‘Weaponizing Vulnerabilities': New Snowden Doc Reveals Spy Agencies Targeted Smartphones

Capture

Find new ways to exploit smartphone technology for spying operations

by RINF | May 21, 2015

The ‘Five Eyes’ alliance exploited weaknesses in popular browser and planned to hijack links to app stores to implant spyware on mobile phones, new documents show

(Common Dreams) – The intelligence alliance known as Five Eyes—comprising the U.S., Canada, New Zealand, the United Kingdom, and Australia—exploited security weaknesses in one of the world’s most popular browsers to obtain data about users and planned to use links to Google and Samsung app stores to infect smartphones with spyware, a top secret National Security Agency (NSA) document published Wednesday has revealed.

According to the 2012 document, leaked by whistleblower Edward Snowden and published jointly by CBC News and The Intercept, the NSA and its international counterparts took part in a series of workshops between November 2011 and February 2012 to find new ways to exploit smartphone technology for spying operations.

The Intercept reports:

As part of a pilot project codenamed IRRITANT HORN, the agencies were developing a method to hack and hijack phone users’ connections to app stores so that they would be able to send malicious “implants” to targeted devices. The implants could then be used to collect data from the phones without their users noticing.

CBC continues:

The Five Eyes alliance targeted servers where smartphones get directed whenever users download or update an app from Google and Samsung stores.

…Ultimately, the spy agencies wanted to implant spyware on certain smartphones to take control of a person’s device or extract data from it, the document suggests.

The spy agencies also sought to match their targets’ smartphone devices to their online activities, using databases of emails, chats and browsing histories kept in the Five Eyes’ powerful XKeyScore tool to help build profiles on the people they were tracking.

The project emerged in part due to concerns about the possibility of “another Arab spring,” referring to the 2011 wave of revolutionary actions in Tunisia, Egypt, and other countries in the Middle East and North Africa where several autocratic, Western-backed leaders were ousted.

“Respecting agreements not to spy on each others’ citizens, the spying partners focused their attention on servers in non-Five Eyes countries, the document suggests,” write CBC‘s Amber Hildebrandt and Dave Seglins. “The agencies targeted mobile app servers in France, Switzerland, the Netherlands, Cuba, Morocco, the Bahamas and Russia.”

The spy agencies also began targeting UC Browser—a popular app in India and China with growing usage in North America—in late 2011 after learning that it had leaked information about its half-billion users.

According to the reporting, the operation was launched by a joint surveillance unit called the Network Tradecraft Advancement Team, which includes spies from each of the Five Eyes nations.

The document frames the plan as a move for national security, with the agencies seeking to collect data or spy indefinitely on mobile phones of “suspected terrorists.” But they did so without alerting the public or the phone companies of the browser’s weaknesses, which “potentially put millions of users in danger of their data being accessed by other governments’ agencies, hackers or criminals,” Hildebrandt and Seglins write.

“Of course, the security agencies don’t [disclose the information],” Ron Deibert, executive director of digital rights group Citizen Lab, which identified security gaps in UC Browser and alerted the company to those issues in April, told CBC. “Instead, they harbor the vulnerability. They essentially weaponize it.”

Apple, Google and 140+ tech firms urge Obama not to give police ‘backdoor’ access to encrypted phone data

Capture

Apple, Google, and a host of other tech companies and cryptology experts have signed a letter sent to President Obama calling on his administration to stem any proposal that seeks to weaken encryption security to benefit policing agencies.

More than 140 firms, technologists, and security experts sent a letter to the White House on Tuesday calling for the protection of encrypted data on smartphones and other communication devices from law enforcement.

“Strong encryption is the cornerstone of the modern information economy’s security,” the letter reads, adding that the Obama administration must “fully support and not undermine efforts to create encryption standards” and not “in any way subvert, undermine, weaken or make vulnerable” commercial software.

The message is in response to top law enforcement officials’ unease with Apple and Google offering phones with such strong encryption that even police with a warrant are unable to gain access. The likes of FBI Director James Comey have claimed such strong protection is a threat to public safety.

