penetrated Gemalto’s internal networks, planting malware on several computers, giving GCHQ secret access. We “believe we have their entire network,” the slide’s author boasted about the operation against Gemalto.
Additionally, the spy agency targeted unnamed cellular companies’ core networks, giving it access to “sales staff machines for customer information and network engineers machines for network maps.” GCHQ also claimed the ability to manipulate the billing servers of cell companies to “suppress” charges in an effort to conceal the spy agency’s secret actions against an individual’s phone. Most significantly, GCHQ also penetrated “authentication servers,” allowing it to decrypt data and voice communications between a targeted individual’s phone and his or her telecom provider’s network. A note accompanying the slide asserted that the spy agency was “very happy with the data so far and [was] working through the vast quantity of product.”
The Mobile Handset Exploitation Team (MHET), whose existence has never before been disclosed, was formed in April 2010 to target vulnerabilities in cellphones. One of its main missions was to covertly penetrate computer networks of corporations that manufacture SIM cards, as well as those of wireless network providers. The team included operatives from both GCHQ and the NSA.
While the FBI and other U.S. agencies can obtain court orders compelling U.S.-based telecom companies to allow them to wiretap or intercept the communications of their customers, on the international front this type of data collection is much more challenging. Unless a foreign telecom or foreign government grants access to their citizens’ data to a U.S. intelligence agency, the NSA or CIA would have to hack into the network or specifically target the user’s device for a more risky “active” form of surveillance that could be detected by sophisticated targets. Moreover, foreign intelligence agencies would not allow U.S. or U.K. spy agencies access to the mobile communications of their heads of state or other government officials.
“It’s unbelievable. Unbelievable,” said Gerard Schouw, a member of the Dutch Parliament, when told of the spy agencies’ actions. Schouw, the intelligence spokesperson for D66, the largest opposition party in the Netherlands, told The Intercept, “We don’t want to have the secret services from other countries doing things like this.” Schouw added that he and other lawmakers will ask the Dutch government to provide an official explanation and to clarify whether the country’s intelligence services were aware of the targeting of Gemalto, whose official headquarters is in Amsterdam.
Last November, the Dutch government proposed an amendment to its constitution to include explicit protection for the privacy of digital communications, including those made on mobile devices. “We have, in the Netherlands, a law on the [activities] of secret services. And hacking is not allowed,” Schouw said. Under Dutch law, the interior minister would have to sign off on such operations by foreign governments’ intelligence agencies. “I don’t believe that he has given his permission for these kind of actions.”
The U.S. and British intelligence agencies pulled off the encryption key heist in great stealth, giving them the ability to intercept and decrypt communications without alerting the wireless network provider, the foreign government or the individual user that they have been targeted. “Gaining access to a database of keys is pretty much game over for cellular encryption,” says Matthew Green, a cryptography specialist at the Johns Hopkins Information Security Institute. The massive key theft is “bad news for phone security. Really bad news.”
There is often times a trade-off between security and convenience. With Home Hacks the more easily you can access your personal data, the easier someone else can too, making anything that you put online a potential target for hackers. A growing source of concern for many people is their home security and home automation systems.
Home automation is just starting to come into its own, with more home appliances having the capability to be networked, monitored, and controlled from your computer, phone, or other device. The collection of networked devices is commonly referred to as “the Internet of things” since we’re able to sync almost anything we’d like to the internet and, thus, each other. While home automation is not a new idea, it is only more recently that it has become mainstream and available to the masses while also having a more affordable price. This means you could be able to control many different aspects of your home from anywhere at any time. You can set your own schedules and preferences for things like lights, temperature, door locks, or a home security system.
However, along with the convenience of having all this control and information at your fingertips, there are vulnerabilities to worry about. Once your data is online, it becomes a potential target for hackers and malware. And now it isn’t just personal data there is also the threat of hackers being able to remotely shut down your home security system, or detect when you are not at home. Forbes recently reported on a series of incidents where Insteon smart home systems were installed with no password protection, allowing anyone to easily gain control of a complete stranger’s home.
Another security flaw with some of these devices, like the Mi Casa Verde MIOS VeraLite, is that once connected to a WiFi network, the device assumes anyone is an authorized user. So potential hackers need only connect to someone’s WiFi network (something even a novice could do) to gain control of the house.
These stories highlight the need to take security more seriously, both on the part of manufacturers developing more robust security features, and users taking advantage of these features. For those questioning the security of your home automation, it is important to make sure that any home automation devices are password protected (with 128-bit encryption if possible), and that your home WiFi network and router are also securely behind strong passwords. There are some companies like ADT that monitor these things for you, but if you’re using a build as you go, DIY type system like Wink, you’ll need to pay special attention to this. Make sure any firmware or software updates are installed promptly when security flaws are found and patched. Never use a default password. In fact, it is good practice to periodically change your passwords. With a bit of care, you can safely enjoy the convenience of an automated home.
Tying into the concept of a hyper-connected home, like Home Hacks, and bring some of the same concerns, is the growing technology behind smart grids and smart meters. The so-called smart meter lets consumers see how much power is being used in their homes on an hourly basis. These meters are connected to the smart grid, which allows power companies to adjust prices based on demand and supply, while the added information lets consumers adjust their consumption habits. But there are privacy concerns about utility companies collecting massive amounts of data about their customers and their habits. Similar to hacking a home automation system, if hackers obtained data from a smart meter they could potentially gather personal information as well, determine things like when the house is empty, or even run up fake charges shut down the power.
In May of 2014, the White House released a report called “Big Data: Seizing Opportunities, Preserving Values” which recognized the dangers of all this data being collected, and the need to protect privacy. Currently, the major federal legislation regarding smart grids is the Energy Independence and Security Act of 2007, which created various committees and councils to establish standards and protocols for upgrading to smart grids. Several states have passed their own laws to encourage smart grid development, including California, Maryland, and Illinois.
While smart meters have been touted as a way for consumers to save money on energy bills while helping the energy system as a whole run more efficiently, the two way communication the smart meters permit, the health risks they present, and the lack of demonstrated savings or efficiency increases for many who are using them, have some commentators speculating that smart meters are more trouble than they’re worth. On top of this there are no laws against keeping the government or utilities companies away from personal data obtained through these devices (not that laws would stop them from doing so anyway), and thus no protection for citizens. Home Hacks.
Since they’re inherently controlled by the utilities, smart meters seem highly unlikely to be a secure solution for the average homeowner. Your best bet to get the most out of a smart home and both understand and reduce your energy costs is to stay away from smart meters altogether, and use a home automation system to help control your energy usage – just make sure that it’s a system that you can harden against outside intrusion.
NSA Spy Program A federal judge ruled in favor of the National Security Agency NSA Spy Program in a key surveillance case on Tuesday, dismissing a challenge which claimed the government’s spying operations were groundless and unconstitutional.
Filed in 2008 by the Electronic Frontier Foundation, the lawsuit, Jewel v. NSA, aimed to end the agency’s unwarranted surveillance of U.S. citizens, which the consumer advocacy group said violated the 4th Amendment.
The lawsuit also implicated AT&T in the operations, alleging that the phone company “routed copies of Internet traffic to a secret room in San Francisco controlled by the NSA.” That charge was based off of a 2006 document leak by former AT&T technician and whistleblower Mark Klein, who disclosed a collection program between the company and the NSA that sent AT&T user metadata to the intelligence agency.
US District Judge Jeffrey White on Tuesday denied a partial summary judgment motion to the EFF and granted a cross-motion to the government, dismissing the case without a trial. In his order, White said the plaintiff, Carolyn Jewel, an AT&T customer, was unable to prove she was being targeted for surveillance—and that if she could, “any possible defenses would require impermissible disclosure of state secret information.” NSA Spy Program
Offering his interpretation of the decision, EFF senior staff attorney David Greene explained in a blog post:
Agreeing with the government, the court found that the plaintiffs lacked “standing” to challenge the constitutionality of the program because they could not prove that the surveillance occurred as plaintiffs’ alleged. Despite the judge’s finding that he could not adjudicate the standing issue without “risking exceptionally grave damage to national security,” he expressed frustration that he could not fully explain his analysis and reasoning because of the state secrets issue.
The EFF later Tweeted:
NSA Internet surveillance is so secret, the court refused to even consider whether it’s constitutional.
Calling the ruling “frustrating,” Greene said the EFF “disagree[s] with the court’s decision and it will not be the last word on the constitutionality of the government’s mass surveillance of the communications of ordinary Americans.”Jewel v. NSA is the EFF’s longest-running case. Despite the decision, the EFF said it would not back down from its pursuit of justice and was careful to note that the ruling did not mean that the NSA’s operations were legal.
“Judge White’s ruling does not end our case. The judge’s ruling only concerned Upstream Internet surveillance, not the telephone records collection nor other mass surveillance processes that are also at issue in Jewel,” said Kurt Opsahl, deputy legal council at EFF. “We will continue to fight to end NSA mass surveillance.”
The issue is similar to the 2013 Supreme Court decision in Clapper v. Amnesty International, which found that plaintiffs who had reason to believe they were being spied on could not provide substantial proof of surveillance, and thus could not bring their case. NSA Spy Program
Jewel v. NSA stems from the EFF’s 2006 case, Hepting v. AT&T, which was dismissed in 2009 after Congress, including then-Senator Barack Obama, voted to give telecommunications companies immunity from such lawsuits.
“It would be a travesty of justice if our clients are denied their day in court over the ‘secrecy’ of a program that has been front-page news for nearly a decade,” Opsahl added.
How to identify CIA The operations of secret intelligence agencies aiming at the manipulation of public opinion generally involve a combination of cynical deception with the pathetic gullibility of the targeted populations. There is ample reason to believe that the case of Edward Joseph Snowden fits into this pattern. We are likely dealing here with a limited hangout operation, in which carefully selected and falsified documents and other materials are deliberately revealed by an insider who pretends to be a fugitive rebelling against the excesses of some oppressive or dangerous government agency. But the revelations turn out to have been prepared with a view to shaping the public consciousness in a way which is advantageous to the intelligence agency involved. At the same time, gullible young people can be duped into supporting a personality cult of the leaker, more commonly referred to as a “whistleblower.”
A further variation on the theme can be the attempt of the sponsoring intelligence agency to introduce their chosen conduit, now posing as a defector, into the intelligence apparatus of a targeted foreign government. In this case, the leaker or whistleblower attains the status of a triple agent. Any attempt to educate public opinion about the dynamics of limited hangout operations inevitably collides with the residue left in the minds of millions by recent successful examples of this technique. It will be hard for many to understand Snowden, precisely because they will insist on seeing him as the latest courageous example in a line of development which includes Daniel Ellsberg and Julian Assange, both still viewed by large swaths of naïve opinion as authentic challengers of oppressive government. This is because the landmark limited hangout operation at the beginning of the current post-Cold War era was that of Daniel Ellsberg and the Pentagon papers, which laid the groundwork for the CIA’s Watergate attack on the Nixon administration, and more broadly, on the office of the presidency itself. More recently, we have had the case of Assange and Wikileaks.
Using these two cases primarily, we can develop a simple typology of the limited hangout operation which can be of significant value to those striving to avoid the role of useful idiots amidst the current cascade of whistleblowers and limited hangout artists. In this analysis, we should also recall that limited hangouts have been around for a very long time. In 1620 Fra Paolo Sarpi, the dominant figure of the Venetian intelligence establishment of his time, advised the Venetian senate that the best way to defeat anti-Venetian propaganda was indirectly. He recommended the method of saying something good about a person or institution while pretending to say something bad. An example might be criticizing a bloody dictator for beating his dog – the real dimensions of his crimes are thus totally underplayed.
Limited hangout artists are instant media darlings
The most obvious characteristic of the limited hangout operative is that he or she immediately becomes the darling of the controlled corporate media. In the case of Daniel Ellsberg, his doctored set of Pentagon papers were published by the New York Times, the Washington Post, the Boston Globe, and eventually by a consortium totaling seventeen corporate newspapers. These press organs successfully argued the case for publication all the way to the United States Supreme Court, where they prevailed against the Nixon administration. Needless to say, surviving critics of the Warren Commission, and more recent veterans of the 9/11 truth movement, and know very well that this is emphatically not the treatment reserved for messengers whose revelations are genuinely unwelcome to the Wall Street centered US ruling class. These latter are more likely to be slandered, vilified and dragged through the mud, or, even more likely, passed over in complete silence and blacked out. In extreme cases, they can be kidnapped, renditioned or liquidated.
Cass Sunstein present at the creation of Wikileaks
As for Assange and Wikileaks, the autumn 2010 document dump was farmed out in advance to five of the most prestigious press organs in the world, including the New York Times, the London Guardian, El Pais of Madrid, Der Spiegel of Hamburg, and Le Monde of Paris. This was the Assange media cartel, made up of papers previously specialized in discrediting 9/11 critics and doubters. But even before the document dumps had begun, Wikileaks had received a preemptive endorsement from none other than the notorious totalitarian Cass Sunstein, later an official of the Obama White House, and today married to Samantha Power, the author of the military coup that overthrew Mubarak and currently Obama’s pick for US ambassador to the United Nations. Sunstein is infamous for his thesis that government agencies should conduct covert operations using pseudo-independent agents of influence for the “cognitive infiltration of extremist groups” – meaning of those who reject in the establishment view of history and reality.Sunstein’s article entitled “Brave New WikiWorld” was published in the Washington Post of February 24, 2007, and touted the capabilities of Wikileaks for the destabilization of China.
Perhaps the point of Ed Snowden’s presence in Hong Kong is to begin re-targeting these capabilities back towards the original anti-Chinese plan. Snowden has already become a media celebrity of the first magnitude. His career was launched by the US left liberal Glenn Greenwald, now writing for the London Guardian, which expresses the viewpoints of the left wing of the British intelligence community. Thus, the current scandal is very much Made in England, and may benefit from inputs from the British GCHQ of Cheltenham, the Siamese twin of the NSA at Fort Meade, Maryland. During the days of his media debut, it was not uncommon to see a controlled press organ like CNN dedicating one third of every broadcast hour of air time to the birth, life, and miracles of Ed Snowden.
Another suspicious and tell-tale endorsement for Snowden comes from the former State Department public diplomacy asset Norman Solomon. Interviewed on RT, Solomon warmly embraced the Snowden Project and assured his viewers that the NSA material dished up by the Hong Kong defector used reliable and authentic. Solomon was notorious ten years ago as a determined enemy of 9/11 truth, acting as a border guard in favor of the Bush administration/neocon theory of terrorism.
Limited hangouts contain little that is new
Another important feature of the limited hangout operation if that the revelations often contain nothing new, but rather repackage old wine in new bottles. In the case of Ellsberg’s Pentagon Papers, very little was revealed which was not already well known to a reader of Le Monde or the dispatches of Agence France Presse. Only those whose understanding of world affairs had been filtered through the Associated Press, CBS News, the New York Times, and the Washington Post found any of Ellsberg’s material a surprise. Of course, there was method in Ellsberg’s madness. The Pentagon papers allegedly derived from an internal review of the decision-making processes leading to the Vietnam War, conducted after 1967-68 under the supervision of Morton Halperin and Leslie Gelb. Ellsberg, then a young RAND Corporation analyst and militant warmonger, was associated with this work.
Upon examination, we find that the Pentagon papers tend to cover up such CIA crimes as the mass murder mandated under Operation Phoenix, and the massive CIA drug running associated with the proprietary airline Air America. Rather, when atrocities are in question, the US Army generally receives the blame. Politicians in general, and President John F. Kennedy in particular, are portrayed in a sinister light – one might say demonized. No insights whatever into the Kennedy assassination are offered. This was a smelly concoction, and it was not altogether excluded that the radicalized elements of the Vietnam era might have carried the day in denouncing the entire package as a rather obvious fabrication. But a clique around Noam Chomsky and Howard Zinn loudly intervened to praise the quality of the exposé and to lionize Ellsberg personally as a new culture hero for the Silent Generation. From that moment on, the careers of Chomsky and Zinn soared. Pentagon papers skeptics, like the satirical comedian Mort Sahl, a supporter of the Jim Garrison investigation in New Orleans and a critic of the Warren Commission, faced the marginalization of their careers.
Notice also that the careers of Morton Halperin and Leslie Gelb positively thrived after they entrusted the Pentagon papers to Ellsberg, who revealed them. Ellsberg was put on trial in 1973, but all charges were dismissed after several months because of prosecutorial misconduct. Assange lived like a lord for many months in the palatial country house of an admirer in the East of England, and is now holed up in the Ecuadorian Embassy in London. He spent about 10 days in jail in December 2010.Assange first won credibility for Wikileaks with some chum in the form of a shocking film showing a massacre perpetrated by US forces in Iraq with the aid of drones. The massacre itself and the number of victims were already well known, so Assange was adding only the graphic emotional impact of witnessing the atrocity firsthand.
Limited hangouts reveal nothing about big issues like JFK, 9/11
Over the past century, there are certain large-scale covert operations which cast a long historical shadow, determining to some extent the framework in which subsequent events occur. These include the Sarajevo assassinations of 1914, the assassination of Rasputin in late 1916, Mussolini’s 1922 march on Rome, Hitler’s seizure of power in 1933, the assassination of French Foreign Minister Barthou in 1934, the assassination of President Franklin D. Roosevelt in 1945, in 1963 Kennedy assassination, and 9/11. A common feature of the limited hangout operations is that they offer almost no insights into these landmark events. In the Pentagon Papers, the Kennedy assassination is virtually a nonexistent event about which we learn nothing. As already noted, the principal supporters of Ellsberg were figures like Chomsky, whose hostility to JFK and profound disinterest in critiques of the Warren Commission were well-known.
As for Assange, he rejects any further clarification of 9/11. In July 2010, Assange told Matthew Bell of the Belfast Telegraph: “I’m constantly annoyed that people are distracted by false conspiracies such as 9/11, when all around we provide evidence of real conspiracies, for war or mass financial fraud.” This is on top of Cass Sunstein’s demand for active covert measures to suppress and disrupt inquiries into operations like 9/11. Snowden’s key backers Glenn Greenwald and Norman Solomon have both compiled impressive records of evasion on 9/11 truth, with Greenwald specializing in the blowback theory.
The Damascus road conversions of limited hangout figures
Daniel Ellsberg started his career as a nuclear strategist of the Dr. Strangelove type working for the RAND Corporation. He worked in the Pentagon as an aide to US Secretary of Defense Robert McNamara. He then went to Vietnam, where he served as a State Department civilian assistant to CIA General Edward Lansdale. In 1967, he was back at RAND to begin the preparation of what would come to be known as the Pentagon papers. Ellsberg has claimed that his Damascus Road conversion from warmonger to peace angel occurred when he heard a speech from a prison-bound draft resister at Haverford College in August 1969. After a mental breakdown, Ellsberg began taking his classified documents to the office of Senator Edward Kennedy and ultimately to the New York Times. Persons who believe this fantastic story may be suffering from terminal gullibility.
In the case of Assange, it is harder to identify such a moment of conversion. Assange spent his childhood in the coils of MK Ultra, a complex of Anglo-American covert operations designed to investigate and implement mind control through the use of psychopharmaca and other means. Assange was a denizen of the Ann Hamilton-Byrne cult, in which little children that were subjected to aversive therapy involving LSD and other heavy-duty drugs. Assange spent his formative years as a wandering nomad with his mother incognito because of her involvement in a custody dispute. The deracinated Assange lived in 50 different towns and attended 37 different schools. By the age of 16, the young nihilist was active as a computer hacker using the screen name “Mendax,” meaning quite simply “The Liar.” (Assange’s clone Snowden uses the more marketable codename of “Verax,” the truth teller.) Some of Assange’s first targets were Nortel and US Air Force offices in the Pentagon. Assange’s chief mentor became John Young of Cryptome, who in 2007 denounced Wikileaks as a CIA front.
Snowden’s story, as widely reported, goes like this: he dropped out of high school and also dropped out of a community college, but reportedly was nevertheless later able to command a salary of between $120,000 and $200,000 per year; he claims this is because he is a computer wizard. He enlisted in the US Army in May 2004, and allegedly hoped to join the special forces and contribute to the fight for freedom in Iraq. He then worked as a low-level security guard for the National Security Agency, and then went on to computer security at the CIA, including a posting under diplomatic cover in Switzerland. He moved on to work as a private contractor for the NSA at a US military base in Japan. His last official job was for the NSA at the Kunia Regional SIGINT Operations Center in Hawaii. In May 2013, he is alleged to have been granted medical leave from the NSA in Hawaii to get treatment for epilepsy. He fled to Hong Kong, and made his revelations with the help of Greenwald and a documentary filmmaker Laura Poitras. Snowden voted for the nominally anti-war, ultra-austerity “libertarian” presidential candidate Ron Paul, and gave several hundred dollars to Paul’s campaign.
Snowden, like Ellsberg, thus started off as a warmonger but later became more concerned with the excesses of the Leviathan state. Like Assange, he was psychologically predisposed to the world of computers and cybernetics. The Damascus Road shift from militarist to civil libertarian remains unexplained and highly suspicious. Snowden is also remarkable for the precision of his timing. His first revelations, open secrets though they were, came on June 5, precisely today when the rebel fortress of Qusayr was liberated by the Syrian army and Hezbollah. At this point, the British and French governments were screaming at Obama that it was high time to attack Syria. The appearance of Snowden’s somewhat faded material in the London Guardian was the trigger for a firestorm of criticism against the Obama regime by the feckless US left liberals, who were thus unwittingly greasing the skids for a US slide into a general war in the Middle East.
