Streamed live on Sep 15, 2014
Posts from the ‘Internet’ Category
Published on Nov 8, 2013
A speech by Eugene Kaspersky at the Press Club in Canberra, Australia. The borad talk was designed to bring non-tech journos up to speed on infosec issues.
In it, he said a engineer friend told him Stuxnet had ‘badly infected’ the internal network of a Russian nuclear plant after the sophisticated malware caused chaos in Iran’s nuclear facilities in Natanz.
The malware, widely considered to have been developed by the US Government as a means to disrupt Iran’s nuclear enrichment plans, had crossed a physically separated ‘air-gapped’ network in the Russian plant after it was carried across on a USB device.
When National Security Agency (NSA) contractor Edward Snowden first revealed himself in a video interview five months ago as the source of leaked documents exposing the NSA’s collection of phone and data records of U.S. citizens, he noted: “The greatest fear that I have regarding the outcome for America of these disclosures is that nothing will change.”
Despite the rapid pace of the NSA revelations, the subsequent claims and counterclaims of U.S. officials (and the fact that nobody possesses the policy, technical, operational, and legal background required to accurately characterize these stories and place them within a proper historical and global context), there’s still one thing that can no longer be denied: The Snowden-supplied documents have instigated a global conversation about U.S. surveillance that will undoubtedly result in changes to the scope and conduct of certain NSA programs. And in fact, it’s happening already.
Within the last week alone we have learned that the Obama administration authorized an internal review that brought to light the existence of a program used to spy on numerous world leaders, including German Chancellor Angela Merkel. (This investigation complements an independent review of U.S. surveillance efforts conducted by former officials and experts, which will present its findings by year’s end.) Even the staunch defender of the NSA, Senate Select Committee on Intelligence chair Sen. Dianne Feinstein, announced: “the committee will initiate a major review into all intelligence collection programs.” Secretary of State John Kerry admitted that U.S. electronic surveillance was “on an automatic pilot because the technology is there,” and “in some cases, it has reached too far inappropriately.” And for the first time since the Snowden leaks, White House spokesperson Jay Carney acknowledged the agency’s overreach saying, “We recognize that there need to be additional constraints on how we gather and use intelligence.”
Yet, Snowden’s most meaningful and enduring impact will not be prompting U.S. electronic surveillance policy reform. Rather, what these five post-Snowden months have demonstrated is that inflating terrorist threats to justify expansive and invasive executive branch powers no longer resonates with the general public or most policymakers. That default appeal to 9/11 and vague warnings of terrorism that Bush and Obama administration officials relied upon to shape opinions and silence critics is no longer sufficient or acceptable.
Sill, intelligence officials continue to defend the NSA as just another federal agency dedicated solely to protecting American citizens from terrorism. In his opening testimony before the House Permanent Intelligence Committee last week, NSA Director Gen. Keith Alexander re-used this same old trope:
“First, how did we get here? How did we end up here? 9/11 — 2,996 people were killed in 9/11. We all distinctly remember that. What I remember the most was those firemen running up the stairs to save people, to there themselves lose their lives. We had this great picture that was created afterward of a fireman handing a flag off to the military, and I’d say the intelligence community, and the military and the intelligence community said: ‘We’ve got it from here.'”
Sorry, Keith: the NSA was not created on Sept. 12, 2001, but came into existence on Nov. 4, 1952. Its purpose was — and, in theory, still is — to collect and process communications intelligence in order to identify threats and opportunities for a range of diplomatic, military, and economic activities. (Preceded by the Armed Forces Security Agency, established in 1949, the Army’s Signal Intelligence Service (1930), and the Army’s Cipher Bureau (1917), the NSA was established with NSC Intelligence Directive No. 9 and authorized to be responsible for all national communications intelligence gathering.) It has been resourced and supported through its success and failures by senior decision-makers ever since for the unique information advantages that only it can provide. But, employing a selective narrative of the tragedy of 9/11 for political advantage, and rationalizing the NSA’s activities by directly linking them to Ground Zero should be condemned.
