Tag Archives: Snowden

May 31, 2021 · 23:21

Something rotten in Denmark

I always liked that line from Hamlet. I have nothing against the Danes, but I have been several times and the people in Copenhagen look down on others and more so on foreigners. A sort of extrovert nationalism. They were never openly negative about me, but that vibe is undeniable. Should you doubt me, be there for half a day, then take the ferry to Malmo and compare the feel, the Swedes are much warmer. But that is as far as I can take it, my co-workers in Copenhagen were really warm and kind and even now, 10 years later they still are. So when I saw ‘NSA spying row: Denmark helped US gather data on European officials, says report, I merely had to giggle. And when we are given “The Defence Intelligence Service (FE) collaborated with the US National Security Agency (NSA) to gather information, according to a report by Danish broadcaster Danmarks Radio” we need to wonder just how united that EU really is. There is the optional “Intelligence was collected on other officials from Germany, France, Sweden and Norway, according to the report”, which implies that any Dane hoping to have a jolly good time in another Scandinavian country is up for a nice surprise. So even as we take notice of “In a new report shared with several European news agencies, the NSA is said to have accessed text messages and the phone conversations of a number of prominent individuals by tapping in to Danish internet cables in co-operation with the FE.” we can boast and shout, yet if we consider that this was there in 2013, where exactly does ‘In a new report’ come from? In addition, we see the Netherlands and Belgium being not part of that equation, why is that? So as we are given “Mr Snowden accused US President Joe Biden of being “deeply involved in this scandal the first time around”. Mr Biden was US vice-president at the time when the surveillance took place” my question becomes, whose bread is he buttering and his look like a super sad puppy dog with the byline “US whistleblower Edward Snowden expresses wish to return home”, I merely wonder if traitors should be given any choice in the matter, although there is something satisfying on him coming from Russia to end up straight in front of a firing squadron. And when we look back to June 2015 where the BBC gave us ‘Snowden NSA: Germany drops Merkel phone-tapping probe’, I feel that someone kept it all alive to be used when appropriate, and now seems to be that time. And one little item comes to mind, We see Operation Dunhammer, yet the Dunhammer is “a species that are wild in Denmark or grown there”, it seems very specific doesn’t it. Did the NSA seek out that name, or is there a lot more to the story? Even as we see “Mrs Merkel, then-German Foreign Minister Frank-Walter Steinmeier and opposition leader at the time Peer Steinbruck were also reportedly targeted”, it is something specific within a specific scope and that tends to be not of interest to the NSA unless there is a specific case, optionally with an operational push from the White House. That and the fact that between France and Sweden several other nations were not mentioned, we seem to see half a story, not the full ball of wax (as they say). 

If we want a simple comparison, someone is farting in the lunchroom and someone else is pointing at the air vents to focus attention to the wrong area. How typical is that?

And it is Channel 6 news that gave us “In August, Bramsen relieved the head of the country’s foreign intelligence service, among others, after an independent watchdog heavily criticised the spy agency for deliberately withholding information and violating Danish laws”, there are more sources, but this one also gives us “the Danish Defense Intelligence Service, known in Denmark by its acronym FE, in 2014 conducted an internal investigation into whether the U.S. National Security Agency had used its cooperation with the Danes to spy against Denmark and neighbouring countries.” Which is basically the left hand offering the right hand to do what needs to be done. Yet the stage is coming out now as it was then, in the stage of a Democratic president, I find it odd that the information remained contained under the previous REPUBLICAN president. It seems that some have no issues letting NSA secrets out of the bag when it suits someones political agenda, which as I personally see it constitutes treason of a very different kind. 

So elaborate in my own way, consider the Mexican mathematician, Dr Fibre Nachos, he gives us a number of food clients to grow his business, one gets us a second one, the two gives us three, three and the previous two give us five, five and the previous give us eight and so does one grow ones business. But alas, there is always a person hindering the growth (me in this case), I do not want to share my nachos, they are all mine (it is the one element that the hungry, the greedy and the selfish have in common). 