More recently, Snowden came forward with allegations that the US and the British had eavesdropped on participants in the meeting of the G-20 nations held in Britain four years ago. This obviously put Obama on the defensive just as Cameron and Hollande were twisting his arm to start the Syrian adventure. By attacking the British GCHQ at Cheltenham, Britain’s equivalent to the NSA, perhaps Snowden was also seeking to obfuscate the obvious British sponsorship of his revelations. Stories about Anglo Americans spying on high profile guests are as old as the hills, and have included a British frogman who attempted an underwater investigation of the Soviet cruiser that brought party leader N. S. Khrushchev for a visit in the 1950s. Snowden has also accused the NSA of hacking targets in China — again, surely no surprise to experienced observers, but guaranteed to increase Sino-American tensions. As time passes, Snowden may emerge as more and more of a provocateur between Washington and Beijing.
Limited hangouts prepare large covert operations
Although, as we have seen, limited hangouts rarely illuminate the landmark covert operations which attempt to define an age, limited hangouts themselves do represent the preparation for future covert operations. In the case of the Pentagon papers, this and other leaks during the Indo-Pakistani Tilt crisis were cited by Henry Kissinger in his demand that President Richard Nixon take countermeasures to restore the integrity of state secrets. Nixon foolishly authorized the creation of a White House anti-leak operation known as the Plumbers. The intelligence community made sure that the Plumbers operation was staffed by their own provocateurs, people who never were loyal to Nixon but rather took their orders from Langley. Here we find the already infamous CIA agent Howard Hunt, the CIA communications expert James McCord, and the FBI operative G. Gordon Liddy. These provocateurs took special pains to get arrested during an otherwise pointless break-in at the headquarters of the Democratic National Committee in the summer of 1972. Nixon could easily have disavowed the Plumbers and thrown this gaggle of agent provocateurs to the wolves, but he instead launched a cover up. Bob Woodward of the Washington Post, equipped with a top secret security clearance from the Office of Naval Intelligence, then began publicizing the story. The rest is history, and the lasting heritage has been a permanent weakening of the office of the presidency and the strengthening of the worst oligarchical tendencies.
Assange’s Wikileaks document dump triggered numerous destabilizations and coups d’état across the globe. Not one US, British, or Israeli covert operation or politician was seriously damaged by this material. The list of those impacted instead bears a striking resemblance to the CIA enemies’ list: the largest group of targets were Arab leaders slated for immediate ouster in the wave of “Arab Spring.” Here we find Ben Ali of Tunisia, Qaddafi of Libya, Mubarak of Egypt, Saleh of Yemen, and Assad of Syria. The US wanted to replace Maliki with Allawi as prime minister of Iraq, so the former was targeted, as was the increasingly independent Karzai of Afghanistan.
Perennial targets of the CIA included Rodriguez Kirchner of Argentina, Berlusconi of Italy, and Putin of Russia. Berlusconi soon fell victim to a coup organized through the European Central Bank, while his friend Putin was able to stave off a feeble attempt at color revolution in early 2012. Mildly satiric jabs at figures like Merkel of Germany and Sarkozy of France were included primarily as camouflage. Assange thus had a hand in preparing one of the largest destabilization campaigns mounted by Anglo-American intelligence since 1968, or perhaps even 1848. If the Snowden operation can help coerce the vacillating and reluctant Obama to attack Syria, our new autistic hero may claim credit for starting a general war in the Middle East, and perhaps even more. If Snowden can further poison relations between United States and China, the world historical significance of his provocations will be doubly assured. But none of this can occur unless he finds vast legions of eager dupes ready to fall for his act. We hope he won’t.
Barrett Brown is an American journalist, essayist and satirist. He is often referred to as an unofficial spokesperson for the hacktivist collective Anonymous, a label he disputes. He is credited with the creation of Project PM, a research outfit and information collective determined to expose agents of the corporate military spying apparatus. Brown’s large vocabulary and quick wit often make his thoughts a joy to read.
The seven guys with whom I recently spent two months living in a small room at the Kaufman County Jail while awaiting transfer were in the distressing habit of compulsively watching local TV news, which is the lowest form of news. They would even watch more than one network’s evening news program in succession, presumably so as to get differing perspectives on the day’s suburban house fires and rush-hour lane closings rather than having to view these events through a single ideological prism.
One day, there was a report about a spate of bank robberies by a fellow the media was dubbing the Lunch Money Bandit after his habit of always striking around noon, when tellers were breaking for lunch. Later that week, there was another report on the suspect, accompanied by surveillance footage — and then, shortly afterward, he was actually brought in to our cell, having just been captured when the cops received a tip from a former accomplice who’d been picked up on unrelated charges.
Lunch Money was an affable twentysomething guy from New Orleans who’d lost his two front teeth fighting off a couple of assailants who’d tried to rob his family’s motel room after Katrina and had already done four years in federal prison for other bank robberies. He would have gladly taken a real job if he’d been able to find one, he said. Still, he conceded, “I just love robbing banks.” I couldn’t imagine what there is to love about such a career; this isn’t the old days when a bank robbery entailed brandishing a Tommy gun, dynamiting a safe, and tearing off in a stolen Model T roadster with your hard-drinking flapper girlfriend and a dozen cloth sacks adorned with dollar sign symbols. These guys today just sort of walk up to the teller and hand over a note to the effect that they have a gun (which they don’t — going armed carries a more serious charge, and there’s no point in bringing a gun to a bank that’s federally insured, even in Texas).
Drug dealers find bank robbers to be fascinating eccentrics and tend to pepper them with questions. One cocaine entrepreneur asked Lunch Money, “What if, like, when you handed her the note, the bitch just laughed in your face?”
“Man, that’d be fucked up,” he replied thoughtfully, visibly shaken by this potential revolution in human affairs.
One night, as we all lay in our bunks discussing the wicked world, Lunch Money proclaimed that Magic Johnson had never actually had HIV and that the whole thing had merely been a plot by the CIA, which had paid him handsomely to fake it so that he could later pretend to “recover” and the U.S. medical establishment could take credit for having developed such effective HIV treatments. As evidence, he noted that Johnson was inexplicably worth over a billion dollars. I debated with him about this for an hour. I’m not too bothered by my five-year prison sentence, as it will be neat to get out when it’s over and see to what extent video game graphics have improved while I was away, but I sure would like to get back the hour I spent arguing about Magic Johnson’s HIV status with the fucking Lunch Money Bandit.
***
The other day I was woken up at 4:30 am, escorted to a small, bare room, strip-searched, put in handcuffs and leg shackles, had a heavy chain wrapped around my midsection, and placed in the back of a dark and cage-lined van that looked like something from one of those Saw movies. But this was good news. It meant that, having recently gotten my ludicrous sentence, I’d now been “designated.” A crack team of specially trained federal prison picker-outers had chosen a facility for me. I was now to begin the multi-stage pilgrimage to the particular compound where I’ll be spending the next one to two years, depending on whether I get into any further trouble (so, two years).
For the majority of federal defendants, this Prisoner’s Progress, as I’m pleased to call it, entails “catching chain,” or being put on the weekly prison bus and taken to the federal inmate processing facility in Oklahoma, where the federal government has been sending its victims since the Trail of Tears. They’ll spend a week or so there before being shipped in turn to their designated prison. Prisons being far more humane than the amusingly horrid little detention centers where most inmates facing charges are kept until they inevitably give in and plea to a crime, this journey is viewed with fond anticipation by federal prisoners, who thus constitute the only population in human history among which it is common to be excited about the prospect of going to Oklahoma.
As for me, I’d rather rip off my own balls and mail them to Stratfor as restitution than set foot in a third-rate state like Oklahoma, regardless of what wonders may lie at the end of that particular rainbow, so it’s a fine thing that I was just going down the road to the Fort Worth Federal Correctional Institution, which will be my home for the next, er, two years. I know little of Fort Worth other than that it’s a lawless haven for half-caste Indian fighters and shiftless part-time cowhands looking to blow their greenbacks and Comanche scalps at one of the town’s countless Chinese-run opium dens, nor am I bothered by the possibility that what little I do know about the town may be 130 years out of date and racist. But I specifically requested that I be sent to this benighted city’s federal prison. For one thing, I’d already “toured the campus,” as it were, shortly after my arrest, when I spent two months at FCI Fort Worth’s jail unit so that the resident psychologists could subject me to a competency evaluation. (Based on their report, Judge Sam Lindsay declared me competent to participate in a trial, which is more than I can say for Judge Sam Lindsay.)
Fort Worth is also the only federal prison aside from FCI Seagoville that’s located near Dallas, and I’m pretty sure I’m still banned from that one, as noted in a prior column, and naturally I want to be close to my parents so that they can visit me with some regularity. My mom, a writer and editor and former flight attendant and South Texas beauty queen who once took me on a vacation to see a swimming pig at a place called Aquarena Springs, is a valuable fountainhead of media gossip, including which outlets are currently going down in flames (The New Republic, as it turns out), and always makes sure to let me know whether and to what extent my haircut is inadequate. Sometimes, if I happen to have a pimple, she insists on popping it right then and there in the visiting room, right in front of the other criminals. Note that I am 33 years old and, arguably, a hardened convict.
Likewise, my dad is my chief source of information regarding plot developments in what I gather to be a popular television program called The Blacklist, new episodes of which he details to me at great length at every opportunity, although I have never asked him for these reports or expressed any interest in the show whatsoever. Incidentally, when I was a kid, he took me on five different occasions to see a film called Hard Target in which the protagonist, ably portrayed by Jean Claude van Damme, finds himself hunted for sport by a wealthy fellow and his mercenary squad of professional trackers, all of whom he ends up killing in turn. My dad also gave me a promotional poster for this movie and, for years afterward, would turn to me and solemnly proclaim the film’s tagline, “Don’t hunt what you can’t kill,” which I suppose is as good advice as any.
Last time he came for a visit, he began to relate to me, apropos of nothing, the nature and potential killing power of some sort of subterranean supervolcano located at Yellowstone and the general circumstances under which it will someday explode and kill a great majority of North Americans, an event which he prophesied with obvious relish. It’s not that he’s one of those ecological mystics who despise humanity and long to see Mother Earth fight back against the ravages of industrial sentience or some such irritating thing. Quite the contrary. In my younger days, he would often drag me around East Texas and command me to assassinate deer and wild boars with rifles he would supply for the purpose, even though I had no ideological differences with any of these animals, and one time, when I was 17, he took me to East Africa to help him exploit the resident natural resources alongside a group of ex-military adventurers with whom we had somehow managed to attach ourselves (this expedition failed rather spectacularly), and lately he seems to have gotten involved in fracking. So he’s certainly no partisan of Nature. It’s just that he’s fond of power in its rawest forms, and if he smiles at the prospect of 400 million deaths, it is only because he feels that man is insufficiently reverent of this particular supervolcano, this god-made-manifest, which therefore has no choice but to lash out against us as punishment. He’s also a longtime pillar of the Dallas Safari Club and on at least one occasion of which I am aware was literally almost eaten by a lion. I could go on and on. Thankfully my parents are divorced, and so I usually only have to deal with these hyperactive Southern Gothic archetypes one at a time these days. Occasionally, though, they set aside their differences in order to come harass me together, and I eventually emerge from the visitation room looking haunted.
I wasn’t taken straight to Fort Worth from Kaufman County, as that would be too quick and easy and cost effective, the prison being less than a half-hour’s drive away; rather, I was taken to the federal courthouse in downtown Dallas to wait for another ride to the Mansfield jail, where I’d already spent much of 2013, and from which I’d eventually be taken to Fort Worth next time a U.S. Marshal happened to be going in that general direction. At the end of the day’s no doubt majestic federal court proceedings, I was placed back in the chew-your-arm-off-and-only-then-shall-I-give-you-the-key van for the ride over to Mansfield. In the rusty cage next to mine were two girls, shackled like I was, who had been to court that afternoon. One had been crying; she’d just been sentenced to eight years for conspiracy to distribute marijuana despite having originally been given reason to expect considerably less time, as she’d cooperated with the FBI. The agents had clearly found her testimony helpful, as they’d met with her a second time, but nonetheless they’d neglected to ask the judge for the sentence reduction they’d promised her in exchange. Like most drug dealers, this girl was in the habit of making and keeping bargains on the strength of her word and expected others to do likewise, but then she’d never dealt with the FBI before.
Just as she finished sobbing out her story, something rather incredible happened: the U.S. Marshal who was driving us back to the jail, having been listening to this account, apparently decided that he was sick of serving as another cog in a fascist system that literally places females in chains and ruins their lives over consensual non-crimes like selling marijuana, because he pulled over, stepped out of the van, came around the back, unlocked the girl’s cage, removed her chains and leg irons and handcuffs, gave her all the cash he had on him, kissed her on the forehead, and advised her to hitchhike to Mexico and then catch a flight to Europe, where she’d have another chance at life, far away from the all-seeing state that had sought to deprive her of her youth and freedom.
Just kidding. Actually he drove us to the jail while the girl cried in her cage.
***
Quote of the Day:
“Truth does not often escape from palaces.” —William Durant
***
Editor’s note: Barrett Brown has been incarcerated since September 2012. Go here to read earlier installments of “The Barrett Brown Review of Arts and Letters and Jail.” If you’d like to send him a book, here’s his Amazon wish list.
Barrett Brown #45047-177 FCI Fort Worth P.O. Box 15330 Fort Worth, TX 76119
Edward Joseph “Ed” Snowden is an American computer professional who leaked classified information from the National Security Agency, starting in June 2013.Edward Joseph “Ed” Snowden is an American computer professional who leaked classified information from the National Security Agency, starting in June 2013.Edward Joseph “Ed” Snowden is an American computer professional who leaked classified information from the National Security Agency, starting in June 2013.Edward Joseph “Ed” Snowden is an American computer professional who leaked classified information from the National Security Agency, starting in June 2013.Edward Joseph “Ed” Snowden is an American computer professional who leaked classified information from the National Security Agency, starting in June 2013.
Edward Joseph “Ed” Snowden is an American computer professional who leaked classified information from the National Security Agency, starting in June 2013.Edward Joseph “Ed” Snowden is an American computer professional who leaked classified information from the National Security Agency, starting in June 2013.Edward Joseph “Ed” Snowden is an American computer professional who leaked classified information from the National Security Agency, starting in June 2013.Edward Joseph “Ed” Snowden is an American computer professional who leaked classified information from the National Security Agency, starting in June 2013.Edward Joseph “Ed” Snowden is an American computer professional who leaked classified information from the National Security Agency, starting in June 2013.
William Binney William Edward Binney is a former highly placed intelligence official with the United States National Security Agency turned whistleblower who resigned on October 31, 2001, after more than 30 years with the agency. We need more truthers like this guy. Without people coming forward we wil never have the kind of freedom of information that our founding fathers fought so hard for. Remember America is only as good as those who are willing to speak the truth.William Edward Binney is a former highly placed intelligence official with the United States National Security Agency turned whistleblower who resigned on October 31, 2001, after more than 30 years with the agency. We need more truthers like this guy. Without people coming forward we wil never have the kind of freedom of information that our founding fathers fought so hard for. Remember America is only as good as those who are willing to speak the truth.William Edward Binney is a former highly placed intelligence official with the United States National Security Agency turned whistleblower who resigned on October 31, 2001, after more than 30 years with the agency. We need more truthers like this guy. Without people coming forward we wil never have the kind of freedom of information that our founding fathers fought so hard for. Remember America is only as good as those who are willing to speak the truth.William Binney William Edward Binney is a former highly placed intelligence official with the United States National Security Agency turned whistleblower who resigned on October 31, 2001, after more than 30 years with the agency. We need more truthers like this guy. Without people coming forward we wil never have the kind of freedom of information that our founding fathers fought so hard for. Remember America is only as good as those who are willing to speak the truth.William Edward Binney is a former highly placed intelligence official with the United States National Security Agency turned whistleblower who resigned on October 31, 2001, after more than 30 years with the agency. We need more truthers like this guy. Without people coming forward we wil never have the kind of freedom of information that our founding fathers fought so hard for. Remember America is only as good as those who are willing to speak the truth.William Edward Binney is a former highly placed intelligence official with the United States National Security Agency turned whistleblower who resigned on October 31, 2001, after more than 30 years with the agency. We need more truthers like this guy. Without people coming forward we wil never have the kind of freedom of information that our founding fathers fought so hard for. Remember America is only as good as those who are willing to speak the truth.
Thomas Drake is a former senior executive of the U.S. National Security Agency, a decorated United States Air Force and United States Navy veteran, and a whistleblower.is a former senior executive of the U.S. National Security Agency, a decorated United States Air Force and United States Navy veteran, and a whistleblower.is a former senior executive of the U.S. National Security Agency, a decorated United States Air Force and United States Navy veteran, and a whistleblower.is a former senior executive of the U.S. National Security Agency, a decorated United States Air Force and United States Navy veteran, and a whistleblower.
Thomas Andrews Drake is a former senior executive of the U.S. National Security Agency, a decorated United States Air Force and United States Navy veteran, and a whistleblower.is a former senior executive of the U.S. National Security Agency, a decorated United States Air Force and United States Navy veteran, and a whistleblower.is a former senior executive of the U.S. National Security Agency, a decorated United States Air Force and United States Navy veteran, and a whistleblower.is a former senior executive of the U.S. National Security Agency, a decorated United States Air Force and United States Navy veteran, and a whistleblower.
The FBI began COINTELPRO—short for Counterintelligence Program—in 1956 to disrupt the activities of the Communist Party of the United States. In the 1960s, it was expanded to include a number of other domestic groups, such as the Ku Klux Klan, the Socialist Workers Party, and the Black Panther Party. All COINTELPRO operations were ended in 1971. Although limited in scope (about two-tenths of one percent of the FBI’s workload over a 15-year period), COINTELPRO was later rightfully criticized by Congress and the American people for abridging first amendment rights and for other reasons.
I have been observing the hacker and hacktivist communities, at times very
closely, for many years. The exact definition of “hacker” and “hacktivist”
varies from author to author, so I shall make my interpretation of these words
very clear. Let us define a “hacker” as someone who utilizes their knowledge of
computers and of computer networks to make money via illegitimate means. Let us
define a “hacktivist” as someone who utilizes their knowledge of computers and
of computer networks to do justice when justice is not done by the state. I
have found that these two communities are inextricably linked, yet remain
completely separate entities. Many hackers double as hacktivists in their spare
time, although most hacktivists do not fancy themselves hackers.
Although hackers turned hacktivists have the very best of intentions, and their
input and expertise is of great value to the hacktivist community, they have
inadvertently suppressed the potential of the very community they are trying to
aid. The get-in-get-the-goods-get-out methodology of the stolen credit card
driven hacker community that has been transfered to the hacktivist community
via ideological osmosis has tragically affixed blinders to it. It has caused
the hacktivist community to think linearly and strive to do nothing more than
to blindly infiltrate target organizations and immediately leak whatever data
they happen to stumble across. This must change. Stealing and leaking data
makes a point, but it is sometimes necessary to do more than just make a point,
to inflict real, measurable damage. In certain, extreme cases an organization’s
disregard for human rights warrants its immediate and complete obliteration.
In this essay, I will discuss a multitude of ideological, operational, and
technical changes that ought to be made to the hacktivist community. These
proposed changes have been derived from my personal observations. Some will
find the ideas contained within this document to be the product of common
sense. I have found these people to be few in number. If the community accepts
my suggestions it will not only become more effective, but the risks associated
with participating in it will be drastically lowered. My intent in writing this
is not to aid criminals, but rather to aid people who wish to do battle with
governments and corporations that have become criminals. If freedom is to
remain on this earth, its people must be willing and able to take arms to
defend it, both physical and digital.
Personal Security
Sound operational security is the foundation from which all effective
cyber-offensives are launched. You should, at all times, put your own, personal
security above the success of your operations and interests. The security
precautions taken by most hacktivists I have met are mediocre at best, and
needlessly so. Maintaining sound personal security is by no means difficult. It
requires much caution but very little skill. I have devised a series of
security precautions that hactivists should take and divided them up into six
main categories: environmental, hardware, software, mental, pattern related,
and archaeological. We shall examine each individually.
(1) Environmental:
There are but two places you can work: at home or in public. Some people insist
that working at home is best and others insist that working in public is best.
The proper working environment debate has been raging on in the hacker
community for quite some time now, and has great relevance to the hacktivist
community, as most governments view hackers and hacktivists as one in the same.
Proponents of the “work in public” argument claim that by always working at a
different public location, you significantly lower your chances of being
apprehended. They argue that even if the authorities are able to trace many of
the cyber-attacks you took part in back to the public places where you took
part in them from, that does not bring them any closer to finding you. Most
retail stores and coffee shops do not keep surveillance footage for more than a
year at the most, and even if the authorities are able to get a photo of you
from some security camera, that does not necessarily lead them directly to your
front door, especially if you wore a hoody the entire time you where working
and the camera never got a clear shot of your face. On the other hand,
proponents of the “work at home” argument argue that the risk of being seen and
reported, or merely recorded while working in a public place far outweighs the
benefits of the significantly large increase in anonymity that working in
public provides. Both sides have legitimate points, and I urge you to consider
both of them.