“There’s no doubt that all of us should care passionately about privacy, but we should also care passionately about protecting innocent people,” Comey said recently, according to The Washington Post, which first reported on the letter.

Comey said he was “concerned” after Google and Apple announced their encryption efforts last year.

“I am a huge believer in the rule of law, but I also believe that no one in this country is beyond the law,” he said.

“What concerns me about this is companies marketing something expressly to allow people to place themselves beyond the law.”

The US Justice Department says it supports encryption that allows users to protect their data from intrusion. Yet the department also wants to have access for itself, ultimately claiming that strictly-private data is a threat to public safety.

Security experts say that encryption is essentially weakened if a “backdoor” is built into technology for police access. This security vulnerability also allows exploitation from hackers or foreign governments, they add.

The letter was also signed by three of the five members of an Obama-appointed review group that was tasked in 2013 with analyzing US technology policy following major revelations of government spying supplied by former intelligence contractor Edward Snowden.

Richard Clarke, a former cybersecurity adviser to President George W. Bush, was one of those three members. He said similar government efforts to require phone companies to supply backdoors to encrypted voice calls in the 1990s were unsuccessful.

“If they couldn’t pull it off at the end of the Cold War, they sure as hell aren’t going to pull it off now,” he told the Post.

In March, more than 40 companies and civil liberties groups wrote a letter to Congressand the Obama administration that called on Washington to change its spying laws in the wake of the National Security Agency spying scandal.

“Now is the time to take on meaningful legislative reforms to the nation’s surveillance programs that maintain national security while preserving privacy, transparency and accountability,” the group said in the letter.

“[T]he status quo is untenable and it is urgent that Congress move forward with reform.”

The companies, shown ultimately complicit in NSA surveillance programs, have since attempted many times to call for reform of US surveillance policies that they say undermines their products and consumer trust.

Anonymous Posts List of ISIL Websites and the US, UK Firms That Host Them

Screen Shot 2015-04-09 at 2.50.14 PM

The hacktivist collective Anonymous has published a list of websites used by the self-proclaimed Islamic State for propaganda and recruitment along with the companies – many based in the US and Europe – hosting them, in an effort to push for their removal.

This is the latest in a string of recent actions dubbed #OpISIS, in which the hackers — in particular an Anonymous faction known as GhostSec — have taken aim at the online resources of the internet-savvy Islamic State propagandists. 

The hackers note that US-based Cloudflare is the “by far worst offender” on the list, which also includes Yahoo!, Google and GoDaddy. OVH, the largest web hosting service in Europe, and LeaseWeb also make an appearance on the list. 

Screen Shot 2015-04-09 at 2.52.34 PM

On the site where the list was posted, GhostSec explained the action:

“It is our sincerest hope that the media use this as a tool to show the world that the Islamic State is everywhere in some shape or form and that companies are unaware of their customers content or they turn a blind eye for easy profit and choose to accept bloodmoney.”

To date, as part of their cyber campaign against IS, Anonymous claims to have attacked more than 200 websites, and “destroyed” 85 of them.

Screen Shot 2015-04-09 at 2.53.45 PM

This release follows the release in March of 9,200 twitter handles associated with the Islamist militant group in which another group CtrlSec also participated, and an April 5 release of 4,300 more.

Involved in the March release was anti-terror cyber-activist @XRSone, who also released a database — developed by a different anonymous individual — of over 25,000 accounts he claimed were connected to IS supporters.

“It’s tracking 25,000 accounts on its own,” XRSone told IBTimes UK. “There is so much information within it I had to reach out to have someone who can read Arabic verify accounts for me. This is probably as big as it gets and it proves if one person can do it, the government or Twitter certainly can.”

Screen Shot 2015-04-09 at 2.55.58 PM

Actions such as these do have their critics, however, with some questioning how many innocent accounts are getting swept up in the cyber-dragnets at a rate inappropriate for a public listing.

Screen Shot 2015-04-09 at 2.57.22 PM

Screen Shot 2015-04-09 at 2.58.06 PM

After the March release of Twitter accounts, US Representative Ted Poe (R-Texas) released a joint statement with four other congressmen, urging the social media giant to increase its efforts to identify accounts being used for terrorist propaganda.