So we are at the beginning of one. One element threw this out in the open and they did it AFTER the republican was gone, and no one in the media is looking into it? We can all cry over “systematic wiretapping of close allies is unacceptable”, yet sometimes we have no choice, should you wonder that consider the events surrounding the Martel affair in 1962. Now we have a larger scaled problem, it is not merely governments, it is the stage of large industrials who also set a stage of political imbalance, and as the surrounding areas become less and less stable any nation needs to find issues to keep their nation safe. The EU is perhaps the best evidence in all this. The entire Vaccine rollout with Astra Zenica and the concealment of documents and pricing in a place where they claim to be transparent gives rise to a lot more subterfuge than can be found at Grizodubovoy str. 3, Moscow. And everyone is crying foul? Can anyone tell me the setting on why someone let the information out now? This was not Snowden, he had already done that, someone decided to play traitor all by themselves and it seems that it is OK with the powers in Washington DC. The fact that it is a specific list of nations and that the US seemingly trusted Denmark is also a point of discussion, one that seemingly hasn’t happened yet. Why is that? I might reflect on Hamlet and something rotten, but that is a reflection on Shakespeare and his view on ‘it shows that everything is not good at top of political hierarchy’, in my view one person got the green light to release information, the problem is that the hierarchy is not the problem, it is the treason of a chosen few who are in a stage to set a stage of imbalance and that tends to be the one not in charge, optionally a big tech push for whatever reason they have. I believe that the US needs to hunt down that source because it is limiting their options to grow their economy as well. Yet that is merely my speculated view on it all. 

Leave a comment

Filed under Media, Politics

Tagged as , , , , , , , , , , , , , , , ,

July 6, 2014 · 15:23

The hungry Journalist games

Another day and another article on Sky News!

This all started a long time ago, but it seems that this article (at http://news.sky.com/story/1293651/internet-firms-take-legal-action-against-gchq), opens up new avenues to explore, aqs it already had taken the cake as one might say. There are issues for certain, they are on both sides, but what is this about?

The seven countries involved are the UK, the US, Germany, the Netherlands, South Korea and Zimbabwe. Let’s start by stating that this is an interesting group of nations to begin with. It was an article in Der Spiegel that set them off. Most sources seem to have copied and pasted the same message (Reuters Journalism as I tend to call it), one source also had this: “Their complaint follows in the wake of articles about mass surveillance published in the Guardian based on material released by Snowden“.

So again this could be a ‘Snowden’ story, but I want to take a look at another side and the quote by Eric King spokesperson (deputy director) of Privacy International who stated “It completely cripples our confidence in the internet economy and threatens the rights of all those who use it. These unlawful activities, run jointly by GCHQ and the NSA, must come to an end immediately

Is that the truth, or should the correct quote be “It completely undermines our support of optional criminal activities and threatens the opportunity of economic abuse for all who desire it. Their unlawful activities, run jointly by GCHQ and the NSA, must come to an end immediately, so that we may again focus on possibly deniable illicit profit

That is quite the change, isn’t it? Consider the following two issues. First the prices, for example ‘Greenhost’ offers the following:

Webhosting 120 GB storage and 1.2 TB data traffic for 132.75 euro’s a month and virtual data servers containing 50 GB storage and 1 TB bandwidth a month for 215 euro’s a month. Basically, just one account would fit the web space for most the ENTIRE Forbes top 50, not just one or two.

So, in light of recent events, I thought I had something here, the Dutch provider fits the bill, but then I got to Riseup, which no longer seemed to be active and the Chaos Computer Club (CCC) which seemed highly ideologically to me. More important, it did not fit the bill either. So am I barking up the wrong tree? (I have been wrong before you know!)

I still believe that the ISP’s are all about not complying as it is not about freedom, but about bandwidth (which directly translates into revenue), which seemed to fit the first part, but the others are not about that, which makes me wonder what is in play. Do you actually think that the NSA and GCHQ are about wasting time? So, is the Chaos Computer Club a waste of time? No, as far as I can tell, they are not. Are they a threat? Well, that remains the issue. They are hackers after all. Is it that farfetched that some people would want to keep track of some of these members? Let’s not forget that someone is feeding organised crime the knowledge that they need to avoid prosecution, when considering the power that both the Triades and the Russian Mafia have in the digital age area, looking into the CCC to some extent seems to be a given. However, knowing their skills, doing it in the way it is implied to have been done seems a little over the top as most of these hackers are pretty proud of themselves and they are for the most not in hiding. Let us not forget, they voice themselves to be about the freedom of the German people and the utter privilege of their data remaining private.

The fact is that this is an implied mess involving 7 countries, the next valid question becomes: ‘are they linked (beyond the accusation), or are they just a collection of elements?’