If you decide to work in public, the number one threat you face is other
people. Numerous large criminal investigations have been solved using the
observations of average everyday citizens who just happened to remember seeing
something suspicious. If people sense that you are trying to hide something,
they will watch you more closely than they would otherwise. It is important to
always “keep your cool” as the old saying goes. Always try to sit in such a way
that your screen is facing away from the majority of the people in the room you
are sitting in. Corners are your friend. Try to blend in with the crowd. Dress
in plain cloths. Draw no attention. If you are in a coffee shop, sip some
coffee while you work. If you are in a burger joint, buy a burger. If you are
in a library or book store, set a few books beside your laptop. Also, be very
aware of security cameras, both inside the establishment you are working in as
well as on the street near it. Being captured on film is alright as long as the
camera can not see what is on your screen. Some store cameras are watched by
actual people who will undoubtedly report you if they find out what you are
doing. More and more governments are starting to place very high quality CCTV
cameras on their streets to monitor their citizens, and these devices can be a
problem if they are peering over your shoulder through a window you are sitting
beside. When working in public, it is possible that you may have to confront a
law enforcement officer face to face. Law enforcement officers can smell
uneasiness from a mile away, and if you look like you are up to no good it is
possible that a cop will come and talk to you. Always have some sort of cover
story made up before you leave home to explain why you are where you are. If
you are forced to confront a law enforcement officer you should be able to talk
your way out of the situation.
If you decide to work at home, the number one threat you face is your own ego.
Just because you are at home does not mean that your working environment is
secure. Be aware of windows in close proximity to your computer as well as your
security-illiterate or gossipy family members. Security issues in relation to
network configuration begin to come into play when you work at home. If your
computer were to somehow get compromised while you are working at home,
perhaps by your government, it would be nearly impossible for the person or
group of people rummaging around inside of your system to get your actual IP
address (provided that you adhere to the software security guidelines that we
will discuss later). However, if your wi-fi password (or the name of your
printer, or the name of another computer on the network) contains your actual
last name and part of your address, tracking you down becomes very easy. A lot
of people name their network devices and structure their network passwords in
this way.
It is also possible that if an attacker that has infiltrated your computer
notices other machines on your network they can pivot to them (infect them with
malware using your computer as a spring board of sorts) and use them to get
your IP address. A lot of Internet enabled household devices have cameras on
them (your smart TV, your Xbox, and your high tech baby monitor to name a few)
and said cameras can potentially be leveraged against you. It is in your best
interest to not have any other machines running on your home network while you
are working. Also, change your wi-fi password every once in awhile and make
sure that the password on the administrative interface of your router is
something other than the out-of-the-box default. If your computer gets
compromised, logging into your router using username “admin” and password
“admin” is elementary for a moderately skilled attacker. Most modern routers
list their WAN IP address on their control panels.
Regardless of where you decide to work, be aware of mirrors and glass picture
frames near your workplace. In the right light, both of these items have the
potential to reflect crystal clear images of your screen to onlookers across
the room. In addition to this, understand that modern cell phones are your
worst enemy. Not only are they always going to be the weakest link in your
security setup, but if they are somehow compromised they are equipped with a
camera and microphone. Recent studies suggest that it is possible for smart
phones to listen to the high pitched noise your CPU makes and deduce your PGP
private key. Furthermore, the metadata collected by your phone coupled with
pattern analysis techniques could potentially allow your government to link
your real life and online personas together after some time. We will discuss
this in depth later. Leave your phones at home and if possible keep all phones,
yours or otherwise, far away from your computer. Other portable devices such as
iPods and tablets potentially pose the same risk that phones do and should be
treated the same.
(2) Hardware:
Modern computers come equipped with microphones, speakers (which can be used as
microphones under the right circumstances), and cameras. All of these features
can potentially be leveraged to identify you if your computer is compromised.
To mitigate these risks, these features should be physically removed. Your
computer’s microphone and speakers should be ripped out of it, but you should
not rip out your web cam, as it will alter the outward appearance of your
computer and potentially draw attention to you. Instead, open your computer’s
screen and snip the wires that connect to your web cam. Wrap the ends of the
wires in electrical tape so sparks do not jump in between them. If you must
listen to an audio file while working, use headphones. Only keep your
headphones plugged into your computer when you are using them. The computer you
use for your hacktivist activities also should not contain a hard drive, as
they are unnecessary for our purposes.
(3) Software:
Always use a TOR enabled Linux live system when working. At the present moment,
Tails (The Amnesiac Incognito Live System) is by far the best live distribution
for your purposes. You can read more about TOR at www.torproject.org and you
can read more about acquiring, setting up, and using Tails at tails.boum.org.
The Tails operating system lives on a USB flash drive. Every time you start up
your computer, you must first insert your Tails flash drive into it. The Tails
website will guide you through making said flash drive. Tails will
automatically direct all of your outgoing traffic into the TOR network in an
effort to hide your IP address. If you use Tails you will be completely
anonymous and be able to work with impunity provided that:
* You keep your Tails USB up to date. New versions of the Tails
operating system are released every few months.
* You do not login into your “real world” accounts while using Tails.
Do not check your Twitter feed while you are working.
* You do not use Tails to create an account with an alias that you have
used before. If you have been “0pwn” for the past seven years, now
is a good time to stop being 0pwn.
* You do not alter Tails’ default security settings. They are the way
they are for a reason.
* You do not use Tails to create an online account with a password that
you have used before. Doing this only makes deanonymizing you easier.
* You do not install and use random packages that “look cool”; they
could be miscellaneous. Only use packages and scripts that you trust.
Tails is not bullet proof.
* If you decide to set a sudo password when starting up Tails, make
sure that it is very strong.
* You stay conscious of metadata analysis techniques. We will discuss
these later.
* You switch exit nodes every ten to fifteen minutes. This can be done
by double clicking the little green onion in the upper right hand
corner of your Tails desktop and hitting the “Use a New Identity”
button.
* You follow the communication guidelines laid out later in this
document.
More information can be found on the Tails warning page: https://tails.boum.org/
doc/about/warning/index.en.html. Be aware that it is very easy for your ISP
(which is probably working closely with your government) to tell that you are
using both TOR and Tails. It is probably in your best interest to use something
called “TOR bridge mode”. You can read more about how to configure Tails to
use TOR bridges here: https://tails.boum.org/doc/first_steps/startup_options/
bridge_mode/index.en.html.
Tails is unique in that it has a special feature that wipes your computer’s
memory before it shuts down. This is done in order to mitigate risks associated
with the dreaded “cold boot attack” (a forensics method in which a suspects RAM
is ripped out of his or her computer and then thrown into a vat of liquid
nitrogen to preserve its contents for later analysis). This feature is also
triggered if you pull your Tails flash drive out of your computer while you are
working. If while you are working you ever feel that the authorities are about
to move in on you, even if you have a seemingly irrational gut feeling, yank
your Tails flash drive out of your computer. Tails also has a feature that
allows it to disguises itself as a Windows desktop. Using this feature in
public will reduce your risk of capture significantly.
(4) Mental:
A skilled attacker is well disciplined and knows that he must keep his actions
and skills a secret in order to remain safe from harm. Do not flaunt the fact
that you are dissatisfied with your government, a foreign government, or a
particular corporation. Do not attend protests. Do not publicly advertise the
fact that you have an above average aptitude for computer security offensive or
otherwise. And whatever you do, do not tell anyone, even someone you think you
can trust, that you are planning to launch an organized cyber-attack on any
organization, big or small. If you draw attention to yourself no amount of
security precautions will keep you safe. Keep your “real” life mentally
isolated from your “hacktivist” life. One lapse in operational security could
end you.
Be alert and focused. Remain mentally strong. Come to terms with the illegality
of your actions and what will happen to you if you are apprehended. As a wise
man once said, “A warrior considers himself already dead, so there is nothing
to lose. The worst has already happened to him, therefore he’s clear and calm;
judging him by his acts or by his words, one would never suspect that he has
witnessed everything.” It is perfectly acceptable to be paranoid, but do not
let that paranoia consume you and slow your work. Even if you are extremely
cautious and follow this document’s advice to the letter, you still may be
hunted down and incarcerated, tortured, or killed. Some countries do not take
kindly to hacktivists. It is best that you be honest with yourself from the
beginning. In order to operate effectively you must be able to think clearly
and see the world as it actually is.
(5) Pattern Related:
When your online persona is active your real life persona ceases to exist, and
an observant adversary can use this to their advantage. If your ISP, bank, and
mobile phone provider are “cooperating” with your government and allowing them
to browse through all of their records (a fair assumption in this day and age)
then, eventually, they will be able to deduce your real identity by comparing
everyone’s data to information about your online persona. If the government
looks backs on all of the records they have collected in the past year and
notice that you never make a credit card purchase, watch Netflix, go on your
Facebook, Google, or Twitter account, or change your physical location while
1337Hax0r64 is online on some anti-government forum on the deep web, they will
assume that you are 1337Hax0r64. Even information about your home network’s
bandwidth usage can give away your real identity.
Luckily, performing the type of metadata analysis attack described above takes
time, usually many months. It is very important that you change aliases often,
preferably every three or four months. Shed your old names like a snake sheds
its skin. When you do change your online name, make sure your new identity
can not be tied back to your old one.
DO NOT not launch cyber-attacks from your own computer. Launch attacks only
from hacked servers, servers purchased with washed bitcoins, or free shell
accounts. Certain types of cyber-attacks produce a large amount of traffic over
a short amount of time. If the bandwidth usage of your home network spikes at
the same instant that a government or corporate server is attacked, the time it
takes to deanonymize you is reduced significantly. This is especially true if
you launch multiple attacks on multiple occasions. Launching attacks in this
way can be mentally exhausting. Configuring a new attack server with your tool
set every time your old attack server is banned (an inevitable occurrence) can
be a tedious task indeed. I personally recommend creating a bash script to
automatically install your favorite tools to make this transition process
easier. Most hackers and offensive security professionals use under thirty
non-standard tools to do their job, so configuring a new server with everything
you need should not take very long if you know what you are doing. Consider
equipping your server with TOR and a VNC server (for tools that require GUIs
such as most popular intercepting proxies) as well.
(6) Archaeological:
You must insure that there is no forensics evidence of your actions, digital or
otherwise. If the government breaks into your house and rummages through your
things, they should find nothing interesting. Make sure that you never make any
physical notes pertaining to your hacktivist activities. Never keep any
computer files pertaining to your hacktivist activities in your home. Keep all
of your compromising files, notes, scripts, and unusual attack tools (the ones
that can not be installed with apt-get or the like), and stolen information in
the cloud. It is recommended that you keep all of your files backed up on
multiple free cloud storage providers so that in the event that one of the
providers bans your account you still have all of your data. Do not name your
cloud accounts in such a way that they can be connected back to your online
persona. Never, under any circumstances, mention the names or locations of your
cloud accounts to the people you work with. Always hit the “Use New Identity”
button on your TOR control panel after accessing your cloud storage solutions.
Every time you shed your old alias, shed your old cloud accounts.
Security of Communications
The majority of hacktivists I have met communicate via public IRC. Using IRC is
fine for meeting other hacktivists, but as soon as you muster a team of other
hacktivists who wish to attack the same target as you, move to another more
secure form of communication. Some means of communication are more secure than
others, but completely secure communication does not exist. The following
guidelines are meant to work in conjunction with the personal security
guidelines that where discussed in the previous section. If proper personal
security measures are implemented effectively, compromised communication will
result in operational failure at worst and not complete deanonymization. Since
operational failure may very well set you and your cause back several months,
it is in your best interest to attempt to communicate securely:
* Remember that any of the people you meet on the clearnet, deep web,
or public IRC channels who claim to be on your side could actually
be government agents trying to sabotage your operations.
* If possible, communicate mainly via privacy friendly email accounts
(not Gmail, Yahoo, AT&T, etc.) and encrypt all of your messages with
PGP. When a cyber-attack is being carried out it is often necessary
to be able to communicate with your accomplices instantaneously.
Since encrypting, sending, receiving, and decrypting messages by hand
takes time, using PGP in time sensitive situations like this is not
feasible. If you have to confer in an IM environment, use a program
like TorChat that uses its own form of asymmetric encryption to send
and receive messages instantly.
* Use strong passwords for all of your online accounts. The best way to
make a strong password is to pick eight or nine random words and
string them together. Passwords like this are easy to remember but
hard to guess.
* Never give away any personal information (such as country, interests,
hobbies, health, etc.) or give insight into your feelings or
emotions. Your fellow hacktivists are not your friends and should
never be talked to as such. Giving away this sort of information will
make tracking you easier.
* When you receive messages, do not retain them, even if they are
encrypted. Read them, make note of any hard to remember details
(like long server passwords for example), and then delete them.
Having a mile long digital paper trail can not lead to anything good.
In some cases deleted messages on email serves can be recovered via
computer forensics, but deleting messages quickly may reduce the odds
that they can be.
* When typing messages, do so in a word processor on your computer.
Never write your message inside of a communication program (such as
an online email client, forum PM box, etc.). People have been known
to accidentally send unencrypted messages before. The effects of such
an error can be devastating.
* If you find yourself writing large swaths of text intended for public
release (like essays or manifestos) use a tool like Anonymouth to
obscure your writing style. Your writing style is as unique as a
finger print and can be used to identify you.
* Never, under any circumstances, execute a file on your computer or on
your server that has been given to you by a fellow hacktivist. You
should never run into a situation where doing this is necessary.
* Do not disclose information about your involvement in previous
hacktivist operations to people who where not also part of the same
operation.
* If one of the people that you are working with gets captured, assume
that the people who have captured them know everything that they do.
Philosophy of Attacking
The hacktivist community, like every community, has its own unique set of
philosophical musings, taboos, and dogmas. While I do not advocate the severe
alteration of the principles and philosophies on which the community was built,
I do wish to point out a number of flaws in certain aspects of their
composition. These flaws serve only to hold back the community and should be
openly discussed.
(1) When hacktivists target an organization, their goal is more often than not
to force said organization to stop functioning permanently, or at least for the
longest time possible, in an effort to stall unjust actions from being carried
out or to seek retribution for unjust actions done in the past. Leaking
databases, DoXing influential individuals, defacing websites, and launching
massive DDoS campaigns, four of the modern hacktivist community’s favorite
activities, accomplish this goal – to an extent. Infiltrating a target
organization and sowing discord within its ranks is magnitudes more effective
than leaking credit card numbers or putting a CEO’s social security number on
Pastebin, yet it is rarely, if ever, considered to be a viable course of
action. Subtly and silently fostering suspicion and distrust inside of your
target will have a longer lasting impact than simply pointing out that its
security policy has some weak points.
(2) Hacktivists crave publicity, yet they are the most effective when they
operate undetected. Stay hidden. Although it may seem tempting at times, do not
destroy large amounts of information on your target’s computers or servers.
Doing so will announce your arrival inside of your target’s network rather
loudly. Flashy, public displays of power have no place in the hacktivist
community. Just because you are hiding behind TOR does not mean that you should
not make an effort to cover your tracks. Conceal your attack not to mask your
identity, but to convince your target that no attack was carried out in the
first place.
(3) Once your hacktivist collective has decided to attack an organization,
strike fast and strike hard. Overwhelm your target. A well disciplined and well
organized team of attackers can penetrate most networks within a few hours.
Far too often I have seen hacktivist collectives declare all out war on someone
and then attack them slowly and gain entry into their network days, sometimes
even weeks later. By attacking slowly, you give your target time to react and
strengthen their defenses. Detecting an attack from a large hacktivist
collective is a trivial task, but as history has shown detecting the presence
of one inside of a network, especially a large network, can be tricky.
(4) Cyber-attacks seldom go as planned. If you are attempting to do anything
that involves the coordination of more than two people, keep this in mind. It
is not uncommon for tools to stop working in the middle of an attack. It is not
uncommon for reverse shells to die unexpectedly. It is not uncommon for
seemingly simple actions to take hours to perform. You must be ready to think
on your feet and quickly adjust your attack plan to accommodate the ever
changing conditions within the network you are attacking. Predefined
contingency plans are mostly useless.
(5) Remember that no system is impenetrable. On more than one occasion I have
seen hacktivists give up on trying to infiltrate a target network because their
Nessus scan did not yield any useful results. As a hacktivist, you are not
bound by the typical constraints of a pentester. If you can not successfully
attack a website, try attacking its hosting provider. Try attacking the
administrator’s email account. Try going after random social accounts belonging
to the administrator’s family. Try planting iframes in websites you suspect the
administrator frequents in an effort to infect him. If you cause extensive
collateral damage, who cares? It is not your problem. Sometimes the ends
justify the means. Be creative.
(6) Many hacktivists possess unrealistic, self-constructed mental images of the
ideal cyber-attack. In the majority of these movie-induced delusions, the ideal
attack utilizes numerous 0days, an arsenal of home made tools, and highly
advanced, unimaginably complex network intrusion techniques. In reality, this
type of thinking is incredibly dangerous and causes some hacktivists to attempt
to perform convoluted, elaborate attacks to gain the respect of their peers.
When breaking into highly secured networks, such attacks only draw unnecessary
attention. The best attacks are the ones that work. They are usually simple and
take little time to execute. Using sqlmap to spawn a shell on your target’s
server by exploiting a flaw in their website’s search feature is a viable if
not ideal attack. It allows you to access the inside of your target’s network.
Exploiting a vulnerable FTP daemon on one of your target’s servers using public
exploit code is a viable if not ideal attack. It allows you to access the
inside of your target’s network. Using Metasploit in conjunction with a fresh
Gmail account to launch a phishing campaign against your target’s employees is
a viable if not ideal attack. It allows you to access the inside of your
target’s network. The media hates it when hacktivists use open source software
to do their work. Whenever a hacker or hacktivist is arrested for doing
something that involved using “someone else’s” tools, they are publicly
shammed. “Anyone could have done that” they say. “He’s just an unskilled script
kiddie” they say. Claiming that someone is less of a hacker solely because they
partially depend on someone else’s code borders on absurd. It amounts to
claiming that Picasso is a bad artist because he did not carve his own brushes,
synthesize his own paints, and weave his own canvas. Do not shy away from using
open source tools and publicly available information to accomplish your goals.
Hacking is an art, and nmap is your brush.
Organization and Formation
Most of the hacker and hacktivist groups I have observed are unorganized and
undisciplined. They claim to perform actions as a collective, yet when it comes
time to actually launch an attack they attempt to infiltrate their targets as
individuals, each member launching attacks of their own without making the
faintest attempt to coordinate their actions with others. Here I shall describe
a schema that could be easily adopted by any hacktivist collective to allow it
to facilitate highly coordinated attacks involving large numbers of attackers
with great ease. It will be presented as a series of steps.
Step One: Organize yourselves into multiple small groups. These groups shall be
referred to as strike teams. The ideal strike team is composed of three parts
attack specialists, two parts social engineering specialists. Attack
specialists should at least be able to identify and competently exploit
potential vulnerabilities in websites and be able to exploit vulnerable or
misconfigured services. Social engineering specialists should have at least
some real world experience before participating in a strike team. Attack
specialists should only concern themselves with launching attacks and social
engineering specialists should only concern themselves with social engineering.
Well-defined roles are the key to a strike team’s success. This configuration
will often create an abundance of social engineering specialists, and that is
perfectly acceptable. Having the capability to immediately launch multiple well
planned social engineering campaigns is crucial. The size of a strike team
will be determined by the skill of its members. Highly skilled individuals
should work in very small strike teams (five member teams are acceptable)
whereas unskilled individuals should work in larger strike teams (up to a few
dozen). The organization of strike teams should be coordinated as a collective.
No one person should be given the authority to sort people themselves. Strike
teams should function as “sub collectives” and be autonomous. Hacktivist
collectives are composed of people around the world, most of whom can not be
online all the time. This means that all strike teams should set themselves up
knowing that their members will pop on and offline and that it is possible new
members will have to be annexed at a later time.
Step Two: Within each strike team, agree upon a stratagem; a broad, realistic,
nonspecific plan of action that aims to accomplishes one, very specific goal.
Strike teams should only execute one stratagem at a time. Multiple strike teams
within the same hacktivist collective can execute different stratagems at the
same time in an effort to accomplish some sort of final goal (perhaps to
destabilize an organization or to acquire trade secrets). The next section of
this essay is devoted solely to exploring the concept of stratagems and how to
best form and use them. Strike teams should be allowed to do what they want,
but their initial stratagem should be approved by the collective so that no two
strike teams attempt to do the same thing at the same time.
Step Three: As a strike team, map your target’s attack surface. If multiple
strike teams are all attacking the same network, they should share information
very closely in this step. It is very possible that multiple strike teams
working together to accomplish the same goal could actually be attacking
different networks, in which case mapping should be done within individual
strike teams. Each member of a given strike team should attempt to map the
target network themselves, and then members should compare information. It is
very unlikely that anything will be overlooked by every single member of the
team.
Step Four: Divide your target network up into manageable chunks and assign
certain individuals within your team to each one of those chunks. Efficient
devision of labor is key to launching speedy attacks. Here is an example
involving a network composed of four servers (two SQL servers, a DNS server,
and a web server hosting a feature rich corporate site) and a strike team
composed of six attack specialists and four social engineering specialists:
* Have one attack specialist attack the SQL and DNS servers.
* Have one attack specialist attack the website’s multistage user
registration mechanism and login mechanism.
* Have one attack specialist attack the contact and session management
mechanism.
* Have one attack specialist attack any forms not assigned to other
attack specialists as well as any other potentially exploitable
scripts, pages, or mechanisms.
* Have one attack specialist and two social engineering specialists
attempt to launch some sort of phishing champaign against the
company’s employees.
* Have one attack specialist and two social engineering specialists
attempt to convince the company’s hosting provider that they are the
rightful owners of the company’s four servers and have been locked
out of their email account.