Likewise, General Alexander claimed that terrorist fatalities have never been higher:
“If you look at the trends in the [counterterrorism] arena, in 2012, it was the highest globally that it’s been ever. Over 15,000 people killed…. And yet, there has not been a mass casualty here in the U.S. since 2001.”
Here again, he’s resorting to playing fast and loose with facts. According to the State Department’s annual counterterrorism data — which, as of 2012, is compiled by the University of Maryland’s National Consortium for the Study of Terrorism and Responses to Terrorism — global terror deaths have generally decreased from a high of 22,719 in 2007, to 11,098 in 2012. To be fair, there are methodological problems with categorizing terror deaths, and Alexander might have used an alternative database. Nevertheless, there were no international terrorism mass casualty events in the United States before or after 2001. And overemphasizing the NSA’s role in either causing 9/11, or preventing subsequent 9/11s, misses the inadequate government-wide response to al Qaeda that the 9/11 Commission found, and diminishes the important counterterror activities of non-NSA agencies. Moreover, this logic implies both that 9/11 necessitated the NSA’s expanded authorities, and that the absence of additional mass casualty attacks requires that all existing authorities must remain intact.
Consider also a June 24 NSA document, obtained by Al Jazeera America via a Freedom of Information Act request, titled: “Media Leaks Master TPs (talking points).” The very first one, under “sound bites that resonate,” reads “I much prefer to be here today explaining these programs, than explaining another 9/11 event that we were not able to prevent.” This 25-page document of behind-the-scenes media guidance for “Congress, the media and anyone else within the Obama administration surrounding the leak of information related to NSA surveillance activities,” only confirmed what Americans have been hearing all along from senior officials: rationalize NSA, CIA, DOD, DHS, or FBI conduct by repeating 9/11.
One can hardly blame General Alexander and NSA public affairs officers from promoting counterterrorism — and consciously omitting other missions — to justify and protect their authorities, or shield dedicated staffers from condemnation and scrutiny. Yet Americans increasingly recognize that our political discourse, protection of First Amendment rights, respect for civil liberties, and conduct of foreign policy are overwhelmingly determined by our perceptions of terrorism. Government officials who seek maximum authority with minimum transparency shape those perceptions by constantly re-reminding Americans about 9/11 and inflating terrorist threats.
Yes, U.S. officials have to manage their obligation to the public and Congress to describe their agency’s activities as completely and accurately as possible, without revealing classified sources and methods. But General Alexander’s way of relaying the NSA’s activities with selective language that plays upon America’s resonant fears of international terrorism is a failing strategy. As David Rohde wrote last week, “The United States’ obsession with al Qaeda is doing more damage to the nation than the terrorist group itself.” Nicholas Kristof further noted that: “For a dozen years, security has been an obsession, rarely constrained by a weighing of trade-offs, and to what result? We have sought every tactical advantage, and this sometimes leads — as in eavesdropping of foreign allies — to strategic losses.”
There’s yet another problem with this approach, one that journalists have (selectively) reported based on documents that show that what the NSA says it does simply not match up with what it actually does. This chasm between justification and practice leaves the agency open to charges of hypocrisy or deceit. As Scott Shane’s excellent survey of NSA activities summarizes: “Obama and top intelligence officials have defended the agency’s role in preventing terrorist attacks. But as the documents make clear, the focus on counterterrorism is a misleadingly narrow sales pitch for an agency with an almost unlimited agenda.” As the “mission” section of the NSA’s own website declares:
The National Security Agency/Central Security Service (NSA/CSS) leads the U.S. Government in cryptology that encompasses both Signals Intelligence (SIGINT) and Information Assurance (IA) products and services, and enables Computer Network Operations (CNO) in order to gain a decision advantage for the Nation and our allies under all circumstances.”
What recent reporting has proven is that the NSA is not, in fact, a rogue agency, but rather one that is doing exactly what its galactically broad and all-encompassing mission entails. The violation is in misleading the nation — indeed the world — as to what that mission is, shrinking it down to just one line of action. It is a pretense that the Obama administration and intelligence community officials should cease.
