The following, just uploaded to Youtube yesterday, is the most detailed description of the various NSA spying tools that I've heard yet:
b0w36GAyZIA
It is a talk by Jacob Applebaum yesterday, December 30,2013, entitled: "To Protect and Defend -- The Militarization of the Internet", given at 30C3: The 30th Chaos Communication Congress (https://events.ccc.de/congress/2013/wiki/Main_Page), held in Hamburg, Germany from December 27 to 30, 2013.

Here's another Youtube upload of the same talk Jacob Applebaum: To Protect And Infect, Part 2 [30c3] (Youtube) (http://www.youtube.com/watch?v=vILAlhwUgIU)

Here are some comments by one Scott Creighton, of American Everyman (http://willyloman.wordpress.com/2013/12/30/jacob-ioerror-applebaum-at-30c3-to-protect-and-infect-part-2/) on this talk:

======================




Jacob “@ioerror” Applebaum at 30c3: To Protect and Infect part 2

In an effort to present both sides of the story (something I don’t do very often with good reason) I am going to post this presentation by Jacob “@ioerror” Applebaum at the 30th Chaos Communication Congress (30C3) four day event in which he is discussing the extensive surveillance state that exists in the world today.

One of my biggest complaints about this Snowden project is that fails to focus at all on the people harmed by the NSA/CIA security state intrusive spying. Well, according to Jacob, who is the Der Spiegel wing of the Snowden program, they actually have released leaks, redacted of course, exposing this aspect of the current crisis.

This guy is actually a much better representative than Greenwald in that he appears to be much more informed as to the history of not only the illegal spying but also the long history of the various whistle-blowers who were completely ignored by many of the MSM outlets tasked with promoting the Snowden psyop today.

Part of what he talks about is the fact that these agencies have been collecting data streams, meta-data and content, for the past 15 years and that they still have all of this information available to them. For those of you who can’t do the math, this puts the start of this illegal activity right before 9/11 at a time when people like myself believe they were readying the country for their “transition”

He also points out a rarely mentioned aspect of these programs and that is it is designed to formulate lists of people based on how they think and relate to others. Not just in this country, but basically all across the world. When someone is making ready a global fascist state, such lists are more than useful.

His talk is rather informative in that it goes over aspects of all of this that Greenwald and the press here have completely glossed over.

I’m not promoting his discussion in so much as I am putting it out there for consideration. He gives a good deal of information about very troubling aspects of the various programs that are being run. Of course, it could all be hogwash fabricated to generate fear while the real programs go by different names and the equipment.
======================

Russell Brandon of TheVerge.com (http://www.theverge.com/2013/12/30/5256636/nsa-tailored-access-jacob-appelbaum-speech-30c3) writes:

======================




The NSA's elite hackers can hijack your Wi-Fi from 8 miles away

Attendees at the Chaos Communications Congress (http://events.ccc.de/) in Hamburg this weekend got a surprising rundown of the NSA's surveillance capabilities, courtesy of security researcher Jacob Appelbaum. Appelbaum, who co-wrote the Der Spiegel article that first revealed the NSA catalog, went into further detail onstage, describing several individual devices in the catalog and their intended purposes.

Applebaum, who co-wrote the Der Spiegel article (http://www.theverge.com/2013/12/29/5253226/nsa-cia-fbi-laptop-usb-plant-spy) that first revealed the NSA catalog, went into further detail onstage, describing several individual devices in the catalog and their intended purposes.

Alongside pre-packaged exploits that allowed control over iOS devices (http://www.spiegel.de/static/happ/netzwelt/2014/na/v1/pub/img/Handy/S3222_DROPOUTJEEP.jpg) and any phone communicating through GSM (http://www.spiegel.de/static/happ/netzwelt/2014/na/v1/pub/img/Mobilfunk/S3224_CANDYGRAM.jpg), Appelbaum detailed a device that targets computers through packet injection, seeding exploits from up to 8 miles away (http://leaksource.files.wordpress.com/2013/12/nsa-ant-nightstand.jpg?w=604&h=781). He even speculated the exploits could be delivered by drone, although he conceded that in most cases, an unmarked van would likely be more practical.
======================

Cory Doctorow writes on Boing Boing (http://boingboing.net/2013/12/31/jacob-appelbaums-must-watch.html) of this talk of Applebaum:

======================




Jacob Appelbaum's must-watch 30C3 talk: why NSA spying affects you, no matter who you are

Sunday's Snowden leaks detailing the Tailored Access Operations group (http://boingboing.net/2013/12/29/tao-the-nsas-hacker-plumber.html) -- the NSA's exploit-farming, computer-attacking "plumbers" -- and the ANT's catalog of attacks on common computer equipment and software (http://boingboing.net/2013/12/29/nsa-has-a-50-page-catalog-of-e.html) -- were accompanied by [url="http://www.youtube.com/watch?v=b0w36GAyZIA"]a lecture by Jacob Appelbaum[/urkl] at the 30th Chaos Communications Congress. I have seen Jake speak many times, but this talk is extraordinary, even by his standards, and should by watched by anyone who's said, "Well, they're probably not spying on me, personally;" or "What's the big deal about spies figuring out how to attack computers used by bad guys?" or "It's OK if spies discover back-doors and keep them secret, because no one else will ever find them."

Nominally, Jake's talk is about the details of the spying tools developed by the NSA, but the talk goes well beyond that. The meat of the talk is the analysis of the legal framework under which these are developed and what the consequences to the wider world are.

The development and hoarding of vulnerabilities in widely used systems represent a risk to everyone who relies on those systems -- not just people the NSA want to spy on. Even if you trust the NSA, you need to know that every bug the NSA keeps secret is a bug that might be independently discovered by another agency you don't trust -- or a criminal group -- and used to attack you. Not because you're a special target, but because an untargetted attack aimed at the whole Internet happens upon you and turns your computer into something that spies on you to sexually exploit you or clean out your bank-account or just sell off all your World of Warcraft stuff.

To drive home this point, Jake details a secret NSA exploit from its catalog, and points out that another speaker at 30C3 had actually independently discovered that exploit and disclosed it at the same event. The lesson: anything the NSA discovers and doesn't patch will be discovered by someone else and exploited.

Jake discloses the way that the NSA determines which targets are fair game for deeper scrutiny, including having your mobile phone in close proximity to an existing target, like Jake himself. To drive home the point, he switches on his phone and says, "Right, anyone who's phone is on now is on the list now."

Beyond the political and technical messages, Jake's speech is great for the details of the spycraft disclosed in it -- the fact that Iphones are completely compromised and can be successfully attacked 100 percent of the time (Jake suspects that this suggests collaboration on the part of Apple) and the fact that Wifi can be intercepted and compromised from eight miles away and that the NSA might use drones against Wifi.
======================

Thank you Paul!! Listening now and yes it is very interesting for sure...

I do not usually do this however I am wondering if the title of this thread was intended to be NSA instead of NASA? or is it both? :hug:

I am usually not one to catch typo's because I am the queen of typo's XO

Darn, I thought this was about Hubble or something (but NSA is actually more interesting and spooky than NASA at this point, which is saying a lot).

The unmarked van thing is very scary -- and wtf, from 8 miles away they can do this computer targeting crap?
That means your ISP doesn't necessarily know the extent of the denial of service and harassment some customers suffer.

There are some strange things going on in some of our cities, needless to say...