Step Five: Drill yourselves. This step is optional but highly recommended.
Procure a server with a large amount of RAM and multiple processors. Have one
member of your strike team set up a virtual network on it that, to the best of
your knowledge, mimics the network you are planning to attack. This one team
member should not participate in the drills themselves, and they should not
give other team members details pertaining to the virtual network. If you are
planning on attacking a large cooperation, set up the virtual network like a
large cooperate network with a labyrinth of firewalls, routers, switches, and
domain controllers. If you are planning on attacking a small cooperation or
home business, set up your network accordingly. You should never have to
visualize more than 12 workstations, even if your team is doing a complex
pivoting exercise. As a group, attempt to break into your virtual network and
execute your stratagem. The virtual network should be deliberately
misconfigured so that there is a way for your team to infiltrate it and
accomplish their simulated goal, but the misconfigurations should be extremely
subtle. The team should have to work very hard to find them. Run multiple
drills. After each drill, the misconfigurations in the network, and potentially
the layout of the network itself, should be altered to force your team to
attack it in a different way or to exercise a different skill. The purpose of
these drills are two fold. Firstly, they allow your team members to get
accustomed to working together. Secondly, they will prepare your team for the
day when they actually go up against your real target network.
Step Six: Execute your stratagem on your target network. Your strike team
should attack methodically and silently. Every member should know what they
need to do and how they need to do it. No mistakes should be made. Every tool
you use should be well honed and function flawlessly. Not a second should be
wasted. Use time to your advantage. Your target organization will be the most
unprepared for an attack in the middle of the night when all of its IT staff
are at home sound asleep. If your stratagem calls for being embedded in your
target network for a long period of time, tread very lightly once you
infiltrate it.
Interlocking Stratagems in Theory
In this section I will give multiple examples of stratagems that an actual
strike team could make use of. You should combine multiple stratagems to
accomplish your ultimate goal. Individual stratagems are like pieces of a
jigsaw puzzle, and are intended to be pieced together. A strike team should
execute multiple stratagems in succession, possibly in cooperation with other
strike teams in an effort to accomplish a common goal. This section is not
intended to be a play book. I encourage you to build off of my stratagems or,
better yet, devise your own. Some stratagems are:
(1) Collect information on individuals within the target organization. Mount a
phishing campaign against the organization and gain access to as many
workstations as possible. Once you have breached its network, do not pivot.
Attempt to locate any useful information on the workstations you have
compromised, and then remain in the network for as long as possible doing
nothing more than idly gathering intelligence.
(2) Take complete or partial control over the target organization’s main means
of communication (usually email). Review a few of their messages and learn how
they are structured and formatted. Then, send a number of blatantly false
messages to one or more members of the organization using the credentials of
another member of the organization. Multiple false messages should be sent over
some period of time. When members of the organization begin to receive false
messages from their colleagues, distrust will begin to take root.
(3) Take complete or partial control over the target organization’s main means
of communication (usually email). Review a few of their messages and learn how
they are structured and formatted. Then, devise some way to intercept and
inspect or modify messages in transit within the target organization
(essentially, perform a man in the middle attack). Every once in awhile, alter
a message in a subtle but disruptive way. Perhaps change a date or a time so
certain individuals do not arrive at their meetings on time or do not arrive at
all. Once you have reason to believe that your modifications have taken their
toll (i.e. the person you targeted missed their meeting), undo the changes you
made to the message you intercepted so upon audit it appears as though the
message was never tampered with. Doing this is usually hard to detect and will
slowly cause the target organization to destabilize itself as tensions between
individuals within it begin to rise and their employees begin to question their
own sanity.
(4) Take complete or partial control over the target organization’s main means
of communication (usually email). Review a few of their messages and learn how
they are structured and formatted. Use the credentials of a high ranking
individual within the target organization to distribute a message that appears
to be from them that claims a terrible tragedy has occurred that warrants an
immediate, brash, resource intensive response from the rest of the
organization. You will most likely not be able to pull this off more than once.
This stratagem works especially well against militant groups with poorly
defined command structures but has other applications as well.
(5) Once inside of the target organization’s network, acquire a small amount of
classified data intended for the eyes of high ranking personnel only.
Strategically plant the data on the computer of one or more lower ranking
individuals. Make it look like an espionage attempt. If many key individuals
within the target organization are accused of trying to siphon out its secrets,
it will be forced to suspend a large portion of its operations while an
investigation is done.
(6) Use a DDoS attack to disrupt the target organization’s communications for a
short period of time when they are most in need of it. For a corporation, this
could be during an important international Skype call. For a government, this
could be immediately following a devastating attack from an insurgency group.
Doing this will cause panic, which will make the target organization
temporarily more susceptible to other kinds of attacks.
(7) Pose as a legitimate company selling legitimate software and befriend the
target organization. Create a piece of software with a very hard to detect
security flaw in it and sell it to them. The flaw could be as simple as a
poorly implemented encryption library or as complex as an insecure multistage
parsing algorithm. It must be incredibly subtle. So subtle that if it is
detected you will be able to write it off as unintentional. It should be
plausibly deniable. Once the target organization installs the vulnerable
software on their machines, leverage it to perform targeted attacks on key
individuals within it. Do not use it to infect entire subnets, as that will
draw to much attention.
(8) Locate a small software provider your target organization already does
business with and infiltrate their network by using other stratagems. Modify
their source code slightly so that their software becomes vulnerable to remote
attack. Do not modify just any code you come across, study the software
provider’s development process and target code that has already been checked
for bugs and is days away from being released to customers. When the target
organization installs the latest version of software from the company that you
have infiltrated, they will become vulnerable. Leverage this vulnerability to
perform targeted attacks on key individuals within the target organization. Do
not use it to infect entire subnets, as that will draw to much attention.
(9) Locate a small software provider your target organization already does
business with and infiltrate their network by using other stratagems. Most
software companies offer rewards to security researchers who find
vulnerabilities in their products. Determine how reported vulnerabilities are
managed by the company you have infiltrated and devise a way to monitor them
in real time. As soon as a security researcher reports a major vulnerability
in a product your target organization uses, use it to perform targeted attacks
on key individuals within it. Do not use it to infect entire subnets, as that
will draw to much attention.
(10) Using other stratagems, infiltrate the computers of a number of influential
individuals within the target organization. Monitor their activity constantly
and closely. If possible, listen to them through their computer’s microphone.
When you believe that one of them has left their computer, undo things they
have just done. Delete the last sentence they wrote. Hit the back button on
their web browser. Close the program they just opened. Over time, this will
lead them to question their sanity.
(11) Using other stratagems, infiltrate the computers of a number of influential
individuals within the target organization. Most modern governments and
corporations are at least partially corrupt. Find evidence of this corruption
and use it to compel one or more of these influential individuals to aid your
cause. If you are unable to find any evidence of corruption, do not be afraid
to bluff. If you make a mysterious window pop up on, say, a CFO’s computer that
alludes to some sort of dirty secret, it is very possible that the CFO will
assume that the hacker who caused the widow to appear knows something about
them that they actually do not. A lot of powerful people have skeletons in the
closet. The media has instilled a fear of hackers into the general populace,
and this fear can be used to your advantage. Most normal people, upon being
confronted by a hacker that has gained complete control of their computer, will
be inclined to believe plausible sounding white lies. Having an “inside man”
within your target organization can be extremely useful.
Interlocking Stratagems in Practice
In this section I shell present an example of a plausible situation that could
warrant the involvement of hacktivists and a corresponding attack loosely built
upon the stratagems from the last section. I have tried to make the situation
realistic, but it is very likely that if you use my writing to plan and execute
your own attack it will play out nothing like the attack depicted below. Most
actual attacks are far more complex than the one presented here. The purpose
of this example is to demonstrate the way in which multiple strike teams should
work together. Notice how at all times each team has one or more specific
goals.
Situation: A hacktivist collective has decided to attack the terrorist
organization Bina Al-ar-mal after they captured and executed a tourist in
Syria. Bina Al-ar-mal is believed to consist of over 40,000 people, has
hundreds of public Twitter feeds and Facebook accounts, and runs a small
terrorist news site hosted on a Russian server. It has three known leaders, who
we shall refer to as Head Terrorist 1, Head Terrorist 2, and Head Terrorist 3.
Twenty-seven hacktivists have joined the effort. They have been split into
three teams: team 1 consists of five of the most highly skilled hacktivists,
team 2 consists of seven moderately skilled hacktivists, and team 3 consists of
fifteen amateur hacktivists.
Time Line:
(Day 1, Hour 1) Team 1 is initially tasked by the collective with infiltrating
as many terrorist Twitter and Facebook accounts as possible. The team starts
enumerating the accounts immediately. They decide that no drill will be
executed, as breaking into Facebook and Twitter accounts is a trivial task.
(Day 1, Hour 1) Team 2 is initially tasked by the collective with infiltrating
the web hosting provider hosting the terrorist group’s website. They begin
reconnaissance.
(Day 1, Hour 1) Team 3 is initially tasked by the collective with attacking
Bina Al-ar-mal’s website directly. They begin to map the website.
(Day 1, Hour 2) Team 1 finishes enumerating the terrorist Facebook and Twitter
accounts. They begin attempting to break into them.
(Day 1, Hour 2) Team 3 finishes mapping Bina Al-ar-mal’s website and begins to
attack.
(Day 1, Hour 3) Team 1 has breached a few terrorist Facebook and Twitter
accounts. After examining their contents they determine that the terrorists
are using SpookyMail email service to communicate off of social media. A few
terrorist email accounts are identified and the team begins to try to break
into those as well.
(Day 1, Hour 3) Team 3 gains read/write access to a limited portion of the
server Bina Al-ar-mal’s website is hosted on. The other teams are alerted.
They set up a simple php based IP logger script to capture the IP addresses of
Bina Al-ar-mal members attempting to check their organization’s news feed.
(Day 1, Hour 6) Team 2’s reconnaissance ends. They have located the web hosting
provider and gathered information on said provider’s website and servers. They
begin attacking them.
(Day 1, Hour 7) Team 1 breaches their first few terrorist email accounts.
(Day 1, Hour 9) Team 2 locates a vulnerability in the the terrorist’s web
hosting provider’s website. They are not able to fully compromise any of their
servers, but they are able to get a list of customer names, domain names, and
billing addresses by exploiting a flaw in the website’s shopping cart feature.
Upon inspecting the list, they discover that the person paying Bina Al-ar-mal’s
hosting bill has a British billing address. The other teams are alerted and
Scotland Yard is notified of the terrorist threat immediately.
(Day 1, Hour 23) Team 1 is able to get Head Terrorist 1’s email address off of
the “contact” pane of one of the hacked terrorist email accounts. They make
ready for a spear phishing attack against him, but decide to wait some time to
launch it, as it is currently the middle of the night where Head Terrorist 1 is
believed to be.
(Day 2, Hour 3) Team 3 has gathered over seven thousand IP addresses of people
viewing Bina Al-ar-mal’s news feed and tries to attack them all using known
router vulnerabilities. When all is said and done they have infected
thirty-seven routers and forty-six workstations. They determine that
thirty-four of these work stations belong to active members of Bina Al-ar-mal.
They observe these workstations passively, hoping to gather information. The
other two teams are briefed on their success.
(Day 2, Hour 8) Team 1 launched a spear phishing attack against Head Terrorist
1 using the hacked email account of another terrorist.
(Day 2, Hour 9) Team 1’s spear phishing attack against Head Terrorist 1 is a
success. They now have full control over his Windows XP laptop and inform the
other two teams of their success. After searching the laptop’s hard drive and
downloading a half gigabyte of confidential documents and IM logs, the team
decides to plant a PDF of the Christian Bible on it along with some real
looking fake papers from the CIA. After gleaning Head Terrorist 2’s and Head
Terrorist 3’s email addresses from the stolen IM logs, the team sends them both
emails from the hacked email account of a lower level terrorist claiming that
Head Terrorist 1 is dirty.
(Day 2, Hour 9) Team 3 decides to take the sensitive information stolen from
Head Terrorist 1’s computer stolen by Team 1 along with other fake CIA
documents and place it on all thirty-four of the terrorist workstations they
control. They use a hacked email account belonging to an uninvolved terrorist
to inform Head Terrorist 2 and Head Terrorist 3 that Head Terrorist 1 is a
traitor an he has at least thirty-four moles inside of their organization, all
of whom they mention by name.
(Day 2, Hour 10) Head Terrorist 1’s laptop is searched by security forces under
the control of Terrorist 2. Head Terrorist 1 is determined to be part of the
CIA and is placed into a cell to be used as leverage against the United States.
(Day 2, Hour 17) Head Terrorist 2 and Head Terrorist 3 raid all thirty-four of
the suspected moles and find the planted documents. They begin to interrogate
all thirty-four of them in order to find out how deep the CIA has penetrated
their organization. None of them know anything but most of them make up real
sounding false information to make the interrogations end.
(Day 3, Hour 3) Team 1 determines that most remaining Facebook and Twitter
accounts can not be breached. Several team members leave and a few stick around
to try and finish off the remaining accounts.
(Day 6, Hour 17) Scotland Yard arrests the person allegedly paying for Bina
Al-ar-mal’s web hosting. It is later determined that the person is actually
part of a London-based Bina Al-ar-mal cell.
(Day 6, hour 20) Team 2 destroys Bina Al-ar-mal’s web site after catching word
of the Scotland Yard raid.
End Result: One of three head terrorists is being held by their own
organization as a traitor and thirty-four unrelated terrorists are being held
by their own organization and brutally interrogated about actions they did not
commit. One terrorist is in the custody of the Scotland Yard, and a British
terror cell has been exposed. Bina Al-ar-mal’s entire communication network is
compromised (but they do not know that yet), and their website has been taken
offline permanently. All members of Bina Al-ar-mal are now becoming
increasingly suspicious of their fellow members and the hacktivist collective
is now in a position to launch further attacks on Bina Al-ar-mal (using the
compromised email and social media accounts) at a later time. This has all been
accomplished in under a week.
________________________________________________________________________________
Disclaimer: All information provided in this document is for educational
purposes only. The ideas presented here are solely academic and should never be
acted upon or put into practice. The author of this document will not be held
responsible in the event any criminal or civil charges be brought against any
individuals misusing the information in this document to break the law.
Encryption has gained the attention of actors on both sides of the mass surveillance debate. For example in a speech at the Brookings Institution FBI Director James Comey complained that strong encryption was causing U.S. security services to “go dark.” Comey described encrypted data as follows:
“It’s the equivalent of a closet that can’t be opened, a safe deposit box that can’t be opened, a safe that can’t ever be cracked.”
Got that? Comey essentially says that encryption is a sure bet. Likewise during an interview with James Bamford whistleblower Ed Snowden confidently announced that:
“We have the means and we have the technology to end mass surveillance without any legislative action at all, without any policy changes… By basically adopting changes like making encryption a universal standard—where all communications are encrypted bydefault—we can end mass surveillance not just in the United States but around the world.”
If you glanced over the above excerpts and took them at face value you’d probably come away thinking that all you needed to protect your civil liberties is the latest encryption widget. Right? Wow, let me get my check book out! PagingMr. Omidyar…
Not so fast bucko. There’s an important caveat, some fine print that Ed himself spelled out when he initially contacted film director Laura Poitras. In particular Snowden qualified that:
“If the device you store the private key and enter your passphrase on has been hacked, it is trivial to decrypt our communications.”
This corollary underscores the reality that, despite the high profile sales pitchthat’s being repeated endlessly, strong encryption alone isn’t enough. Hi-techsubversion is a trump card as the Heartbleed bug graphically illustrated. In light of the NSA’s mass subversion programsit would be naïve to think that there aren’t other critical bugs like Heartbleed, subtle intentional flaws, out in the wild being leveraged by spies.
The FBI’s Tell
James Comey’s performance at Brookings was an impressive public relations stunt. Yet recent history is chock full of instances where the FBI employed malware like Magic Lantern and CIPAV to foil encryption and identify people usingencryption-based anonymity software like Tor. If it’s expedient the FBI will go so far as to impersonate a media outletto fool suspects into infecting their own machines. It would seem that crooks aren’t the only attackers who wield social engineering techniques.
In fact the FBI has gotten so adept at hacking computers, utilizing what are referred to internally as Network Investigative Techniques, that the FBI wants to change the law to reflect this. The Guardian reportson how the FBI is asking the U.S. Advisory Committee on Rules and Criminal Procedure to move the legal goal posts, so to speak:
“The amendment [proposed by the FBI] inserts a clause that would allow a judge to issue warrants to gain ‘remote access’ to computers ‘located within or outside that district’ (emphasis added) in cases in which the ‘district where the media or information is located has been concealed through technological means’. The expanded powers to stray across district boundaries would apply to any criminal investigation, not just to terrorist cases as at present.”
In other words the FBI wants to be able to hack into a computer when its exact location is shrouded by anonymity software. Once they compromise the targeted machine it’s pretty straightforward to install a software implant (i.e. malware) and exfiltrate whatever user data they want, including encryption passwords.
If encryption is really the impediment that director Comey makes it out to be then why is the FBI so keen to amend the rules in a manner which implies that they can sidestep it? In the parlance of poker this is a “tell.”
Denouncement
As a developer who has built malicious softwaredesigned to undermine security tools I can attest that there is a whole burgeoning industrywhich prays on naïve illusions of security. Companies like Hacking Teamhave found a lucrative niche offering products to the highest bidder that compromise security and… a drumroll please… defeat encryption.
There’s a moral to this story. Cryptome’s own curmudgeon, John Young, prudently observes:
“Protections of promises of encryption, proxy use, Tor-likeanonymity and ‘military- grade’ comsec technology are magic acts –ELINT, SIGINT and COMINT always prevail over comsec. The most widely trusted and promoted systems are the most likely to be penetrated, exploited, spied upon, successfully attacked, covertly compromised with faults hidden by promoters, operators, competitors, compromisers and attackers all of whom warn against the others while mutually benefiting from continuous alarms about security and privacy.”
When someone promises you turnkey anonymity and failsafe protection from spies, make like that guy on The Walking Dead and reach for your crossbow. Mass surveillance is a vivid expression of raw power and control. Hence what ails society is fundamentally a political problemwith economic and technical facets, such that safeguarding civil liberties on the Internet will take a lot more than just the right app.
Bill Blunden is an independent investigator whose current areas of inquiry include information security, anti-forensics, and institutional analysis. He is the author of several books, including The Rootkit Arsenal and Behold a Pale Farce: Cyberwar, Threat Inflation, and the Malware-Industrial Complex. Bill is the lead investigator at Below Gotham Labs.
When we first learned about NSA metadata collection, we wondered how readily the biggest tech companies acquiesced to the government. Today we start to find out. This is the story of how Yahoo was coerced into PRISM, as told by court documents cited by the Washington Post today.
According to the documents, corroborated by a blog post made public today by Yahoo—the U.S. government first approached the company in 2007 asking for user metadata. The request was unprecedented: The U.S. government was no longer interested in obtaining a court review before requesting metadata on an individual target. The order simply asked for data on targets located outside of the U.S. at the time, be they foreign or U.S. citizens.
Yahoo challenged the government requests several times, citing the limits of the U.S. Constitution, but was denied in the Foreign Intelligence Court of Review, the “secret courts” that oversee surveillance requests regarding national security. The repeated denials, plus the threat of losing $250,000 a day, forced Yahoo to comply with the NSA’s PRISM program.
For its part, the U.S. government used Yahoo as an example to coerce other American tech giants, sharing the rulings against Yahoo with companies like Google, Facebook, and Apple.
This information comes to light today, as roughly 1,500 pages of documents pertaining to Yahoo’s failed legal battle were released by Federal Judge William C. Bryson, who presides over the Foreign Intelligence Surveillance Court of Review. Yahoo requested the unsealing of the documents, and the company’s Ron Bell says in this blog post that Yahoo is working to make these never-before-released documents available on Tumblr.
Now that the courts are unsealing documents surrounding PRISM and other national surveillance programs, it’s possible that we’ll hear about other tech companies and whether they resisted the NSA’s requests for sweeping data dumps. Judging by what we’ve learned today, Yahoo tried to stick up for its users’ privacy—until it couldn’t afford to. [The Washington Post]
Max Maverick breaks down everything we know, don’t know, and should be asking about this mainstream media ‘circus’ that has become of the Snowden NSA Leak Disclosure.
Bruce SchneierThe NSA: Capabilities and Countermeasures
Speaker: Bruce Schneier
Edward Snowden has given us an unprecedented window into the NSA’s surveillance activities. Drawing from both the Snowden documents and revelations from previous whistleblowers, I will describe the sorts of surveillance the NSA does and how it does it. The emphasis is on the technical capabilities of the NSA, not the politics of their actions. This includes how it conducts Internet surveillance on the backbone, but is primarily focused on their offensive capabilities: packet injection attacks from the Internet backbone, exploits against endpoint computers and implants to exfiltrate information, fingerprinting computers through cookies and other means, and so on.
I will then talk about what sorts of countermeasures are likely to frustrate the NSA. Basically, these are techniques to raise the cost of wholesale surveillance in favor of targeted surveillance: encryption, target hardening, dispersal, and so on.
Statistically speaking, Americans should be more fearful of the local cops than “terrorists.”
Though Americans commonly believe law enforcement’s role in society is to protect them and ensure peace and stability within the community, the sad reality is that police departments are often more focused on enforcing laws, making arrests and issuing citations. As a result of this as well as an increase in militarized policing techniques, Americans are eight times more likely to be killed by a police officer than by a terrorist, estimates a Washington’s Blog report based on official statistical data.