Snowden has brought forth a national debate about electronic surveillance that is not only worthwhile but long overdue. One hopes that it is broadened to protect U.S. citizens from the vastly more intrusive and comprehensive private sector surveillance and tracking as U.S. surveillance programs are investigated further. Snowden will likely play an essential role in changing how people think about state surveillance and personal privacy. Tolerating U.S. officials’ mischaracterization of the world as one of innumerable terror threats, and then misrepresent their agencies as responding solely to such inflated threats, is far more damaging than the activities of any one agency, including the NSA. But beyond that, officials are learning the hard way that simply shouting “terrorism” in a crowded policy debate is no longer a convincing call to action.
Published on Friday, February 22, 2013 by The Guardian
The WikiLeaks suspect’s prosecution has been conducted with a complete absence of transparency – with worrying implications
On Saturday Bradley Manning will mark his 1,000th day imprisoned without trial. In the course of those thousand days, from the moment he was formally put into pre-trial confinement on 19 May 2010 on suspicion of being the source of the WikiLeaks disclosures, Manning has been on a long and eventful journey.
Supporters of Bradley Manning protest during his scheduled motion hearing, outside the gates of Fort Meade, Maryland. Photograph: Jose Luis Magana/Reuters It has taken him from the desert of Iraq, where he was arrested at a military operating base outside Baghdad, to a prison tent in Kuwait. From there he endured his infamous harsh treatment at Quantico Marine base in Virginia, and for the last 14 months he has attended a series of pre-trial hearings at Fort Meade in Maryland, the latest of which begins next week.
For the small band of reporters who have tracked the prosecution of Private First Class Manning, the journey has also been long and eventful. Not in any way comparable, of course; none of us have been ordered to strip naked or put in shackles, and we have all been free to go home at night without the prospect of a life sentence hanging over us.
But it’s been an education, nonetheless. Though we are a mixed bag – a fusion of traditional outlets such as the Washington Post and Associated Press and new-look bloggers such as Firedoglake and the Bradley Manning support network – we have been thrown together by our common mission to report on the most high-profile prosecution of an alleged leaker in several decades.
There’s something else that binds us – disparate though our reporting styles and personal politics might be – and that’s the daily struggle to do our jobs properly, confronted as we are by the systemic furtiveness of the US government. It’s an irony that appears to be lost on many of the military lawyers who fill the courtroom at Fort Meade. A trial that has at its core the age-old confrontation between a government’s desire for confidentiality and the public’s need to know, is itself being conducted amid stringent restrictions on information.
None of the transcripts of the court martial procedure have been released to us. No government motions to the court have been published. David Coombs, Manning’s lead lawyer, has had to plead to be allowed to post his defence motions, and when he has been granted permission he has often been forced to redact the documents to an almost comical degree.
The most egregious example of this over the past 1,000 days was the moment in January when the military judge, Colonel Denise Lind, issued her ruling in an Article 13 motion brought by Manning’s defence. This was the complaint that the soldier, while at Quantico, had been subjected to a form of pre-trial punishment that is banned under the Uniform Code of Military Justice.
It was an important moment in the narrative arc that is the Bradley Manning trial. Technically, Lind had the power to dismiss all charges against the soldier; she could have, though none of us expected that she would, let him walk out of that court and into freedom. (In the end she knocked 112 days off any eventual sentence).
The accusations contained in the Article 13 also went to the heart of the defence case that Manning has singled out for unfair and at times brutal treatment. During the testimony, Manning himself gave evidence, standing inside a 6ft by 8ft (180cm by 240cm) box that had been drawn on the floor of the courtroom to replicate the dimensions of his cell. He recalled such humiliating details as the routine he was required to follow when he needed toilet paper. Standing to attention at the front bars of his cell, he was ordered to shout out to the guards who kept him under 24-hour observation: “Lance Corporal Detainee Manning requests toilet paper!”
So my fellow reporters and I awaited with intense interest Lind’s judgment, though also with some trepidation. We’d sat through the spectacle of Lind reading out to the court her rulings, and it wasn’t a pleasant experience. The judge has a way of reading out her decisions at such a clip that it is almost impossible to take them down even with shorthand or touch typing.