I do not usually do this however I am wondering if the title of this thread was intended to be NSA instead of NASA? or is it both? :hug:
Aha - NSA it should be - fixed now.

Must have been some kind of Freudian slip :).

[...]




This guy is actually a much better representative than Greenwald in that he appears to be much more informed as to the history of not only the illegal spying but also the long history of the various whistle-blowers who were completely ignored by many of the MSM outlets tasked with promoting the Snowden psyop today.

[...]

Psyop (http://projectavalon.net/forum4/showthread.php?54217-Their-Mind-and-the-Emotional-Matrix-that-we-create-with-it.&p=652209&viewfull=1#post652209) indeed:

See this post (http://projectavalon.net/forum4/showthread.php?66702-That-s-no-Dissonance-That-s-cacophony-&p=775653&viewfull=1#post775653) (<----) were there's that bit:


Of course, the "British" have nothing to do with it... hummmm... although... what's THIS:


[...]
Sunday, December 22, 2013

[...]

What links Edward Snowden, Julian Assange and the former head of Britain's spy service MI5?

Jonathan Evans, the former boss of MI5, was a pupil at the expensive Sevenoaks School in the UK.


http://4.bp.blogspot.com/-cMIK-hQ2DDk/UqQ0fOPJoJI/AAAAAAABBgU/aBsmDWgyyOY/s200/mi5-director-general-jonathon-evans.jpg
Sir Jonathan Evans


Sarah Harrison, who led Edward Snowden to Moscow, was a pupil at Sevenoaks School.


http://4.bp.blogspot.com/-MBCi5VlY4_w/UqQ0uaO6s4I/AAAAAAABBgc/gT0Xl6RN27k/s200/Sarah+Harrison+Snowden.jpg
Snowden and Harrison


Sarah Harrison, of the spooky Wikileaks, is said to be a former lover of Julian Assange.

Sarah Harrison is currently living in spooky Berlin.


http://1.bp.blogspot.com/-fN89JC6wt1g/UqQ06O1-QlI/AAAAAAABBgk/EE2UeqFD1gQ/s200/sarah+Harrison.jpg
Assange and Harrison


The late Gerd Sommerhoff, who sexually abused boys, was a teacher at Sevenoaks school.

Sommerhoff worked at the spooky BBC and in spooky Cambridge, and, like Jimmy Savile, was given a knighthood.


http://2.bp.blogspot.com/-pkWS2DYStM8/UqQ2p52Z8UI/AAAAAAABBgw/DIMJJJRKfC0/s1600/image036.jpg
Gerd Sommerhoff


Some of the above people may secretly be assets of Mossad, the CIA and MI5/MI6.


http://1.bp.blogspot.com/-0mqNyMUUZc8/UqRBqKgQ-HI/AAAAAAABBhU/SssT81ryQ00/s1600/Sawers.jpg
Sir John Sawers


Sir John Sawers, the current boss of MI6, is a former parent at Sevenoaks.

The UK's security services are reported to have run child brothels as a way of entertaining and blackmailing top people from cabinet ministers to foreign diplomats.

[...]

So... what are these leaks that haven't been leaked? Leaks-to-be to blackmail the blackmailers?

Watched this last night and honestly, I am not surprised in the slightest with the information that was presented. We have allowed ourselves to become slaves to this system and until we fight back, the spying into our lives will get worse.

I've read the article in WiReD magazine just yesterday about "shopping catalogue" for NSA agents:
http://www.wired.com/threatlevel/2013/12/nsa-hacking-catalogue/

According to it there is no such thing like "secure network" :( As networking equipment can be compromised at will and furnished with backdoors buried at the level below the operating system. Taking this further one could remotely hack the chip plant, hijack production lines and reprogram etching machines to place backdoors at hardware level.

This have already happened to Iran's uranium enriching factory via stuxnet computer virus. It was designed to take over factory control systems (SCADA). It succeded only because that factory had certain make of such system. Equipped with unchengable hardcoded admin account with openly known default password. Which could not be changed as well because if changed other parts of the system would stop working properly because they used that default admin password hardcoded into them to allow them connection with central database ;) That was certainly a design flaw and avoidable human error.

I don't know if "the NSA shopping catalogue" is true or just another psyop "msm leak" to give a false impression of omnipotence. Let's not forget about CIA's Operation Mockingbird.

My apologies if the above examples were too paranoid :o

Remember, this is what it is all about:

"Great people doing a great job"

6Kc5Xvr24Aw

(Impressive dislike count on youtube, btw)

Thanks to both Paul an meeradas !

Glitter nail polish: The new way to protect your data (http://www.independent.co.uk/life-style/gadgets-and-tech/news/glitter-nail-polish-the-new-way-to-protect-your-data-9031509.html)


http://www.independent.co.uk/incoming/article9031502.ece/ALTERNATES/w620/Glitter+nail+polish.jpg
Glitter nail polish is the perfect way to ensuring your laptop hasn't been tampered with as its random pattern is extremely hard to replicate, experts say

Tomas Jivanda (http://www.independent.co.uk/search/simple.do?destinationSectionUniqueName=search&publicationName=ind&pageLength=5&startDay=1&startMonth=1&startYear=2010&useSectionFilter=true&useHideArticle=true&searchString=byline_text:%28%22Tomas%20Jivanda%22%29&displaySearchString=Tomas%20Jivanda) Tuesday 31 December 2013

Security experts have come up with a novel way to ensure your laptop or tablet hasn't been tampered with and your data compromised - glitter nail polish.

Physical tampering with devices to steal data, or install malware for monitoring purposes, is becoming an increasing problem, especially when travelling, where border officials can easily confiscate devices for ‘inspection’.

Problems with hardware interference and data theft have been particularly reported by business travellers to China. The UK government meanwhile has the right to suck all the data from a device and store it when people enter and leave the country.

Many people do fit tamper-proof seals over ports and screws, but these can easily be opened cleanly or replicated in minutes by anyone with minimal training, security researchers Eric Michaud and Ryan Lackey said, while presenting at the Chaos Communication Congress, reports Wired magazine.

The pair’s answer - create a seal that cannot be copied. Glitter nail polish is the perfect candidate for making the seal, the pair added, as a completely random pattern is created, unlike with standard paint or a sticker.

Once applied, a photo can be taken on a device such as a smartphone that will not leave your side - or can be left at home - to ensure the image has not been tampered with.

Taking a second picture once you’ve returned from a trip or become suspicious that your laptop has been meddled with, then running the two through a program that allow the two images to be rapidly switched between, will allow you to spot any differences if the glitter nail polish has been removed and repainted, Mr Michaud and Mr Lackey explained.

The technique is inspired by that used by astronomers to spot minute changes in the night sky.

In the next few months the pair plan release a cheap piece of software that will allow the images to be easily analysed, as well as enable a second step whereby a device cannot be connected to a company system - and potentially compromise it - until the images have been verified.

RT summary of OP video:

Appelbaum: ‘Scary’ NSA will spy on you – every which way they can (http://www.rt.com/usa/appelbaum-30c3-nsa-snowden-986/)
Published time: December 30, 2013 23:04 Edited time: December 31, 2013 05:26 Get short URL (http://www.rt.com/usa/appelbaum-30c3-nsa-snowden-986/)

http://cdn.rt.com/files/news/21/b0/20/00/jacob_appelbaum.si.jpg
Jacob Appelbaum

Security researcher Jacob Appelbaum revealed what he calls “wrist-slitting depressing” details about the National Security Agency’s spy programs at a computer conference in Germany on Monday where he presented previously unpublished NSA files.