Though the U.S. government does not have a database collecting information about the total number of police involved shootings each year, it’s estimated that between 500 and 1,000 Americans are killed by police officers each year. Since 9/11, about 5,000 Americans have been killed by U.S. police officers, which is almost equivalent to the number of U.S. soldiers who have been killed in the line of duty in Iraq.
Because individual police departments are not required to submit information regarding the use of deadly force by its officers, some bloggers have taken it upon themselves to aggregate that data. Wikipedia also has a list of “justifiable homicides” in the U.S., which was created by documenting publicized deaths.
Mike Prysner, one of the local directors of the Los Angeles chapter for ANSWER — an advocacy group that asks the public to Act Now to Stop War and End Racism — told Mint Press Newsearlier this year that the “epidemic” of police harassment and violence is a nationwide issue.
He said groups like ANSWER are trying to hold officers accountable for abuse of power. “[Police brutality] has been an issue for a very long time,” Prysner said, explaining that in May, 13 people were killed in Southern California by police.
As Mint Press News previously reported, each year there are thousands of claims of police misconduct. According to the CATO Institute’s National Police Misconduct Reporting Project, in 2010 there were 4,861 unique reports of police misconduct involving 6,613 sworn officers and 6,826 alleged victims.
Most of those allegations of police brutality involved officers who punched or hit victims with batons, but about one-quarter of the reported cases involved firearms or stun guns.
Racist policing
A big element in the police killings, Prysner says, is racism. “A big majority of those killed are Latinos and Black people,” while the police officers are mostly White, he said. “It’s a badge of honor to shoot gang members so [the police] go out and shoot people who look like gang members,” Prysner argued, giving the example of 34-year-old Rigoberto Arceo, who was killed by police on May 11.
According to a report from the Los Angeles Times, Arceo, who was a biomedical technician at St. Francis Medical Center, was shot and killed after getting out of his sister’s van. The Los Angeles County Sheriff’s Department says Arceo “advanced on the deputy and attempted to take the deputy’s gun.” However, Arceo’s sister and 53-year-old Armando Garcia — who was barbecuing in his yard when the incident happened — say that Arceo had his hands above his head the entire time.
Prysner is not alone in his assertion that race is a major factor in officer-related violence. This past May, astudy from the the Malcolm X Grassroots Movement, an anti-racist activist organization, found that police officers, security guards or self-appointed vigilantes killed at least 313 Black people in 2012 — meaning one Black person was killed in the U.S. by law enforcement roughly every 28 hours.
Prysner said the relationship between police departments and community members needs to change and that when police shoot an unarmed person with their arms in the air over their head, the officer should be punished.
Culture of misconduct
“You cannot have a police force that is investigating and punishing itself,” Prysner said, adding that taxpayer money should be invested into the community instead of given to police to buy more guns, assault rifles and body armor.
Dissatisfied with police departments’ internal review policies, some citizens have formed volunteer police watch groups to prevent the so-called “Blue Code of Silence” effect and encourage police officers to speak out against misconduct occurring within their department.
As Mint Press News previously reported, a report released earlier this year found that of the 439 cases of police misconduct that then had been brought before the Minneapolis’s year-old misconduct review board, not one of the police officers involved has been disciplined.
Although the city of Minneapolis spent $14 million in payouts for alleged police misconduct between 2006 and 2012, despite the fact that the Minneapolis Police Department often concluded that the officers involved in those cases did nothing wrong.
Other departments have begun banning equipment such as Tasers, but those decisions were likely more about protecting the individual departments from lawsuits than ensuring that officers are not equipped with weapons that cause serious and sometimes fatal injuries when used.
To ensure officers are properly educated on how to use their weapons and are aware of police ethics, conflict resolution and varying cultures within a community, police departments have historically heldtraining programs for all officers. But due to tighter budgets and a shift in priorities, many departments have not provided the proper continuing education training programs for their officers.
Charles Ramsey, president of both the Major Cities Chiefs Association and the Police Executive Research Forum, called that a big mistake, explaining that it is essential officers are trained and prepared for high-stress situations:
“Not everybody is going to be able to make those kinds of good decisions under pressure, but I do think that the more reality-based training that we provide, the more we put people in stressful situations to make them respond and make them react.”
GI Joe replaces Carl Winslow
In order to help local police officers protect themselves while fighting the largely unsuccessful War on Drugs, the federal government passed legislation in 1994 allowing the Pentagon to donate surplus military equipment from the Cold War to local police departments. Meaning that “weaponry designed for use on a foreign battlefield has been handed over for use on American streets … against American citizens.”
So while the U.S. military fights the War on Terror abroad, local police departments are fighting another war at home with some of the same equipment as U.S. troops, and protocol that largely favors officers in such tactics as no-knock raids.
Radley Balko, author of “Rise of the Warrior Cop,” wrote in the Wall Street Journal in August:
“Since the 1960s, in response to a range of perceived threats, law-enforcement agencies across the U.S., at every level of government, have been blurring the line between police officer and soldier.
“Driven by martial rhetoric and the availability of military-style equipment—from bayonets and M-16 rifles to armored personnel carriers—American police forces have often adopted a mind-set previously reserved for the battlefield. The war on drugs and, more recently, post-9/11 antiterrorism efforts have created a new figure on the U.S. scene: the warrior cop—armed to the teeth, ready to deal harshly with targeted wrongdoers, and a growing threat to familiar American liberties.”
As Mint Press News previously reported, statistics from an FBI report released in September reveal that a person is arrested on marijuana-related charges in the U.S. every 48 seconds, on average — most were for simple possession charges.
According to the FBI’s report, there were more arrests for marijuana possession than for the violent crimes of murder and nonnegligent manslaughter, forcible rape, robbery and aggravated assault — 658,231 compared with 521,196 arrests.
While groups that advocate against police brutality recognize and believe that law enforcement officials should be protected while on duty, many say that local police officers do not need to wear body armor, Kevlar helmets and tactical equipment vests — all while carrying assault weapons.
“We want the police to keep up with the latest technology. That’s critical,” American Civil Liberties Union senior counsel Kara Dansky said. “But policing should be about protection, not combat.”
According to the National Law Enforcement Officers Memorial Fund, there are more than 900,000 sworn law enforcement officers in the United States. In 2012, 120 officers were killed in the line of duty. The deadliest day in law enforcement history was reportedly Sept. 11, 2001, when 72 officers were killed.
Despite far fewer officers dying in the line of duty compared with American citizens, police departments are not only increasing their use of protective and highly volatile gear, but are increasingly setting aside a portion of their budget to invest in new technology such as drones, night vision goggles, remote robots, surveillance cameras, license plate readers and armored vehicles that amount to unarmed tanks.
Though some officers are on board with the increased militarization and attend conferences such as the annual Urban Shield event, others have expressed concern with the direction the profession is heading.
For example, former Arizona police officer Jon W. McBride said police concerns about being “outgunned” were likely a “self-fulfilling prophecy.” He added that “if not expressly prohibited, police managers will continually push the arms race,” because “their professional literature is predominately [sic] based on the acquiring and use of newer weapons and more aggressive techniques to physically overwhelm the public. In many cases, however, this is the opposite of smart policing.”
“Coupled with the paramilitary design of the police bureaucracy itself, the police give in to what is already a serious problem in the ranks: the belief that the increasing use of power against a citizen is always justified no matter the violation. The police don’t understand that in many instances they are the cause of the escalation and bear more responsibility during an adverse outcome.
“The suspects I encountered as a former police officer and federal agent in nearly all cases granted permission for me to search their property when asked, often despite unconcealed contraband. Now, instead of making a simple request of a violator, many in law enforcement seem to take a more difficult and confrontational path, fearing personal risk. In many circumstances they inflame the citizens they are engaging, thereby needlessly putting themselves in real and increased jeopardy.”
Another former police officer who wished to remain anonymous agreed with McBride and told Balko,
“American policing really needs to return to a more traditional role of cops keeping the peace; getting out of police cars, talking to people, and not being prone to overreaction with the use of firearms, tasers, or pepper spray. … Don’t get me wrong, I’ve been in more than my share tussles and certainly appreciate the dangers of police work, but as Joseph Wambaugh famously said, the real danger is psychological, not physical.”
Release Us – a short film on police brutality by Charles Shaw
Shortly after the Snowden leaks began exposing the NSA’s massive collection efforts, the New York Times uncovered the DEA’s direct access to AT&T telecom switches (via non-government employee “analysts” working for AT&T), from which it and other law enforcement agencies were able to gather phone call and location data.
Unlike the NSA’s bulk records programs (which are limited to holding five years worth of data), the Hemisphere database stretches back to 1987 and advertises instant access to “10 years of records.” And unlike the NSA’s program, there’s not even the slightest bit of oversight. All law enforcement needs to run a search of the Hemisphere database is an administrative subpoena — a piece of paper roughly equivalent to calling up Hemisphere analysts and asking them to run a few numbers. Administrative subpoenas are only subject to the oversight of the agency issuing them.
Unlike the documents obtained by the New York Times (possibly inadvertently), these do contain a few redactions, including some apparent success stories compiled at the end of the presentation. But like the earlier documents, the documents show that the DEA and law enforcement have unchecked access to a database that agents and officers are never allowed to talk about — not even inside a courtroom.
It is expected that all Hemisphere requests will be paralleled with a subpoena for CDRs from the official carrier for evidentiary purposes.
It’s spelled out more explicitly on a later slide, listed under “Official Reporting.”
DO NOT mention Hemisphere in any official reports or court documents.
Judging from the request date, it would appear that this version of the Hemisphere presentation possibly precedes the New York Times’ version. However, this one does not name the cooperating telco, although that appears to be a deliberate choice of the person writing the presentation, rather than due to redaction. At one point the document declares Hemisphere can access records “regardless of carrier,” but later clarifies that it will only gather info that crosses certain telecom switches — most likely AT&T’s. Additional subpoenas will be needed to gather info from other carriers, as well as to obtain subscriber information linked to searched numbers. This small limitation plays right into the DEA’s insistence that Hemisphere be “walled off” from defendants, court systems and the public.
If exigent circumstances make parallel construction difficult, Hemisphere analysts (non-government liaisons within the telco) will “continue to work with the investigator throughout the entire prosecution process in order to ensure the integrity of
Hemisphere and the case at hand.” Analysts are allowed to advise investigators on report writing, presentations to prosecutors and issues occurring during the trial phase. The word “integrity” seems out of place when it describes non-government employees assisting government agencies in hiding the origin of evidence from other government agencies.
Cross-referencing what’s been redacted in this one with the unredacted document published earlier, it appears as though the DEA is trying to (belatedly) hide the fact that its Hemisphere can also search IMSI and IMEI data (for wireless connections). Although this document states (after a long redaction) that Hemisphere does not collect subscriber information, that’s only partially true. As of July 2012, subscriber information for AT&T customers can be obtained from the database. This information may have been redacted or it may be that this presentation pre-dates this added ability.
What this shows is that the DEA has access to loads of information and a policy of “parallel construction in all things.” Tons of other government agencies, including the NSA, FBI and CIA are funneling information to the DEA and instructing it to hide the origin. The DEA then demands law enforcement agencies around the nation to do the same thing. This stacks the deck against defendants, who are “walled off” from the chain of evidence, preventing them from challenging sources, methods or the integrity of the evidence itself.
NSA says it has no idea how much US info it collects, but FBI searches for it so much it can’t count how many times.
The blowback against the National Security Agency has long focused on the unpopular Patriot Act surveillance program that allows the NSA to vacuum up billions of US phone records each year. But after a rush of attention this week, some much deserved focus is back on the surveillance state’s other seemingly limitless program: the warrantless searches made possible by Section 702 of the Fisa Amendments Act, which allows the NSA to do all sorts of spying on Americans and people around the world – all for reasons that, in most cases, have nothing to do with terrorism.
The long awaited draft report from the independent Privacy and Civil Liberties Board (PCLOB) on this subject was finally released Tuesday night, and it gives Americans a fairly detailed look unclassified at how the NSA spies through its notorious Prism program – and how it snoops “upstream” (a euphemism for the agency’s direct access to entire internet streams at telecoms like AT&T). The board issued a scathing report on the Patriot Act surveillance months ago, but oddly they went the opposite route this time around.
While many of the details are interesting, the board’s new report recommends no systematic changes to the several disturbing privacy issues covered therein. The Electronic Frontier Foundation (my former employer) issued a scathing PCLOB review late Tuesday night, calling the report “legally flawed and factually incomplete” and saying it ignored the “essential privacy problem … that the government has access to or is acquiring nearly all communications that travel over the Internet.”
As usual, it’s the Edward Snowden revelations that give context to all the snooping – and provide the impetus to keep pushing for real reform. Some 36 hours before the latest PCLOB report was made public, the Washington Post’s Ellen Nakashima and Barton Gellman disclosed previously unreleased Snowden documents showing that true scope of “702”-style information sweeps:
Virtually no foreign government is off-limits for the National Security Agency, which has been authorized to intercept information from individuals ‘concerning’ all but four countries on Earth.
As the Post reports, the Foreign Intelligence Surveillance Court’s interpretation of the the Fisa Amendments Act is so broad, it “could allow for surveillance of academics, journalists and human-rights researchers.”
Fisa Amendments Act surveillance also includes scanning the emails of Americans never even accused of a crime. It’s the Snowden revelations that originally led the New York Times to report last year any conversation you’ve ever had with someone outside the country may be fair game under the act, as the NSA “is searching the contents of vast amounts of Americans’ e-mail and text communications into and out of the country who mention information about foreigners under surveillance.”
Perhaps in an attempt to pre-empt the PCLOB report, Director of National Intelligence James Clapper finally just released what he promised Sen Ron Wyden months ago: the number of warrantless searches by the US government on American communications in its vast databases of information collected under the Fisa Amendments Act. This is the second giant problem with 702 surveillance. Wyden refers to these as “backdoor” searches since they’re performed using data supposedly collected for “foreign intelligence” purposes – even though they still suck up huge amounts of purely US information. And it’s exactly the type of search the House overwhelmingly voted to ban in its surprise vote two weeks ago.
The NSA conducted “backdoor” searches 198 times in 2013 (and another 9,500 for internet metadata on Americans). Curiously, the CIA conducts far more warrantless searches of American information in the NSA databases than the NSA itself – almost 10 times more. But the FBI was the worst culprit, querying data on Americans so many times it couldn’t even count. The DNI left it at this: “the FBI believes the number of queries is substantial.”
The FBI has always been the NSA’s silent partner in all its surveillance and has long been suspected of doing the dirty work on Americans’ data after it’s been collected by NSA.
Wyden, who has for years repeatedly pushed for this information to be released to the public, responded:
When the FBI says it conducts a substantial number of searches and it has no idea of what the number is, it shows how flawed this system is and the consequences of inadequate oversight. This huge gap in oversight is a problem now, and will only grow as global communications systems become more interconnected.
The PCLOB also went on to reveal in its report that the FBI can search the vast Prism database for crimes that have nothing to do with terrorism, or even national security. Oh, and how many US persons have had their data collected through Prism and other 702 programs? That government has no idea.
Unfortunately, the PCLOB chickened out of making any real reform proposals, leading Politico’s Josh Gerstein to point out that the Republican-controlled House already endorsed more aggressive reforms than the civil liberties board. More bizarrely, one of the holdouts on the panel for calling for real reform is supposed to be a civil liberties advocate. The Center for Democracy and Technology’s vice president, James Dempsey, had the chance to side with two other, more liberal members on the five-person panel to recommend the FBI get court approval before rummaging through the NSA’s vast databases, but shamefully he didn’t.
Now, as the Senate takes up a weakened House bill along with the House’s strengthened backdoor-proof amendment, it’s time to put focus back on sweeping reform. And while the PCLOB may not have said much in the way of recommendations, now Congress will have to. To help, a coalition of groups (including my current employer, Freedom of the Press Foundation) have graded each and every representative in Washington on the NSA issue. The debate certainly isn’t going away – it’s just a question of whether the public will put enough pressure on Congress to change.
Below is a listing of nicknames and codewords related to US Signals Intelligence (SIGINT) and Communications Security (COMSEC). Most of them are from the NSA, some are from other government or military agencies. Some of them also have an abbreviation which is shown in brackets.
NICKNAMES are generally unclassified. NSA uses single word nicknames, outside NSA they usually consist of two separate words, with the first word selected from alphabetical blocks that are assigned to different agencies by the Joint Staff. Usually, nicknames are printed using all capital letters.
CODEWORDS are always classified and always consist of a single word. Active codewords, or their three-letter abbreviations, which identify a classification compartment always need to be shown in the classification or banner line. Normally, codewords are printed using all capital letters.
Due to very strict secrecy, it’s not always clear whether we see a nickname or a codeword, but terms mentioned in public sources like job descriptions are of course unclassified nicknames.
Please keep in mind that a listing like this will always be work in progress (this list has been copied on some other websites and forums, but only this one is being updated frequently!).
BASECOAT – Program targeting the mobile phone network on the Bahamas
BASTE – Retired SIGINT product codeword
– Type 1 Block cipher algorithm, used with many crypto products
BEACHHEAD – Computer exploit delivered by the FERRETCANON system
BEAMER – ?
BELLTOPPER – NSA database
BELLVIEW – SIGINT reporting tool
– List of personnel cleared for access to highly sensitive information or operations
BINOCULAR – Former NSA intelligence dissemination tool
BIRCHWOOD – Upstream collection site
BLACKBOOK – ODNI tool for large-scale semantic data analysis
BLACKFOOT – The French mission at the United Nations in New York
BLACKHEART – Collection through FBI implants
BLACKMAGIC – NSA database or tool
BLACKPEARL – NSA database of survey/case notations(?)
BLACKWATCH – NSA reporting tool
– Program for intercepting phone and internet traffic at switches in the US (since 1978)
BLINDDATE – Hacking tools for WLAN collection, plus GPS
BLUEANCHOR – Partner providing a network access point for the YACHTSHOP program
BLUEFISH (BLFH) – Compartment of the KLONDIKE control system
BLUEZEPHYR – Sub-program of OAKSTAR
BOOTY – Retired SIGINT product codeword
– DNI and DNR metadata visualization tool
BOURBON – Joint NSA and GCHQ program for breaking Soviet encryption codes (1946-?)
BROKENRECORD – NSA tool
BROKENTIGO – Tool for computer network operations
BROADSIDE – Covert listening post in the US embassy in Moscow
BROOMSTICK – ?
BRUNEAU – Operation against the Italian embassy in Washington DC using LIFESAVER techniques
BRUTUS – Tool or program related to MARINA
BUFFALOGREEN – The name ORANGECRUSH was known to Polish partners
BULLDOZER – PCI bus hardware implant on intercepted shipping
– An NSA COI for decryption of network communications
BULLSEYE – NSG High-Frequency Direction-Finding (HF-DF) network (now called CROSSHAIR)
(BYE) – Retired SCI control system for overhead collection systems (1961-2005)
BYZANTINE – First word of nicknames for programs involving defense against Chinese cyber-warfare and US offensive cyber-warfare
BYZANTINE ANCHOR (BA) – A group of Chinese hackers which compromised multiple US government and defense contractor systems since 2003
BYZANTINE CANDOR (BC) – A group of Chinese hackers which compromised a US-based ISP and at least one US government agency
BYZANTINE FOOTHOLD (BF) – A group of Chinese hackers who attacked various international companies and internet services providers
BYZANTINE HADES (BH) – A concerted effort against Chinese hackers who attacked the Pentagon and military contractors. Probably renamed to the LEGION-series
C
CADENCE – NSA database with tasking dictionaries
CAJABLOSSOM – Automated system for analysing and profiling internet browsing histories
CALYPSO – Remote SATCOM collection facility
CANDYGRAM – Laptop mimicking GSM cell tower, sends out SMS whenever registered target enters its area, for tracking and ID of targets
– Class of COMINT spy satellites (1968-1977)
CANOE – Retired SIGINT product codeword
CANNON LIGHT – Counterintelligence database of the US Army
CAPRICORN – (former?) database for voice data
CAPTIVATEDAUDIENCE – Computer implant plug-in to take over a targeted computer’s microphone and record conversations taking place near the device
CARBOY – Second Party satellite intercept station at Bude, England
CARBOY II – Units of ECHELON which break down satellite links into telephone and telegraph channels
CARILLON – NSA high performance computing center, since 1976 made up of IBM 360s and later four IBM 3033s
CASport – NSA user authorization service
– Computer system capable of automatically analyzing the massive quantities of data gathered across the entire intelligence community
CENTER ICE – Data center for the exchange of intelligence regarding Afghanistan among the members of the 14-Eyes/SSEUR
CENTERMASS – NSA tool or database
CERF CALL MOSES1 – Contact Event Record Format – for certain telephony metadata
CHALKFUN – Analytic tool, used to search the FASCIA database
CHASEFALCON – Major program of the Global Access Operations (GAO)
CHEER – Retired SIGINT product codeword
CHESS – Compartment of TALENT KEYHOLE for the U-2 spy plane
CHEWSTICK – NSA tool or database
CHIMNEYPOOL – Framework or specification of GENIE-compliance for hardware/software implants
CHIPPEWA – Some communications network, involving Israel
CHUTE – Retired SIGINT product codeword
CIMBRI – Probably a metadata database
CINEPLEX – NSA tool or database
CLASSIC BULLSEYE – Worldwide ocean SIGINT surveillance system (1960’s-?)