That question bares scrutiny, but should also indicate the view I have had of Snowden from the very beginning. I believe him to be a joke (and a bad one at that). Now, most of you will not believe this, but let us take a look at the EVIDENCE. I am not talking about some claim, but actual evidence partially on the common sense you and me hopefully tend to have.

1. The claims that he has made involves massive levels of access. Not the access a hacker will ever have, but the information from top level sources in the CIA, NSA and GCHQ. So were talking hacking into over dozens of top level secured servers, servers which are monitored 24/7. He, some hacker no one had ever heard from, did all that. These people behind the screens do NOT EVER give out passwords, do not give access, yet he had all the information and walked out of one of the most secure buildings in the world with all THAT data? This is a quote found in sources like ‘the Verge’ and ‘Wired’. I think we can agree that wired is a reputable source in regards to technology (at http://www.wired.com/2013/06/snowden-thumb-drive/) “‘There are people who need to use a thumb drive and they have special permission,’ an unnamed, ex-NSA official told the LA Times. ‘But when you use one, people always look at you funny.’” This is not unlike the view I have had for a year now. Let’s not forget, the NSA is the place where SELinux was developed, it was designed to keep close tabs on access control, specifically, who, where, how and with what. So ‘some’ technician, with the USB drive in the most secure server space on the planet is just not going to fly. The question I had from the very beginning is not how he did it, but what was actually at play here? The next part is assumption! Was it to give Booz Allan Hamilton more profit? That was my alleged first thought. If data was going to get ported to non-government institutions, this small caper could give BAH and whoever was getting oversight an easy and clean billion a year in revenue. That tactic, still ethically wrong, would have made perfect sense to me.

Here is how I see it and this is PURE assumption (I will get back to evidence in a minute for my next issue), consider the Microsoft disappointment with data collection plans for the Xbox One. We see some of the changes (at http://www.nytimes.com/2014/05/23/us/politics/house-votes-to-limit-nsas-collection-of-phone-data.html). The following quotes are essential here. The first one was from Jim Sensenbrenner, Republican of Wisconsin, “The N.S.A. might still be watching us, he added, but now we can be watching them“. It is a bold statement, but is it true; moreover, should they be watched? Yes, any intelligence operation needs oversight, which is fair enough in a democratic way of life, but how many should overlook this? Are the people in oversight not granted well above average powers and is it fair to any opposition party that they should have it?

2. What lies beneath this access is the amount of involvement. Prism is one of the named projects with supported links to Australia, the UK and the Netherlands, with Microsoft as a commercial partner. Really? One nation, known for clogs, cheeses, Hans Brinker and soccer is placed next to the NSA and the Commonwealth? It is a technological hub, no doubt about that, but it is the size of Maryland. So, this is just the first of several projects, involving secrecies that would be limited to the very top, most of it would not be written down and Snowden had it (as in having in past tense, details follow). The mention of projects like XKeyscore, Tempora, Project 6, Stateroom, Lustre and Muscular. They are not only different projects, but they are a scope of projects that would not ever be in one location to begin with. So, what is implied as ‘the top’ of data gathering and one IT person has it all? Is no one asking the questions the PRESS should have asked and openly doubted from the very beginning to begin with (a part that is not voiced in any way).

The funny part is that stateroom seems to be no more than the legal collection of information as EVERY government tends to collect diplomatic data and in his claim he made them ALL bitches to the NSA, they just do not know it. There is also a reference to Echelon, there are several references, but the one that matters is not named. A covert niche within the NSA and the name of the source is: Tom Clancy!

Is anyone starting to wake up now?

This is not about anything but the warped imagination that is not even close to a reality. Consider that every government has embassies and consulates, the Dutch have them, the Australians have them, so do the Brits and the Germans, not to mention the French and they have them too. Consulates and Embassies represent their governments. Consulates tend to be specific for people and companies, so that they have backups. Like getting home when your passport is stolen, or to help a company with a list of people they should talk to for starting to do business. Trade will always remain important anywhere. Embassies are more about ‘governing’ opportunities as I see them. The Dutch want to get first dibs on building a reliable bridge, so their ambassador talks the great talk. People skills is what it is all about and talking to the right people. There are other sides too, they try to resolve issues, like a Dutchman committing a crime in Melbourne (for example) and the Embassy tries to ‘help’ the Dutch person to get home again, or to assist local government with their investigation if need be. These people do work that they sometimes like and sometimes hate, it is a job that needs to be done. To get the best results some things need to remain confidential and secret and as such whether through encrypted ways or through other ways messages go back and front between a government and its local representatives and that needs a little more security. Some is as simple as a message of a first insight as to build a bridge; to keep the advantage this goes encrypted. It is the cost of business, plain and simple. There is no hidden agenda (other than national pride in trying to score the job). So, they do they do their job and they are not the NSA bitch in the process.