“Twitter is far behind other social media companies in combating this threat,” Poe said. “Twitter needs to do more. It’s time to put a stop to this cyber jihad.

However, IS accounts are proving difficult to eradicate. The group creates multiple swarm accounts, all promoting each other. By the time Twitter suspends one account, three more may have sprung up in its place, and IS’ Twitter network continues to thrive.

Last month, the IS threatened the life of Twitter co-founder Jack Dorsey, in retaliation for certain steps the company has managed to take to stifle accounts related to the group. 

“We told you from the beginning it’s not your war, but you didn’t get it and kept closing our accounts on Twitter, but we always come back,” read a post on a website used by the terrorist group. “But when our lions come and take your breath, you will never come back to life.”

Read more: http://sputniknews.com/science/20150409/1020644508.html#ixzz3WqOFXk1d

FCC Votes In Favor Of Net Neutrality

Screen Shot 2015-02-26 at 11.30.40 AM

GIUSEPPE MACRI
Tech Editor

The Federal Communications Commission on Thursday voted 3-2 in favor of adopting Chairman Tom Wheeler’s net neutrality plan, establishing the most broad authority to regulate Internet service providers ever proposed.

Commissioners split along partisan lines as expected, with Democrats Wheeler, Mignon Clyburn and Jessica Rosenworcel voting in the affirmative and Republicans Ajit Pai and Michael O’Rielly in the negative.

The proposal, which has not been released to the public at the time of this writing, was announced by Wheeler earlier this month and described by the chairman as “the strongest open internet protections ever proposed by the FCC.” (RELATED: FCC Chairman Tom Wheeler Finally Reveals His Net Neutrality Plan)

Under the plan, the FCC will regulate Internet service providers (ISPs) under a modernized interpretation of Title II of the 1996 Telecommunications Act — a regulatory proposal inspired by those used to break up telephone monopolies in the 1930s.

Under Wheeler’s “21st century” Title II, the FCC will regulate ISPs essentially as public utilities, and bar them from segregating or blocking Internet content, establishing fast and slow lanes for web traffic or requiring Internet content creators to set up special deals and pay higher prices for acceptable transmission speeds.
The vote is a victory for content creators like Google YouTube, Amazon, and Netflix, the latter of which brokered higher-paying deals with both Verizon and AT&T earlier this year to continue transmitting its traffic to customers at acceptable speeds.

Service providers including Verizon and AT&T have already vowed to challenged the FCC’s aggressive regulations in court. The agency lost a federal court battle with service providers last year precisely for regulating ISPs similarly to public utilities under the Clinton-era act. The FCC’s loss in that case sparked the net neutrality debate that’s dominated the agency’s headlines over the last year, as Wheeler mulled over which direction to take the FCC. (RELATED: FCC Votes For New ‘Net Neutrality’ Internet Regulations)

Since the plan was announced earlier this month, Republicans on Capitol Hill and in the FCC have criticized it as a massive government overreach, which they allege threatens to destroy market competition and slow Internet infrastructure investment into network growth and innovation by ISPs. (RELATED: Republican FCC Commissioner Slams ‘Obama’s 332-Page Plan To Regulate The Internet’)

The plan has faced equal criticism for its identical nature to the one President Obama called on the independent agency to adopt in November, prompting several congressional committees — including the House Oversight Committee — to launch investigations into how much influence the White House exerted over the FCC in the drafting of Wheeler’s proposal. (RELATED: House Oversight Committee Demands FCC Turn Over Unredacted Net Neutrality Emails With White House)

South Dakota Republican Sen. John Thune, who chairs the Senate Commerce, Science and Transportation Committee that oversees the FCC, said he and congressional Republicans will propose a legislative solution to net neutrality after the FCC’s vote. A bill drafted by Thune and House Republicans in January would ban ISPs from content blocking, throttling Internet speeds or establishing fast and slow lanes, while avoiding heavy-handed utility-style regulation. (RELATED: Congressional Republicans Are NOT Giving Up The Net Neutrality Fight)

Obama, Small Business Expert, Touts eBay Success Right Before Layoffs Announced

Screen Shot 2015-01-23 at 3.29.19 PM

By Joseph R. Carducci, January 23, 2015.