CLEVERDEVICE – Upstream collection site
CLOUD – NSA database
COASTLINE – NSA tool or database
COBALTFALCON – Sub-program of OAKSTAR
COBRA FOCUS – NSA-G operations center for producing intelligence from Iraq
COGNOS – NSA tool or database
CORDOBA – Type 2 Cryptographic algorithm used in a number of crypto chips
COMBAT SENT – Reconaissance operation
COMMONDEER – Computer exploit for looking whether a computer has security software
COMMONVIEW – NSA database or tool
CONFIRM – NSA database for personell access
CONJECTURE – Network compatible with HOWLERMONKEY
CONTRAOCTAVE – NSA telephony tasking database Used to determine ‘foreigness’
CONVEYANCE – Voice content ingest processor
COPILOT – System that automatically scans digital data for things like language, phone and creditcard numbers and attachments
COPSE – Retired SIGINT product codeword
CORALINE – NSA satellite intercept station at Sabena Seca at Puerto Rico (closed)
CORALREEF – Database for VPN crypto attack data
– A series of photographic surveillance satellites (1959-1972)
CO-TRAVELER – Set of tools for finding unknown associates of intelligence targets by tracking movements based upon cell phone locations
COTTONMOUTH (CM) – Computer implant devices used by NSA’s TAO division
COTTONMOUTH-I (CM-I) – USB hardware implant providing wireless bridge into target network and loading of exploit software onto target PCs, formerly DEWSWEEPER
COTTONMOUTH-II (CM-II) – USB hardware host tap provides covert link over USP into target’s network co-located with long haul relay; dual-stacked USB connector, consists of CM-I digital hardware plus long haul relay concealed in chassis; hub with switches is concealed in a dual stacked USB connector and hard-wired to provide intra-chassis link.
COTTONMOUTH-III (CM-III) – Radio Frequency link for commands to software implants and data infiltration/exfiltration, short range inter-chassis link within RJ45 Dual Stacked USB connector
COURIERSKILL – NSA Collection mission system
COWBOY – The DICTIONARY computer used at the Yakima station of ECHELON
CRANKSHAFT – Codename for Osama bin Laden
CREAM – Retired SIGINT product codeword
CREDIBLE – Transport of intelligence materials to partner agencies
CREST – Database that automatically translates foreign language intercepts in English
CRISSCROSS – Database of telecommunications selectors
CROSSBEAM – GSM module mating commercial Motorola cell with WagonBed controller board for collecting voice data content via GPRS (web), circuit-switched data, data over voice, and DTMF to secure facility, implanted cell tower switch
CRUMPET – Covert network with printer, server and desktop nodes
CULTWEAVE – Smaller size SIGINT database
CYBERTRANS – A common interface to a number of underlying machine translation systems
CYCLONE Hx9 – Base station router, network in a box using Typhon interface
D
DAFF – Codeword for products of satellite imagery
DAMEON – Remote SATCOM collection facility
DANCINGOASIS (DGO) – SSO program collecting data from fiber optic cables between Europe and the Far East (since 2011)
DANDERSPRITZ – Software tool that spoofs IP and MAC addresses, intermediate redirector node
DANGERMOUSE – Tactical SIGINT collecting system for like cell phone calls
DARDANUS – Remote SATCOM collection facility
DAREDEVIL – Shooter/implant as part of the QUANTUM system
DARKTHUNDER – SSO Corporate/TAO Shaping program
DARKQUEST – Automated FORNSAT survey system
DAUNT – Retired SIGINT product codeword
DECKPIN – NSA crisis cell activated during emergencies
DEEPDIVE – An XKEYSCORE related method
DEITYBOUNCE – Provides implanted software persistence on Dell PowerEdge RAID servers via motherboard BIOS using Intel’s System Management Mode for periodic execution, installed via ArkStream to reflash the BIOS
DELTA – Former SCI control system for intercepts from Soviet military operations
DENIM – Retired SIGINT product codeword
DESPERADO – NSA software tool to prepare reports
DEWSWEEPER – Technique to tap USB hardware hosts
DIKTER – SIGINT Exchange Designator for Norway
DINAR – Retired compartment for intercepts from foreign embassies in Washington
DIONYSUS – Remote SATCOM collection facility
DIRESCALLOP – Method to circumvent commercial products that prevent malicious software from making changes to a computer system
DISCOROUTE – A tool for targeting passively collected telnet sessions
– NSA database for text messages (SMS)
DISTANTFOCUS – A pod for tactical SIGINT and precision geolocation (since 2005)
DIVERSITY – SIGINT Exchange Designator for ?
DOBIE – The South African consulate and mission at the UN in New York
DOCKETDICTATE – Something related to NSA’s TAO division
DOGCOLLAR – A type of Question-Focussed Dataset based on the Facebook display name cookie
DOGHUT – Upstream collection site
DOUBLEARROW – One of NSA’s voice processing databases?
DRAGGABLEKITTEN – An XKEYSCORE Map/Reduce analytic
DREADNOUGHT – NSA operation focused on Ayatollah Khamenei
– Passive collection of emanations (e.g. from printers or faxes) by using a radio frequency antenna
DROPOUTJEEP – STRAITBIZARRE-based software implant for iPhone, initially close access but later remotely
– System for processing data from mobile communication networks
DRUID – SIGINT Exchange Designator for third party countries
– A US military numeral cipher/authentication system
DRYTORTUGAS – Analytic tool
DYNAMO – SIGINT Exchange Designator for Denmark
E
EAGLE – Upstream collection site
– A SIGINT collection network run by Australia, Canada, New Zealand, the United Kingdom, and the United States
ECHO – SIGINT Exchange Designator for Australia
ECRU (EU) – Compartment of the ENDSEAL control system
EDEN – Upstream collection site
EGOTISTICALGIRAFFE (EGGI) – NSA program for exploiting the TOR network
EGOTISTICALGOAT (EGGO) – NSA tool for exploiting the TOR network
EIDER – Retired SIGINT product codeword
EINSTEIN – Cell phone network intercepting equipment used by SCS units
– Intrusion detection system for US government network gateways (deployed in 2004)
EINSTEIN 2 – Second version of the EINSTEIN program for detecting malicious network activity
EINSTEIN 3 – Third version of the EINSTEIN program that will monitor government computer traffic on private sector sites too
ELEGANTCHAOS – Large scale FORNSAT data analysis system
EMBRACEFLINT – Tool for computer network operations
ENDSEAL (EL) – SCI control system
ENDUE – A COI for sensitive decrypts of the BULLRUN program
ENTOURAGE – Directional finder for line of bearing for GSM, UMTS, CDMA, FRS signals, works with NEBULA active interrogator within GALAXY program
EPICSHELTER – Sophisticated data backup system designed by Edward Snowden
ERRONEOUSINGENUITY (ERIN) – NSA tool for exploiting the TOR network
EVENINGEASEL – Program for surveillance of phone and text communications from Mexico’s cell phone network
EVILOLIVE – Iinternet geolocation tool
EVOLVED MUTANT BROTH – Second party database
EYESPY – System that scans data for logos of companies, political parties and other organizations, as well for pictures with faces for facial recognition
F
FACELIFT – Codeword related to NSA’s Special Source Operations division
– NSA corporate partner with access to international cables, routers, and switches (since 1985)
FAIRVIEWCOTS – System for processing telephony metadata collected under the FAIRVIEW program
FALLENORACLE – NSA tool or database
FALLOUT – DNI metadata ingest processor/database
– DNR metadata ingest processor/database
FASCINATOR – Series of Type 1 encryption modules for Motorola digital-capable voice radios
FASHIONCLEFT (FC) – Wrapper used to exfiltrate data of VPN and VoIP communications
FASTBAT – Telephony related database?
FASTFOLLOWER – Tool to identify foreign agents who might tail American case officers overseas by correlating cellphone signals
FASTSCOPE – NSA database
FEEDTROUGH – Software implant for unauthorized access to Juniper firewall models N5XT, NS25, NS50, NS200, NS500, ISG1000
FERRETCANON – Subsystem of the FOXACID system
FINKDIFFERENT (FIDI) – Tool used for exploiting TOR networks
FIRE ANT – Open Source visualisation tool
– NSA key generation scheme, used for exchanging EKMS public keys
FIRETRUCK – SIGINT tool or database
FIREWALK -Bidirectional network implant, passive gigabit ethernet traffic collector and active ethernet packet injector within RJ45 Dual Stacked USB connector, digital core used with HOWLERMONKEY, formerly RADON
– NSA program for securing commercial smartphones
FLARE – Retired SIGINT product codeword
FLATLIQUID – TAO operation against the office of the Mexican president
FLEMING – The embassy of Slovakia in Washington DC
FLINTLOCK – The DICTIONARY computer used at the Waihopai station of ECHELON
FLUXBABBITT – Hardware implant for Dell PowerEdge RAID servers using Xeon processors
FOGGYBOTTOM – Computer implant plug-in that records logs of internet browsing histories and collects login details and passwords used to access websites and email accounts
FOREMAN – Tactical SIGINT database? Used to determine ‘foreigness’
FOURSCORE – (former?) database for fax and internet data
FOXACID (FA?) – System of secret internet servers used to attack target computers
FOXSEARCH – Tool for monitoring a QUANTUM target which involves FOXACID servers
FOXTRAIL – NSA tool or database
FRIARTUCK – VPN Events tool or database (CSEC?)
FREEFLOW-compliant – Supported by TURBULENCE architecture
FREEZEPOST – Something related to NSA’s TAO division
FRONTO – Retired SIGINT Exchange Designator for ?
FROSTBURG – Connection Machine 5 (CM-5) supercomputer, used by NSA from 1991-1997
FROTH – Retired SIGINT product codeword
FRUGALSHOT – FOXACID servers for receiving callbacks from computers infected with NSA spying software
G
GALACTICHALO – Remote SATCOM collection facility
GALAXY – Find/fix/finish program of locating signal-emitting devices of targets
GAMMA (G) – Compartment for highly sensitive communication intercepts
GAMUT – NSA collection tasking tool or database
GARLIC – The NSA satellite intercept station at Bad Aibling (Germany)
GATEKEEPER – NSA user account management system
GAVEL – Retired SIGINT product codeword
GECKO II – System consisting of hardware implant MR RF or GSM, UNITEDRAKE software implant, IRONCHEF persistence back door
GEMINI – Remote SATCOM collection facility
GENESIS – Modified GSM handset for covert network surveys, recording of RF spectrum use, and handset geolocation based on software defined radio
GENIE – Overall close-access program, collection by Sigads US-3136 and US-3137
GHOSTMACHINE – NSA’s Special Source Operations cloud analytics platform
GINSU – Provides software persistence for the CNE implant KONGUR having PCI bus hardware implant BULLDOZER on MS desktop PCs
GILGAMESH – Predator-based NSA geolocation system used by JSOC
GISTQEUE (GQ) – NSA software or database
GJALLER – NSA tool or database
GLINT – Retired SIGINT product codeword
GLOBALBROKER – NSA tool or database
GM-PLACE – Database for the BOUNDLESSINFORMANT tool
GODLIKELESION – Modernization program for NSA’s European Technical Center (ETC) in Wiesbaden in 2011
GODSURGE – Runs on FLUXBABBITT circuit board to provide software persistence by exploiting JTAG debugging interface of server processors, requires interdiction and removal of motherboard of JTAG scan chain reconnection
GOPHERSET – Software implant on GMS SIM phase 2+ Toolkit cards that exfiltrates contact list, SMS and call log from handset via SMS to user-defined phone; malware loaded using USB smartcard reader or over-the-air.
GOSSAMER – SIGINT/EW collection and exploitation system
GOTHAM – Processor for external monitor recreating target monitor from red video
GOURMETTROUGH – Configurable implant for Juniper NetScreen firewalls including SSG type, minimal beaconing
GOUT – Subcompartment of GAMMA for intercepts of South Vietnamese government communications
GOVPORT – US government user authentication service
GRAB – SIGINT satellite program
GREY FOX – The 2003 covername of the Mission Support Activity (MSA) of JSOC
GREYSTONE (GST) – CIA’s highly secret rendition and interrogation programs
GROK – Computer implant plug-in used to log keystrokes
GUMFISH – Computer implant plug-in to take over a computer’s webcam and snap photographs
GUPY – Subcompartment of GAMMA for intercepts from Soviet leadership car phones (1960’s-70’s)
H
HALLUXWATER – Software implant as boot ROM upgrade for Huawei Eudemon firewalls, finds patch points in inbound packet processing, used in O2, Vodafone and Deutsche Telekom
HAMMERCHANT – Implant for network routers to intercept and perform exploitation attacks against data sent through a Virtual Private Network (VPN) and/or phone calls via Skype and other VoIP software
HAMMERMILL – Insertion Tool controls HEADWATER boot ROM backdoor
HAMMERSTEIN – Implant for network routers to intercept and perform exploitation attacks against data sent through a Virtual Private Network (VPN) and/or phone calls via Skype and other VoIP software
HAPPYFOOT – Program that intercepts traffic generated by mobile apps that send a smartphone’s location to advertising networks
HARD ASSOCIATION – Second party database
– An IBM supercomputer used by NSA from 1962-1976
HAVE BLUE – Development program of the F-117A Stealth fighter-bomber
HAVE QUICK (HQ) – Frequency-hopping system protecting military UHF radio traffic
HEADWATER – Permanent backdoor in boot ROM for Huawei routers stable to firmware updates, installed over internet, capture and examination of all IP packets passing through host router, controlled by Hammermill Insertion Tool
HEMLOCK – Operation against the Italian embassy in Washington DC using HIGHLANDS techniques
HERCULES – CIA terrorism database
HERETIC – NSA tool or database
HEREYSTITCH – Collaboration program between NSA units T1222 and SSG
HERMOS – Joint venture between the German BND and another country with access for NSA (2012)
HERON – Retired SIGINT product codeword
HIGHCASTLE – Tactical database?
HIGHLANDS – Technique for collection from computer implants
HIGHTIDE – NSA tool or database
HOBGOBLIN – NSA tool or database
HOLLOWPOINT – Software defined radio platform
HOMEBASE – Database which allows analysts to coordinate tasking with DNI mission priorities
HOMEMAKER – Upstream collection site
HOMINGPIGEON – Program to intercept communications from airplane passengers
HOTZONE – ?
HOWLERMONKEY (HM) – Generic radio frequency (RF) transceiver tool used for various applications
HUFF – System like FOXACID?
HYSON – Retired SIGINT product codeword
I
ICEBERG – Major NSA backbone project
ICREACH – Tool that uses telephony metadata
IDITAROD (IDIT) – Compartment of the KLONDIKE control system
INCENSER – A joint NSA-GCHQ high-volume cable tapping operation, part of the WINDSTOP program
INDIA – SIGINT Exchange Designator for New Zealand (retired)
– Satellite intercept station near Khon Khaen, Thailand (1979-ca. 2000)
INTREPID SPEAR – The 2009 covername of the Mission Support Activity (MSA) of JSOC
– Series of ELINT and COMINT spy satellites (since 2009)
IRATEMONK – Hard drive firmware providing software persistence for desktops and laptops via Master Boot Record substitution, for Seagate Maxtor Samsung file systems FAR NRFS EXT3 UFS, payload is implant installer, shown at internet cafe
IRONAVENGER – NSA hacking operation against an ally and an adversary (2010)
IRONCHEF – Provides access persistence back door exploiting BIOS and SMM to communicate with a 2-way RF hardware implant
IRONSAND – Second Party satellite intercept station in New Zealand
ISHTAR – SIGINT Exchange Designator for Japan (retired)
ISLANDTRANSPORT – Internal messaging service, as part of the QUANTUM system
IVORY – Retired SIGINT product codeword
IVY BELLS – NSA, CIA and Navy operation to place wire taps on Soviet underwater communication cables
J
JACKKNIFE – The NSA satellite intercept station at Yakima (US)
JACKPOT – Internal NSA process improvement program (early 1990s – early 2000s)
JETPLOW – Persistent firmware back door for Cisco PIX and ASA firewall and routers, modifies OS at boot time
JOLLYROGER – NSA database
JOSEKI-1 – Classified Suite A algorithm
JOURNEYMAN – Major NSA backbone project
JUGGERNAUT – Ingest system for processing signals from (mobile?) phone networks
– Class of SIGINT reconnaissance satellites (1971-1983)
JUNIORMINT – Implant digital core, either mini printed circuit board or ultra-mini Flip Chip Module, contains ARM9 micro-controller, FPGA Flash SDRAM and DDR2 memories
K
KAMPUS – SIGINT Exchange Designator for ? (retired)
KANDIK (KAND) – Compartment of the KLONDIKE control system
KARMA POLICE – Second party database
KATEEL – The Brazilian embassy in Washington
KEA – Asymmetric-key Type 2 algorithm used in products like Fortezza, Fortezza Plus
KEELSON – Internet metadata processing system
KEYCARD – Database for VPN key exchange IP packet addresses
KEYRUT – SIGINT Exchange Designator for ? (retired)
KILTING – ELINT database
KIMBO – Retired SIGINT product codeword
KLIEGLIGHT (KL) – Tactical SIGINT reports
KLONDIKE (KDK) – Control system for sensitive geospatial intelligence
KLONDIKE – The embassy of Greece in Washington DC
KNIGHTHAWK – Probably a military SIGINT tool
– Method for summarizing very large textual data sets
KONGUR – Software implant restorable by GINSU after OS upgrade or reinstall
KRONE – Retired SIGINT product codeword
L
(LAC) – Retired NSA dissemination control marking
LADYLOVE – The NSA satellite intercept station at Misawa, Japan (since 1982)
LANYARD – Reconaissance satellite program
LARUM – Retired SIGINT product codeword
LEGION AMBER – Chinese hacking operation against a major US software company
LEGION JADE – A group of Chinese hackers
LEGION RUBY – A group of Chinese hackers
LEGION YANKEE – Chinese hacking operation against the Pentagon and defense contractors (2011)
LEMONWOOD – NSA satellite intercept station in Thailand
LEXHOUND – Tool for targeting social networking?
LIBERTY – First word of nicknames for collection and analysis programs used by JSOC and other sensitive DOD activities
LIBERTY BLUE – Modified RC-12 Guardrail surveillance airplane used by JSOC’s Mission Support Activity (MSA)
LIFESAVER – Technique which images the hard drive of computers
LIONSHARE – Internal NSA process improvement program (2003-2008)
LITHIUM – Facility to filter and gather data at a major (foreign?) telecommunications company under the BLARNEY program
LODESTONE – NSA’s CRAY-1 supercomputer
LOGGERHEAD – Device to collect contents of analog cell phone calls (made by Harris Corp.)
LOMA – SCI control system for Foreign Instrumentation and Signature Intelligence
LOPERS – Software application for Public Switched Telephone Networks or some kind of hardware
LOUDAUTO – An ANGRYNEIGHBOR radar retro-reflector, microphone captures room audio by pulse position modulation of square wave
M
MACHINESHOP – ?
MADCAPOCELOT – Sub-program of STORMBREW for collection of internet metadata about Russia and European terrorism
MAESTRO-II – Mini digital core implant, standard TAO implant architecture
MAGIC – Codeword for decrypted high-level diplomatic Nazi messages
– A keystroke logging software developed by the FBI
MAGNES – Remote SATCOM collection facility
MAGNETIC – Technique of sensor collection of magnetic emanations
– Series of SIGINT spy satellites (since 1985)
MAGOTHY – The embassy of the European Union in Washington DC
MAILORDER – Data transfer tool (SFTP-based?)
– Federal database of personal and financial data of suspicious US citizens
– NSA database of bulk phone metadata
MANASSAS – Former NSA counter-encryption program, succeeded by BULLRUN
– NSA database of bulk internet metadata
MARKHAM – NSA data system?
MARTES – NSA software tool to prepare reports
MASTERLINK – NSA tasking source
MASTERSHAKE – NSA tool or database
MATRIX – Some kind of data processing system
MAYTAG – Upstream collection site
MEDLEY – Classified Suite A algorithm
MENTOR – Class of SIGINT spy satellites (since 1995)
MERCED – The Bulgarian embassy in Washington DC
MERCURY – Soviet cipher machine partially exploited by NSA in the 1960’s
MERCURY – Remote SATCOM collection facility
MESSIAH – NSA automated message handling system
METAWAVE – Warehouse of unselected internet metadata
METROTUBE – Analytic tool for VPN data
METTLESOME – NSA Collection mission system
MIDAS – Satellite program
MIDDLEMAN – TAO covert network
MILKBONE – Question-Focused Dataset used for text message collection
– A sister project to Project SHAMROCK (1967-1973)
MINERALIZE – Technique for collection through LAN implants
MIRANDA – Some kind of number related to NSA targets
MIRROR – Interface to the ROADBED system
MOCCASIN – A hardware implant, permanently connected to a USB keyboard
MONKEYCALENDAR – Software implant on GMS SIM cards that exfiltrates user geolocation data
MONKEYROCKET – Sub-program of OAKSTAR for collecting internet metadata and content through a foreign access point
MOONLIGHTPATH (EGL?) – SSO collection facility
MOONPENNY – The NSA satellite intercept station at Harrogate (Great Britain)
MORAY – Compartment for the least sensitive COMINT material, retired in 1999
MORPHEUS – Program of the Global Access Operations (GAO)
MOTHMONSTER – NSA tool for exploiting the TOR network
MOVEONYX – Tool related to CASPORT
MULBERRY – The mission of Japan at the United Nations in New York
(JPM?) – Joint NSA-GCHQ operation to tap the cables linking Google and Yahoo data clouds to the internet Part of WINDSTOP
MUSKET – Retired SIGINT Exchange Designator for ?