It is simple approach and the lie hidden within a truth was stated as “They are covert, and their true mission is not known by the majority of the diplomatic staff at the facility where they are assigned” Part of the truth is that the encryption specialist is usually not known, it is not a secret either, he used to be the person, who had one extra book with cyphers, he opened each page and set the encryption box and transmitted the information, often a NCO of communication (often has NATO duty reference A00x0). That person had two extra tasks and most in the diplomatic staff might not know, or better stated, they absolutely do not care.

When we saw the statements by certain key people in Australia or the UK they spoke the absolute truth. The small explanation I gave is done by all, the DSD (AUS), GCHQ (UK) and as I said it the Dutch have it too. It is a simple legally valid and required job that needs to be done, nothing secret about it, it is the cost of doing business and sometimes, to keep a lead profitable it sometimes gets handed over more secured, just like they do it at Microsoft (they just get heaps better equipment).

Another issue is the XKeyscore reference. Does such a thing exist, most likely! Now consider the implications of the following, there are mentions of 700 servers in 150 locations. The fact that it needs to intercept without visibility and analyse at the same time as a person does many things at the same time. Even if the best of the best was used (which likely is the case), then we are looking at a very select group trying to get a handle on perhaps no more than the most dangerous 2000 people on the planet. Does anyone believe that a system like this remains a secret if 4 Australian bases are involved? The next part can also be taken as a fact. Can anyone even guess the amount of bandwidth this takes? Most routers nearby the monitored person will truly get a beating, so whatever this is, it will show up. It is the scope that is claimed that makes no sense. Some in the NSA might find it nice if it was true, but the weak link in all this is the actual internet.

The last part of this is the kicker in this joke. If his life depends on it all, do you actually think he would ever part with the information? This came from the NY Times from October 2013 (at http://www.nytimes.com/2013/10/18/world/snowden-says-he-took-no-secret-files-to-russia.html) “Mr Snowden said he gave all of the classified documents he had obtained to journalists he met in Hong Kong, before flying to Moscow, and did not keep any copies for himself“, so his life depends on a journalist, who now has the thousands of documents?

Perhaps we should look at a much more likely explanation, the man has no value, the press is stretching the value of events, as they would and Snowden has played his part, I still think that the Chinese saw in him what I saw from the very beginning, a simple joke! They walked away and he had to flee to Russia who is keeping him around for entertainment and to piss of the Yanks (which they also regard as good entertainment). My issue is not him, but the fact that I see more wasted time and energy on laughable cases that keep us all away from actually moving forward. In this economy, as we are so stretched thin, rebuilding an economy is a first need, not waste time on some feigned attack on the ‘confidence in the internet economy‘ as Eric King puts it.

And for the love of whomever, let’s not compare Snowden and Assange, I completely oppose Assange and his view, but at least he seemed to believe in that what he did was a just cause and acted accordingly.

In the end this is just my view, but no one seems to be asking the questions the press are supposed to be asking. The Guardian and Der Spiegel seem to get a ‘free’ hand in boasting tons of data and a simple stamp ‘Snowden said it was so’ seems enough for people to just accept it.

4 Comments

Filed under IT, Law, Military, Politics

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

January 28, 2014 · 20:42

For free or for naught?

It is less than a day after I wrote the previous blog ‘The danger ahead’, now I read in the Guardian (at http://www.theguardian.com/world/2014/jan/27/nsa-gchq-smartphone-app-angry-birds-personal-data) that the quote I made in yesterday’s blog “Speed and disregard of proper development has allowed for open access to many computers and devices, which allows for almost complete collection and stored and such storage can only be done by just a few. This open level of availability allows the NSA and GCHQ (amongst others) to collect open source intelligence, hoping to gain the upper hand in the war on terror.“, which is close to what the Guardian reported, as well as what is currently shown on Sky News!