Our wonderful and amazing President Barack Hussein Obama has done it again. Really, I think he may have actually outdone himself this time. Everyone already understands that a State of the Union speech is something akin to the President bragging about himself and trying to show his accomplishments in the best light.

Obama Brags About ‘Accomplishments’

The problem with Obama is that he really has no major accomplishments to point to. In fact, almost all of the things he has done have had detrimental effects on this country. Whether we are talking about ObamaCare or his new ‘free’ community college initiative, this is a point every thinking person understands.

But to give a speech that is so full of lies really has to make people sit up and wonder. What exactly is Obama trying to pull off? That is exactly what we have seen even some liberal commentators from the MSNBC network ask. When the liberal news media starts wondering and saying that Obama is not in touch with reality, you know things have gotten bad.

Now we see an element of irony added to all of his lies and half-truths. During his speech on Tuesday evening, our President claimed that the United States has added almost 800,000 new jobs since 2010, which is more than all of Europe, Japan, and other advanced economies combined. While I seriously doubt these numbers, forget about that for just a moment.

Obama furthermore announced many Americans are now working in jobs that didn’t even exist 10 or 20 years ago. Then he went on to specifically mention places like eBay, Google, and Tesla. I suppose we should also overlook the fact that these are big, left-leaning Democratic supporting companies.

After Obama Touts eBay, Company Lays Off Thousands

The ironic part of this is that the next day, eBay announced it was going to be laying off thousands of employees. I suppose this is what Obama considers to be a recovering (or maybe even recovered) economy. The Washington Beacon has more on this:

    “Touting eBay now seems like an unfortunate choice, because less than 24 hours after Obama’s speech, eBay announced it was cutting 2,400 jobs, or about 7 percent of its workforce. Investors welcomed the layoffs, and the company’s stock jumped more than 4 percent on the news.

    The company has spent millions of dollars lobbying the federal government, and has contributed mostly to Democrats over the years. Its president and CEO, John Donahoe, has donated almost exclusively to Democrats. He gave thousands to Obama’s campaign in 2012, and has contributed more than $90,000 to Democratic candidates and committees since 2006, according to the Center for Responsive Politics.”

How ironic. Seriously, does anyone vet the things this idiot says or the companies he is going to give shout outs to? Certainly one of the Washington insiders in the Obama Regime could have placed a call to one of the officers at eBay and asked if they were going to be doing anything in the near future that might embarrass Obama’s praise of their company.

Remember also, this is the same President who thinks he knows best how to run small businesses. It is the same man who is so full of pride that he honestly may believe he has been responsible for reviving the economy. He even gives speeches in auto manufacturing plants that have been shut down. That’s the Obama effect for you. What do YOU think about all this?

Mystery: Sandy Hook Victim Dies (again) in Pakistan

Capture

Photo of child killed at Sandy Hook shows up at Pakistani school shooting

by Adan Salazar | Infowars.com | January 2, 2015

A large-scale attack on a school in Peshawar, Pakistan, last month left 132 school children and 10 teachers dead.

Among the alleged victims emerged the familiar face of Noah Pozner, one of the children supposedly killed in the December 2012 Sandy Hook school shooting in Newtown, Connecticut.

Capture

Without explanation, Pozner’s image has appeared in multiple photos and reports of the high-profile Army Public School shooting, reportedly carried out by 9 members of an elite Taliban terror group on December 16.

Capture

Here, and in several other photos, Peshawar residents seem genuinely convinced Pozner was a victim of their recent massacre, as his photo hangs directly beneath the microphone of a speaker’s podium surrounded by mourners. / Image credit: APSACS Facebook

Despite his death over two years ago, Pozner also managed to be memorialized on a wall dedicated to the APSACS massacre victims, according to a photo taken by Agence-France Press.