MUSKETEER – NSA’s Special Signal Collection unit
– SSO unilateral voice interception program
– Presidential Global Communications System
N
NASHUA – The mission of India at the United Nations in New York
NAVAJO – The mission of Vietnam at the United Nations in New York
NAVARRO – The embassy of Georgia in Washington DC
NEBULA – Base station router similar to CYCLONE Hx9
NECTAR – SIGINT Exchange Designator for ? (retired)
NELEUS – Remote SATCOM collection facility
NEMESIS – SIGINT satellite
– Operation to kill or capture Osama bin Laden (2011)
NIGHTSTAND – 802.11 wireless packet injection tool that runs on standalone x86 laptop running Linux Fedora Core 3 and exploits windows platforms running Internet Explorer, from 8 miles away
NIGHTWATCH – Portable computer in shielded case for recreating target monitor from progressive-scan non-interlaced VAGRANT signals
NINJANIC – Something related to TURMOIL
NITESURF – NSA tool or database
NITRO – Remote SATCOM collection facility
NOCON – NSA dissemination marking or COI
NONBOOK (NK) – Compartment of the ENDSEAL control system
NORMALRUN – NSA tool or database
NUCLEON – Database for contents of phone calls
NYMROD – Automated name recognition system
O
– Umbrella program to filter and gather information at major telecommunications companies (since 2004)
OCEAN – Optical collection system for raster-based computer screens
OCEANARIUM – Database for SIGINT from NSA and intelligence sharing partners around the world
OCEANFRONT – Part of the communications network for ECHELON
OCEAN SHIELD – NATO anti-piracy operation
OCEANSURF – Engineering hub of the Global Access Operations (GAO)
OCELOT – Actual name: MADCAPOCELOT
OCTAVE – NSA tool for telephone network tasking (succeeded by the UTT?)
OCTSKYWARD – Collection of GSM data from flying aircraft
OILSTOCK – A system for analyzing air warning and surveillance data
– CSEC tool for discovering and identifying telephone and computer connections
OLYMPIC – First word of nicknames for programs involving defense against Chinese cyber-warfare and US offensive cyber-warfare
OLYMPIC GAMES – Joint US and Israel operation against the Iranian nuclear program (aka Stuxnet)
OLYMPUS – Software component of VALIDATOR/SOMBERKNAVE used to communicate via wireless LAN 802.11 hardware
OMNIGAT – Field network component
ONEROOF – Main tactical SIGINT database, with raw and unfiltered intercepts
– Newer units of the LACROSSE reconaissance satellites
ORANGEBLOSSOM – Sub-program of OAKSTAR for collection from an international transit switch (sigad: US-3251)
ORANGECRUSH – Sub-program of OAKSTAR for collecting metadata, voice, fax, phone and internet content through a foreign access point
ORION – SIGINT satellite
ORLANDOCARD – NSA operation thtat attracted visits from 77,413 foreign computers and planted spyware on more than 1,000 by using a ‘honeypot’ computer
OSAGE – The embassy of India in Washington DC
OSCAR – SIGINT Exchange Designator for the USA
OSWAYO – The embassy annex of India in Washington DC
– The Lockheed A-12 program (better known as SR-71)
P
PACKAGEDGOODS – Program which tracks the ‘traceroutes’ through which data flows around the Internet
PACKETSCOPE – Internet cable tapping system
PACKETSWING – NSA tool or database
PACKETWRENCH – Computer exploit delivered by the FERRETCANON system
PADSTONE – Type 1 Cryptographic algorithm used in several crypto products
PAINTEDEAGLE – SI-ECI compartment related to the BULLRUN program
PALANTERRA – A family of spatially and analytically enabled Web-based interfaces used by the NGA
PANGRAM (PM) – Alleged SCI control system
PANTHER – The embassy of Vietnam in Washington DC
PARCHDUSK (PD) – Productions Operation of NSA’s TAO division
PARTNERMALL PROGRAM (PMP) – A single collaboration environment, to be succeeded by the Global Collaboration Environment (GCE)
PARTSHOP – ?
PATHFINDER – SIGINT analysis tool (developed by SAIC)
PATHWAY – NSA’s former main computer communications network
– Call chaining analysis tool (developed by i2)
PAWLEYS – SI-ECI compartment related to the BULLRUN program
PEARL – Retired SIGINT product codeword
PEDDLECHEAP – Computer exploit delivered by the FERRETCANON system
PENDLETON – SI-ECI compartment related to the BULLRUN program
PEPPERBOX – Tool or database for targeting Requests (CSEC?)
PERDIDO – The mission of the European Union at the United Nations in New York
PERFECTMOON – An out-sites covering system
PHOTOANGLO – A continuous wave generator and receiver. The bugs on the other end are ANGRYNEIGHBOR class
PIEDMONT – SI-ECI compartment related to the BULLRUN program
PICARESQUE (PIQ) – SI-ECI compartment related to the BULLRUN program
PICASSO – Modified GSM handset that collects user data plus room audio
PINUP – Retired SIGINT product codeword
– Database for recorded signals intercepts/internet content
PITCHFORD – SI-ECI compartment related to the BULLRUN program
PIVOT – Retired SIGINT product codeword
PIXIE – Retired SIGINT product codeword
PLATFORM – Computer system linking the ECHELON intercept sites
PLUS – NSA SIGINT production feedback program
POCOMOKE – The Brazilian Permanent Mission to the UN in New York
POISON NUT – CES VPN attack orchestrator
POLARBREEZE – NSA technique to tap into nearby computers
POPPY – SIGINT satellite program
POPTOP – Collection system for telephony data
POWELL – The Greek mission at the United Nations in New York
PREFER – System for identifying and extracting text messages (SMS) from the DISHFIRE database
PRESSUREPORT – Software interface related to PRESSUREWAVE
PRESSUREWAVE – NSA cloud database for VPN and VoIP content and metadata
PRIMECANE – American high-tech company cooperating in providing a network access point for the ORANGECRUSH program
– Program for collecting foreign internet data from US internet companies
PROFORMA – Intelligence derived from computer-based data
– Mobile tactical SIGINT collection system
PROTEIN – SIGINT Exchange Designator for ?
PROTON – SIGINT database for time-sensitive targets/counterintelligence
PROTOSS – Local computer handling radio frequency signals from implants
PURPLE – Codename for a Japanese diplomatic cryptosystem during WWII
– US military OPSEC program (since 1966)
PUTTY – NSA tool or database
PUZZLECUBE – NSA tool or database
PYLON – SIGINT Exchange Designator for ?
Q
QUADRANT – A crypto implementation code
QUADRESPECTRE PRIME – ?
– A consolidated QUANTUMTHEORY platform to reduce latencies by co-locating passive sensors with local decisioning and traffic injection (under development in 2011)
– Secret servers placed by NSA at key places on the internet backbone; part of the TURMOIL program
QUANTUMBISCUIT – Enhancement of QUANTUMINSERT for targets which are behind large proxies
QUANTUMBOT – Method for taking control of idle IRC bots and botnets)
QUANTUMBOT2 – Combination of Q-BOT and Q-BISCUIT for webbased botnets
QUANTUMCOOKIE – Method to force cookies onto target computers
QUANTUMCOPPER – Method for corrupting file uploads and downloads
QUANTUMDNS – DNS injection/redirection based off of A record queries
QUANTUMHAND – Man-on-the-side technique using a fake Facebook server
QUANTUMINSERT (QI) – Man-on-the-side technique that redirects target internet traffic to a FOXACID server for exploitation
QUANTUMMUSH – Targeted spam exploitation method
QUANTUMNATION – Umbrella for COMMONDEER and VALIDATOR computer exploits
QUANTUMPHANTOM – Hijacks any IP address to use as covert infrastructure
QUANTUMSKY – Malware used to block targets from accessing certain websites through RST packet spoofing
QUANTUMSMACKDOWN – Method for using packet injection to block attacks against DoD computers
QUANTUMSPIN – Exploitation method for instant messaging
QUANTUMSQUEEL – Method for injecting MySQL persistant database connections
QUANTUMSQUIRREL – Using any IP address as a covert infrastructure
QUANTUMTHEORY (QT) – Computer hacking toolbox used by NSA’s TAO division, which dynamically injects packets into target’s network session
QUANTUM LEAP – CIA tool to “find non-obvious linkages, new connections, and new information” from within a dataset
QUARTERPOUNDER – Upstream collection site
– Relay satellite for reconaissance satellites
QUEENSLAND – Upstream collection site
R
RADIOSPRING – ?
RADON – Host tap that can inject Ethernet packets
RAGEMASTER – Part of ANGRYNEIGHBOR radar retro-reflectors, for red video graphics array cable in ferrite bead RFI chokers between video card and monitor, target for RF flooding and collection of VAGRANT video signal
(RGT) – ECI compartment for call and e-mail content collected under FISA authority
RAILHEAD – NCTC database project
RAISIN – NSA database or tool
RAMPART – NSA operational branches that intercept heads of state and their closest aides. Known divisions are RAMPART-A, RAMPART-I and RAMPART-T. Also mentioned as a suite of programs for assuring system functionality
RAVEN – SIGINT satellite
REACTOR – Tool or program related to MARINA?
REBA – Major NSA backbone project
REDHAWK – NSA tool
REDROOF – NSA tool
REMATION – Joint NSA-GCHQ counter-TOR workshop
RENOIR – NSA telephone network visualization tool
REQUETTE – A Taiwanese TECO in New York
RESERVE (RSV) – Control system for the National Reconnaissance Office (NRO)
RESERVEVISION – Remote monitoring tool
RESOLUTETITAN – Internet cable access program?
RETRO – see RETROSPECTIVE
RETROSPECTIVE – 30-day retrospective retrieval tool for SCALAWAG
RETURNSPRING – High-side server shown in UNITEDRAKE internet cafe monitoring graphic
RHINEHEART – NSA tool or database
– Class of SIGINT spy satellites (in 1975 changed to AQUACADE)
RICHTER – SIGINT Exchange Designator for Germany
RIPCORD – ?
RIVET JOINT – Reconaissance operation
ROADBED – Probably a military SIGINT database
ROCKYKNOB – Optional DSP when using Data Over Voice transmission in CROSSBEAM
RONIN – NSA tool for detecting TOR-node IP-addresses
RORIPA – SIGINT Exchange Designator for ?
ROYALNET – Internet exploitation tool
RUFF – Compartment of TALENT KEYHOLE for IMINT satellites
RUMBUCKET – Analytic tool
RUTLEY – Network of SIGINT satellites launched in 1994 and 1995
S
SABRE – Retired SIGINT product codeword
SALEM – ?
SALVAGERABBIT – Computer implant plug-in that exfiltrates data from removable flash drives that connect to an infected computer
SAMOS – Reconnaissance satellite program
SAPPY – Retired SIGINT product codeword
SARATOGA – SSO access facility (since 2011)
SARDINE – SIGINT Exchange Designator for Sweden
– Narrow band voice encryption for radio and telephone communication
SAVIN – Retired SIGINT product codeword
SCALAWAG – Collection facility under the MYSTIC program
SCALLION – Upstream collection site
SCAPEL – Second Party satellite intercept station in Nairobi, Kenia
SCHOOLMONTANA – Software implant for Juniper J-series routers used to direct traffic between server, desktop computers, corporate network and internet
SCIMITAR – A tool to create contact graphs?
SCISSORS – System used for separating different types of data and protocols
SCORPIOFORE – SIGINT reporting tool
SEABOOT – SIGINT Exchange Designator for ?
SEADIVER – Collection system for telephony data
SEAGULLFARO – High-side server shown in UNITEDRAKE internet cafe monitoring graphic
SEARCHLITE – Tactical SIGINT collecting system for like cell phone calls
SEASONEDMOTH (SMOTH) – Stage0 computer implant which dies after 30 days, deployed by the QUANTUMNATION method
SECONDDATE – Method to influence real-time communications between client and server in order to redirect web-browsers to FOXACID malware servers
SECUREINSIGHT – A software framework to support high-volume analytics
SEMESTER – NSA SIGINT reporting tool
– Transportable suite of ISR equipment (since 1991)
– Radome on top of the U2 to relay SIGINT data to ground stations
SENTINEL – NSA database security filter
SERENADE – SSO corporate partner (foreign?)
SERUM – Bank of servers within ROC managing approvals and ticket system
SETTEE – SIGINT Exchange Designator for ?
– Operation for intercepting telegraphic data going in or out the US (1945-1975)
SHAREDVISION – Mission program at Menwith Hill satellite station
SHARKFIN – Sweeps up all-source communications intelligence at high speed and volumes
SHARPFOCUS (SF2) – Productions Operation of NSA’s TAO division
SHELLTRUMPET – NSA metadata processing program (since December 2007)
SHENANIGANS – Aircraft-based NSA geolocation system used by CIA
SHIFTINGSHADOW – Sub-program of OAKSTAR for collecting telephone metadata and voice content from Afghanistan through a foreign access point
SHILLELAGH – Classified Suite A algorithm
SHORTSHEET – NSA tool for Computer Network Exploitation
SHOTGIANT – NSA operation for hacking and monitoring the Huawei network (since 2009)
SIERRAMONTANA – Software implant for Juniper M-series routers used by enterprises and service providers
SIGINT NAVIGATOR – NSA database
SIGSALY – The first secure voice system from World War II
SILKWORTH – A software program used for the ECHELON system
SILLYBUNNY – Some kind of webbrowser tag which can be used as selector
SILVER – Soviet cipher machine partially exploited by NSA in the 1960’s
SILVERCOMET – SIGINT satellites?
SILVERZEPHYR (SZ) – Sub-program of OAKSTAR for collecting phone and internet metadata and content from Latin and South America through an international transit switch
SIRE – A software program used for the ECHELON system(?)
– Type 2 Block cipher algorithms used in various crypto products
SKOPE – SIGINT analytical toolkit
SKYSCRAPER – Interface to the ROADBED system
SKYWRITER – NSA tool to prepare (internet) intelligence reports
SLICKERVICAR – Used with UNITEDRAKE or STRAITBIZARRE to upload hard drive firmware to implant IRATEMONK
SLINGSHOT – End Product Reports (CSEC?)
SMOKEYSINK – SSO access facility (since 2011?)
SNICK – 2nd Party satellite intercept station in Oman
SNORT – Repository of computer network attack techniques/coding
SOAPOPERA – (former?) database for voice, end product and SRI information
SOMBERKNAVE – Windows XP wireless software implant providing covert internet connectivity, routing TCP traffic via an unused 802.11 network device allowing OLYMPUS or VALIDATOR to call home from air-gapped computer
SORTING HAT – ?
SORTING LEAD – ?
SOUFFLETROUGH – Software implant in BIOS Juniper SSG300 and SSG500 devices, permanent backdoor, modifies ScreenOS at boot, utilizes Intel’s System Management Mode
SOUNDER – Second Party satellite intercept station at Cyprus
SPARKLEPONY – Tool or program related to MARINA
SPARROW II – Airborne wireless network detector running BLINDDATE tools via 802.11
SPECTRE – SCI control system for intelligence on terrorist activities
SPECULATION – Protocol for over-the-air communication between COTTONMOUTH computer implant devices, compatible with HOWLERMONKEY
SPHINX – Counterintelligence database of the Defense Intelligence Agency
SPINNERET (SPN) – SSO collection facility
SPLITGLASS – NSA analytical database
SPLUNK – Tool used for SIGINT Development
SPOKE – Compartment for less sensitive COMINT material, retired in 1999
SPOTBEAM – ?
SPORTCOAST – Upstream collection site
SPRIG – Retired SIGINT product codeword
SPRINGRAY – Some kind of internal notification system
SPYDER – Analytic tool for selected content of text messages from the DISHFIRE database
STARBURST – The initial code word for the STELLARWIND compartment
STARLIGHT – Analyst tool
STARPROC – User lead that can be uses as a selector
STARSEARCH – Target Knowledge tool or database (CSEC?)
STATEROOM – Covert SIGINT collection sites based in US diplomatic facilities
STEELFLAUTA – SSO Corporate/TAO Shaping program
STEELKNIGHT – (foreign?) partner providing a network access point for the SILVERZEPHYR program
STEELWINTER – A supercomputer acquired by the Norwegian military intelligence agency
STELLAR – Second Party satellite intercept station at Geraldton, Australia
STELLARWIND (STLW) – SCI compartment for the President’s Surveillance Program information
STEPHANIE – Covert listening post in the Canadian embassy in Moscow (est. 1972)
STINGRAY – Device for tracking the location of cell phones (made by Harris Corp.) STONEGHOST – DIA network for information exchange with UK, Canada, Australia and New Zealand (TS/SCI)
STORMBREW – Program for collection from an international transit switches and cables (since 2001)
STRAIGHTBIZARRE – Software implant used to communicate through covert channels
STRATOS – Tool or databse for GPRS Events (CSEC?)
STRAWHAT – NSA datalinks between field sites and processing centers (1969-?)
STRONGMITE – Computer at remote operations center used for long range communications
STRUM – (see abbreviations)
STUCCOMONTANA – Software implant for Juniper T-Series routers used in large fixed-line, mobile, video, and cloud networks, otherwise just like SCHOOLMONTANA
STUMPCURSOR – Foreign computer accessing program of the NSA’s Tailored Access Operations
SUBSTRATUM – Upstream collection site
SUEDE – Retired SIGINT product codeword
SULPHUR – The mission of South Korea at the United Nations in New York
SUNSCREEN – Tool or database
SURFBOARD – NSA tool or database
SURLEYSPAWN – Data RF retro-reflector, gathers keystrokes FSK frequency shift keyed radar retro-reflector, USB or IBM keyboards
SURPLUSHANGAR – High to low diode, part of the QUANTUM system
SURREY – Main NSA requirements database, where tasking instructions are stored and validated, used by the FORNSAT, SSO and TAO divisions
SUTURESAILOR – Printed circuit board digital core used with HOWLERMONKEY
SWAMP – NSA data system?
SWAP – Implanted software persistence by exploiting motherboard BIOS and hard drive Host Protected Area for execution before OS loads, operative on windows linux, freeBSD Solaris
– NSA data model for analyzing target connections
T
TACOSUAVE – ?
TALENT KEYHOLE (TK) – Control system for space-based collection platforms
TALK QUICK – An interim secure voice system created to satisfy urgent requirements imposed by conditions to Southeast Asia. Function was absorbed by AUTOSEVOCOM
TAPERLAY – Covername for Global Numbering Data Base (GNDB), used for looking up the registered location of a mobile device
TARMAC – Improvement program at Menwith Hill satellite station
TAROTCARD – NSA tool or database
TAWDRYYARD – Beacon radio frequency radar retro-reflector used to positionally locate deployed RAGEMASTER units
TEMPEST – Investigations and studies of compromising electronic emanations
– GCHQ program for intercepting internet and telephone traffic
THESPIS – SIGINT Exchange Designator for ?
THINTREAD – NSA program for wiretapping and sophisticated analysis of the resulting data
THUMB – Retired SIGINT product codeword
THUNDERCLOUD – Collaboration program between NSA units T1222 and SSG
TIAMAT – Joint venture between the German BND and another country with access for NSA
TICKETWINDOW – System that makes SSO collection available to 2nd Party partners
TIDALSURGE – Router Configurations tool (CSEC?)
TIDEWAY – Part of the communications network for ECHELON
TIMBERLINE – The NSA satellite intercept station at Sugar Grove (US)
TINMAN – Database related to air warning and surveillance
TITAN POINTE – Upstream collection site
– Presumably Chinese attacks on American computer systems (since 2003)
TITLEHOLDER – NSA tool
TOPAZ – Satellite program
TOTECHASER – Software implant in flash ROM windows CE for Thuraya 2520 satellite/GSM/web/email/MMS/GPS
TOTEGHOSTLY – Modular implant for windows mobile OS based on SB using CP framework, Freeflow-compliant so supported by TURBULENCE architecture
TOWERPOWER – NSA tool or database
TOXICARE – NSA tool
TOYGRIPPE – NSA’s CES database for VPN metadata
TRACFIN – NSA database for financial data like credit card purchases
TRAFFICTHIEF – Part of the TURBULENCE and the PRISM programs
TRAILBLAZER – NSA Program to analyze data carried on communications networks
TRAILMAPPER – NSA tool or database
TRANSX – NSA database
TREACLEBETA – TAO hacking against the Pakistani terrorist group Lashkar-e-Taiba
TREASUREMAP – NSA internet traffic visualization tool
TRIGGERFISH – Device to collect the content of digital cell phone calls (made by Harris Corp.)
TRINE – Predecessor of the UMBRA compartment for COMINT
TRINITY – Implant digital core concealed in COTTONMOUTH-I, providing ARM9 microcontroller, FPGA Flash and SDRAM memories
TRITON – Tool or database for TOR Nodes (CSEC?)
– Series of ELINT reconnaissance satellites (1994-2008)
TRYST – Covert listening post in the British embassy in Moscow
TUBE – Database for selected internet content?
TUMULT – Part of the TURBULENCE program
TUNINGFORK – Sustained collection linked to SEAGULLFARO, previously NSA database or tool for protocol exploitation
TURBINE – Active SIGINT: centralized automated command/control system for managing a large network of active computer implants for intelligence gathering (since 2010)
TURBOPANDA – The Turbopanda Insertion Tool allows read/write to memory, execute an address or packet; joint NSA/CIA project on Huawei network equipment
TURBULENCE (TU) – Integrate NSA architecture with several layers and sub-programs to detect threats in cyberspace (since 2005)
TURMOIL – Passive SIGINT sensors: high speed collection of foreign target satellite, microwave and cable communications, part of the TURBULENCE program Maybe for selecting common internet encryption technologies to exploit.