In the event, Lind spent an hour and a half without pause reading out a judgment that must have stretched to 50 pages, at a rate that rendered accurate reporting of it diabolically difficult. No copy of the ruling has – then or now – been made available to the public, presumably on grounds of national security, even though every word of the document had been read out to the very public that was now being withheld its publication.
Such is the Alice-in-Wonderland world of the Bradley Manning trial. Why does it matter? It matters to Bradley Manning. The soldier is facing charges that carry the stiffest punishment available to the state short of killing him. (They could technically do that to him too, but the prosecution has made clear it will not seek the death penalty). If found guilty of the most serious charge – “aiding the enemy” – he could be confined to military custody for the rest of his life with no chance of parole, a prospect that makes the past 1,000 days look like a Tea Party.
The least Manning deserves is stringent fairness in his prosecution, and stringent fairness cannot exist in the absence of openness and transparency. As a British appeal court judge wrote in a recent case brought by the Guardian to protest against excessive courtroom secrecy: “In a democracy, where power depends on the consent of the governed, the answer must lie in the transparency of the legal process. Open justice lets in the light and allows the public to scrutinise the workings of the law, for better or for worse.”
There’s a much bigger reason why the cloak-and-dagger approach of the US government to this trial should be taken seriously. America doesn’t seem to have woken up to this yet, but the prosecution of Bradley Manning poses the greatest threat to freedom of speech and the press in this country in at least a generation.
The “aiding the enemy” count essentially accuses Manning of handing information to Osama bin Laden as a necessary consequence of the act of leaking state secrets that would end up on the internet. When one of the prosecution lawyers was asked whether the government would still have gone after Manning had he leaked to the New York Times instead of WikiLeaks, she unhesitatingly replied: “Yes”.
If that’s not a threat to the first amendment, then what is? This prosecution, as it is currently conceived, could have a chilling effect on public accountability that goes far beyond the relatively rarefied world of WikiLeaks.
That’s something worth contemplating as Bradley Manning enters his second 1,000 days sitting in a cell. Looked at this way, we’re sitting in the cell with him.
February 8, 2013 – Most people use social media like Facebook and Twitter to share photos of friends and family, chat with friends and strangers about random and amusing diversions, or follow their favorite websites, bands and television shows.
But what does the US military use those same networks for? Well, we can’t tell you: That’s “classified,” a CENTCOM spokesman recently informed Raw Story.
One use that’s confirmed, however, is the manipulation of social media through the use of fake online “personas” managed by the military. Recently the US Air Force had solicited private sector vendors for something called “persona management software.” Such a technology would allow single individuals to command virtual armies of fake, digital “people” across numerous social media portals.
These “personas” were to have detailed, fictionalized backgrounds, to make them believable to outside observers, and a sophisticated identity protection service was to back them up, preventing suspicious readers from uncovering the real person behind the account. They even worked out ways to game geolocating services, so these “personas” could be virtually inserted anywhere in the world, providing ostensibly live commentary on real events, even while the operator was not really present.
When Raw Story first reported on the contract for this software, it was unclear what the Air Force wanted with it or even if it had been acquired. The potential for misuse, however, was abundantly clear.
A fake virtual army of people could be used to help create the impression of consensus opinion in online comment threads, or manipulate social media to the point where valuable stories are suppressed.
Ultimately, this can have the effect of causing a net change to the public’s opinions and understanding of key world events.
Wired.com published an article how US spies are making investments in the Company In-Q-Tel in order to monitor your blogs and read your tweets.
In-Q-Tel, the investment arm of the CIA and the wider intelligence community, is putting cash into Visible Technologies, a software firm that specializes in monitoring social media. It’s part of a larger movement within the spy services to get better at using “open source intelligence” – information that’s publicly available, but often hidden in the flood of TV shows, newspaper articles, blog posts, online videos and radio reports generated every day.
Visible crawls over half a million web 2.0 sites a day, scraping more than a million posts and conversations taking place on blogs, online forums, Flickr, YouTube, Twitter and Amazon. (It doesn’t touch closed social networks, like Facebook, at the moment.) Customers get customized, real-time feeds of what’s being said on these sites, based on a series of keywords.