At this point, I am looking at a few issues and the more I look at the data that the press is stating, the more I see that Edward Snowden is more than just a traitor. He claims being a victim in a German TV interview (at http://www.dw.de/wanted-dead-by-us-officials-snowden-tells-german-tv/a-17388431), where he speaks the fear that he is being targeted for long term sleep therapy (aka ‘terminal sleep’).

The ‘problem’ is that the issue is not just Snowden. The more I look into the breaches, the more I look into a possible functional approach on the way the NSA server parks (plural) are set up, the more I am convinced that not only was Edward Snowden not alone in this all, I feel some level of certainty that this person might still be in the NSA, endangering both NSA and GCHQ as well as other allied monitoring agencies.

The humongous amount of ‘revelations’ that are claimed in the name of Snowden do two things. First of all it turns Benedict Arnold in a stumbling saint (I just had to wash my mouth with soap for making such a claim). Linked to this is the fact that the many dozens of operations as his ‘revelations’ seem to touch on would have been on at least a dozen of servers (as projects are spread around). The fact that NSA uses an upgraded edition of SE-LINUX means that a system with logs and mandatory access control cannot get transferred to such a degree. The fact that IT and security monitors it all, as well that he was civilian contractor means that his name should have popped up a dozen times. Even if he used other accounts, the logs should have triggered alerts all over the field when they were scanned through solutions not unlike a program like Palantir Government.

The claims I am making are growing in reliability with every ‘revelation’ that is being made. There is however another side that is now the consequence of all these whingers and whiners about ‘their privacy‘ (at http://www.theguardian.com/world/2014/jan/27/tech-giants-white-house-deal-surveillance-customer-data). We now enter a field where it is important to realise that the new situation could be regarded as a danger.

It is linked to a previous newscast where President Obama was considering moving telephony data out of government hands (at http://www.washingtonpost.com/blogs/the-switch/wp/2014/01/23/government-privacy-board-members-say-shifting-nsa-data-to-third-parties-is-a-bad-idea/)

As stated before, this is a really bad idea. Consider that criminals, if enough money is in play, can use places like HSBC to launder their money (I am not talking about forgetting your wallet whilst washing your jeans), but the idea that commercial enterprises can get away with these events for just a 5 week fee (at http://www.forbes.com/sites/afontevecchia/2012/07/16/hsbc-helped-terrorists-iran-mexican-drug-cartels-launder-money-senate-report-says/, as well as http://uk.reuters.com/article/2014/01/23/uk-standardbank-fine-idUKBREA0M0LF20140123) is a lot more dangerous than many realise. Handing data storage out of government hands is just too dangerous. I am steering away from the issue whether the monitoring program should go on or stop. The intelligence community needs to do what it needs to do. Leaving that data with third parties is just not an option. The worst case scenario would see the US government paying out billions if any data leading to a registered IP ends up in ‘other’ hands. Once that evidence is ever given, the US would lose whatever credibility they ever thought they had.

At this point the title can be used as a joke. What is the difference between for free and for naught? Someone got rich for free, the US got rich for naught! That would end up being the reality of a project that was meant to map levels of global terrorism. This joke only gets stronger when we see another ‘view of shock’, but now from Google CLO David Drummond (at http://www.bbc.co.uk/news/world-25911266). It is hard to state against his view, or the premise of the company. These carefully pronounced statements from legal eagles are to be expected from many firms for some time to come. There is however a commercial positive view (at http://www.bbc.co.uk/news/technology-25914731). Here we see how entrepreneurs in makeup and clothing are showing options to avoid detection. In more than one instance it is stated to be metal based, so standing next to airport detectors should be fun soon enough. I wonder how much more would get checked when the boxers or briefs are also metal based.

So whether we get entertainment for free or fashion for naught will be discussed by many soon enough, the main fact remains. If we want to remain safe, then data needs to be collected. It is not for free, or for naught. It is for the simple reason that the world is filled with bad people; some will go any distance to hurt as many as they can. Our governments have a duty to keep us safe, it is only fair that they are given the tools, the methods and the opportunity to do so.

This does get us to the final part (or final side) to these events. This morning, the Guardian (at http://www.theguardian.com/world/2014/jan/28/microsoft-rules-out-back-door-access-to-mps-electronic-communications) reported on backdoor access allegations. The quote “Both Ludlam and South Australian independent senator Nick Xenophon have been concerned about the security of Australian parliamentary communications since the Prism surveillance program was first revealed by National Security Agency contractor-turned-whistleblower Edward Snowden.” gives the information that was the part of all this. So again we see more resources squandered in regards to Snowden. Do not get me wrong, the question by both Ludlam and Xenophon is fair enough and as such it should be looked at. Whoever wants access to certain information, which might always be the case, could consider Intruding a system, which, unless you are a real expert is getting harder and harder, as it should be.