Appelbaum is among the small group of experts, activists and journalists who have seen classified United States intelligence documents (http://rt.com/trends/nsa-leaks-snowden-surveillance/) taken earlier this year by former contractor Edward Snowden (http://rt.com/tags/snowden/), and previously he represented transparency group WikiLeaks at an American hacker conference in 2010. Those conditions alone should suffice in proving to most anybody that Appelbaum has been around more than his fair share of sensitive information, and during his presentation at the thirtieth annual Chaos Communication Congress in Hamburg on Monday he spilled his guts about some of the shadiest spy tactics seen yet through leaked documents.

Presenting in-tandem with the publishing of an article (http://rt.com/usa/nsa-top-unit-tao-954/) in Germany’s Der Spiegel magazine, Appelbaum explained to the audience of his hour-long “To Protect and Infect” address early Monday that the NSA has secretly sabotaged US businesses by covertly — and perhaps sometimes with the cooperation of the tech industry — coming up with ways to exploit vulnerabilities in the products sold by major American companies, including Dell and Apple, among others.

That was only the main theme of many covered throughout the presentation, during which Appelbaum repeatedly revealed previously unpublished top-secret NSA documents detailing the tactics and techniques used by the NSA to intercept the communications of seemingly anyone on Earth.

“Basically the NSA, they want to be able to spy on you. And if they have ten different options for spying on you that you know about, they have 13 ways of doing it and they do all 13. So that’s a pretty scary thing,” he said.

While nearly seven months’ worth of stories made possible by leaked files pilfered by Snowden have helped explain the extent of the spy agency’s surveillance operations, Appelbaum used his allotted time to help shine light on exactly how the NSA compromises computers and cell phones to infect the devices of not just targeted users, but the entire infrastructure that those systems run on.

“Basically their goal is to have total surveillance of everything that they are interested in,” he said. “There really is no boundary to what they want to do. There is only sometimes a boundary of what they are funded to be able to do, and the amount of things they are able to do at scale they seem to just do those things without thinking too much without it.”

“They would be able to break into this phone, almost certainly, and turn on the microphone,” Appelbaum said at one point as he re-inserted the battery into his mobile device. “All without a court, and that to me is really scary.” Indeed, classified files shown later during his presentation revealed a device that for $175,800 allows the NSA or another license client to construct a fake cell tower than can allow officials to eavesdrop on texts and talks alike.

“They replace the infrastructure they connect to. It’s like replacing the road that we would walk on and adding tons of spy gear,” he said. “And they do that too!”

Writer Glenn Greenwald — who has also worked closely with the Snowden files as well — had similar words earlier this month when he told the European Parliament’s Committee on Civil Liberties and Home Affairs (http://rt.com/news/greenwald-eu-parliament-testimony-424/) that he believed the ultimate goal of the NSA is to“eliminate individual privacy worldwide.”

To do as much, Appelbaum added, the intelligence agency has deployed an intricate system of tools and tactics which could eavesdrop not just by hacking into computers with viruses, but by outfitting machines with miniature, remote-controlled bugs and in some instances by relying on beams of radio waves to help identify sensitive information sent across systems. Routinely, he explained, the NSA takes advantage of flaws in computer code. Otherwise, however, documents suggest they’ve opened shipping containers and installed their own, stealthy spy chips into the computers of targets.

Stories based on leaked Snowden files have previously linked the US agency and its British counterpart — the GCHQ — with an array of nefarious activity, including operations that sucked up signals intelligence, or SIGINT, from foreign citizens and leaders alike, including Germany Chancellor Angela Merkel (http://rt.com/news/merkel-monitor-phone-us-634/). By using a program codenamed TURMOIL and another TURBINE, Appelbaum said, the NSA and GCHQ can inspect the packets being sent anywhere across the web and then insert its own code when it wants to not just eavesdrop, but infiltrate, respectively.

The NSA says the routine collection of data isn’t illegal, Appelbaum said, because the government relies on perverse language to justify scooping the intelligence — and not necessarily scouring it.

http://www.rt.com/files/news/21/b0/20/00/greenwald.jpg
The Guardian's Brazil-based reporter Glenn Greenwald (AFP Photo / Evaristo Sa)

“It’s only surveillance if after they collect it and record it to a database and analyze it with machines, only if I think an NSA agent basically looks at it personally and then clicks ‘I have looked at this' do they call it surveillance,” Appelbaum said. “Fundamentally, I really object to that.”

In contrast, he added, the federal Computer Fraud and Abuse Act, or CFAA, has been used a handful of times just in 2013 alone to put away suspected hackers accused of modifying computer programs (http://rt.com/usa/andrew-auernheimer-prison-sentence-443/) for arguably harmless crimes.

“It’s so draconian for regular people, and the NSA gets to do something like intercepting 7 billion people all day long with no problems, and the rest of us are not even allowed to experiment for improving the security of our own lives without being put in prison or under threat of serious indictment,” he said.

“This is what [Thomas] Jefferson talked about when he talked about tyranny,” he said. “This is turnkey tyranny and it is here.”

Aside from the erosion of privacy, though, Appelbaum added that the top-secret operations of the NSA raise a number of questions about exploits that could be used by competing foreign powers. Many of the NSA’s tactics involve taking advantage of little known or hidden vulnerabilities in hardware and software, then exploiting them for gain.

If the manufacturers of those products are aware of the vulnerability, Appelbaum suggested, then they are being complicit (http://rt.com/usa/lavabit-email-snowden-statement-247/) in the NSA’s crimes. And if they are ignorant, then the existence of those vulnerabilities means any competing nation-station could likely exploit them as well.

“If the Chinese, if the Russians if people here wish to build this system, there is nothing to stop them,” he said. “The NSA has in a literal sense retarded the process by which we would secure the internet because it establishes a hegemony of power — Their power to do these things in secret.”

“This strategy is undermining the internet in a direct attempt to keep it insecure,” one of Appelbaum’s slides read.

The revelations made possible during the last half-year thanks to Snowden’s supply of documents and the programmers who have worked to patch exploits known to the NSA have driven many privacy-focused individuals around the globe to adopt new practices (http://rt.com/usa/tor-membership-doubled-nsa-137/). Even as that wave of countersurveillance grows, however, Appelbaum cautioned that quite literally no one can be spared from the US government’s dragnet snooping.

“You can’t hide from these things, and thinking that they won’t find you is a fallacy,” said Appelbaum, a core member of the anonymity routing program Tor (http://rt.com/usa/nsa-target-tor-network-739/).

And while calls for congressional reform (http://rt.com/usa/nsa-snooping-senators-feinstein-439/) in Washington have only intensified in the weeks, then months since the first Snowden leak in early June, Appelbaum — a US citizen has not returned to the US since before the Summer of Snowden — said lawmakers lack both the knowhow and ability to act on these issues.

“Members of the US Congress they have no clue about these things — literally in the case of the technology,” he said. “You can’t even get a meeting with them. I tried. Doesn’t matter. Even if you know the secret interpretation of Section 215 (http://rt.com/usa/fact-nsa-section-wyden-224/) of the PATRIOT Act act and you go to Washington, DC and you meet with their aides they still won’t talk to you about it. Part of that is that they don’t have a clue. And another part of it is they can’t talk about it because they don’t have a political solution. Absence a political solution it’s very difficult to get someone to admit that there is a problem. Well, there is a problem.”