“That’s kind of the basic step – get in and monitor,” says company senior vice president Blake Cahill.
Then Visible “scores” each post, labeling it as positive or negative, mixed or neutral. It examines how influential a conversation or an author is. (“Trying to determine who really matters,” as Cahill puts it.) Finally, Visible gives users a chance to tag posts, forward them to colleagues and allow them to response through a web interface.
In-Q-Tel says it wants Visible to keep track of foreign social media, and give spooks “early-warning detection on how issues are playing internationally,” spokesperson Donald Tighe tells Danger Room.
Of course, such a tool can also be pointed inward, at domestic bloggers or tweeters. Visible already keeps tabs on web 2.0 sites for Dell, AT&T and Verizon. For Microsoft, the company is monitoring the buzz on its Windows 7 rollout. For Spam-maker Hormel, Visible is tracking animal-right activists’ online campaigns against the company.
“Anything that is out in the open is fair game for collection,” says Steven Aftergood, who tracks intelligence issues at the Federation of American Scientists. But “even if information is openly gathered by intelligence agencies it would still be problematic if it were used for unauthorized domestic investigations or operations. Intelligence agencies or employees might be tempted to use the tools at their disposal to compile information on political figures, critics, journalists or others, and to exploit such information for political advantage. That is not permissible even if all of the information in question is technically ‘open source.'”Visible chief executive officer Dan Vetras says the CIA is now an “end customer,” thanks to the In-Q-Tel investment. And more government clients are now on the horizon. “We just got awarded another one in the last few days,” Vetras adds.
Tighe disputes this – sort of. “This contract, this deal, this investment has nothing to do with any agency of government and this company,” he says. But Tighe quickly notes that In-Q-Tel does have “an interested end customer” in the intelligence community for Visibile. And if all goes well, the company’s software will be used in pilot programs at that agency. “In pilots, we use real data. And during the adoption phase, we use it real missions.”
Neither party would disclose the size of In-Q-Tel’s investment in Visible, a 90-person company with expected revenues of about $20 million in 2010. But a source familiar with the deal says the In-Q-Tel cash will be used to boost Visible’s foreign languages capabilities, which already include Arabic, French, Spanish and nine other languages.
Visible has been trying for nearly a year to break into the government field. In late 2008, the company teamed up with the Washington, DC, consulting firm Concepts & Strategies, which has handled media monitoring and translation services for U.S. Strategic Command and the Joint Chiefs of Staff, among others. On its website, Concepts & Strategies is recruiting “social media engagement specialists” with Defense Department experience and a high proficiency in Arabic, Farsi, French, Urdu or Russian. The company is also looking for an “information system security engineer” who already has a “Top Secret SCI [Sensitive Compartmentalized Information] with NSA Full Scope Polygraph” security clearance.
The intelligence community has been interested in social media for years. In-Q-Tel has sunk money into companies like Attensity, which recently announced its own web 2.0-monitoring service. The agencies have their own, password-protected blogs and wikis – even a MySpace for spooks. The Office of the Director of National Intelligence maintains an Open Source Center, which combs publicly available information, including web 2.0 sites. Doug Naquin, the Center’s Director, told an audience of intelligence professionals in October 2007 that “we’re looking now at YouTube, which carries some unique and honest-to-goodness intelligence…. We have groups looking at what they call ‘citizens media’: people taking pictures with their cell phones and posting them on the internet. Then there’s social media, phenomena like MySpace and blogs.”
But, “the CIA specifically needs the help of innovative tech firms to keep up with the pace of innovation in social media. Experienced IC [intelligence community] analysts may not be the best at detecting the incessant shift in popularity of social-networking sites. They need help in following young international internet user-herds as they move their allegiance from one site to another,” Lewis Shepherd, the former senior technology officer at the Defense Intelligence Agency, says in an e-mail. “Facebook says that more than 70 percent of its users are outside the U.S., in more than 180 countries. There are more than 200 non-U.S., non-English-language microblogging Twitter-clone sites today. If the intelligence community ignored that tsunami of real-time information, we’d call them incompetent.”
…………. who’s really running the show in the USA