Yet, capturing and copying frames sent over a router system makes a lot more sense. You just capture it all and decrypt it later. Now, most people will not have the ability to do this, but consider the amount of elements to get this all from user1 to user2 via server X. If you think that this is highly encrypted hard to achieve effort, then think again. The more common the method used, the easier it is to read into it. So, there is a level of entertainment as we see leagues of technicians concentrate on the door of the bank vault, whilst in reality one of the walls is missing.  To give you another example, we take a look at a paper by Daehyun Strobel, Benedikt Driessen, Timo Kasper et al (at https://eprint.iacr.org/2013/598.pdf). As we look at the quote “Despite the fact that nowadays strong and well-analyzed cryptographic primitives are available for a large variety of applications, very weak cryptographic algorithms are still widely deployed in real products all over the world.” This relates to the IT issue as, we might have secure servers and powerful password rules, but files are send from one computer to another via the ‘internet’, which goes via a router system (no matter how you twist or turn it). So, as someone gets to any router on the track and wireshark’s the traffic, the stream can be rebuilt. From there the hacker still faces a few obstacles, but you better believe that above a certain skill level, this data can be retrieved. So what exactly are we all crying about?

 

Leave a comment

Filed under IT, Media, Politics

Tagged as , , , , , , , , , , , , , , , , , , , , , , ,

October 29, 2013 · 23:03

The Wrong questions!

Another day and another day we see escalations into the direction that was once called ‘No Such Agency’ and now regarded as the only server in the US that allows anonymous and the People’s Republic of China to get port 8080 access. Go figure!

As we see another article in the Guardian, this time the limelight shines on Dianne Feinstein, chairperson for the Senate Intelligence Committee. It seems that she wants to a complete review of the NSA (at http://www.theguardian.com/world/2013/oct/28/nsa-surveillance-dianne-feinstein-opposed-allies)The article leaves the doctors check on the pulse that listening in on several leaders of the allied nations is taking a dip for the worst. All this is shown against another reference towards Snowden’s disclosures. This picture is wrong in many ways. You see, the first two events might have had some work by Snowden, yet overall, when we consider the amount of data that Snowden has walked away with is beyond strange.

We could come to the following conclusions.

1. The NSA is completely oblivious to a silly little thing called Common Cyber Sense.
2. The NSA is completely oblivious to standard network security and logging.

Consider that SE-Linux is a NSA invention (OK, that was a strong word, but they were the driving force of SE-Linux). The first two issues show that the NSA either lost the plot, or they decided to hire a multitude of Americans with IT skills that seems limited to the connection that their child has a Nintendo!

Now feel free to laugh out loud, but consider the information. Allegedly listening in on conversations of the leader of a sovereign nation is not something one would admit to. This is not a bulk thing, this is specific. The fact that only a chosen few had that information would be the way to go. Consider any firm having a ‘second’ bookkeeping system. What are the chances that anyone but the CEO, CFO and the head of IT knew about that? That is just a ‘little’ tax evasion and commission increase. In case of the NSA they are alleged to keep phone records on most of their European allies. You think that this is NSA lunchroom conversation material? Snowden should never have had any access to it. So either the NSA system is completely broken, or we are dealing with something completely different.

3. The NSA has decided staff monitoring was not an issue?

That point is actually less correct, however when reading “Intelligence Authorization Legislation: Status and Challenges” at http://www.fas.org/sgp/crs/intel/R40240.pdf you will see on page 15 “the Intelligence Authorization Act for FY2013, passing the legislation by a vote of 14-1, and the bill was reported to the Senate on July 30, 2012. Among other things, S. 3454 as passed by the committee:” linked to this it states: “Requires the intelligence community to develop a comprehensive insider threat program management plan.” So after the Brits showed you in the 60’s that someone could be working for MI-6 and Russia at the same time, this was not clearly in place? (actually, such systems have been in place for a long time, yet the document seems to refer to ‘developing’ and not ‘upgrading’, which makes me wonder why the tax payer is paying for all these internal security officers.