If anyone outside of the NSA is aware of what’s going on, Appelbaum said, then it’s like the tech industry players whose devices contain exploits known to governments like the US.

“**** those guys,” Appelbaum said, “for collaborating when they do. And **** them for leaving us vulnerable when they do.”

A server made by Texas-based Dell Computers, for instance — the Dell PowerEdge 2950 — contains a flaw that can let the NSA or any other entity hack the machinery and then run amok with its motherboard.

And even the Apple iPhone — one of the most popular handheld devices in the world — can be exploited by the NSA, according to one of the classified documents, to let officials surreptitiously take pictures with the mobile’s camera or stealthy turn on its microphone, access text messages or listen to voicemail.

According to Appelbaum, it’s likely that it’s not just a coincidence that the NSA can infiltrate iPhones with ease. In one document he saw, he said the NSA “literally claim that any time they target an iOS device, that it will succeed for implantation.”

“Either they have a huge collection of exploits that work against Apple products — meaning they are hoarding information about critical systems American companies product and sabotaging them — or Apple sabotages it themselves,” he said.

Other products made by the likes of Western Digital, Seagate, Maxtor and Samsung all contain vulnerabilities as well, according to those documents, and the secret software used by the NSA and others to exploit them are available for free to properly-credentialed agencies.

“Everything that the United States government accused the Chinese of doing — which they are also doing, I believe—we are learning that the US government has been doing to American companies,” Appelbaum said. “That to me is really concerning, and we’ve had no public debate about these issues. And in many cases, all the technical details are obfuscated away.”

Until now, that is. During Monday’s presentation, Appelbaum named no fewer than a half-dozen US companies linked to NSA operations and is asking them to explain why they didn’t patch up their vulnerabilities.

Some of the NSA’s tactics, however, might warrant more than just a minor operation. Appelbaum far from caught his crowd off guard when he showed slides demonstrating how the NSA can hack Wi-Fi signals from eight miles away and when he proved they insert ant-sized computer chips into USB cables to conduct surveillance.

http://www.rt.com/files/news/21/b0/20/00/assange.jpg
Julian Assange (Taylor Hill / Getty Images / AFP)

“Well what if I told you that the NSA had a specialized technology for beaming energy into you and to the computer systems around you?” Appelbaum asked before wrapping up his presentation. “Would you believe that that is true, or would that be paranoid speculation of a crazy person?”

Slides shared by Appelbaum suggest that the NSA is indeed in the business of transmitting radio frequency waves to targets, which, in effect, can help decode the images displayed on computer monitors or typed on keyboards using technology not unlike what Russian inventor Leon Theremin used to spy for the KGB. This time, though, the NSA may be sending waves with the intensity of 1 kW at a target from only a few feet away.

“I bet the people who were around Hugo Chavez are going to wonder what caused his cancer,” Appelbaum said WikiLeaks founder Julian Assange told him after hearing about the latest NSA leaks.


__________________________


The very scarriest thing I learnt from the presentation is the direct embedding of "bugs"/backdoors/viruses as a firmware "update"... no way to get rid of that one without cleaning it EPROM-fashion and reprogram it... to get an automatic new stealth firmware "update."

Sucks!

Amzer Zo, that picture of the nail polish looks like something my friend from high school is currently making right now. PrettyandPolished LLC (http://shopprettyandpolished.com)

“Well what if I told you that the NSA had a specialized technology for beaming energy into you and to the computer systems around you?” Appelbaum asked before wrapping up his presentation. “Would you believe that that is true, or would that be paranoid speculation of a crazy person?”

Slides shared by Appelbaum suggest that the NSA is indeed in the business of transmitting radio frequency waves to targets, which, in effect, can help decode the images displayed on computer monitors or typed on keyboards using technology not unlike what Russian inventor Leon Theremin used to spy for the KGB. This time, though, the NSA may be sending waves with the intensity of 1 kW at a target from only a few feet away.

“I bet the people who were around Hugo Chavez are going to wonder what caused his cancer,” Appelbaum said WikiLeaks founder Julian Assange told him after hearing about the latest NSA leaks.


__________________________


The very scarriest thing I learnt from the presentation is the direct embedding of "bugs"/backdoors/viruses as a firmware "update"... no way to get rid of that one without cleaning it EPROM-fashion and reprogram it... to get an automatic new stealth firmware "update."

Sucks!



the above starts at 55:00ish on the OP video..... its talking about directed energy surveillance/weapons..... which is the most shocking leaked documents I've seen yet....

Appelbaum: ‘Scary’ NSA will spy on you – every which way they can
This talk on Youtube:dy3-QZLTpbQ
Yes - very hard to escape the NSA's surveillance.

Secrets, lies and Snowden's email: why I was forced to shut down Lavabit (http://www.theguardian.com/commentisfree/2014/may/20/why-did-lavabit-shut-down-snowden-email)




For the first time, the founder of an encrypted email startup that was supposed to insure privacy for all reveals how the FBI and the US legal system made sure we don't have the right to much privacy in the first place
http://static.guim.co.uk/sys-images/Guardian/Pix/pictures/2014/5/16/1400195309052/Ladar-Levison.jpg (http://www.theguardian.com/profile/ladar-levison) Ladar Levison (http://www.theguardian.com/profile/ladar-levison), theguardian.com (http://www.theguardian.com/), Tuesday 20 May 2014 12.30 BST
Jump to comments (533) (http://www.theguardian.com/commentisfree/2014/may/20/why-did-lavabit-shut-down-snowden-email#start-of-comments)


http://static.guim.co.uk/sys-images/Guardian/Pix/pictures/2014/5/19/1400537927943/20a2fdba-c34b-4401-8d05-454e34ce5406-460x276.jpeg
Photograph: Ueslei Marcelino / Reuters


The prosecution argued that my users had no expectation of privacy, even though the service I provided – encryption – is designed for just that.

My legal saga started last summer with a knock at the door, behind which stood two federal agents ready to to serve me with a court order requiring the installation of surveillance equipment on my company's network.

My company, Lavabit, provided email services to 410,000 people – including Edward Snowden (http://www.theguardian.com/commentisfree/2013/aug/09/lavabit-shutdown-snowden-silicon-valley), according to news reports – and thrived by offering features specifically designed to protect the privacy and security of its customers. I had no choice but to consent to the installation of their device, which would hand the US government access to all of the messages – to and from all of my customers – as they travelled between their email accounts other providers on the Internet.

But that wasn't enough. The federal agents then claimed that their court order required me to surrender my company's private encryption keys, and I balked. What they said they needed were customer passwords – which were sent securely – so that they could access the plain-text versions of messages from customers using my company's encrypted storage feature. (The government would later claim they only made this demand because of my "noncompliance".)

Bothered by what the agents were saying, I informed them that I would first need to read the order they had just delivered – and then consult with an attorney. The feds seemed surprised by my hesitation.

What ensued was a flurry of legal proceedings that would last 38 days, ending not only my startup but also destroying, bit by bit, the very principle upon which I founded it – that we all have a right to personal privacy.