Capture

Pozner’s smiling face is also prominently displayed in a photo meme appearing on the website aworldatschool.org, who lists among its supporters the globalist NGO USAID and several United Nations sub-branches, and his photo is also tagged with the name “Huzaifa Huxaifa” on the “Army Public School & College – Boys Peshawar” Facebook page.

Capture

A large poster-sized image of Pozner also appears on a memorial wall in Peshawar, and can be spotted in at least two BBC world news reports.

Capture
BBC reporter stands near Pozner’s image at 0:09 in the video featured here.

Capture
Same image appears in another BBC report, this time at 0:45, here.

A journalist with Pakistan’s Express Tribune spotted the image of Pozner early on:

Capture

As yet, no official explanation has emerged as to why Pozner’s photo has been inserted among the APSCS victims, but the BBC speculates that internet “recycling” of images is to blame, as another photo featuring a bloody shoe was also misattributed to the same event.

Can the photo’s misuse simply be brushed off as another bumbling Google image search mistake, or is it be willful subterfuge aimed at poking fun at those who question the validity of the Sandy Hook event?

FBI director wants access to encrypt Apple, Google users’ data, demands law ‘fix’

Screen Shot 2014-10-18 at 12.33.13 PM

The FBI director has slammed Apple and Google for offering their customers encryption technology that protects users’ privacy. “Deeply concerned” James Comey wants to push on Congress to “fix” laws to ensure police can still access private data.

“It’s the equivalent of a closet that can’t be opened. A safe that can’t be cracked,” Comey, speaking at the Brookings Institute in Washington DC, referred to the encryption technology calling the new service “a marketing pitch.”

“But it will have very serious consequences for law enforcement and national security agencies at all levels,” he warned.

Apple has recently presented its latest Mac OS X operating system for desktop and laptop computers, encouraging its customers to use FileVault disk encryption technology to keep their data secure. The tool would also prevent NSA or FBI from having access to phones and computers.

Google said it wanted to follow suit with its Android operating system and “encryption will be enabled by default.”

If a customer does not decline the encryption offer, his or her computer or phone will be locked.

This means that the companies will not be able to unlock a phone or a hard drive to reveal photos, documents, e-mail or recordings stored within.

“Criminals and terrorists would like nothing more than for us to miss out,” Comey said, adding that encrypted information on “a bad guy’s phone has the potential to create a black hole for law enforcement.”

“Justice may be denied because of a locked phone or an encrypted hard drive,” he said.

READ MORE: Mass internet surveillance is ‘corrosive of online privacy’ – UN report

While law enforcements would still be able to intercept conversations, it would be impossible to access call data, contacts, photos and emails.

Comey believes that “encryption threatens to lead all of us to a very dark place,” while the companies argue that it is a necessary option that will protect customers from unlawful surveillance and private data access.

Edward Snowden’s revelations have provoked the US tech companies to find better protection for personal information.

Comey acknowledged: “The post-Snowden pendulum has swung too far in one direction—in a direction of fear and mistrust.”

“Some believe that the FBI has these phenomenal capabilities to access any information at any time—that we can get what we want, when we want it, by flipping some sort of switch,” he said. “It may be true in the movies or on TV. It is simply not the case in real life.”

The FBI director would like to see changes made to the Communications Assistance for Law Enforcement Act, or CALEA, “enacted 20 years ago—a lifetime in the internet age.”

Companies like Apple or Google, should be required to build lawful intercept capabilities for law enforcement, Comey says.

“We aren’t seeking to expand our authority to intercept communications,” he said. “We are struggling to keep up with changing technology and to maintain our ability to actually collect the communications we are authorized to intercept.”

CALEA only covers landline and cellphone companies, broadband services or internet phone services, which connect with traditional phones.

“We also need a regulatory or legislative fix,” Comey said, “so that all communication service providers are held to the same standard.”

Comey’s speech was not the first time he lashed out at Apple and Google for encrypting smartphones. In September, he told reporters in Washington that the encrypting technology offered by the companies, powering nearly 95 percent of the smart phones in the United States, severely hinder law enforcement operations.