Also, this was at least 6 months BEFORE there was Snowden, and all the members of the Alphabet Soup have their own Internal Security Officers. How come the NSA missed so many alert events? I can understand some leakage with the CIA. Those people are all over the place, hundreds of locations, thousands of involved people. So statistically, if only one person slips up a day, it would be a really good day for the CIA. If we compare it to the restricted, bundled and compact NSA, they seemed to have ‘loosened’ up its standards twice each 10 minutes. This does not add up!

If you question some of this (you should always do that, never take things at face value).

Then consider that the US Intelligence Community consists of:

  • Air Force Intelligence
  • Army Intelligence
  • Central Intelligence Agency
  • Coast Guard Intelligence
  • Defense Intelligence Agency
  • Department of Energy
  • Department of Homeland Security
  • Department of State
  • Department of the Treasury
  • Drug Enforcement Administration
  • Federal Bureau of Investigation
  • Marine Corps Intelligence
  • National Geospatial-Intelligence Agency
  • National Reconnaissance Office
  • National Security Agency (<- free data access here)
  • Navy Intelligence

And the massive amount of leaked information comes from just one of these groups. Now let me make a jump out of the box. Consider the picture I have shown you and consider that the NSA was mostly invisible before the 90’s. Now, nothing remains invisible forever, yet, the step from unknown to open source is a mighty leap. Is it so weird that we should look into other directions?

What if Snowden is not the person he claims to be? I personally still believe he is a joke at best, a patsy at worst. What if the leak is NOT a person? Consider the amount of data that SIGINT parses. What if the Echelon system was compromised? Is someone having a backdoor into the SIGINT satellite system not a lot more likely than one person walking out with Gigabytes of data, through the front door of one of what used to be regarded as one of the most secure locations on the planet? Yes, these satellites are supposed to have top level encryption, yet in 2004 two Chinese academics wrote a paper on how such levels of encryption could be broken. That was 8 years ago!

This would mean that Director James Clapper has another issue on his plate. Getting into an intelligence satellite is supposed to be really hard, so was there an ‘open information supporter’ when it was build? Is there a security flaw in its logical system? Is this option so much more unlikely then a person, who was according to several magazines seen as “The CIA believed Snowden had tried to access classified data that he wasn’t authorized to view. Based on this suspicion, the agency decided to send Snowden packing.

So that person made it into the NSA? Even if that was the case (which it was), would this person be allowed to remain unmonitored and get his hands on the amount of data that is now all over the Guardian editorial?

Not even the US could ever get to be THAT dim! Now consider what I said at the beginning, the CIA flagged him accessing data he was not cleared for. Do you think a mere technician had access to the phone data collection of not one, but a host of national leaders. Top Secret information that would have been limited to an absolute minimum number of people.

The numbers do not add up and it seems that nobody is asking the right questions.

 

Leave a comment

Filed under IT, Military, Politics

Tagged as , , , , , , , , , ,

June 23, 2013 · 19:55

Who are the real watchers?

It is 02:00, SpyHardwareI slowly move into the building that is owned through puppet corporations. The true owner is no one less then Vladimir Kumarin, the most powerful man in St. Petersburg. Entering the building is relatively simple. I avoid the guards, one almost saw me. It is tempting to use sentry killing, but the body will be found. There can be no trace. I install the small remote webcam. Hacking into his wireless router is relatively simple. It is military grade, but my link to the Cray Titan in Langley soon has that fixed. The router got hit by 400,000 requests a second. It cries for its mamma in less than 7 seconds, a new record. I am in and ghost accounts are set up less than 15 seconds later. The scripts run without a hitch. a low tech wireless microphone is set up 3 minutes later. That is the one they will have issues finding, but it will be found, so the rest remains invisible. I leave silent as the night, no trace left and less than 2 hours later I look like a drunk American exchange student studying in Sweden, on a train to Helsinki.

Yes, it reads like such a nice story, but none of it is true! Thinking of Splinter Cell’s Sam Fisher, I am not even that good a spy writer, so I will leave that skill to Mr Clancy. The closest I get to action is the Xbox360 edition. Suits me just fine!