In the first two weeks, I was served legal papers a total of seven times and was in contact with the FBI every other day. (This was the period a prosecutor would later characterize as my "period of silence".) It took a week for me to identify an attorney who could adequately represent me, given the complex technological and legal issues involved – and we were in contact for less than a day when agents served me with a summons ordering me to appear in a Virginia courtroom, over 1,000 miles from my home. Two days later, I was served the first subpoena for the encryption keys.

With such short notice, my first attorney was unable to appear alongside me in court. Because the whole case was under seal, I couldn't even admit to anyone who wasn't an attorney that I needed a lawyer, let alone why. In the days before my appearance, I would spend hours repeating the facts of the case to a dozen attorneys, as I sought someone else that was qualified to represent me. I also discovered that as a third party in a federal criminal indictment, I had no right to counsel. After all, only my property was in jeopardy – not my liberty. Finally, I was forced to choose between appearing alone or facing a bench warrant for my arrest.

In Virginia, the government replaced its encryption key subpoena with a search warrant and a new court date. I retained a small, local law firm before I went back to my home state, which was then forced to assemble a legal strategy and file briefs in just a few short days. The court barred them from consulting outside experts about either the statutes or the technology involved in the case. The court didn't even deliver transcripts of my first appearance to my own lawyers for two months, and forced them to proceed without access to the information they needed.

Then, a federal judge entered an order of contempt against me – without even so much as a hearing.

But the judge created a loophole: without a hearing, I was never given the opportunity to object, let alone make any any substantive defense, to the contempt change. Without any objection (because I wasn't allowed a hearing), the appellate court waived consideration of the substantive questions my case raised – and upheld the contempt charge, on the grounds that I hadn't disputed it in court. Since the US supreme court traditionally declines to review decided on wholly procedural grounds, I will be permanently denied justice.

In the meantime, I had a hard decision to make. I had not devoted 10 years of my life to building Lavabit, only to become complicit in a plan which I felt would have involved the wholesale violation of my customers' right to privacy. Thus with no alternative, the decision was obvious: I had to shut down my company (http://www.theguardian.com/technology/2013/aug/08/lavabit-email-shut-down-edward-snowden).

The largest technological question we raised in our appeal (which the courts refused to consider) was what constitutes a "search", i.e., whether law enforcement can demand the encryption keys of a business and use those keys to inspect the private communications of every customer, even when the court has only authorized them to access information belonging to specific targets.

The problem here is technological: until any communication has been decrypted and the contents parsed, it is currently impossible for a surveillance device to determine which network connections belong to any given suspect. The government argued that, since the "inspection" of the data was to be carried out by a machine, they were exempt from the normal search-and-seizure protections of the Fourth Amendment.

More importantly for my case, the prosecution also argued that my users had no expectation of privacy, even though the service I provided – encryption – is designed for users' privacy.

If my experience serves any purpose, it is to illustrate what most already know: courts must not be allowed to consider matters of great importance under the shroud of secrecy, lest we find ourselves summarily deprived of meaningful due process. If we allow our government to continue operating in secret, it is only a matter of time before you or a loved one find yourself in a position like I did – standing in a secret courtroom, alone, and without any of the meaningful protections that were always supposed to be the people's defense against an abuse of the state's power.


Related:

Lavabit loses contempt of court appeal over encryption keys (http://www.theguardian.com/technology/2014/apr/16/lavabit-court-ruling-edward-snowden-encryption)
Glenn Greenwald: the state targets dissenters not 'bad guys' (http://www.theguardian.com/world/2014/may/13/glenn-greenwald-anonymous-mass-surveillance-governments-nasa-no-place-to-hide)

Great follow up video on our current situation.


Next Future Surveillance Technology - No One Escape (Full Documentary) <Next Future Terrifying Technology Will Blow Your Mind >
JbQeABIoO6A

Snowden, Greenwald, Appelbaum, WikiLeaks 'blacklisted' from Stockholm Internet Forum (http://rt.com/news/161756-internet-snowden-stockholm-wikileaks/)

Published time: May 27, 2014 16:36
Edited time: May 27, 2014 21:20
Get short URL (http://rt.com/news/161756-internet-snowden-stockholm-wikileaks/)


http://img.rt.com/files/news/27/7d/c0/00/internet-snowden-stockholm-wikileaks1.si.jpg
Image from David Michael Miranda's facebook page


Key digital rights activists – including Edward Snowden and hacker Jacob Appelbaum – have been blacklisted from the Stockholm Internet Forum (SIF) on internet openness and freedom. The move has caused a stir at the gathering and outraged Twitter users.

The third annual European meeting of internet activists kicked off in Sweden on May 26, with its main theme being “Internet– privacy, transparency, surveillance and control.”

But strangely enough, those whose names immediately spring to mind when it comes to the issue of surveillance are not allowed to attend the event.

Former CIA employee Edward Snowden, who revealed the NSA's mass spying program, was not invited. Neither was journalist Glenn Greenwald, who broke the story.

Hacker Jacob Appelbaum, who found German Chancellor Angela Merkel’s mobile phone number in Snowden’s database, didn't receive an invitation either.
I have been silenced this year from attending #SIF14 (https://twitter.com/search?q=%23SIF14&src=hash) in person as have others. This is the result of speaking out against mass surveillance.
— Jacob Appelbaum (@ioerror) May 26, 2014 (https://twitter.com/ioerror/statuses/470869725569122304)
The conference also failed to invite representatives of WikiLeaks, which repeatedly made headlines worldwide by leaking diplomatic cables.
#SIF14 (https://twitter.com/search?q=%23SIF14&src=hash) is a geopolitical tool and has banned #WikiLeaks (https://twitter.com/search?q=%23WikiLeaks&src=hash) and #Snowden (https://twitter.com/search?q=%23Snowden&src=hash): http://t.co/2XaV0rsEsyhttp://t.co/Dla8EsfGAx https://t.co/33GDJYXutC
— WikiLeaks (@wikileaks) May 26, 2014 (https://twitter.com/wikileaks/statuses/470777138212503553)
According to German magazine Cicero Online (http://www.cicero.de/weltbuehne/conference-internet-freedom-swedish-foreign-ministry-prevents-snowdens-invitation/57582), the only non-governmental organization among the hosts of the conference – .SE – had made a list of possible candidates and sent it to the Ministry of Foreign Affairs for approval.The ministry vetoed the activists from attending the SIF – the brainchild of Foreign Minister Carl Bildt. Snowden’s name was marked red, the magazine wrote, suggesting that could be code for “do not invite.”

When asked to comment on the matter, the ministry stated that the conference’s main focus was to “represent a wide array of backgrounds, cultures and opinions.” It added that a key ambition was to have an equal number of male and female invitees and that at least a half of them had to be from developing countries. “We would also like to point out that those who haven’t been invited are able to follow the entire conference online and give opinions and raise questions during the discussions,” the ministry said, as quoted by Cicero.

The decision to snub Snowden and other activists from the meeting sparked a wave of criticism among forum participants, while Twitter exploded with a stream of outrage and sarcastic comments under the hashtag #SIF14.


Ag-l8MZ5b8k

Swedish Ambassador Olof Ehrenkrona acknowledged on Twitter that the ministry rejected .SE’s proposal to invite Snowden.