TURTLEPOWER -NSA tool
TUSKATTIRE – Ingest system for cleaning and processing DNR (telephony) data
TUTELAGE – Active defense system to monitor network traffic in order to detect malicious code and network attacks, part of the TURBULENCE program
TWEED – Retired SIGINT product codeword
TWISTEDKILT – Writes to Host Protected area on hard drive to implant Swap and its implant installer payload
TWISTEDPATH – NSA tool or database
TYPHON HX – GSM base station router network in box for tactical Sigint geolocating and capturing user
U
ULTRA – Decrypted high-level military Nazi messages, like from the Enigma machine
UMBRA – Retired compartment for the most sensitive COMINT material
UNIFORM – SIGINT Exchange Designator for Canada
UNITEDRAKE – Computer exploit delivered by the FERRETCANON system
USHER – Retired SIGINT product codeword
V
VAGRANT – Radar retro-reflector technique on video cable to reproduce open computer screens
VALIDATOR – Computer exploit delivered by the FERRETCANON system for looking whether a computer has security software, runs as user process on target OS, modified for SCHOOLMONTANA, initiates a call home, passes to SOMBERKNAVE, downloads OLYMPUS and communicates with remote operation center
– Decrypted intercepts of messages from Soviet intelligence agencies
VERDANT (VER) – Alleged SCI control system
VESUVIUS – Prototype quantum computer, situated in NSA’s Utah Data Center
VICTORYDANCE – Joint NSA-CIA operation to map WiFi fingerprints of nearly every major town in Yemen
VIEWPLATE – Processor for external monitor recreating target monitor from red video
VINTAGE HARVEST – Probably a military SIGINT tool
VITALAIR – NSA tool
VOICESAIL – Intelligence database
– Class of SIGINT spy satellites (1978-1989)
VOXGLO – Multiple award contract providing cyber security and enterprise computing, software development, and systems integration support
W
WABASH – The embassy of France in Washington DC
WAGONBED – Hardware GSM controller board implant on CrossBeam or HP Proliant G5 server that communicates over I2C interface
WALBURN – High-speed link encryption, used in various encryption products
WARPDRIVE – Joint venture between the German BND and another country with access for NSA (2013)
WATERWITCH – Hand-held tool for geolocating targeted handsets to last mile
WAVELEGAL – Authorization service that logs data queries
WEALTHYCLUSTER – Program to hunt down tips on terrorists in cyberspace (2002- )
WEASEL – Type 1 Cryptographic algorithm used in SafeXcel-3340
WEBCANDID – NSA tool or database
WESTPORT – The mission of Venezuela at the United Nations in New York
WILLOWVIXEN – Method to deploy malware by sending out spam emails that trick targets into clicking a malicious link
WISTFULTOLL – Plug-in for UNITEDRAKE and STRAITBIZARRE used to harvest target forensics via Windows Management Instrumentation and Registry extractions, can be done through USB thumb drive
WHIPGENIE (WPG) – ECI compartment for details about the STELLARWIND program
WHITEBOX – Program for intercepting the public switched telephone network?
WHITELIST – NSA tool
WHITETAMALE – Operation for collecting e-mails from Mexico’s Public Security Secretariat
WINDCHASER – Tool or program related to MARINA
WINDSORBLUE – Supercomputer program at IBM
WINDSTOP – Joint NSA-GCHQ unilateral high-volume cable tapping program
WINTERLIGHT – A QUANTUM computer hacking program in which Sweden takes part
WIRESHARK – Database with malicious network signatures
WITCH – Retired SIGINT product codeword
WITCHHUNT – ?
WOLFPOINT – SSO corporate partner under the STORMBREW program
WORDGOPHER – Platform to enable demodulation of low-rate communication carriers
WRANGLER – Database or system which focuses on Electronic Intelligence
X
– Program for finding key words in foreign language documents
XKEYSCORE (XKS) – Program for analysing SIGINT traffic
Y
YACHTSHOP – Sub-program of OAKSTAR for collecting internet metadata
YELLOWPIN – Printed circuit board digital core used with HOWLERMONKEY
YELLOWSTONE – NSA analytical database
YUKON – The embassy of Venezuela in Washington DC
Z
ZAP – (former?) database for texts
ZARF – Compartment of TALENT KEYHOLE for ELINT satellites, retired in 1999
ZESTYLEAK – Software implant that allows remote JETPLOW firmware installation, used by NSA’s CES unit
For those who are completely new to the Palantir Platform or could simply use a refresher, this talk will start from scratch and provide a broad overview of Palantir’s origins and mission. A live demonstration of the product will help to familiarize newcomers with Palantir’s intuitive graphical interface and revolutionary analytical functionality, while highlighting the major engineering innovations that make it all possible. -Palantir
This story has been reported in partnership between The New York Times, the Guardian and ProPublica based on documents obtained by The Guardian.
Not limiting their activities to the earthly realm, American and British spies have infiltrated the fantasy worlds of World of Warcraft and Second Life, conducting surveillance and scooping up data in the online games played by millions of people across the globe, according to newly disclosed classified documents.
Fearing that terrorist or criminal networks could use the games to communicate secretly, move money or plot attacks, the documents show, intelligence operatives have entered terrain populated by digital avatars that include elves, gnomes and supermodels.
The spies have created make-believe characters to snoop and to try to recruit informers, while also collecting data and contents of communications between players, according to the documents, disclosed by the former National Security Agency contractor Edward J. Snowden. Because militants often rely on features common to video games — fake identities, voice and text chats, a way to conduct financial transactions — American and British intelligence agencies worried that they might be operating there, according to the papers.
Takeaways: How Spy Agencies Operate In Virtual Worlds
GATHERING INTELLIGENCE: U.S. and British intelligence agencies — including the Central Intelligence Agency, Defense intelligence agency and Britain’s Government Communications Headquarters — have operated in virtual worlds and gaming communities to snoop and try to recruit informants. For example, according to Snowden documents, the U.S. has conducted spy operations in Second Life (pictured), where players create human avatars to socialize, buy and sell goods and explore exotic virtual destinations. (Second Life image via Linden Lab)
Online games might seem innocuous, a top-secret 2008 NSA document warned, but they had the potential to be a “target-rich communication network” allowing intelligence suspects “a way to hide in plain sight.” Virtual games “are an opportunity!,” another 2008 NSA document declared.
But for all their enthusiasm — so many CIA, FBI and Pentagon spies were hunting around in Second Life, the document noted, that a “deconfliction” group was needed to avoid collisions — the intelligence agencies may have inflated the threat.
The documents do not cite any counterterrorism successes from the effort, and former American intelligence officials, current and former gaming company employees and outside experts said in interviews that they knew of little evidence that terrorist groups viewed the games as havens to communicate and plot operations.
Games “are built and operated by companies looking to make money, so the players’ identity and activity is tracked,” said Peter W. Singer of the Brookings Institution, an author of “Cybersecurity and Cyberwar: What Everyone Needs to Know.” “For terror groups looking to keep their communications secret, there are far more effective and easier ways to do so than putting on a troll avatar.”
The surveillance, which also included Microsoft’s Xbox Live, could raise privacy concerns. It is not clear exactly how the agencies got access to gamers’ data or communications, how many players may have been monitored or whether Americans’ communications or activities were captured.
One American company, the maker of World of Warcraft, said that neither the NSA nor its British counterpart, the Government Communications Headquarters, had gotten permission to gather intelligence in its game. Many players are Americans, who can be targeted for surveillance only with approval from the nation’s secret intelligence court. The spy agencies, though, face far fewer restrictions on collecting certain data or communications overseas.
“We are unaware of any surveillance taking place,” said a spokesman for Blizzard Entertainment, based in Irvine, Calif., which makes World of Warcraft. “If it was, it would have been done without our knowledge or permission.”
A spokeswoman for Microsoft declined to comment. Philip Rosedale, the founder of Second Life and a former chief executive officer of Linden Lab, the game’s maker, declined to comment on the spying revelations. Current Linden executives did not respond to requests for comment.
A Government Communications Headquarters spokesman would neither confirm nor deny any involvement by that agency in gaming surveillance, but said that its work is conducted under “a strict legal and policy framework” with rigorous oversight. An NSA spokeswoman declined to comment.
Intelligence and law enforcement officials became interested in games after some became enormously popular, drawing tens of millions of people worldwide, from preteens to retirees. The games rely on lifelike graphics, virtual currencies and the ability to speak to other players in real time. Some gamers merge the virtual and real worlds by spending long hours playing and making close online friends.
In World of Warcraft, players share the same fantasy universe — walking around and killing computer-controlled monsters or the avatars of other players, including elves, animals or creatures known as orcs. In Second Life, players create customized human avatars that can resemble themselves or take on other personas — supermodels and bodybuilders are popular — who can socialize, buy and sell virtual goods, and go places like beaches, cities, art galleries and strip clubs. In Microsoft’s Xbox Live service, subscribers connect online in games that can involve activities like playing soccer or shooting at each other in space.
According to American officials and documents that Mr. Snowden provided to The Guardian, which shared them with The New York Times and ProPublica, spy agencies grew worried that terrorist groups might take to the virtual worlds to establish safe communications channels.
In 2007, as the NSA and other intelligence agencies were beginning to explore virtual games, NSA officials met with the chief technology officer for the manufacturer of Second Life, the San Francisco-based Linden Lab. The executive, Cory Ondrejka, was a former Navy officer who had worked at the NSA with a top-secret security clearance.
He visited the agency’s headquarters at Fort Meade, Md., in May 2007 to speak to staff members over a brown bag lunch, according to an internal agency announcement. “Second Life has proven that virtual worlds of social networking are a reality: come hear Cory tell you why!” said the announcement. It added that virtual worlds gave the government the opportunity “to understand the motivation, context and consequent behaviors of non-Americans through observation, without leaving U.S. soil.”
Ondrejka, now the director of mobile engineering at Facebook, said through a representative that the NSA presentation was similar to others he gave in that period, and declined to comment further.
Even with spies already monitoring games, the NSA thought it needed to step up the effort.
“The Sigint Enterprise needs to begin taking action now to plan for collection, processing, presentation and analysis of these communications,” said one April 2008 NSA document, referring to “signals intelligence.” The document added, “With a few exceptions, NSA can’t even recognize the traffic,” meaning that the agency could not distinguish gaming data from other Internet traffic.
By the end of 2008, according to one document, the British spy agency, known as GCHQ, had set up its “first operational deployment into Second Life” and had helped the police in London in cracking down on a crime ring that had moved into virtual worlds to sell stolen credit card information. The British spies running the effort, which was code-named “Operation Galician,” were aided by an informer using a digital avatar “who helpfully volunteered information on the target group’s latest activities.”
Though the games might appear to be unregulated digital bazaars, the companies running them reserve the right to police the communications of players and store the chat dialogues in servers that can be searched later. The transactions conducted with the virtual money common in the games, used in World of Warcraft to buy weapons and potions to slay monsters, are also monitored by the companies to prevent illicit financial dealings.
In the 2008 NSA document, titled “Exploiting Terrorist Use of Games & Virtual Environments,” the agency said that “terrorist target selectors” — which could be a computer’s Internet Protocol address or an email account — “have been found associated with Xbox Live, Second Life, World of Warcraft” and other games. But that document does not present evidence that terrorists were participating in the games.
Still, the intelligence agencies found other benefits in infiltrating these online worlds. According to the minutes of a January 2009 meeting, GCHQ’s “network gaming exploitation team” had identified engineers, embassy drivers, scientists and other foreign intelligence operatives to be World of Warcraft players — potential targets for recruitment as agents.
At Menwith Hill, a Royal Air Force base in the Yorkshire countryside that the NSA has long used as an outpost to intercept global communications, American and British intelligence operatives started an effort in 2008 to begin collecting data from World of Warcraft.
One NSA document said that the World of Warcraft monitoring “continues to uncover potential Sigint value by identifying accounts, characters and guilds related to Islamic extremist groups, nuclear proliferation and arms dealing.” In other words, targets of interest appeared to be playing the fantasy game, though the document does not indicate that they were doing so for any nefarious purposes. A British document from later that year said that GCHQ had “successfully been able to get the discussions between different game players on Xbox Live.”
By 2009, the collection was extensive. One document says that while GCHQ was testing its ability to spy on Second Life in real time, British intelligence officers vacuumed up three days’ worth of Second Life chat, instant message and financial transaction data, totaling 176,677 lines of data, which included the content of the communications.
For their part, players have openly worried that the NSA might be watching them.
In one World of Warcraft discussion thread, begun just days after the first Snowden revelations appeared in the news media in June, a human death knight with the user name “Crrassus” asked whether the NSA might be reading game chat logs.
“If they ever read these forums,” wrote a goblin priest with the user name “Diaya,” “they would realize they were wasting” their time.
Even before the American government began spying in virtual worlds, the Pentagon had identified the potential intelligence value of video games. The Pentagon’s Special Operations Command in 2006 and 2007 worked with several foreign companies — including an obscure digital media business based in Prague — to build games that could be downloaded to mobile phones., according to people involved in the effort. They said the games, which were not identified as creations of the Pentagon, were then used as vehicles for intelligence agencies to collect information about the users.
The SAIC headquarters in McLean, Va., and the company’s island in Second Life. (The Meridian Group, SAIC)
Eager to cash in on the government’s growing interest in virtual worlds, several large private contractors have spent years pitching their services to American intelligence agencies. In one 66-page document from 2007, part of the cache released by Mr. Snowden, the contracting giant SAIC promoted its ability to support “intelligence collection in the game space,” and warned that online games could be used by militant groups to recruit followers and could provide “terrorist organizations with a powerful platform to reach core target audiences.”
It is unclear whether SAIC received a contract based on this proposal, but one former SAIC employee said that the company at one point had a lucrative contract with the CIA for work that included monitoring the Internet for militant activity. An SAIC spokeswoman declined to comment.
In spring 2009, academics and defense contractors gathered at the Marriott at Washington Dulles International Airport to present proposals for a government study about how players’ behavior in a game like World of Warcraft might be linked to their real-world identities. “We were told it was highly likely that persons of interest were using virtual spaces to communicate or coordinate,” said Dmitri Williams, a professor at the University of Southern California who received grant money as part of the program.
After the conference, both SAIC and Lockheed Martin won contracts worth several million dollars, administered by an office within the intelligence community that finances research projects.
It is not clear how useful such research might be. A group at the Palo Alto Research Center, for example, produced a government-funded study of World of Warcraft that found “younger players and male players preferring competitive, hack-and-slash activities, and older and female players preferring noncombat activities,” such as exploring the virtual world. A group from the nonprofit SRI International, meanwhile, found that players under age 18 often used all capital letters both in chat messages and in their avatar names.
Those involved in the project were told little by their government patrons. According to Nick Yee, a Palo Alto researcher who worked on the effort, “We were specifically asked not to speculate on the government’s motivations and goals.”
I’m finishing up a novel, a piece of speculative fiction in a genre you could call “economic-thriller”.
The Mark of the Beast?
In the book, the dollar crashes in a hyperinflationary fire (natch), replaced by a new currency called the american. The exchange rate at the time of the changeover is $1,000 equals ₳1. To illustrate its purchasing power, ₳1 buys you a candy bar.
However, americans don’t exist as physical currency. There are no “american bills” like there are dollar bills, and no coins either. Instead, americans are a fully digital currency: They exist in the ether. You need a card—be it a credit card, debit card, or EBT card—to spend americans. And to receive americans, either from employers, customers, government, etc., you need a “central account” which is tethered to your Social Security number.
The rationale for these measures is convenience—but the implication is, no one can earn, save or spend money without the government being aware of exactly what you are doing.
Since the government can easily access all your spending and earning of americans, no one can launder money, or evade taxes, or even so much as fail to pay all their bills on time. Law-makers and politicians and pundits say it’s no big deal that the government will know everything about the citizen’s finances, because, “If you’re not doing anything wrong, you’ve got nothing to hide! If you’re paying all your bills and your taxes and your loans, you got nothing to worry about!”
Another feature of this virtual currency: With americans, you can never again be late with your bills. Payments you have to make are automatically deducted from your central account. And if you take out a loan for whatever purpose, not only is that information in your central account, but your ability to spend money is automatically prioritized: Taxes get paid first, followed by private loans, then bills, then food, then “etc.”
In the novel, law-makers use this compulsory “compliance” as a selling point for the american. “Think of the convenience! No more worrying about paying your bills—your bills are all paid for you!”
However, if you don’t have enough money for “etc.”—entertainment, booze, an ice-cream sundae with the kids, what have you—you don’t get any. And if after paying off your loans and bills there isn’t enough left over for food—then no food for you. Ditto with bills: No money for electricity, or water, or heat? Then no electricity, or water, or heat for you. And if perchance you can’t fully pay off your loans, then you are declared in “non-compliance”. And if you can’t pay off your taxes, then you are charged as being in “criminal non-compliance”—and then woe is you.
In the language of the novel, it is a “fully-compliant currency”—and it forces the people to be “fully-compliant citizens” of the dictates of the government and the banksters.
This is of course a fiction I invented for my upcoming novel—but I couldn’t help notice how lawmakers and banks are all of a sudden getting on the bitcoin bandwagon.
For something that was supposed to be a threat to the established order, which is what bitcoin and the other cryptocurrencies promised to be, the established order sure seems to be happy with it: The U.S. Senate hearings on bitcoins were pretty much ofa success for bitcoins, and banks are starting to thrownothing but lovein bitcoin’s direction. The mainstream media isn’t putting down bitcoins, as it did a few years back.
In short, and unlike what a lot of cryptocurrency proselytizers have been saying—that the powers that be would beagainstbitcoins—the establishment seems to be fullyin favor—or at least accepting—of bitcoins.
Makes you goHmm . . ., now doesn’t it?
Me, I’ve already explainedhereandherewhy I think that bitcoins are in a bubble, and why bitcoins and other cryptocurrencies will never be currencies per se, only an asset class. My thinking is, cryptocurrencies represent a new class of assets whose value is highly unstable so long as they are not actually tethered to some good or service people both need to buy and have to sell. Until that day happens, cryptocurrencies are nothing but speculative investments that can plummet to zero at a moment’s notice.
However, thinking about cryptocurrencies from the point of view of the Federal Reserve, or a senator on the Banking Committee, or a trader at a bank’s prop desk, cryptocurrencies such as bitcoin have a lot of advantages—they’re not something to be dismissed out of hand.
All of bitcoin’s benefits to the establishment revolve around its blockchain.
In simple terms, a blockchain is a registry of all transactions carried out in bitcoins. Thus is resolved the problem of double-spending one particular bitcoin: It can’t be done (at least in theory) due to the blockchain.
But the blockchain is in fact a register—a trail—of bitcoins. So it’s a relative cinch to piece together each and every transaction of any particular wallet in the bitcoin universe. And since exchanges need detailed personal information about a bitcoin user in order to comply with money-laundering laws before issuing a new user with a wallet, the government or other interested parties could determine what any one particular person has been doing in the bitcoin marketplace.
In other words: Imagine that the government knew each and every cent you earned and spent, without a single exception.
That cannot be done with dollars, at least not easily. The dollar’s inefficiencies when compared to bitcoin or any other cryptocurrency are exactly what make tracking dollar transactions so hard. That’s why money-laundering in fact exists: Criminals are taking advantage of inefficiencies in the dollar to hide their profits and thus not get caught.
But with bitcoins as they currently exist, it is asnapto keep people compliant. Once some simple baseline limitations are imposed on users of bitcoins—such as the rules implemented by exchanges so as to comply with money-laundering laws—a user’s transactions are as transparent as glass.
Which is what a government would want, in order to get every bit of tax revenue it wants. Which is what a bank would want, in order to properly gauge the risk of a loan it is extending, and thereby maximize its profits.
Not only that, being able to track people’s spending completely, in real time, as can be done with bitcoin and conceivably every cryptocurrency, the government could easily rescind someone’s ability to earn money.
Witness how the government shut off WikiLeaks’ source of funding—took them less than a week. WikiLeaks depended exclusively on donations made via credit card payments—so by “encouraging” the credit card companies, Visa and Mastercard, to refuse to process donations to the organization, the U.S. government shut down Wikileaks justdaysafter the first big document leaks of 2010.
With bitcoin or some similar cryptocurrency, the government wouldn’t even need to take the step of contacting credi card companies to “encourage them to do the right thing”: The government could simply make any payment to a targeted group invalid. (And perhaps get a notice of whoever it was who donated to the targeted group?)
All this is to say, bitcoins and other cryptocurrencies are potentially a great step forward for a government looking to impose a Panopticon society on the American people. We can’t travel without TSA’s approval, so why not extend that power to people’s ability to interact in the economy as well? Due to the fact that, with bitcoins, there is a trail from people to their bitcoin wallet to their bitcoin usage, a trail that is relatively easy to read, the government could have this power over each and every citizen—the power to monitor and control our interactions with the economy.
Which is why bitcoin—far from being a threat—might just prove to be the fully-compliant currency the U.S. government can come to love. A currency that will let it have unfettered access to each and every financial transaction you carry out.
Is that something that we as a people want? More power to the government? Because that’s the promise of bitcoin.
In order to help local police officers protect themselves while fighting the largely unsuccessful War on Drugs, the federal government passed legislation in 1994 allowing the Pentagon to 
re be “walled off” from defendants, court systems and the public.