If we look at today, then all we need is a little box that fits into the palm of our hand. We sit in a coffee shop where the ‘privileged young executives’ tend to show off their expensive mobile, laptop, slightly overcharged suits and they look for that young lady dressed to… ‘Impress’. He then logs in does some basic wizardry stuff and considers himself in the running for a possible afternoon of great sex. That was his plan, will she bite? Nearby is a guy who no one notices. He wears a polo-shirt, likely cargo pants too, has a crossover bag and is typing on his laptop. He looks like many Uni students that get casually ignored. He was waiting for the guy (or anyone like him) to show off. He did just that, and less than 3 seconds after the information is typed in, he has link and login details. He now knows what network he can invade. Perhaps the young executive is lucky and he is of no value. If not, his account is broken down and thousands of dollars on internal communications, price agreements, customer’s details and many more details are now duplicated. It would be worth quite a few coins for the right competitor. As such the quiet student will have all his Uni debts paid off long before he gets his degree. So, what is this about?

You see, the Guardian today is having another go at the intelligence industry. I am referring to http://www.guardian.co.uk/uk/2013/jun/21/gchq-cables-secret-world-communications-nsa. Here they discuss several acts that GCHQ has allegedly involved in. My issue is with this part of the sentence “process vast quantities of communications between entirely innocent people“. Is that any different from what Social media and market research is doing? Let us not forget it is all about the latter part of that same sentence “as well as targeted suspects“.
If there was a way to just focus on that 0.0003% of that population, then it would be easy. But life is not that easy as we learn ourselves on a very daily basis. The only issue I truly have with that article is “Snowden told the Guardian. ‘They [GCHQ] are worse than the US’”. Really Mr Snowden? Let us go over those facts again. First he betrays his country. He is not some guy who got into the thick of it. He first does not make it past basic training. He then gets a chance to serve in the CIA (whomever gave him that brake is truly regretting that act I reckon). He then walks away and joins the NSA. Is there anyone not having any questions at present? So, he knows what is required and then he walks away and not just to anybody. He runs off to Hong Kong. In my mind, he must have thought that the Chinese cyber division would want to offer him a cushy job. But these boys would see through him in no time. Those savants know every in and out of every bit a Cisco system routes, how it does that, why it does that, and where the threats are. Snowden does not instil that level of ingenuity to me. So again, he did not go to some non-extradition country out of conviction (like Ecuador), no he went straight for the ‘enemy’ and is now allegedly enjoying Borsjt and Blackbread in Russian company.

Let us get back to the issues that really matter. This is not about those who claim to be ‘entirely innocent’. This is not even about your average criminals that much. GCHQ is one part to keep England safe. As described earlier, security is no longer done through a backpack full of tricks. The bulk of today’s danger comes to individuals we know not where, and it arrives to them in the simple form of a message. It could be an e-mail, an SMS or even a chat message left on a gaming site. To find them GCHQ needs to get to them all. Do you think they read these messages? That is not humanly possible, every second internet information is created that would take one person a lifetime just to get through. So it becomes about flagging. We can look at two flags. 1 flag is green and is zero threat. That is well over 95% of all communications. This also includes all the dicey and spicy spam messages we get. In effect, they know where it came from, where it is going to. The people they seek are of a different variety. They are all about not being able to detect, or to detect the origin. That is already less than 0.3% of all these messages. Then we go on and on. 1% out of that 0.3% is now a possible threat. Is it? They do not know yet, but the amount is now so small, they can actually start taking a look at the facts. Even then it could be harmless, yet many millions were crunched into less than 1000. That group might be part of the second flag. Even that number is still too high. As time progresses more is crunched and then those people at GCHQ will really go to town and pass on what might be a threat. So, was there an issue? You might think that it is, but if you are entirely innocent then the chance that they saw your data is actually so small that winning the lottery has a much better chance. Do I worry? Hell no. My usage is even less than that. Many download movies, some download pirated games. None of that interests the Intelligence community. They want to learn one thing. Where is the threat to us coming from?

The bulk of us will not even register on their radar. If we rely on the numbers in the article “By May last year 300 analysts from GCHQ, and 250 from the NSA, had been assigned to sift through the flood of data.” that is 550 people to sift through amounts of data that is so much that 1 minute of generated internet traffic will require them all to work their entire careers to sift through that much. Reading our emails? We are just not that important and we likely never will be.

If you are worried, then worry about real threats. The real non-terrorist threat out there today, are the many normal people, not using Common Cyber Sense as they use free internet to do what they need to do from the comfort of their non-desk. Those are the people endangering YOUR data, because they are out to get some personal gain.

1 Comment

Filed under Media, Military

Tagged as , , , , , , , , , , , , , ,