“Not a boycott. We just did not invite him. Others not invited are not boycotted,” he tweeted, triggering a heated conversation (https://twitter.com/Olofeh/status/468308877524877312) which involved both Appelbaum and Petra Sorge (the author of the article on Cicero).
I'm at Stockholm Internet Forum. Where is Snowden? @carlbildt (https://twitter.com/carlbildt) #shame (https://twitter.com/search?q=%23shame&src=hash)#SIF14 (https://twitter.com/search?q=%23SIF14&src=hash)pic.twitter.com/slfAshKeXx (http://t.co/slfAshKeXx)
— Anna Troberg (@annatroberg) May 27, 2014 (https://twitter.com/annatroberg/statuses/471183179341389824)

Sad to see people like #Snowden (https://twitter.com/search?q=%23Snowden&src=hash) & @ioerror (https://twitter.com/ioerror) not invited to #SIF14 (https://twitter.com/search?q=%23SIF14&src=hash). At this crucial juncture, they're inspiration for people all over world
— Anja Kovacs (@anjakovacs) May 27, 2014 (https://twitter.com/anjakovacs/statuses/471287507351396352)

Number 1 question asked to me tonight at the #sif14 (https://twitter.com/search?q=%23sif14&src=hash) official reception: What do you think about Snowden being blacklisted? #InternetFreedom (https://twitter.com/search?q=%23InternetFreedom&src=hash)
— Onnik J. Krikorian (@onewmphoto) May 26, 2014 (https://twitter.com/onewmphoto/statuses/471007429250252801)

For #SIF14 (https://twitter.com/search?q=%23SIF14&src=hash) organisers to use argument that developing countries were prioritised, to justify the non-invitation of #Snowden (https://twitter.com/search?q=%23Snowden&src=hash) is distasteful.
— Jane Duncan (@DuncanJane) May 26, 2014 (https://twitter.com/DuncanJane/statuses/470949580960706560)

Congratulations to Swedish Foreign Ministry for making Sweden a laughing stock. #snowden (https://twitter.com/search?q=%23snowden&src=hash) et al #SIF14 (https://twitter.com/search?q=%23SIF14&src=hash)
— roppert (@roppert) May 27, 2014 (https://twitter.com/roppert/statuses/471212560948396032)

Swedish Moit minister dodges the no #Snowden (https://twitter.com/search?q=%23Snowden&src=hash) question at #SIF14 (https://twitter.com/search?q=%23SIF14&src=hash) - classic
— Jahanzaib Haque (@jhaque_) May 27, 2014 (https://twitter.com/jhaque_/statuses/471206169718308864)

When asked to comment on the matter, the ministry stated that the conference’s main focus was to “represent a wide array of backgrounds, cultures and opinions.” It added that a key ambition was to have an equal number of male and female invitees and that at least a half of them had to be from developing countries.
Political Correctness (http://cluborlov.blogspot.com/2014/05/death-by-political-correctness.html) run amuck.

How about inviting the best available experts ... even if they all happen to be one armed elderly male Sudanese immigrants to North Korea :) ?

German ‘NSA-proof’ private server raises $1mn crowdfunding in 89 minutes (http://rt.com/news/163968-nsa-proof-server-crowdfunding/)

Published time: June 05, 2014 18:36
Get short URL (http://rt.com/news/163968-nsa-proof-server-crowdfunding/)


http://cdn.rt.com/files/news/28/08/00/00/choice.si.jpg
Photo from protonet's Facebook page

Developers of secure server Protonet asked for some $136,000 on a local crowdfunding website – and were rewarded with $1 million in an hour and a half. The record campaign, one year after Snowden’s NSA leaks, ended with more than $2 million raised.

Hamburg-based startup Protonet, which launched its first private cloud device in July 2013 – a month after the NSA whistleblower Edward Snowden revealed (http://rt.com/usa/163700-year-whistleblower-before-snowden/) the scale of US internet surveillance – on Wednesday proved the spying scandal is still in full swing.

The small team of 23 asked for 100,000 euros in funding ($135,830) to support its products, including a new model of a secure server for small companies, on the German crowdfunding site Seedmatch (https://www.seedmatch.de/startups/protonet-2). While Protonet had already raised twice as much on the same website last year, the developers were amazed at the speed the people responded to their cause.

In just 89 minutes, the startup raised 750,000 euros (over $1 million), breaking the world crowdfunding speed record registered at Kickstarter. The previous speed record was held by the Veronica Mars movie project, which took just over 4 hours to gather the same amount.

.@protonet (https://twitter.com/protonet) is getting to its funding limit in just evil speeds - 78 minutes in snapshot - pic.twitter.com/0LKqtTjkVB (http://t.co/0LKqtTjkVB)
— Kjell Otto (@Kjellski) June 4, 2014 (https://twitter.com/Kjellski/statuses/474148701741776896)
However, this time the funders were not looking for entertainment, but instead lined up to buy small orange storage and communication devices, which they hope will protect their enterprises from the prying eyes of the spy agencies. Actually, Snowden’s revelations on the activities of the NSA and GCHQ were actively used (http://vimeo.com/96600099) in Protonet’s marketing campaign.

Eventually, the fundraising closed with a staggering sum of 1,500,000 euros ($2,037,450).

Wahnsinn: 1,5 Mio € in 10h & 8 Min! @protonet (https://twitter.com/protonet) & die Crowd haben gestern Geschichte geschrieben http://t.co/12m5yYu45D pic.twitter.com/UpmTyRbPi9 (http://t.co/UpmTyRbPi9)
— Seedmatch (@Seedmatch) June 5, 2014 (https://twitter.com/Seedmatch/statuses/474465909017686016)
While the private servers do not come cheap, costing between 1,200 euros and 4,700 euros ($1,630-6,380) depending on the model, they are said to be unique in having a built-in Protonet SOUL OS software package, which includes “homegrown” analogues of such services as Dropbox, Skype, and Yammer. The OS itself is Linux-based.

The developers believe that medium and small enterprises should be able to have the convenience of working within a cloud, while not having their data stored on a US server or elsewhere within the immediate reach of the NSA. Protonet devices offer generous storage capacity of up to 16 terabytes.

While Protonet does not promise a totally NSA-immune digital environment, it boasts secure SSL encryption in all the communications within the cloud, which both Snowden and the June 5-launched #ResetTheNet (http://rt.com/news/163708-anti-nsa-campaign-starts/) campaign urge users to employ.

Revelations (http://rt.com/news/163396-nsa-snowden-political-scandals/) about the scale of US mass surveillance and allegations of the NSA’s industrial espionage have prompted huge privacy concerns from European users.

German Chancellor Angela Merkel, who allegedly had her personal phone tapped (http://rt.com/news/163588-germany-investigation-merkel-nsa/) by the NSA, as well as some other EU leaders, have since called for a separate European internet, bypassing American servers.

‘Double standards’: Apple implements MAC anti-tracking technique used by Aaron Swartz (http://rt.com/usa/167668-apple-mac-address-swartz/)

Published time: June 22, 2014 14:46
Edited time: June 22, 2014 16:31
Get short URL (http://rt.com/usa/167668-apple-mac-address-swartz/)

Apple is going to implement random MAC addresses technology in its iOS8 devices, an anonymity-granting technique which late computer prodigy Aaron Swartz was accused of using to carry out his infamous MIT hack.

Swartz, who faced criminal prosecution on charges of mass downloading academic documents and articles, was also accused of using MAC (Media Access Control) spoofing address technology to gain access to MIT’s subscription database.

At the time of his suicide at the age 26, Swartz was facing up to 35 years in prison, the confiscation of assets and a $1 million fine on various charges.


http://rt.com/files/news/28/ef/40/00/rtr3cenm.si.jpgAaron Swartz (Reuters / Noah Berger)


Now computer giant Apple is installing a MAC address randomizing system into its products. The company announced that in its new iOS 8, Wi-Fi scanning behavior will be “changed to use random, locally administered MAC addresses.”

MAC-address is a unique identifier used by network adapters to identify themselves on a network, and changing it could be regarded as an anti-tracking measure.

David Seaman, journalist and podcast host of “The DL Show,” told RT that a single technology cannot protect users from being spied upon and advised users to trust no one, particularly the companies that have been caught cooperating with agencies such as the NSA, or those who used to turn a blind eye toward governments’ illegal activities.

RT: Why is Apple suddenly becoming interested in boosting the privacy protection of its devices by spoofing MAC-addresses?

David Seaman: That’s one of the techniques that Apple has adopted to spoof these MAC-addresses and it’s just another step to make smart phones and other devices, other mobile devices a bit more secure. Of course you have to keep in mind that a smart phone is to begin with not all that secure, because there are so many different application developers, as well as the fact that you have to rely on whatever cell phone company is providing you with a signal. So this definitely doesn’t make phones completely secure, but I think it’s a step in the right direction.

RT: Some argue that Apple’s attempt to protect the privacy of its users is pretty much useless because there are many ways to see where the device is. Do you agree that what they are trying to give us is perhaps not really the full picture?

DS: There are a number of other hardware identifiers, aside from the MAC-address that your cell phone is still emitting, and which, using cell towers, they can still find your exact location. So this definitely doesn’t restore total privacy to the user, it’s just one band aid. And I think if you’re injured, you should use as many band aids as possible.

But there’s also a larger thing here which is that governments are spying on us and these cell phones are not designed to be all that secure from day one. And there are a number of private companies that, I wouldn’t say spying, but eavesdropping on what you’re doing to make money out of you. And this is a growing problem as we spend more and more of our lives online and on our phones and we expect these things to be secure.


http://rt.com/files/news/28/ef/40/00/54.jpg
Reuters / Lucas Jackson


RT: Why is Apple doing this? Are they really concerned about the privacy issue?

DS: I think any time a tech company implements things that make us safer, even if it’s not a complete solution, that’s again a step in the right direction. I’d like to see a lot more done. I’d like to see end-to-end encryption of pretty much everything that people do online and I think we’re headed in that direction anyway. But knowing what we know now, that’s like the bare minimum.

RT: Aaron Swartz was accused of spoofing Mac-addresses as the US court said it was a criminal act. Why this change? Why can Apple do this legally and Swartz was not allowed to do that?

DS: It’s interesting you’ve brought that up. Clearly, there is a double standard out there. If you are a large tech company, the government will turn the other way. Which by the way this is not anything illegal, spoofing MAC-addresses. It is something that has been done by a number of people. But Apple does it, of course they are not going to prison.

But Aaron Swartz, one of the things they used against him was spoofing MAC-addresses apparently. And this just goes to show you that there are people within this government who use some of these outdated laws and use an incomplete understanding of Internet technology to pretty much go after whoever they don’t like and make that person’s life a lot more difficult with hard-to-fight charges. I mean these are people who, in some cases, some of the prosecutors, even some of the members of the Supreme Court, as it came recently, don’t understand basic internet technology. I believe it was the IFF (Identification Friend or Foe technology) that pointed out some of the Supreme Court’s blindness when it comes to things that the rest of us have known for the last decade or more; they are still grappling with the basics of the internet. So I think definitely there is a double standard but I would not expect Apple to face any kind of scrutiny for doing this.


http://rt.com/files/news/28/ef/40/00/2.jpg
Reuters / Pawel Kopczynski


RT: Are the other makers of cell phones likely to follow in Apple’s footsteps to protect people’s privacy?

DS: Sure, I believe that privacy is becoming more and more of a selling point post-Edward Snowden. Now everybody in the US and certainly people in other countries are concerned about their data being slurped up either by the NSA, or the GCHQ, or a number of other agencies, and then sitting on a server somewhere. So I think security and privacy are coming back into fashion and you are going to see a number of offerings, many of them a lot more advanced than this MAC-address thing. This is just the beginning.

RT: In terms of consumers, what do we do? What should we be looking out for in order to protect us better?

DS: A great question. The first thing you can do is to make sure that your e-mail is secure. There are a number of secure e-mail services you can look into using. You can look into encrypting your email using something like PGP. These things sound complicated, but they are really extremely easy to use. If you just google “secure email account” or “encrypted email,” you can start to read about it and get yourself on the road to at least communicating online in a safer way and just make things a little bit more difficult for those who are trying to spy on us.

RT: Do you think that technology is sort of taking away human relations that rely on it, with all the privacy issues we have to deal with? Is it helping us or hurting us even more?

DS: I think, on the whole, that technology has done a tremendous amount of good and the great thing about technology is once something new is out there – it cannot be un-invented, we cannot go back in time. Is the internet or a smart phone good? I tend to believe that the answer is yes.


http://rt.com/files/news/28/ef/40/00/3.jpg
David Seaman (Screenshot from RT video)


It’s giving us access to news and information at all times. Now everybody has what is basically an HD camera in their pocket. So if they see police brutality or anything else that’s crazy, they can record it and send to a news network or post it on YouTube. And before you know, the whole world knows about it. So it has been a lot harder for the governments, criminals and all kinds of people to keep their secrets.

The downside of that is that it exposes all of us to data theft and things like that. Again, I think that technology is getting better in this area. It’s something most of us were not even focused on until the NSA revelations. So now that we know it is a problem, companies are going to try to make money off of providing a solution for us.

And you also see a growth of social media, which really was responsible for the Arab Spring.

You see the growth of digital currencies, which might be able to push out some of the governments’ influence over our economies. So definitely, I think that technology on the whole is providing us with a lot more freedom and information.

RT: Can we trust these tech companies that are trying to sell us privacy protection? Or will the information continue to slip out to end up in places like the NSA?

DS: At this point we cannot trust anyone, especially not these companies who for years were essentially cooperating with the NSA or were at least oblivious to what they were doing. I would say don’t trust anybody, especially within the security field.

If you look into an open source technology – that’s maybe your best bet, because it’s being reviewed by a number of experts around the world, whereas a company that just releases some product, you cannot necessarily review its code and see exactly how it is working under the hood.

Revealed: How governments can take control of smartphones (http://rt.com/news/168228-hacking-team-smartphones-malware/)

Published time: June 25, 2014 01:32
Edited time: June 25, 2014 09:57
Get short URL (http://rt.com/news/168228-hacking-team-smartphones-malware/)

‘Legal malware’ produced by the Italian firm Hacking Team can take total control of your mobile phone. That’s according to Russian security firm Kaspersky Lab and University of Toronto’s Citizen Lab(which also obtained a user manual).

Operating since 2001, the Milan-based Hacking Team employs over 50 people and offers clients the ability to “take control of your targets and monitor them regardless of encryption and mobility," while “keeping an eye on all your targets and manage them remotely, all from a single screen.”

It’s the first time Remote Control Systems (RCS) malware has been positively linked with mobile phones and it opens up a new privacy threat potential to mobile phone users.

“Our latest research has identified mobile modules that work on all well-known mobile platforms, including as Android and iOS,” wrote (http://www.securelist.com/en/blog/8231/HackingTeam_2_0_The_Story_Goes_Mobile) Kaspersky researcher Sergey Golovanov.

“These modules are installed using infectors – special executables for either Windows or Macs that run on already infected computers. They translate into complete control over the environment in and near a victim’s computer. Secretly activating the microphone and taking regular camera shots provides constant surveillance of the target – which is much more powerful than traditional cloak and dagger operations.”


http://rt.com/files/news/29/12/40/00/7_rcs_config.png
Image from citizenlab.org


Police can install the spy malware directly into the phone if there is direct access to the device, or if the owner of the phone connects to an already infected computer, according to Wired.

Various softwares can also lure users to download targeted fake apps.

Once inside an iPhone, for instance, it can access and activate all of the following: control of Wi-Fi, GPS, GPRS, recording voice, e-mail, SMS, MMS, listing files, cookies, visited URLs, cached web pages, address book, call history, notes, calendar, clipboard, list of apps, SIM change, live microphone, camera shots, support chats, WhatsApp, Skype, and Viber.


http://rt.com/files/news/29/12/40/00/16.png

Image from citizenlab.org


While the malware can be spotted by some of the more sophisticated anti-virus software, it takes special measures to avoid detection – such as “scouting” a victim before installation, “obfuscating” its presence, and removing traces of its activity.

Hacking Team has maintained that its products are used for lawful governmental interceptions, adding that it does not sell items to countries blacklisted by NATO or repressive regimes.

Wired reported (http://www.wired.com/2014/06/remote-control-system-phone-surveillance/) that there have been cases where the spying apps were used in illegal ways in Turkey, Morocco, and Saudi Arabia.

Citizen Lab discovered spying malware hiding in a legitimate news app for Qatif Today, an Arabic-language news and information service that reports on events in Saudi Arabia's eastern Qatif region. It also argued that circumstantial evidence pointed to Saudi Arabia’s government using the spying malware against Shia protesters in the area.

“This type of exceptionally invasive toolkit, once a costly boutique capability deployed by intelligence communities and militaries, is now available to all but a handful of governments. An unstated assumption is that customers that can pay for these tools will use them correctly, and primarily for strictly overseen, legal purposes. As our research has shown, however, by dramatically lowering the entry cost on invasive and hard-to-trace monitoring, the equipment lowers the cost of targeting political threats for those with access to Hacking Team and Gamma Group toolkits,” Citizen Lab said in its report (https://citizenlab.org/2014/06/backdoor-hacking-teams-tradecraft-android-implant/).


http://rt.com/files/news/29/12/40/00/blogpost_kl_hackingteam2.jpg
Map showing the countries of the current HackingTeam servers’ locations (Image from securelist.com)


Hacking Team controls the spying malware remotely via command-and-control servers. Kaspersky has discovered more than 350 such servers in more than 40 countries. A total of 64 servers were found in the US – more than in any other country. Kazakhstan came in second, with a total of 49 servers found. Thirty-five were found in Ecuador and 32 in the UK.

GCHQ's dark arts: Leaked documents reveal online manipulation, Facebook, YouTube snooping (http://www.zdnet.com/gchqs-dark-arts-leaked-leaked-documents-reveal-online-manipulation-facebook-and-youtube-snooping-7000031598/)

Summary: A fresh set of documents leaked by Edward Snowden show how the UK intelligence agency can manipulate online polls and debates, spread messages, snoop on YouTube and track Facebook users.
http://cdn-static.zdnet.com/i/r/author/charlie-osborne-60x45.jpg?hash=MGD1MzVkBG&upscale=1 (http://www.zdnet.com/gchqs-dark-arts-leaked-leaked-documents-reveal-online-manipulation-facebook-and-youtube-snooping-7000031598/) By Charlie Osborne (http://www.zdnet.com/meet-the-team/us/charlie-osborne/) for Zero Day (http://www.zdnet.com/blog/security/) | July 15, 2014 -- 08:10 GMT (09:10 BST)



http://cdn-static.zdnet.com/i/r/story/70/00/031598/screen-shot-2014-07-14-at-08-11-51-615x312.png?hash=ZzH0ATEzA2&upscale=1
GCHQ in Cheltenham (Image: GCHQ via CNET)

GCHQ has developed a toolkit of software programs used to manipulate online traffic, infiltrate users' computers and spread select messages across social media sites including Facebook and YouTube.

The UK spy agency's dark arts were revealed in documents first published by The Intercept (https://firstlook.org/theintercept/2014/07/14/manipulating-online-polls-ways-british-spies-seek-control-internet/), and each piece of software is described in a wiki document written up by GCHQ's Joint Threat Research Intelligence Group (JTRIG). The document, which reads like a software inventory, calls the tools part of the agency's "weaponised capability."

Some of the most interesting capabilities of the tools on the list (https://firstlook.org/theintercept/document/2014/07/14/jtrig-tools-techniques/) include the ability to seed the web with false information — such as tweaking the results of online polls — inflating pageview counts, censoring video content deemed "extremist" and the use of psychological manipulation on targets — something similar to a research project conducted with Facebook's approval (http://www.zdnet.com/federal-hot-water-for-facebook-over-emotional-manipulation-experiment-7000031513/), which resulted in heavy criticism and outrage levied at the social media site.


A number of interesting tools and their short descriptions are below:

ASTRAL PROJECTION: Remote GSM secure covert Internet proxy using TOR hidden service
POISON ARROW: Safe malware download capability
AIRWOLF: YouTube profile, comment and video collection
BIRDSTRIKE: Twitter monitoring and profile collection
GLASSBACK: Technique of getting a target's IP address by pretending to be a spammer and ringing them. Target does not need to answer.
MINIATURE HERO: Active skype capability. Provision of realtime call records (SkypeOut and SkypetoSkype) and bidirectional instant messaging. Also contact lists.
PHOTON TORPEDO: A technique to actively grab the IP address of MSN messenger user
SPRING-BISHOP: Finding private photos of targets on Facebook
BOMB BAY: The capacity to increase website hits, rankings
BURLESQUE: The capacity to send spoofed SMS messages
GESTATOR: Amplification of a given message, normally video, on popular multimedia websites (YouTube)
SCRAPHEAP CHALLENGE: Perfect spoofing of emails from Blackberry targets
SUNBLOCK: Ability to deny functionality to send/receive email or view material online
SWAMP DONKEY: A tool that will silently locate all predefined types of file and encrypt them on a targets machine
UNDERPASS: Change outcome of online polls (previously known as NUBILO).
WARPATH: Mass delivery of SMS messages to support an Information Operations campaign.
HUSK: Secure one-on-one web based dead-drop messaging platform.
The list, dated from 2012, says that most of the tools are "fully operational, tested and reliable,” and adds: "Don't treat this like a catalogue. If you don't see it here, it doesn't mean we can't build it."

"We only advertise tools here that are either ready to fire or very close to being ready," the document notes.

The release of these documents comes in the same week (http://www.zdnet.com/uk-spy-agency-gchq-tribunal-on-surveillance-claims-begins-7000031546/) that the UK intelligence agency's spying activities are being investigated by surveillance watchdog the Investigatory Powers Tribunal (IPT). Civil liberty groups set a legal challenge against the GCHQ in order to question the legal standing of schemes such as Tempora — a project revealed in the NSA scandal that showed the agency placed data interceptors on fiber-optic cables that carry Internet traffic to and from the UK.